##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
branch permissions: added logic to define in UI branch permissions....
marcink -
r2975:2d612d18 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,45 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2011-2018 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import logging
22
23 from pyramid.view import view_config
24
25 from rhodecode.apps._base import RepoAppView
26 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
27
28 log = logging.getLogger(__name__)
29
30
31 class RepoSettingsBranchPermissionsView(RepoAppView):
32
33 def load_default_context(self):
34 c = self._get_local_tmpl_context()
35 return c
36
37 @LoginRequired()
38 @HasRepoPermissionAnyDecorator('repository.admin')
39 @view_config(
40 route_name='edit_repo_perms_branch', request_method='GET',
41 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
42 def branch_permissions(self):
43 c = self.load_default_context()
44 c.active = 'permissions_branch'
45 return self._get_template_context(c)
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (4587 lines changed) Show them Hide them
@@ -0,0 +1,4587 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 """
22 Database Models for RhodeCode Enterprise
23 """
24
25 import re
26 import os
27 import time
28 import hashlib
29 import logging
30 import datetime
31 import warnings
32 import ipaddress
33 import functools
34 import traceback
35 import collections
36
37 from sqlalchemy import (
38 or_, and_, not_, func, TypeDecorator, event,
39 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
40 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
41 Text, Float, PickleType)
42 from sqlalchemy.sql.expression import true, false
43 from sqlalchemy.sql.functions import coalesce, count # noqa
44 from sqlalchemy.orm import (
45 relationship, joinedload, class_mapper, validates, aliased)
46 from sqlalchemy.ext.declarative import declared_attr
47 from sqlalchemy.ext.hybrid import hybrid_property
48 from sqlalchemy.exc import IntegrityError # noqa
49 from sqlalchemy.dialects.mysql import LONGTEXT
50 from beaker.cache import cache_region
51 from zope.cachedescriptors.property import Lazy as LazyProperty
52
53 from pyramid.threadlocal import get_current_request
54
55 from rhodecode.translation import _
56 from rhodecode.lib.vcs import get_vcs_instance
57 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
58 from rhodecode.lib.utils2 import (
59 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
60 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
61 glob2re, StrictAttributeDict, cleaned_uri)
62 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
63 JsonRaw
64 from rhodecode.lib.ext_json import json
65 from rhodecode.lib.caching_query import FromCache
66 from rhodecode.lib.encrypt import AESCipher
67
68 from rhodecode.model.meta import Base, Session
69
70 URL_SEP = '/'
71 log = logging.getLogger(__name__)
72
73 # =============================================================================
74 # BASE CLASSES
75 # =============================================================================
76
77 # this is propagated from .ini file rhodecode.encrypted_values.secret or
78 # beaker.session.secret if first is not set.
79 # and initialized at environment.py
80 ENCRYPTION_KEY = None
81
82 # used to sort permissions by types, '#' used here is not allowed to be in
83 # usernames, and it's very early in sorted string.printable table.
84 PERMISSION_TYPE_SORT = {
85 'admin': '####',
86 'write': '###',
87 'read': '##',
88 'none': '#',
89 }
90
91
92 def display_user_sort(obj):
93 """
94 Sort function used to sort permissions in .permissions() function of
95 Repository, RepoGroup, UserGroup. Also it put the default user in front
96 of all other resources
97 """
98
99 if obj.username == User.DEFAULT_USER:
100 return '#####'
101 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
102 return prefix + obj.username
103
104
105 def display_user_group_sort(obj):
106 """
107 Sort function used to sort permissions in .permissions() function of
108 Repository, RepoGroup, UserGroup. Also it put the default user in front
109 of all other resources
110 """
111
112 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
113 return prefix + obj.users_group_name
114
115
116 def _hash_key(k):
117 return md5_safe(k)
118
119
120 def in_filter_generator(qry, items, limit=500):
121 """
122 Splits IN() into multiple with OR
123 e.g.::
124 cnt = Repository.query().filter(
125 or_(
126 *in_filter_generator(Repository.repo_id, range(100000))
127 )).count()
128 """
129 if not items:
130 # empty list will cause empty query which might cause security issues
131 # this can lead to hidden unpleasant results
132 items = [-1]
133
134 parts = []
135 for chunk in xrange(0, len(items), limit):
136 parts.append(
137 qry.in_(items[chunk: chunk + limit])
138 )
139
140 return parts
141
142
143 class EncryptedTextValue(TypeDecorator):
144 """
145 Special column for encrypted long text data, use like::
146
147 value = Column("encrypted_value", EncryptedValue(), nullable=False)
148
149 This column is intelligent so if value is in unencrypted form it return
150 unencrypted form, but on save it always encrypts
151 """
152 impl = Text
153
154 def process_bind_param(self, value, dialect):
155 if not value:
156 return value
157 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
158 # protect against double encrypting if someone manually starts
159 # doing
160 raise ValueError('value needs to be in unencrypted format, ie. '
161 'not starting with enc$aes')
162 return 'enc$aes_hmac$%s' % AESCipher(
163 ENCRYPTION_KEY, hmac=True).encrypt(value)
164
165 def process_result_value(self, value, dialect):
166 import rhodecode
167
168 if not value:
169 return value
170
171 parts = value.split('$', 3)
172 if not len(parts) == 3:
173 # probably not encrypted values
174 return value
175 else:
176 if parts[0] != 'enc':
177 # parts ok but without our header ?
178 return value
179 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
180 'rhodecode.encrypted_values.strict') or True)
181 # at that stage we know it's our encryption
182 if parts[1] == 'aes':
183 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
184 elif parts[1] == 'aes_hmac':
185 decrypted_data = AESCipher(
186 ENCRYPTION_KEY, hmac=True,
187 strict_verification=enc_strict_mode).decrypt(parts[2])
188 else:
189 raise ValueError(
190 'Encryption type part is wrong, must be `aes` '
191 'or `aes_hmac`, got `%s` instead' % (parts[1]))
192 return decrypted_data
193
194
195 class BaseModel(object):
196 """
197 Base Model for all classes
198 """
199
200 @classmethod
201 def _get_keys(cls):
202 """return column names for this model """
203 return class_mapper(cls).c.keys()
204
205 def get_dict(self):
206 """
207 return dict with keys and values corresponding
208 to this model data """
209
210 d = {}
211 for k in self._get_keys():
212 d[k] = getattr(self, k)
213
214 # also use __json__() if present to get additional fields
215 _json_attr = getattr(self, '__json__', None)
216 if _json_attr:
217 # update with attributes from __json__
218 if callable(_json_attr):
219 _json_attr = _json_attr()
220 for k, val in _json_attr.iteritems():
221 d[k] = val
222 return d
223
224 def get_appstruct(self):
225 """return list with keys and values tuples corresponding
226 to this model data """
227
228 lst = []
229 for k in self._get_keys():
230 lst.append((k, getattr(self, k),))
231 return lst
232
233 def populate_obj(self, populate_dict):
234 """populate model with data from given populate_dict"""
235
236 for k in self._get_keys():
237 if k in populate_dict:
238 setattr(self, k, populate_dict[k])
239
240 @classmethod
241 def query(cls):
242 return Session().query(cls)
243
244 @classmethod
245 def get(cls, id_):
246 if id_:
247 return cls.query().get(id_)
248
249 @classmethod
250 def get_or_404(cls, id_):
251 from pyramid.httpexceptions import HTTPNotFound
252
253 try:
254 id_ = int(id_)
255 except (TypeError, ValueError):
256 raise HTTPNotFound()
257
258 res = cls.query().get(id_)
259 if not res:
260 raise HTTPNotFound()
261 return res
262
263 @classmethod
264 def getAll(cls):
265 # deprecated and left for backward compatibility
266 return cls.get_all()
267
268 @classmethod
269 def get_all(cls):
270 return cls.query().all()
271
272 @classmethod
273 def delete(cls, id_):
274 obj = cls.query().get(id_)
275 Session().delete(obj)
276
277 @classmethod
278 def identity_cache(cls, session, attr_name, value):
279 exist_in_session = []
280 for (item_cls, pkey), instance in session.identity_map.items():
281 if cls == item_cls and getattr(instance, attr_name) == value:
282 exist_in_session.append(instance)
283 if exist_in_session:
284 if len(exist_in_session) == 1:
285 return exist_in_session[0]
286 log.exception(
287 'multiple objects with attr %s and '
288 'value %s found with same name: %r',
289 attr_name, value, exist_in_session)
290
291 def __repr__(self):
292 if hasattr(self, '__unicode__'):
293 # python repr needs to return str
294 try:
295 return safe_str(self.__unicode__())
296 except UnicodeDecodeError:
297 pass
298 return '<DB:%s>' % (self.__class__.__name__)
299
300
301 class RhodeCodeSetting(Base, BaseModel):
302 __tablename__ = 'rhodecode_settings'
303 __table_args__ = (
304 UniqueConstraint('app_settings_name'),
305 {'extend_existing': True, 'mysql_engine': 'InnoDB',
306 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
307 )
308
309 SETTINGS_TYPES = {
310 'str': safe_str,
311 'int': safe_int,
312 'unicode': safe_unicode,
313 'bool': str2bool,
314 'list': functools.partial(aslist, sep=',')
315 }
316 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
317 GLOBAL_CONF_KEY = 'app_settings'
318
319 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
320 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
321 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
322 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
323
324 def __init__(self, key='', val='', type='unicode'):
325 self.app_settings_name = key
326 self.app_settings_type = type
327 self.app_settings_value = val
328
329 @validates('_app_settings_value')
330 def validate_settings_value(self, key, val):
331 assert type(val) == unicode
332 return val
333
334 @hybrid_property
335 def app_settings_value(self):
336 v = self._app_settings_value
337 _type = self.app_settings_type
338 if _type:
339 _type = self.app_settings_type.split('.')[0]
340 # decode the encrypted value
341 if 'encrypted' in self.app_settings_type:
342 cipher = EncryptedTextValue()
343 v = safe_unicode(cipher.process_result_value(v, None))
344
345 converter = self.SETTINGS_TYPES.get(_type) or \
346 self.SETTINGS_TYPES['unicode']
347 return converter(v)
348
349 @app_settings_value.setter
350 def app_settings_value(self, val):
351 """
352 Setter that will always make sure we use unicode in app_settings_value
353
354 :param val:
355 """
356 val = safe_unicode(val)
357 # encode the encrypted value
358 if 'encrypted' in self.app_settings_type:
359 cipher = EncryptedTextValue()
360 val = safe_unicode(cipher.process_bind_param(val, None))
361 self._app_settings_value = val
362
363 @hybrid_property
364 def app_settings_type(self):
365 return self._app_settings_type
366
367 @app_settings_type.setter
368 def app_settings_type(self, val):
369 if val.split('.')[0] not in self.SETTINGS_TYPES:
370 raise Exception('type must be one of %s got %s'
371 % (self.SETTINGS_TYPES.keys(), val))
372 self._app_settings_type = val
373
374 def __unicode__(self):
375 return u"<%s('%s:%s[%s]')>" % (
376 self.__class__.__name__,
377 self.app_settings_name, self.app_settings_value,
378 self.app_settings_type
379 )
380
381
382 class RhodeCodeUi(Base, BaseModel):
383 __tablename__ = 'rhodecode_ui'
384 __table_args__ = (
385 UniqueConstraint('ui_key'),
386 {'extend_existing': True, 'mysql_engine': 'InnoDB',
387 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
388 )
389
390 HOOK_REPO_SIZE = 'changegroup.repo_size'
391 # HG
392 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
393 HOOK_PULL = 'outgoing.pull_logger'
394 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
395 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
396 HOOK_PUSH = 'changegroup.push_logger'
397 HOOK_PUSH_KEY = 'pushkey.key_push'
398
399 # TODO: johbo: Unify way how hooks are configured for git and hg,
400 # git part is currently hardcoded.
401
402 # SVN PATTERNS
403 SVN_BRANCH_ID = 'vcs_svn_branch'
404 SVN_TAG_ID = 'vcs_svn_tag'
405
406 ui_id = Column(
407 "ui_id", Integer(), nullable=False, unique=True, default=None,
408 primary_key=True)
409 ui_section = Column(
410 "ui_section", String(255), nullable=True, unique=None, default=None)
411 ui_key = Column(
412 "ui_key", String(255), nullable=True, unique=None, default=None)
413 ui_value = Column(
414 "ui_value", String(255), nullable=True, unique=None, default=None)
415 ui_active = Column(
416 "ui_active", Boolean(), nullable=True, unique=None, default=True)
417
418 def __repr__(self):
419 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
420 self.ui_key, self.ui_value)
421
422
423 class RepoRhodeCodeSetting(Base, BaseModel):
424 __tablename__ = 'repo_rhodecode_settings'
425 __table_args__ = (
426 UniqueConstraint(
427 'app_settings_name', 'repository_id',
428 name='uq_repo_rhodecode_setting_name_repo_id'),
429 {'extend_existing': True, 'mysql_engine': 'InnoDB',
430 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
431 )
432
433 repository_id = Column(
434 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
435 nullable=False)
436 app_settings_id = Column(
437 "app_settings_id", Integer(), nullable=False, unique=True,
438 default=None, primary_key=True)
439 app_settings_name = Column(
440 "app_settings_name", String(255), nullable=True, unique=None,
441 default=None)
442 _app_settings_value = Column(
443 "app_settings_value", String(4096), nullable=True, unique=None,
444 default=None)
445 _app_settings_type = Column(
446 "app_settings_type", String(255), nullable=True, unique=None,
447 default=None)
448
449 repository = relationship('Repository')
450
451 def __init__(self, repository_id, key='', val='', type='unicode'):
452 self.repository_id = repository_id
453 self.app_settings_name = key
454 self.app_settings_type = type
455 self.app_settings_value = val
456
457 @validates('_app_settings_value')
458 def validate_settings_value(self, key, val):
459 assert type(val) == unicode
460 return val
461
462 @hybrid_property
463 def app_settings_value(self):
464 v = self._app_settings_value
465 type_ = self.app_settings_type
466 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
467 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
468 return converter(v)
469
470 @app_settings_value.setter
471 def app_settings_value(self, val):
472 """
473 Setter that will always make sure we use unicode in app_settings_value
474
475 :param val:
476 """
477 self._app_settings_value = safe_unicode(val)
478
479 @hybrid_property
480 def app_settings_type(self):
481 return self._app_settings_type
482
483 @app_settings_type.setter
484 def app_settings_type(self, val):
485 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
486 if val not in SETTINGS_TYPES:
487 raise Exception('type must be one of %s got %s'
488 % (SETTINGS_TYPES.keys(), val))
489 self._app_settings_type = val
490
491 def __unicode__(self):
492 return u"<%s('%s:%s:%s[%s]')>" % (
493 self.__class__.__name__, self.repository.repo_name,
494 self.app_settings_name, self.app_settings_value,
495 self.app_settings_type
496 )
497
498
499 class RepoRhodeCodeUi(Base, BaseModel):
500 __tablename__ = 'repo_rhodecode_ui'
501 __table_args__ = (
502 UniqueConstraint(
503 'repository_id', 'ui_section', 'ui_key',
504 name='uq_repo_rhodecode_ui_repository_id_section_key'),
505 {'extend_existing': True, 'mysql_engine': 'InnoDB',
506 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
507 )
508
509 repository_id = Column(
510 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
511 nullable=False)
512 ui_id = Column(
513 "ui_id", Integer(), nullable=False, unique=True, default=None,
514 primary_key=True)
515 ui_section = Column(
516 "ui_section", String(255), nullable=True, unique=None, default=None)
517 ui_key = Column(
518 "ui_key", String(255), nullable=True, unique=None, default=None)
519 ui_value = Column(
520 "ui_value", String(255), nullable=True, unique=None, default=None)
521 ui_active = Column(
522 "ui_active", Boolean(), nullable=True, unique=None, default=True)
523
524 repository = relationship('Repository')
525
526 def __repr__(self):
527 return '<%s[%s:%s]%s=>%s]>' % (
528 self.__class__.__name__, self.repository.repo_name,
529 self.ui_section, self.ui_key, self.ui_value)
530
531
532 class User(Base, BaseModel):
533 __tablename__ = 'users'
534 __table_args__ = (
535 UniqueConstraint('username'), UniqueConstraint('email'),
536 Index('u_username_idx', 'username'),
537 Index('u_email_idx', 'email'),
538 {'extend_existing': True, 'mysql_engine': 'InnoDB',
539 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
540 )
541 DEFAULT_USER = 'default'
542 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
543 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
544
545 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
546 username = Column("username", String(255), nullable=True, unique=None, default=None)
547 password = Column("password", String(255), nullable=True, unique=None, default=None)
548 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
549 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
550 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
551 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
552 _email = Column("email", String(255), nullable=True, unique=None, default=None)
553 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
554 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
555
556 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
557 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
558 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
559 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
560 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
561 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
562
563 user_log = relationship('UserLog')
564 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
565
566 repositories = relationship('Repository')
567 repository_groups = relationship('RepoGroup')
568 user_groups = relationship('UserGroup')
569
570 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
571 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
572
573 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
574 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
575 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
576
577 group_member = relationship('UserGroupMember', cascade='all')
578
579 notifications = relationship('UserNotification', cascade='all')
580 # notifications assigned to this user
581 user_created_notifications = relationship('Notification', cascade='all')
582 # comments created by this user
583 user_comments = relationship('ChangesetComment', cascade='all')
584 # user profile extra info
585 user_emails = relationship('UserEmailMap', cascade='all')
586 user_ip_map = relationship('UserIpMap', cascade='all')
587 user_auth_tokens = relationship('UserApiKeys', cascade='all')
588 user_ssh_keys = relationship('UserSshKeys', cascade='all')
589
590 # gists
591 user_gists = relationship('Gist', cascade='all')
592 # user pull requests
593 user_pull_requests = relationship('PullRequest', cascade='all')
594 # external identities
595 extenal_identities = relationship(
596 'ExternalIdentity',
597 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
598 cascade='all')
599 # review rules
600 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
601
602 def __unicode__(self):
603 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
604 self.user_id, self.username)
605
606 @hybrid_property
607 def email(self):
608 return self._email
609
610 @email.setter
611 def email(self, val):
612 self._email = val.lower() if val else None
613
614 @hybrid_property
615 def first_name(self):
616 from rhodecode.lib import helpers as h
617 if self.name:
618 return h.escape(self.name)
619 return self.name
620
621 @hybrid_property
622 def last_name(self):
623 from rhodecode.lib import helpers as h
624 if self.lastname:
625 return h.escape(self.lastname)
626 return self.lastname
627
628 @hybrid_property
629 def api_key(self):
630 """
631 Fetch if exist an auth-token with role ALL connected to this user
632 """
633 user_auth_token = UserApiKeys.query()\
634 .filter(UserApiKeys.user_id == self.user_id)\
635 .filter(or_(UserApiKeys.expires == -1,
636 UserApiKeys.expires >= time.time()))\
637 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
638 if user_auth_token:
639 user_auth_token = user_auth_token.api_key
640
641 return user_auth_token
642
643 @api_key.setter
644 def api_key(self, val):
645 # don't allow to set API key this is deprecated for now
646 self._api_key = None
647
648 @property
649 def reviewer_pull_requests(self):
650 return PullRequestReviewers.query() \
651 .options(joinedload(PullRequestReviewers.pull_request)) \
652 .filter(PullRequestReviewers.user_id == self.user_id) \
653 .all()
654
655 @property
656 def firstname(self):
657 # alias for future
658 return self.name
659
660 @property
661 def emails(self):
662 other = UserEmailMap.query()\
663 .filter(UserEmailMap.user == self) \
664 .order_by(UserEmailMap.email_id.asc()) \
665 .all()
666 return [self.email] + [x.email for x in other]
667
668 @property
669 def auth_tokens(self):
670 auth_tokens = self.get_auth_tokens()
671 return [x.api_key for x in auth_tokens]
672
673 def get_auth_tokens(self):
674 return UserApiKeys.query()\
675 .filter(UserApiKeys.user == self)\
676 .order_by(UserApiKeys.user_api_key_id.asc())\
677 .all()
678
679 @LazyProperty
680 def feed_token(self):
681 return self.get_feed_token()
682
683 def get_feed_token(self, cache=True):
684 feed_tokens = UserApiKeys.query()\
685 .filter(UserApiKeys.user == self)\
686 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)
687 if cache:
688 feed_tokens = feed_tokens.options(
689 FromCache("long_term", "get_user_feed_token_%s" % self.user_id))
690
691 feed_tokens = feed_tokens.all()
692 if feed_tokens:
693 return feed_tokens[0].api_key
694 return 'NO_FEED_TOKEN_AVAILABLE'
695
696 @classmethod
697 def get(cls, user_id, cache=False):
698 if not user_id:
699 return
700
701 user = cls.query()
702 if cache:
703 user = user.options(
704 FromCache("sql_cache_short", "get_users_%s" % user_id))
705 return user.get(user_id)
706
707 @classmethod
708 def extra_valid_auth_tokens(cls, user, role=None):
709 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
710 .filter(or_(UserApiKeys.expires == -1,
711 UserApiKeys.expires >= time.time()))
712 if role:
713 tokens = tokens.filter(or_(UserApiKeys.role == role,
714 UserApiKeys.role == UserApiKeys.ROLE_ALL))
715 return tokens.all()
716
717 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
718 from rhodecode.lib import auth
719
720 log.debug('Trying to authenticate user: %s via auth-token, '
721 'and roles: %s', self, roles)
722
723 if not auth_token:
724 return False
725
726 crypto_backend = auth.crypto_backend()
727
728 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
729 tokens_q = UserApiKeys.query()\
730 .filter(UserApiKeys.user_id == self.user_id)\
731 .filter(or_(UserApiKeys.expires == -1,
732 UserApiKeys.expires >= time.time()))
733
734 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
735
736 plain_tokens = []
737 hash_tokens = []
738
739 for token in tokens_q.all():
740 # verify scope first
741 if token.repo_id:
742 # token has a scope, we need to verify it
743 if scope_repo_id != token.repo_id:
744 log.debug(
745 'Scope mismatch: token has a set repo scope: %s, '
746 'and calling scope is:%s, skipping further checks',
747 token.repo, scope_repo_id)
748 # token has a scope, and it doesn't match, skip token
749 continue
750
751 if token.api_key.startswith(crypto_backend.ENC_PREF):
752 hash_tokens.append(token.api_key)
753 else:
754 plain_tokens.append(token.api_key)
755
756 is_plain_match = auth_token in plain_tokens
757 if is_plain_match:
758 return True
759
760 for hashed in hash_tokens:
761 # TODO(marcink): this is expensive to calculate, but most secure
762 match = crypto_backend.hash_check(auth_token, hashed)
763 if match:
764 return True
765
766 return False
767
768 @property
769 def ip_addresses(self):
770 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
771 return [x.ip_addr for x in ret]
772
773 @property
774 def username_and_name(self):
775 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
776
777 @property
778 def username_or_name_or_email(self):
779 full_name = self.full_name if self.full_name is not ' ' else None
780 return self.username or full_name or self.email
781
782 @property
783 def full_name(self):
784 return '%s %s' % (self.first_name, self.last_name)
785
786 @property
787 def full_name_or_username(self):
788 return ('%s %s' % (self.first_name, self.last_name)
789 if (self.first_name and self.last_name) else self.username)
790
791 @property
792 def full_contact(self):
793 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
794
795 @property
796 def short_contact(self):
797 return '%s %s' % (self.first_name, self.last_name)
798
799 @property
800 def is_admin(self):
801 return self.admin
802
803 def AuthUser(self, **kwargs):
804 """
805 Returns instance of AuthUser for this user
806 """
807 from rhodecode.lib.auth import AuthUser
808 return AuthUser(user_id=self.user_id, username=self.username, **kwargs)
809
810 @hybrid_property
811 def user_data(self):
812 if not self._user_data:
813 return {}
814
815 try:
816 return json.loads(self._user_data)
817 except TypeError:
818 return {}
819
820 @user_data.setter
821 def user_data(self, val):
822 if not isinstance(val, dict):
823 raise Exception('user_data must be dict, got %s' % type(val))
824 try:
825 self._user_data = json.dumps(val)
826 except Exception:
827 log.error(traceback.format_exc())
828
829 @classmethod
830 def get_by_username(cls, username, case_insensitive=False,
831 cache=False, identity_cache=False):
832 session = Session()
833
834 if case_insensitive:
835 q = cls.query().filter(
836 func.lower(cls.username) == func.lower(username))
837 else:
838 q = cls.query().filter(cls.username == username)
839
840 if cache:
841 if identity_cache:
842 val = cls.identity_cache(session, 'username', username)
843 if val:
844 return val
845 else:
846 cache_key = "get_user_by_name_%s" % _hash_key(username)
847 q = q.options(
848 FromCache("sql_cache_short", cache_key))
849
850 return q.scalar()
851
852 @classmethod
853 def get_by_auth_token(cls, auth_token, cache=False):
854 q = UserApiKeys.query()\
855 .filter(UserApiKeys.api_key == auth_token)\
856 .filter(or_(UserApiKeys.expires == -1,
857 UserApiKeys.expires >= time.time()))
858 if cache:
859 q = q.options(
860 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
861
862 match = q.first()
863 if match:
864 return match.user
865
866 @classmethod
867 def get_by_email(cls, email, case_insensitive=False, cache=False):
868
869 if case_insensitive:
870 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
871
872 else:
873 q = cls.query().filter(cls.email == email)
874
875 email_key = _hash_key(email)
876 if cache:
877 q = q.options(
878 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
879
880 ret = q.scalar()
881 if ret is None:
882 q = UserEmailMap.query()
883 # try fetching in alternate email map
884 if case_insensitive:
885 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
886 else:
887 q = q.filter(UserEmailMap.email == email)
888 q = q.options(joinedload(UserEmailMap.user))
889 if cache:
890 q = q.options(
891 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
892 ret = getattr(q.scalar(), 'user', None)
893
894 return ret
895
896 @classmethod
897 def get_from_cs_author(cls, author):
898 """
899 Tries to get User objects out of commit author string
900
901 :param author:
902 """
903 from rhodecode.lib.helpers import email, author_name
904 # Valid email in the attribute passed, see if they're in the system
905 _email = email(author)
906 if _email:
907 user = cls.get_by_email(_email, case_insensitive=True)
908 if user:
909 return user
910 # Maybe we can match by username?
911 _author = author_name(author)
912 user = cls.get_by_username(_author, case_insensitive=True)
913 if user:
914 return user
915
916 def update_userdata(self, **kwargs):
917 usr = self
918 old = usr.user_data
919 old.update(**kwargs)
920 usr.user_data = old
921 Session().add(usr)
922 log.debug('updated userdata with ', kwargs)
923
924 def update_lastlogin(self):
925 """Update user lastlogin"""
926 self.last_login = datetime.datetime.now()
927 Session().add(self)
928 log.debug('updated user %s lastlogin', self.username)
929
930 def update_lastactivity(self):
931 """Update user lastactivity"""
932 self.last_activity = datetime.datetime.now()
933 Session().add(self)
934 log.debug('updated user `%s` last activity', self.username)
935
936 def update_password(self, new_password):
937 from rhodecode.lib.auth import get_crypt_password
938
939 self.password = get_crypt_password(new_password)
940 Session().add(self)
941
942 @classmethod
943 def get_first_super_admin(cls):
944 user = User.query().filter(User.admin == true()).first()
945 if user is None:
946 raise Exception('FATAL: Missing administrative account!')
947 return user
948
949 @classmethod
950 def get_all_super_admins(cls):
951 """
952 Returns all admin accounts sorted by username
953 """
954 return User.query().filter(User.admin == true())\
955 .order_by(User.username.asc()).all()
956
957 @classmethod
958 def get_default_user(cls, cache=False, refresh=False):
959 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
960 if user is None:
961 raise Exception('FATAL: Missing default account!')
962 if refresh:
963 # The default user might be based on outdated state which
964 # has been loaded from the cache.
965 # A call to refresh() ensures that the
966 # latest state from the database is used.
967 Session().refresh(user)
968 return user
969
970 def _get_default_perms(self, user, suffix=''):
971 from rhodecode.model.permission import PermissionModel
972 return PermissionModel().get_default_perms(user.user_perms, suffix)
973
974 def get_default_perms(self, suffix=''):
975 return self._get_default_perms(self, suffix)
976
977 def get_api_data(self, include_secrets=False, details='full'):
978 """
979 Common function for generating user related data for API
980
981 :param include_secrets: By default secrets in the API data will be replaced
982 by a placeholder value to prevent exposing this data by accident. In case
983 this data shall be exposed, set this flag to ``True``.
984
985 :param details: details can be 'basic|full' basic gives only a subset of
986 the available user information that includes user_id, name and emails.
987 """
988 user = self
989 user_data = self.user_data
990 data = {
991 'user_id': user.user_id,
992 'username': user.username,
993 'firstname': user.name,
994 'lastname': user.lastname,
995 'email': user.email,
996 'emails': user.emails,
997 }
998 if details == 'basic':
999 return data
1000
1001 auth_token_length = 40
1002 auth_token_replacement = '*' * auth_token_length
1003
1004 extras = {
1005 'auth_tokens': [auth_token_replacement],
1006 'active': user.active,
1007 'admin': user.admin,
1008 'extern_type': user.extern_type,
1009 'extern_name': user.extern_name,
1010 'last_login': user.last_login,
1011 'last_activity': user.last_activity,
1012 'ip_addresses': user.ip_addresses,
1013 'language': user_data.get('language')
1014 }
1015 data.update(extras)
1016
1017 if include_secrets:
1018 data['auth_tokens'] = user.auth_tokens
1019 return data
1020
1021 def __json__(self):
1022 data = {
1023 'full_name': self.full_name,
1024 'full_name_or_username': self.full_name_or_username,
1025 'short_contact': self.short_contact,
1026 'full_contact': self.full_contact,
1027 }
1028 data.update(self.get_api_data())
1029 return data
1030
1031
1032 class UserApiKeys(Base, BaseModel):
1033 __tablename__ = 'user_api_keys'
1034 __table_args__ = (
1035 Index('uak_api_key_idx', 'api_key', unique=True),
1036 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
1037 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1038 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1039 )
1040 __mapper_args__ = {}
1041
1042 # ApiKey role
1043 ROLE_ALL = 'token_role_all'
1044 ROLE_HTTP = 'token_role_http'
1045 ROLE_VCS = 'token_role_vcs'
1046 ROLE_API = 'token_role_api'
1047 ROLE_FEED = 'token_role_feed'
1048 ROLE_PASSWORD_RESET = 'token_password_reset'
1049
1050 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
1051
1052 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1053 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1054 api_key = Column("api_key", String(255), nullable=False, unique=True)
1055 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1056 expires = Column('expires', Float(53), nullable=False)
1057 role = Column('role', String(255), nullable=True)
1058 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1059
1060 # scope columns
1061 repo_id = Column(
1062 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1063 nullable=True, unique=None, default=None)
1064 repo = relationship('Repository', lazy='joined')
1065
1066 repo_group_id = Column(
1067 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1068 nullable=True, unique=None, default=None)
1069 repo_group = relationship('RepoGroup', lazy='joined')
1070
1071 user = relationship('User', lazy='joined')
1072
1073 def __unicode__(self):
1074 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1075
1076 def __json__(self):
1077 data = {
1078 'auth_token': self.api_key,
1079 'role': self.role,
1080 'scope': self.scope_humanized,
1081 'expired': self.expired
1082 }
1083 return data
1084
1085 def get_api_data(self, include_secrets=False):
1086 data = self.__json__()
1087 if include_secrets:
1088 return data
1089 else:
1090 data['auth_token'] = self.token_obfuscated
1091 return data
1092
1093 @hybrid_property
1094 def description_safe(self):
1095 from rhodecode.lib import helpers as h
1096 return h.escape(self.description)
1097
1098 @property
1099 def expired(self):
1100 if self.expires == -1:
1101 return False
1102 return time.time() > self.expires
1103
1104 @classmethod
1105 def _get_role_name(cls, role):
1106 return {
1107 cls.ROLE_ALL: _('all'),
1108 cls.ROLE_HTTP: _('http/web interface'),
1109 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1110 cls.ROLE_API: _('api calls'),
1111 cls.ROLE_FEED: _('feed access'),
1112 }.get(role, role)
1113
1114 @property
1115 def role_humanized(self):
1116 return self._get_role_name(self.role)
1117
1118 def _get_scope(self):
1119 if self.repo:
1120 return repr(self.repo)
1121 if self.repo_group:
1122 return repr(self.repo_group) + ' (recursive)'
1123 return 'global'
1124
1125 @property
1126 def scope_humanized(self):
1127 return self._get_scope()
1128
1129 @property
1130 def token_obfuscated(self):
1131 if self.api_key:
1132 return self.api_key[:4] + "****"
1133
1134
1135 class UserEmailMap(Base, BaseModel):
1136 __tablename__ = 'user_email_map'
1137 __table_args__ = (
1138 Index('uem_email_idx', 'email'),
1139 UniqueConstraint('email'),
1140 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1141 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1142 )
1143 __mapper_args__ = {}
1144
1145 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1146 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1147 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1148 user = relationship('User', lazy='joined')
1149
1150 @validates('_email')
1151 def validate_email(self, key, email):
1152 # check if this email is not main one
1153 main_email = Session().query(User).filter(User.email == email).scalar()
1154 if main_email is not None:
1155 raise AttributeError('email %s is present is user table' % email)
1156 return email
1157
1158 @hybrid_property
1159 def email(self):
1160 return self._email
1161
1162 @email.setter
1163 def email(self, val):
1164 self._email = val.lower() if val else None
1165
1166
1167 class UserIpMap(Base, BaseModel):
1168 __tablename__ = 'user_ip_map'
1169 __table_args__ = (
1170 UniqueConstraint('user_id', 'ip_addr'),
1171 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1172 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1173 )
1174 __mapper_args__ = {}
1175
1176 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1177 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1178 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1179 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1180 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1181 user = relationship('User', lazy='joined')
1182
1183 @hybrid_property
1184 def description_safe(self):
1185 from rhodecode.lib import helpers as h
1186 return h.escape(self.description)
1187
1188 @classmethod
1189 def _get_ip_range(cls, ip_addr):
1190 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1191 return [str(net.network_address), str(net.broadcast_address)]
1192
1193 def __json__(self):
1194 return {
1195 'ip_addr': self.ip_addr,
1196 'ip_range': self._get_ip_range(self.ip_addr),
1197 }
1198
1199 def __unicode__(self):
1200 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1201 self.user_id, self.ip_addr)
1202
1203
1204 class UserSshKeys(Base, BaseModel):
1205 __tablename__ = 'user_ssh_keys'
1206 __table_args__ = (
1207 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1208
1209 UniqueConstraint('ssh_key_fingerprint'),
1210
1211 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1212 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1213 )
1214 __mapper_args__ = {}
1215
1216 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1217 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1218 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(255), nullable=False, unique=None, default=None)
1219
1220 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1221
1222 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1223 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1224 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1225
1226 user = relationship('User', lazy='joined')
1227
1228 def __json__(self):
1229 data = {
1230 'ssh_fingerprint': self.ssh_key_fingerprint,
1231 'description': self.description,
1232 'created_on': self.created_on
1233 }
1234 return data
1235
1236 def get_api_data(self):
1237 data = self.__json__()
1238 return data
1239
1240
1241 class UserLog(Base, BaseModel):
1242 __tablename__ = 'user_logs'
1243 __table_args__ = (
1244 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1245 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1246 )
1247 VERSION_1 = 'v1'
1248 VERSION_2 = 'v2'
1249 VERSIONS = [VERSION_1, VERSION_2]
1250
1251 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1252 user_id = Column("user_id", Integer(), ForeignKey('users.user_id',ondelete='SET NULL'), nullable=True, unique=None, default=None)
1253 username = Column("username", String(255), nullable=True, unique=None, default=None)
1254 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id', ondelete='SET NULL'), nullable=True, unique=None, default=None)
1255 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1256 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1257 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1258 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1259
1260 version = Column("version", String(255), nullable=True, default=VERSION_1)
1261 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1262 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1263
1264 def __unicode__(self):
1265 return u"<%s('id:%s:%s')>" % (
1266 self.__class__.__name__, self.repository_name, self.action)
1267
1268 def __json__(self):
1269 return {
1270 'user_id': self.user_id,
1271 'username': self.username,
1272 'repository_id': self.repository_id,
1273 'repository_name': self.repository_name,
1274 'user_ip': self.user_ip,
1275 'action_date': self.action_date,
1276 'action': self.action,
1277 }
1278
1279 @hybrid_property
1280 def entry_id(self):
1281 return self.user_log_id
1282
1283 @property
1284 def action_as_day(self):
1285 return datetime.date(*self.action_date.timetuple()[:3])
1286
1287 user = relationship('User')
1288 repository = relationship('Repository', cascade='')
1289
1290
1291 class UserGroup(Base, BaseModel):
1292 __tablename__ = 'users_groups'
1293 __table_args__ = (
1294 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1295 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1296 )
1297
1298 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1299 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1300 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1301 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1302 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1303 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1304 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1305 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1306
1307 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1308 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1309 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1310 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1311 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1312 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1313
1314 user_group_review_rules = relationship('RepoReviewRuleUserGroup', cascade='all')
1315 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1316
1317 @classmethod
1318 def _load_group_data(cls, column):
1319 if not column:
1320 return {}
1321
1322 try:
1323 return json.loads(column) or {}
1324 except TypeError:
1325 return {}
1326
1327 @hybrid_property
1328 def description_safe(self):
1329 from rhodecode.lib import helpers as h
1330 return h.escape(self.user_group_description)
1331
1332 @hybrid_property
1333 def group_data(self):
1334 return self._load_group_data(self._group_data)
1335
1336 @group_data.expression
1337 def group_data(self, **kwargs):
1338 return self._group_data
1339
1340 @group_data.setter
1341 def group_data(self, val):
1342 try:
1343 self._group_data = json.dumps(val)
1344 except Exception:
1345 log.error(traceback.format_exc())
1346
1347 @classmethod
1348 def _load_sync(cls, group_data):
1349 if group_data:
1350 return group_data.get('extern_type')
1351
1352 @property
1353 def sync(self):
1354 return self._load_sync(self.group_data)
1355
1356 def __unicode__(self):
1357 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1358 self.users_group_id,
1359 self.users_group_name)
1360
1361 @classmethod
1362 def get_by_group_name(cls, group_name, cache=False,
1363 case_insensitive=False):
1364 if case_insensitive:
1365 q = cls.query().filter(func.lower(cls.users_group_name) ==
1366 func.lower(group_name))
1367
1368 else:
1369 q = cls.query().filter(cls.users_group_name == group_name)
1370 if cache:
1371 q = q.options(
1372 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1373 return q.scalar()
1374
1375 @classmethod
1376 def get(cls, user_group_id, cache=False):
1377 if not user_group_id:
1378 return
1379
1380 user_group = cls.query()
1381 if cache:
1382 user_group = user_group.options(
1383 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1384 return user_group.get(user_group_id)
1385
1386 def permissions(self, with_admins=True, with_owner=True):
1387 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1388 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1389 joinedload(UserUserGroupToPerm.user),
1390 joinedload(UserUserGroupToPerm.permission),)
1391
1392 # get owners and admins and permissions. We do a trick of re-writing
1393 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1394 # has a global reference and changing one object propagates to all
1395 # others. This means if admin is also an owner admin_row that change
1396 # would propagate to both objects
1397 perm_rows = []
1398 for _usr in q.all():
1399 usr = AttributeDict(_usr.user.get_dict())
1400 usr.permission = _usr.permission.permission_name
1401 perm_rows.append(usr)
1402
1403 # filter the perm rows by 'default' first and then sort them by
1404 # admin,write,read,none permissions sorted again alphabetically in
1405 # each group
1406 perm_rows = sorted(perm_rows, key=display_user_sort)
1407
1408 _admin_perm = 'usergroup.admin'
1409 owner_row = []
1410 if with_owner:
1411 usr = AttributeDict(self.user.get_dict())
1412 usr.owner_row = True
1413 usr.permission = _admin_perm
1414 owner_row.append(usr)
1415
1416 super_admin_rows = []
1417 if with_admins:
1418 for usr in User.get_all_super_admins():
1419 # if this admin is also owner, don't double the record
1420 if usr.user_id == owner_row[0].user_id:
1421 owner_row[0].admin_row = True
1422 else:
1423 usr = AttributeDict(usr.get_dict())
1424 usr.admin_row = True
1425 usr.permission = _admin_perm
1426 super_admin_rows.append(usr)
1427
1428 return super_admin_rows + owner_row + perm_rows
1429
1430 def permission_user_groups(self):
1431 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1432 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1433 joinedload(UserGroupUserGroupToPerm.target_user_group),
1434 joinedload(UserGroupUserGroupToPerm.permission),)
1435
1436 perm_rows = []
1437 for _user_group in q.all():
1438 usr = AttributeDict(_user_group.user_group.get_dict())
1439 usr.permission = _user_group.permission.permission_name
1440 perm_rows.append(usr)
1441
1442 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1443 return perm_rows
1444
1445 def _get_default_perms(self, user_group, suffix=''):
1446 from rhodecode.model.permission import PermissionModel
1447 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1448
1449 def get_default_perms(self, suffix=''):
1450 return self._get_default_perms(self, suffix)
1451
1452 def get_api_data(self, with_group_members=True, include_secrets=False):
1453 """
1454 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1455 basically forwarded.
1456
1457 """
1458 user_group = self
1459 data = {
1460 'users_group_id': user_group.users_group_id,
1461 'group_name': user_group.users_group_name,
1462 'group_description': user_group.user_group_description,
1463 'active': user_group.users_group_active,
1464 'owner': user_group.user.username,
1465 'sync': user_group.sync,
1466 'owner_email': user_group.user.email,
1467 }
1468
1469 if with_group_members:
1470 users = []
1471 for user in user_group.members:
1472 user = user.user
1473 users.append(user.get_api_data(include_secrets=include_secrets))
1474 data['users'] = users
1475
1476 return data
1477
1478
1479 class UserGroupMember(Base, BaseModel):
1480 __tablename__ = 'users_groups_members'
1481 __table_args__ = (
1482 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1483 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1484 )
1485
1486 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1487 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1488 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1489
1490 user = relationship('User', lazy='joined')
1491 users_group = relationship('UserGroup')
1492
1493 def __init__(self, gr_id='', u_id=''):
1494 self.users_group_id = gr_id
1495 self.user_id = u_id
1496
1497
1498 class RepositoryField(Base, BaseModel):
1499 __tablename__ = 'repositories_fields'
1500 __table_args__ = (
1501 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1502 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1503 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1504 )
1505 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1506
1507 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1508 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1509 field_key = Column("field_key", String(250))
1510 field_label = Column("field_label", String(1024), nullable=False)
1511 field_value = Column("field_value", String(10000), nullable=False)
1512 field_desc = Column("field_desc", String(1024), nullable=False)
1513 field_type = Column("field_type", String(255), nullable=False, unique=None)
1514 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1515
1516 repository = relationship('Repository')
1517
1518 @property
1519 def field_key_prefixed(self):
1520 return 'ex_%s' % self.field_key
1521
1522 @classmethod
1523 def un_prefix_key(cls, key):
1524 if key.startswith(cls.PREFIX):
1525 return key[len(cls.PREFIX):]
1526 return key
1527
1528 @classmethod
1529 def get_by_key_name(cls, key, repo):
1530 row = cls.query()\
1531 .filter(cls.repository == repo)\
1532 .filter(cls.field_key == key).scalar()
1533 return row
1534
1535
1536 class Repository(Base, BaseModel):
1537 __tablename__ = 'repositories'
1538 __table_args__ = (
1539 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1540 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1541 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1542 )
1543 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1544 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1545 DEFAULT_CLONE_URI_SSH = 'ssh://{sys_user}@{hostname}/{repo}'
1546
1547 STATE_CREATED = 'repo_state_created'
1548 STATE_PENDING = 'repo_state_pending'
1549 STATE_ERROR = 'repo_state_error'
1550
1551 LOCK_AUTOMATIC = 'lock_auto'
1552 LOCK_API = 'lock_api'
1553 LOCK_WEB = 'lock_web'
1554 LOCK_PULL = 'lock_pull'
1555
1556 NAME_SEP = URL_SEP
1557
1558 repo_id = Column(
1559 "repo_id", Integer(), nullable=False, unique=True, default=None,
1560 primary_key=True)
1561 _repo_name = Column(
1562 "repo_name", Text(), nullable=False, default=None)
1563 _repo_name_hash = Column(
1564 "repo_name_hash", String(255), nullable=False, unique=True)
1565 repo_state = Column("repo_state", String(255), nullable=True)
1566
1567 clone_uri = Column(
1568 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1569 default=None)
1570 push_uri = Column(
1571 "push_uri", EncryptedTextValue(), nullable=True, unique=False,
1572 default=None)
1573 repo_type = Column(
1574 "repo_type", String(255), nullable=False, unique=False, default=None)
1575 user_id = Column(
1576 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1577 unique=False, default=None)
1578 private = Column(
1579 "private", Boolean(), nullable=True, unique=None, default=None)
1580 enable_statistics = Column(
1581 "statistics", Boolean(), nullable=True, unique=None, default=True)
1582 enable_downloads = Column(
1583 "downloads", Boolean(), nullable=True, unique=None, default=True)
1584 description = Column(
1585 "description", String(10000), nullable=True, unique=None, default=None)
1586 created_on = Column(
1587 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1588 default=datetime.datetime.now)
1589 updated_on = Column(
1590 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1591 default=datetime.datetime.now)
1592 _landing_revision = Column(
1593 "landing_revision", String(255), nullable=False, unique=False,
1594 default=None)
1595 enable_locking = Column(
1596 "enable_locking", Boolean(), nullable=False, unique=None,
1597 default=False)
1598 _locked = Column(
1599 "locked", String(255), nullable=True, unique=False, default=None)
1600 _changeset_cache = Column(
1601 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1602
1603 fork_id = Column(
1604 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1605 nullable=True, unique=False, default=None)
1606 group_id = Column(
1607 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1608 unique=False, default=None)
1609
1610 user = relationship('User', lazy='joined')
1611 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1612 group = relationship('RepoGroup', lazy='joined')
1613 repo_to_perm = relationship(
1614 'UserRepoToPerm', cascade='all',
1615 order_by='UserRepoToPerm.repo_to_perm_id')
1616 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1617 stats = relationship('Statistics', cascade='all', uselist=False)
1618
1619 followers = relationship(
1620 'UserFollowing',
1621 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1622 cascade='all')
1623 extra_fields = relationship(
1624 'RepositoryField', cascade="all, delete, delete-orphan")
1625 logs = relationship('UserLog')
1626 comments = relationship(
1627 'ChangesetComment', cascade="all, delete, delete-orphan")
1628 pull_requests_source = relationship(
1629 'PullRequest',
1630 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1631 cascade="all, delete, delete-orphan")
1632 pull_requests_target = relationship(
1633 'PullRequest',
1634 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1635 cascade="all, delete, delete-orphan")
1636 ui = relationship('RepoRhodeCodeUi', cascade="all")
1637 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1638 integrations = relationship('Integration',
1639 cascade="all, delete, delete-orphan")
1640
1641 scoped_tokens = relationship('UserApiKeys', cascade="all")
1642
1643 def __unicode__(self):
1644 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1645 safe_unicode(self.repo_name))
1646
1647 @hybrid_property
1648 def description_safe(self):
1649 from rhodecode.lib import helpers as h
1650 return h.escape(self.description)
1651
1652 @hybrid_property
1653 def landing_rev(self):
1654 # always should return [rev_type, rev]
1655 if self._landing_revision:
1656 _rev_info = self._landing_revision.split(':')
1657 if len(_rev_info) < 2:
1658 _rev_info.insert(0, 'rev')
1659 return [_rev_info[0], _rev_info[1]]
1660 return [None, None]
1661
1662 @landing_rev.setter
1663 def landing_rev(self, val):
1664 if ':' not in val:
1665 raise ValueError('value must be delimited with `:` and consist '
1666 'of <rev_type>:<rev>, got %s instead' % val)
1667 self._landing_revision = val
1668
1669 @hybrid_property
1670 def locked(self):
1671 if self._locked:
1672 user_id, timelocked, reason = self._locked.split(':')
1673 lock_values = int(user_id), timelocked, reason
1674 else:
1675 lock_values = [None, None, None]
1676 return lock_values
1677
1678 @locked.setter
1679 def locked(self, val):
1680 if val and isinstance(val, (list, tuple)):
1681 self._locked = ':'.join(map(str, val))
1682 else:
1683 self._locked = None
1684
1685 @hybrid_property
1686 def changeset_cache(self):
1687 from rhodecode.lib.vcs.backends.base import EmptyCommit
1688 dummy = EmptyCommit().__json__()
1689 if not self._changeset_cache:
1690 return dummy
1691 try:
1692 return json.loads(self._changeset_cache)
1693 except TypeError:
1694 return dummy
1695 except Exception:
1696 log.error(traceback.format_exc())
1697 return dummy
1698
1699 @changeset_cache.setter
1700 def changeset_cache(self, val):
1701 try:
1702 self._changeset_cache = json.dumps(val)
1703 except Exception:
1704 log.error(traceback.format_exc())
1705
1706 @hybrid_property
1707 def repo_name(self):
1708 return self._repo_name
1709
1710 @repo_name.setter
1711 def repo_name(self, value):
1712 self._repo_name = value
1713 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1714
1715 @classmethod
1716 def normalize_repo_name(cls, repo_name):
1717 """
1718 Normalizes os specific repo_name to the format internally stored inside
1719 database using URL_SEP
1720
1721 :param cls:
1722 :param repo_name:
1723 """
1724 return cls.NAME_SEP.join(repo_name.split(os.sep))
1725
1726 @classmethod
1727 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1728 session = Session()
1729 q = session.query(cls).filter(cls.repo_name == repo_name)
1730
1731 if cache:
1732 if identity_cache:
1733 val = cls.identity_cache(session, 'repo_name', repo_name)
1734 if val:
1735 return val
1736 else:
1737 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1738 q = q.options(
1739 FromCache("sql_cache_short", cache_key))
1740
1741 return q.scalar()
1742
1743 @classmethod
1744 def get_by_id_or_repo_name(cls, repoid):
1745 if isinstance(repoid, (int, long)):
1746 try:
1747 repo = cls.get(repoid)
1748 except ValueError:
1749 repo = None
1750 else:
1751 repo = cls.get_by_repo_name(repoid)
1752 return repo
1753
1754 @classmethod
1755 def get_by_full_path(cls, repo_full_path):
1756 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1757 repo_name = cls.normalize_repo_name(repo_name)
1758 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1759
1760 @classmethod
1761 def get_repo_forks(cls, repo_id):
1762 return cls.query().filter(Repository.fork_id == repo_id)
1763
1764 @classmethod
1765 def base_path(cls):
1766 """
1767 Returns base path when all repos are stored
1768
1769 :param cls:
1770 """
1771 q = Session().query(RhodeCodeUi)\
1772 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1773 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1774 return q.one().ui_value
1775
1776 @classmethod
1777 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1778 case_insensitive=True):
1779 q = Repository.query()
1780
1781 if not isinstance(user_id, Optional):
1782 q = q.filter(Repository.user_id == user_id)
1783
1784 if not isinstance(group_id, Optional):
1785 q = q.filter(Repository.group_id == group_id)
1786
1787 if case_insensitive:
1788 q = q.order_by(func.lower(Repository.repo_name))
1789 else:
1790 q = q.order_by(Repository.repo_name)
1791 return q.all()
1792
1793 @property
1794 def forks(self):
1795 """
1796 Return forks of this repo
1797 """
1798 return Repository.get_repo_forks(self.repo_id)
1799
1800 @property
1801 def parent(self):
1802 """
1803 Returns fork parent
1804 """
1805 return self.fork
1806
1807 @property
1808 def just_name(self):
1809 return self.repo_name.split(self.NAME_SEP)[-1]
1810
1811 @property
1812 def groups_with_parents(self):
1813 groups = []
1814 if self.group is None:
1815 return groups
1816
1817 cur_gr = self.group
1818 groups.insert(0, cur_gr)
1819 while 1:
1820 gr = getattr(cur_gr, 'parent_group', None)
1821 cur_gr = cur_gr.parent_group
1822 if gr is None:
1823 break
1824 groups.insert(0, gr)
1825
1826 return groups
1827
1828 @property
1829 def groups_and_repo(self):
1830 return self.groups_with_parents, self
1831
1832 @LazyProperty
1833 def repo_path(self):
1834 """
1835 Returns base full path for that repository means where it actually
1836 exists on a filesystem
1837 """
1838 q = Session().query(RhodeCodeUi).filter(
1839 RhodeCodeUi.ui_key == self.NAME_SEP)
1840 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1841 return q.one().ui_value
1842
1843 @property
1844 def repo_full_path(self):
1845 p = [self.repo_path]
1846 # we need to split the name by / since this is how we store the
1847 # names in the database, but that eventually needs to be converted
1848 # into a valid system path
1849 p += self.repo_name.split(self.NAME_SEP)
1850 return os.path.join(*map(safe_unicode, p))
1851
1852 @property
1853 def cache_keys(self):
1854 """
1855 Returns associated cache keys for that repo
1856 """
1857 return CacheKey.query()\
1858 .filter(CacheKey.cache_args == self.repo_name)\
1859 .order_by(CacheKey.cache_key)\
1860 .all()
1861
1862 @property
1863 def cached_diffs_relative_dir(self):
1864 """
1865 Return a relative to the repository store path of cached diffs
1866 used for safe display for users, who shouldn't know the absolute store
1867 path
1868 """
1869 return os.path.join(
1870 os.path.dirname(self.repo_name),
1871 self.cached_diffs_dir.split(os.path.sep)[-1])
1872
1873 @property
1874 def cached_diffs_dir(self):
1875 path = self.repo_full_path
1876 return os.path.join(
1877 os.path.dirname(path),
1878 '.__shadow_diff_cache_repo_{}'.format(self.repo_id))
1879
1880 def cached_diffs(self):
1881 diff_cache_dir = self.cached_diffs_dir
1882 if os.path.isdir(diff_cache_dir):
1883 return os.listdir(diff_cache_dir)
1884 return []
1885
1886 def get_new_name(self, repo_name):
1887 """
1888 returns new full repository name based on assigned group and new new
1889
1890 :param group_name:
1891 """
1892 path_prefix = self.group.full_path_splitted if self.group else []
1893 return self.NAME_SEP.join(path_prefix + [repo_name])
1894
1895 @property
1896 def _config(self):
1897 """
1898 Returns db based config object.
1899 """
1900 from rhodecode.lib.utils import make_db_config
1901 return make_db_config(clear_session=False, repo=self)
1902
1903 def permissions(self, with_admins=True, with_owner=True):
1904 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1905 q = q.options(joinedload(UserRepoToPerm.repository),
1906 joinedload(UserRepoToPerm.user),
1907 joinedload(UserRepoToPerm.permission),)
1908
1909 # get owners and admins and permissions. We do a trick of re-writing
1910 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1911 # has a global reference and changing one object propagates to all
1912 # others. This means if admin is also an owner admin_row that change
1913 # would propagate to both objects
1914 perm_rows = []
1915 for _usr in q.all():
1916 usr = AttributeDict(_usr.user.get_dict())
1917 usr.permission = _usr.permission.permission_name
1918 usr.permission_id = _usr.repo_to_perm_id
1919 perm_rows.append(usr)
1920
1921 # filter the perm rows by 'default' first and then sort them by
1922 # admin,write,read,none permissions sorted again alphabetically in
1923 # each group
1924 perm_rows = sorted(perm_rows, key=display_user_sort)
1925
1926 _admin_perm = 'repository.admin'
1927 owner_row = []
1928 if with_owner:
1929 usr = AttributeDict(self.user.get_dict())
1930 usr.owner_row = True
1931 usr.permission = _admin_perm
1932 usr.permission_id = None
1933 owner_row.append(usr)
1934
1935 super_admin_rows = []
1936 if with_admins:
1937 for usr in User.get_all_super_admins():
1938 # if this admin is also owner, don't double the record
1939 if usr.user_id == owner_row[0].user_id:
1940 owner_row[0].admin_row = True
1941 else:
1942 usr = AttributeDict(usr.get_dict())
1943 usr.admin_row = True
1944 usr.permission = _admin_perm
1945 usr.permission_id = None
1946 super_admin_rows.append(usr)
1947
1948 return super_admin_rows + owner_row + perm_rows
1949
1950 def permission_user_groups(self):
1951 q = UserGroupRepoToPerm.query().filter(
1952 UserGroupRepoToPerm.repository == self)
1953 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1954 joinedload(UserGroupRepoToPerm.users_group),
1955 joinedload(UserGroupRepoToPerm.permission),)
1956
1957 perm_rows = []
1958 for _user_group in q.all():
1959 usr = AttributeDict(_user_group.users_group.get_dict())
1960 usr.permission = _user_group.permission.permission_name
1961 perm_rows.append(usr)
1962
1963 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1964 return perm_rows
1965
1966 def get_api_data(self, include_secrets=False):
1967 """
1968 Common function for generating repo api data
1969
1970 :param include_secrets: See :meth:`User.get_api_data`.
1971
1972 """
1973 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1974 # move this methods on models level.
1975 from rhodecode.model.settings import SettingsModel
1976 from rhodecode.model.repo import RepoModel
1977
1978 repo = self
1979 _user_id, _time, _reason = self.locked
1980
1981 data = {
1982 'repo_id': repo.repo_id,
1983 'repo_name': repo.repo_name,
1984 'repo_type': repo.repo_type,
1985 'clone_uri': repo.clone_uri or '',
1986 'push_uri': repo.push_uri or '',
1987 'url': RepoModel().get_url(self),
1988 'private': repo.private,
1989 'created_on': repo.created_on,
1990 'description': repo.description_safe,
1991 'landing_rev': repo.landing_rev,
1992 'owner': repo.user.username,
1993 'fork_of': repo.fork.repo_name if repo.fork else None,
1994 'fork_of_id': repo.fork.repo_id if repo.fork else None,
1995 'enable_statistics': repo.enable_statistics,
1996 'enable_locking': repo.enable_locking,
1997 'enable_downloads': repo.enable_downloads,
1998 'last_changeset': repo.changeset_cache,
1999 'locked_by': User.get(_user_id).get_api_data(
2000 include_secrets=include_secrets) if _user_id else None,
2001 'locked_date': time_to_datetime(_time) if _time else None,
2002 'lock_reason': _reason if _reason else None,
2003 }
2004
2005 # TODO: mikhail: should be per-repo settings here
2006 rc_config = SettingsModel().get_all_settings()
2007 repository_fields = str2bool(
2008 rc_config.get('rhodecode_repository_fields'))
2009 if repository_fields:
2010 for f in self.extra_fields:
2011 data[f.field_key_prefixed] = f.field_value
2012
2013 return data
2014
2015 @classmethod
2016 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
2017 if not lock_time:
2018 lock_time = time.time()
2019 if not lock_reason:
2020 lock_reason = cls.LOCK_AUTOMATIC
2021 repo.locked = [user_id, lock_time, lock_reason]
2022 Session().add(repo)
2023 Session().commit()
2024
2025 @classmethod
2026 def unlock(cls, repo):
2027 repo.locked = None
2028 Session().add(repo)
2029 Session().commit()
2030
2031 @classmethod
2032 def getlock(cls, repo):
2033 return repo.locked
2034
2035 def is_user_lock(self, user_id):
2036 if self.lock[0]:
2037 lock_user_id = safe_int(self.lock[0])
2038 user_id = safe_int(user_id)
2039 # both are ints, and they are equal
2040 return all([lock_user_id, user_id]) and lock_user_id == user_id
2041
2042 return False
2043
2044 def get_locking_state(self, action, user_id, only_when_enabled=True):
2045 """
2046 Checks locking on this repository, if locking is enabled and lock is
2047 present returns a tuple of make_lock, locked, locked_by.
2048 make_lock can have 3 states None (do nothing) True, make lock
2049 False release lock, This value is later propagated to hooks, which
2050 do the locking. Think about this as signals passed to hooks what to do.
2051
2052 """
2053 # TODO: johbo: This is part of the business logic and should be moved
2054 # into the RepositoryModel.
2055
2056 if action not in ('push', 'pull'):
2057 raise ValueError("Invalid action value: %s" % repr(action))
2058
2059 # defines if locked error should be thrown to user
2060 currently_locked = False
2061 # defines if new lock should be made, tri-state
2062 make_lock = None
2063 repo = self
2064 user = User.get(user_id)
2065
2066 lock_info = repo.locked
2067
2068 if repo and (repo.enable_locking or not only_when_enabled):
2069 if action == 'push':
2070 # check if it's already locked !, if it is compare users
2071 locked_by_user_id = lock_info[0]
2072 if user.user_id == locked_by_user_id:
2073 log.debug(
2074 'Got `push` action from user %s, now unlocking', user)
2075 # unlock if we have push from user who locked
2076 make_lock = False
2077 else:
2078 # we're not the same user who locked, ban with
2079 # code defined in settings (default is 423 HTTP Locked) !
2080 log.debug('Repo %s is currently locked by %s', repo, user)
2081 currently_locked = True
2082 elif action == 'pull':
2083 # [0] user [1] date
2084 if lock_info[0] and lock_info[1]:
2085 log.debug('Repo %s is currently locked by %s', repo, user)
2086 currently_locked = True
2087 else:
2088 log.debug('Setting lock on repo %s by %s', repo, user)
2089 make_lock = True
2090
2091 else:
2092 log.debug('Repository %s do not have locking enabled', repo)
2093
2094 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
2095 make_lock, currently_locked, lock_info)
2096
2097 from rhodecode.lib.auth import HasRepoPermissionAny
2098 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
2099 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
2100 # if we don't have at least write permission we cannot make a lock
2101 log.debug('lock state reset back to FALSE due to lack '
2102 'of at least read permission')
2103 make_lock = False
2104
2105 return make_lock, currently_locked, lock_info
2106
2107 @property
2108 def last_db_change(self):
2109 return self.updated_on
2110
2111 @property
2112 def clone_uri_hidden(self):
2113 clone_uri = self.clone_uri
2114 if clone_uri:
2115 import urlobject
2116 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2117 if url_obj.password:
2118 clone_uri = url_obj.with_password('*****')
2119 return clone_uri
2120
2121 @property
2122 def push_uri_hidden(self):
2123 push_uri = self.push_uri
2124 if push_uri:
2125 import urlobject
2126 url_obj = urlobject.URLObject(cleaned_uri(push_uri))
2127 if url_obj.password:
2128 push_uri = url_obj.with_password('*****')
2129 return push_uri
2130
2131 def clone_url(self, **override):
2132 from rhodecode.model.settings import SettingsModel
2133
2134 uri_tmpl = None
2135 if 'with_id' in override:
2136 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2137 del override['with_id']
2138
2139 if 'uri_tmpl' in override:
2140 uri_tmpl = override['uri_tmpl']
2141 del override['uri_tmpl']
2142
2143 ssh = False
2144 if 'ssh' in override:
2145 ssh = True
2146 del override['ssh']
2147
2148 # we didn't override our tmpl from **overrides
2149 if not uri_tmpl:
2150 rc_config = SettingsModel().get_all_settings(cache=True)
2151 if ssh:
2152 uri_tmpl = rc_config.get(
2153 'rhodecode_clone_uri_ssh_tmpl') or self.DEFAULT_CLONE_URI_SSH
2154 else:
2155 uri_tmpl = rc_config.get(
2156 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2157
2158 request = get_current_request()
2159 return get_clone_url(request=request,
2160 uri_tmpl=uri_tmpl,
2161 repo_name=self.repo_name,
2162 repo_id=self.repo_id, **override)
2163
2164 def set_state(self, state):
2165 self.repo_state = state
2166 Session().add(self)
2167 #==========================================================================
2168 # SCM PROPERTIES
2169 #==========================================================================
2170
2171 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2172 return get_commit_safe(
2173 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2174
2175 def get_changeset(self, rev=None, pre_load=None):
2176 warnings.warn("Use get_commit", DeprecationWarning)
2177 commit_id = None
2178 commit_idx = None
2179 if isinstance(rev, basestring):
2180 commit_id = rev
2181 else:
2182 commit_idx = rev
2183 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2184 pre_load=pre_load)
2185
2186 def get_landing_commit(self):
2187 """
2188 Returns landing commit, or if that doesn't exist returns the tip
2189 """
2190 _rev_type, _rev = self.landing_rev
2191 commit = self.get_commit(_rev)
2192 if isinstance(commit, EmptyCommit):
2193 return self.get_commit()
2194 return commit
2195
2196 def update_commit_cache(self, cs_cache=None, config=None):
2197 """
2198 Update cache of last changeset for repository, keys should be::
2199
2200 short_id
2201 raw_id
2202 revision
2203 parents
2204 message
2205 date
2206 author
2207
2208 :param cs_cache:
2209 """
2210 from rhodecode.lib.vcs.backends.base import BaseChangeset
2211 if cs_cache is None:
2212 # use no-cache version here
2213 scm_repo = self.scm_instance(cache=False, config=config)
2214 if scm_repo:
2215 cs_cache = scm_repo.get_commit(
2216 pre_load=["author", "date", "message", "parents"])
2217 else:
2218 cs_cache = EmptyCommit()
2219
2220 if isinstance(cs_cache, BaseChangeset):
2221 cs_cache = cs_cache.__json__()
2222
2223 def is_outdated(new_cs_cache):
2224 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2225 new_cs_cache['revision'] != self.changeset_cache['revision']):
2226 return True
2227 return False
2228
2229 # check if we have maybe already latest cached revision
2230 if is_outdated(cs_cache) or not self.changeset_cache:
2231 _default = datetime.datetime.fromtimestamp(0)
2232 last_change = cs_cache.get('date') or _default
2233 log.debug('updated repo %s with new cs cache %s',
2234 self.repo_name, cs_cache)
2235 self.updated_on = last_change
2236 self.changeset_cache = cs_cache
2237 Session().add(self)
2238 Session().commit()
2239 else:
2240 log.debug('Skipping update_commit_cache for repo:`%s` '
2241 'commit already with latest changes', self.repo_name)
2242
2243 @property
2244 def tip(self):
2245 return self.get_commit('tip')
2246
2247 @property
2248 def author(self):
2249 return self.tip.author
2250
2251 @property
2252 def last_change(self):
2253 return self.scm_instance().last_change
2254
2255 def get_comments(self, revisions=None):
2256 """
2257 Returns comments for this repository grouped by revisions
2258
2259 :param revisions: filter query by revisions only
2260 """
2261 cmts = ChangesetComment.query()\
2262 .filter(ChangesetComment.repo == self)
2263 if revisions:
2264 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2265 grouped = collections.defaultdict(list)
2266 for cmt in cmts.all():
2267 grouped[cmt.revision].append(cmt)
2268 return grouped
2269
2270 def statuses(self, revisions=None):
2271 """
2272 Returns statuses for this repository
2273
2274 :param revisions: list of revisions to get statuses for
2275 """
2276 statuses = ChangesetStatus.query()\
2277 .filter(ChangesetStatus.repo == self)\
2278 .filter(ChangesetStatus.version == 0)
2279
2280 if revisions:
2281 # Try doing the filtering in chunks to avoid hitting limits
2282 size = 500
2283 status_results = []
2284 for chunk in xrange(0, len(revisions), size):
2285 status_results += statuses.filter(
2286 ChangesetStatus.revision.in_(
2287 revisions[chunk: chunk+size])
2288 ).all()
2289 else:
2290 status_results = statuses.all()
2291
2292 grouped = {}
2293
2294 # maybe we have open new pullrequest without a status?
2295 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2296 status_lbl = ChangesetStatus.get_status_lbl(stat)
2297 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2298 for rev in pr.revisions:
2299 pr_id = pr.pull_request_id
2300 pr_repo = pr.target_repo.repo_name
2301 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2302
2303 for stat in status_results:
2304 pr_id = pr_repo = None
2305 if stat.pull_request:
2306 pr_id = stat.pull_request.pull_request_id
2307 pr_repo = stat.pull_request.target_repo.repo_name
2308 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2309 pr_id, pr_repo]
2310 return grouped
2311
2312 # ==========================================================================
2313 # SCM CACHE INSTANCE
2314 # ==========================================================================
2315
2316 def scm_instance(self, **kwargs):
2317 import rhodecode
2318
2319 # Passing a config will not hit the cache currently only used
2320 # for repo2dbmapper
2321 config = kwargs.pop('config', None)
2322 cache = kwargs.pop('cache', None)
2323 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2324 # if cache is NOT defined use default global, else we have a full
2325 # control over cache behaviour
2326 if cache is None and full_cache and not config:
2327 return self._get_instance_cached()
2328 return self._get_instance(cache=bool(cache), config=config)
2329
2330 def _get_instance_cached(self):
2331 return self._get_instance()
2332
2333 def _get_instance(self, cache=True, config=None):
2334 config = config or self._config
2335 custom_wire = {
2336 'cache': cache # controls the vcs.remote cache
2337 }
2338 repo = get_vcs_instance(
2339 repo_path=safe_str(self.repo_full_path),
2340 config=config,
2341 with_wire=custom_wire,
2342 create=False,
2343 _vcs_alias=self.repo_type)
2344
2345 return repo
2346
2347 def __json__(self):
2348 return {'landing_rev': self.landing_rev}
2349
2350 def get_dict(self):
2351
2352 # Since we transformed `repo_name` to a hybrid property, we need to
2353 # keep compatibility with the code which uses `repo_name` field.
2354
2355 result = super(Repository, self).get_dict()
2356 result['repo_name'] = result.pop('_repo_name', None)
2357 return result
2358
2359
2360 class RepoGroup(Base, BaseModel):
2361 __tablename__ = 'groups'
2362 __table_args__ = (
2363 UniqueConstraint('group_name', 'group_parent_id'),
2364 CheckConstraint('group_id != group_parent_id'),
2365 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2366 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2367 )
2368 __mapper_args__ = {'order_by': 'group_name'}
2369
2370 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2371
2372 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2373 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2374 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2375 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2376 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2377 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2378 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2379 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2380 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2381
2382 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2383 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2384 parent_group = relationship('RepoGroup', remote_side=group_id)
2385 user = relationship('User')
2386 integrations = relationship('Integration',
2387 cascade="all, delete, delete-orphan")
2388
2389 def __init__(self, group_name='', parent_group=None):
2390 self.group_name = group_name
2391 self.parent_group = parent_group
2392
2393 def __unicode__(self):
2394 return u"<%s('id:%s:%s')>" % (
2395 self.__class__.__name__, self.group_id, self.group_name)
2396
2397 @hybrid_property
2398 def description_safe(self):
2399 from rhodecode.lib import helpers as h
2400 return h.escape(self.group_description)
2401
2402 @classmethod
2403 def _generate_choice(cls, repo_group):
2404 from webhelpers.html import literal as _literal
2405 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2406 return repo_group.group_id, _name(repo_group.full_path_splitted)
2407
2408 @classmethod
2409 def groups_choices(cls, groups=None, show_empty_group=True):
2410 if not groups:
2411 groups = cls.query().all()
2412
2413 repo_groups = []
2414 if show_empty_group:
2415 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2416
2417 repo_groups.extend([cls._generate_choice(x) for x in groups])
2418
2419 repo_groups = sorted(
2420 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2421 return repo_groups
2422
2423 @classmethod
2424 def url_sep(cls):
2425 return URL_SEP
2426
2427 @classmethod
2428 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2429 if case_insensitive:
2430 gr = cls.query().filter(func.lower(cls.group_name)
2431 == func.lower(group_name))
2432 else:
2433 gr = cls.query().filter(cls.group_name == group_name)
2434 if cache:
2435 name_key = _hash_key(group_name)
2436 gr = gr.options(
2437 FromCache("sql_cache_short", "get_group_%s" % name_key))
2438 return gr.scalar()
2439
2440 @classmethod
2441 def get_user_personal_repo_group(cls, user_id):
2442 user = User.get(user_id)
2443 if user.username == User.DEFAULT_USER:
2444 return None
2445
2446 return cls.query()\
2447 .filter(cls.personal == true()) \
2448 .filter(cls.user == user).scalar()
2449
2450 @classmethod
2451 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2452 case_insensitive=True):
2453 q = RepoGroup.query()
2454
2455 if not isinstance(user_id, Optional):
2456 q = q.filter(RepoGroup.user_id == user_id)
2457
2458 if not isinstance(group_id, Optional):
2459 q = q.filter(RepoGroup.group_parent_id == group_id)
2460
2461 if case_insensitive:
2462 q = q.order_by(func.lower(RepoGroup.group_name))
2463 else:
2464 q = q.order_by(RepoGroup.group_name)
2465 return q.all()
2466
2467 @property
2468 def parents(self):
2469 parents_recursion_limit = 10
2470 groups = []
2471 if self.parent_group is None:
2472 return groups
2473 cur_gr = self.parent_group
2474 groups.insert(0, cur_gr)
2475 cnt = 0
2476 while 1:
2477 cnt += 1
2478 gr = getattr(cur_gr, 'parent_group', None)
2479 cur_gr = cur_gr.parent_group
2480 if gr is None:
2481 break
2482 if cnt == parents_recursion_limit:
2483 # this will prevent accidental infinit loops
2484 log.error(('more than %s parents found for group %s, stopping '
2485 'recursive parent fetching' % (parents_recursion_limit, self)))
2486 break
2487
2488 groups.insert(0, gr)
2489 return groups
2490
2491 @property
2492 def last_db_change(self):
2493 return self.updated_on
2494
2495 @property
2496 def children(self):
2497 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2498
2499 @property
2500 def name(self):
2501 return self.group_name.split(RepoGroup.url_sep())[-1]
2502
2503 @property
2504 def full_path(self):
2505 return self.group_name
2506
2507 @property
2508 def full_path_splitted(self):
2509 return self.group_name.split(RepoGroup.url_sep())
2510
2511 @property
2512 def repositories(self):
2513 return Repository.query()\
2514 .filter(Repository.group == self)\
2515 .order_by(Repository.repo_name)
2516
2517 @property
2518 def repositories_recursive_count(self):
2519 cnt = self.repositories.count()
2520
2521 def children_count(group):
2522 cnt = 0
2523 for child in group.children:
2524 cnt += child.repositories.count()
2525 cnt += children_count(child)
2526 return cnt
2527
2528 return cnt + children_count(self)
2529
2530 def _recursive_objects(self, include_repos=True):
2531 all_ = []
2532
2533 def _get_members(root_gr):
2534 if include_repos:
2535 for r in root_gr.repositories:
2536 all_.append(r)
2537 childs = root_gr.children.all()
2538 if childs:
2539 for gr in childs:
2540 all_.append(gr)
2541 _get_members(gr)
2542
2543 _get_members(self)
2544 return [self] + all_
2545
2546 def recursive_groups_and_repos(self):
2547 """
2548 Recursive return all groups, with repositories in those groups
2549 """
2550 return self._recursive_objects()
2551
2552 def recursive_groups(self):
2553 """
2554 Returns all children groups for this group including children of children
2555 """
2556 return self._recursive_objects(include_repos=False)
2557
2558 def get_new_name(self, group_name):
2559 """
2560 returns new full group name based on parent and new name
2561
2562 :param group_name:
2563 """
2564 path_prefix = (self.parent_group.full_path_splitted if
2565 self.parent_group else [])
2566 return RepoGroup.url_sep().join(path_prefix + [group_name])
2567
2568 def permissions(self, with_admins=True, with_owner=True):
2569 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2570 q = q.options(joinedload(UserRepoGroupToPerm.group),
2571 joinedload(UserRepoGroupToPerm.user),
2572 joinedload(UserRepoGroupToPerm.permission),)
2573
2574 # get owners and admins and permissions. We do a trick of re-writing
2575 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2576 # has a global reference and changing one object propagates to all
2577 # others. This means if admin is also an owner admin_row that change
2578 # would propagate to both objects
2579 perm_rows = []
2580 for _usr in q.all():
2581 usr = AttributeDict(_usr.user.get_dict())
2582 usr.permission = _usr.permission.permission_name
2583 perm_rows.append(usr)
2584
2585 # filter the perm rows by 'default' first and then sort them by
2586 # admin,write,read,none permissions sorted again alphabetically in
2587 # each group
2588 perm_rows = sorted(perm_rows, key=display_user_sort)
2589
2590 _admin_perm = 'group.admin'
2591 owner_row = []
2592 if with_owner:
2593 usr = AttributeDict(self.user.get_dict())
2594 usr.owner_row = True
2595 usr.permission = _admin_perm
2596 owner_row.append(usr)
2597
2598 super_admin_rows = []
2599 if with_admins:
2600 for usr in User.get_all_super_admins():
2601 # if this admin is also owner, don't double the record
2602 if usr.user_id == owner_row[0].user_id:
2603 owner_row[0].admin_row = True
2604 else:
2605 usr = AttributeDict(usr.get_dict())
2606 usr.admin_row = True
2607 usr.permission = _admin_perm
2608 super_admin_rows.append(usr)
2609
2610 return super_admin_rows + owner_row + perm_rows
2611
2612 def permission_user_groups(self):
2613 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2614 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2615 joinedload(UserGroupRepoGroupToPerm.users_group),
2616 joinedload(UserGroupRepoGroupToPerm.permission),)
2617
2618 perm_rows = []
2619 for _user_group in q.all():
2620 usr = AttributeDict(_user_group.users_group.get_dict())
2621 usr.permission = _user_group.permission.permission_name
2622 perm_rows.append(usr)
2623
2624 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2625 return perm_rows
2626
2627 def get_api_data(self):
2628 """
2629 Common function for generating api data
2630
2631 """
2632 group = self
2633 data = {
2634 'group_id': group.group_id,
2635 'group_name': group.group_name,
2636 'group_description': group.description_safe,
2637 'parent_group': group.parent_group.group_name if group.parent_group else None,
2638 'repositories': [x.repo_name for x in group.repositories],
2639 'owner': group.user.username,
2640 }
2641 return data
2642
2643
2644 class Permission(Base, BaseModel):
2645 __tablename__ = 'permissions'
2646 __table_args__ = (
2647 Index('p_perm_name_idx', 'permission_name'),
2648 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2649 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2650 )
2651 PERMS = [
2652 ('hg.admin', _('RhodeCode Super Administrator')),
2653
2654 ('repository.none', _('Repository no access')),
2655 ('repository.read', _('Repository read access')),
2656 ('repository.write', _('Repository write access')),
2657 ('repository.admin', _('Repository admin access')),
2658
2659 ('group.none', _('Repository group no access')),
2660 ('group.read', _('Repository group read access')),
2661 ('group.write', _('Repository group write access')),
2662 ('group.admin', _('Repository group admin access')),
2663
2664 ('usergroup.none', _('User group no access')),
2665 ('usergroup.read', _('User group read access')),
2666 ('usergroup.write', _('User group write access')),
2667 ('usergroup.admin', _('User group admin access')),
2668
2669 ('branch.none', _('Branch no permissions')),
2670 ('branch.merge', _('Branch access by web merge')),
2671 ('branch.push', _('Branch access by push')),
2672 ('branch.push_force', _('Branch access by push with force')),
2673
2674 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2675 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2676
2677 ('hg.usergroup.create.false', _('User Group creation disabled')),
2678 ('hg.usergroup.create.true', _('User Group creation enabled')),
2679
2680 ('hg.create.none', _('Repository creation disabled')),
2681 ('hg.create.repository', _('Repository creation enabled')),
2682 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2683 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2684
2685 ('hg.fork.none', _('Repository forking disabled')),
2686 ('hg.fork.repository', _('Repository forking enabled')),
2687
2688 ('hg.register.none', _('Registration disabled')),
2689 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2690 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2691
2692 ('hg.password_reset.enabled', _('Password reset enabled')),
2693 ('hg.password_reset.hidden', _('Password reset hidden')),
2694 ('hg.password_reset.disabled', _('Password reset disabled')),
2695
2696 ('hg.extern_activate.manual', _('Manual activation of external account')),
2697 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2698
2699 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2700 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2701 ]
2702
2703 # definition of system default permissions for DEFAULT user, created on
2704 # system setup
2705 DEFAULT_USER_PERMISSIONS = [
2706 # object perms
2707 'repository.read',
2708 'group.read',
2709 'usergroup.read',
2710 # branch
2711 'branch.push',
2712 # global
2713 'hg.create.repository',
2714 'hg.repogroup.create.false',
2715 'hg.usergroup.create.false',
2716 'hg.create.write_on_repogroup.true',
2717 'hg.fork.repository',
2718 'hg.register.manual_activate',
2719 'hg.password_reset.enabled',
2720 'hg.extern_activate.auto',
2721 'hg.inherit_default_perms.true',
2722 ]
2723
2724 # defines which permissions are more important higher the more important
2725 # Weight defines which permissions are more important.
2726 # The higher number the more important.
2727 PERM_WEIGHTS = {
2728 'repository.none': 0,
2729 'repository.read': 1,
2730 'repository.write': 3,
2731 'repository.admin': 4,
2732
2733 'group.none': 0,
2734 'group.read': 1,
2735 'group.write': 3,
2736 'group.admin': 4,
2737
2738 'usergroup.none': 0,
2739 'usergroup.read': 1,
2740 'usergroup.write': 3,
2741 'usergroup.admin': 4,
2742
2743 'branch.none': 0,
2744 'branch.merge': 1,
2745 'branch.push': 3,
2746 'branch.push_force': 4,
2747
2748 'hg.repogroup.create.false': 0,
2749 'hg.repogroup.create.true': 1,
2750
2751 'hg.usergroup.create.false': 0,
2752 'hg.usergroup.create.true': 1,
2753
2754 'hg.fork.none': 0,
2755 'hg.fork.repository': 1,
2756 'hg.create.none': 0,
2757 'hg.create.repository': 1
2758 }
2759
2760 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2761 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2762 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2763
2764 def __unicode__(self):
2765 return u"<%s('%s:%s')>" % (
2766 self.__class__.__name__, self.permission_id, self.permission_name
2767 )
2768
2769 @classmethod
2770 def get_by_key(cls, key):
2771 return cls.query().filter(cls.permission_name == key).scalar()
2772
2773 @classmethod
2774 def get_default_repo_perms(cls, user_id, repo_id=None):
2775 q = Session().query(UserRepoToPerm, Repository, Permission)\
2776 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2777 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2778 .filter(UserRepoToPerm.user_id == user_id)
2779 if repo_id:
2780 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2781 return q.all()
2782
2783 @classmethod
2784 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2785 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2786 .join(
2787 Permission,
2788 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2789 .join(
2790 Repository,
2791 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2792 .join(
2793 UserGroup,
2794 UserGroupRepoToPerm.users_group_id ==
2795 UserGroup.users_group_id)\
2796 .join(
2797 UserGroupMember,
2798 UserGroupRepoToPerm.users_group_id ==
2799 UserGroupMember.users_group_id)\
2800 .filter(
2801 UserGroupMember.user_id == user_id,
2802 UserGroup.users_group_active == true())
2803 if repo_id:
2804 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2805 return q.all()
2806
2807 @classmethod
2808 def get_default_group_perms(cls, user_id, repo_group_id=None):
2809 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2810 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2811 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2812 .filter(UserRepoGroupToPerm.user_id == user_id)
2813 if repo_group_id:
2814 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2815 return q.all()
2816
2817 @classmethod
2818 def get_default_group_perms_from_user_group(
2819 cls, user_id, repo_group_id=None):
2820 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2821 .join(
2822 Permission,
2823 UserGroupRepoGroupToPerm.permission_id ==
2824 Permission.permission_id)\
2825 .join(
2826 RepoGroup,
2827 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2828 .join(
2829 UserGroup,
2830 UserGroupRepoGroupToPerm.users_group_id ==
2831 UserGroup.users_group_id)\
2832 .join(
2833 UserGroupMember,
2834 UserGroupRepoGroupToPerm.users_group_id ==
2835 UserGroupMember.users_group_id)\
2836 .filter(
2837 UserGroupMember.user_id == user_id,
2838 UserGroup.users_group_active == true())
2839 if repo_group_id:
2840 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2841 return q.all()
2842
2843 @classmethod
2844 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2845 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2846 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2847 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2848 .filter(UserUserGroupToPerm.user_id == user_id)
2849 if user_group_id:
2850 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2851 return q.all()
2852
2853 @classmethod
2854 def get_default_user_group_perms_from_user_group(
2855 cls, user_id, user_group_id=None):
2856 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2857 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2858 .join(
2859 Permission,
2860 UserGroupUserGroupToPerm.permission_id ==
2861 Permission.permission_id)\
2862 .join(
2863 TargetUserGroup,
2864 UserGroupUserGroupToPerm.target_user_group_id ==
2865 TargetUserGroup.users_group_id)\
2866 .join(
2867 UserGroup,
2868 UserGroupUserGroupToPerm.user_group_id ==
2869 UserGroup.users_group_id)\
2870 .join(
2871 UserGroupMember,
2872 UserGroupUserGroupToPerm.user_group_id ==
2873 UserGroupMember.users_group_id)\
2874 .filter(
2875 UserGroupMember.user_id == user_id,
2876 UserGroup.users_group_active == true())
2877 if user_group_id:
2878 q = q.filter(
2879 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2880
2881 return q.all()
2882
2883
2884 class UserRepoToPerm(Base, BaseModel):
2885 __tablename__ = 'repo_to_perm'
2886 __table_args__ = (
2887 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2888 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2889 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2890 )
2891 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2892 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2893 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2894 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2895
2896 user = relationship('User')
2897 repository = relationship('Repository')
2898 permission = relationship('Permission')
2899
2900 branch_perm_entry = relationship('UserToRepoBranchPermission', cascade="all, delete, delete-orphan", lazy='joined')
2901
2902 @classmethod
2903 def create(cls, user, repository, permission):
2904 n = cls()
2905 n.user = user
2906 n.repository = repository
2907 n.permission = permission
2908 Session().add(n)
2909 return n
2910
2911 def __unicode__(self):
2912 return u'<%s => %s >' % (self.user, self.repository)
2913
2914
2915 class UserUserGroupToPerm(Base, BaseModel):
2916 __tablename__ = 'user_user_group_to_perm'
2917 __table_args__ = (
2918 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2919 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2920 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2921 )
2922 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2923 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2924 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2925 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2926
2927 user = relationship('User')
2928 user_group = relationship('UserGroup')
2929 permission = relationship('Permission')
2930
2931 @classmethod
2932 def create(cls, user, user_group, permission):
2933 n = cls()
2934 n.user = user
2935 n.user_group = user_group
2936 n.permission = permission
2937 Session().add(n)
2938 return n
2939
2940 def __unicode__(self):
2941 return u'<%s => %s >' % (self.user, self.user_group)
2942
2943
2944 class UserToPerm(Base, BaseModel):
2945 __tablename__ = 'user_to_perm'
2946 __table_args__ = (
2947 UniqueConstraint('user_id', 'permission_id'),
2948 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2949 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2950 )
2951 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2952 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2953 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2954
2955 user = relationship('User')
2956 permission = relationship('Permission', lazy='joined')
2957
2958 def __unicode__(self):
2959 return u'<%s => %s >' % (self.user, self.permission)
2960
2961
2962 class UserGroupRepoToPerm(Base, BaseModel):
2963 __tablename__ = 'users_group_repo_to_perm'
2964 __table_args__ = (
2965 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2966 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2967 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2968 )
2969 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2970 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2971 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2972 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2973
2974 users_group = relationship('UserGroup')
2975 permission = relationship('Permission')
2976 repository = relationship('Repository')
2977
2978 @classmethod
2979 def create(cls, users_group, repository, permission):
2980 n = cls()
2981 n.users_group = users_group
2982 n.repository = repository
2983 n.permission = permission
2984 Session().add(n)
2985 return n
2986
2987 def __unicode__(self):
2988 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2989
2990
2991 class UserGroupUserGroupToPerm(Base, BaseModel):
2992 __tablename__ = 'user_group_user_group_to_perm'
2993 __table_args__ = (
2994 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2995 CheckConstraint('target_user_group_id != user_group_id'),
2996 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2997 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2998 )
2999 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3000 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3001 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3002 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3003
3004 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
3005 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
3006 permission = relationship('Permission')
3007
3008 @classmethod
3009 def create(cls, target_user_group, user_group, permission):
3010 n = cls()
3011 n.target_user_group = target_user_group
3012 n.user_group = user_group
3013 n.permission = permission
3014 Session().add(n)
3015 return n
3016
3017 def __unicode__(self):
3018 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
3019
3020
3021 class UserGroupToPerm(Base, BaseModel):
3022 __tablename__ = 'users_group_to_perm'
3023 __table_args__ = (
3024 UniqueConstraint('users_group_id', 'permission_id',),
3025 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3026 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3027 )
3028 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3029 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3030 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3031
3032 users_group = relationship('UserGroup')
3033 permission = relationship('Permission')
3034
3035
3036 class UserRepoGroupToPerm(Base, BaseModel):
3037 __tablename__ = 'user_repo_group_to_perm'
3038 __table_args__ = (
3039 UniqueConstraint('user_id', 'group_id', 'permission_id'),
3040 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3041 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3042 )
3043
3044 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3045 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3046 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3047 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3048
3049 user = relationship('User')
3050 group = relationship('RepoGroup')
3051 permission = relationship('Permission')
3052
3053 @classmethod
3054 def create(cls, user, repository_group, permission):
3055 n = cls()
3056 n.user = user
3057 n.group = repository_group
3058 n.permission = permission
3059 Session().add(n)
3060 return n
3061
3062
3063 class UserGroupRepoGroupToPerm(Base, BaseModel):
3064 __tablename__ = 'users_group_repo_group_to_perm'
3065 __table_args__ = (
3066 UniqueConstraint('users_group_id', 'group_id'),
3067 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3068 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3069 )
3070
3071 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3072 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3073 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3074 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3075
3076 users_group = relationship('UserGroup')
3077 permission = relationship('Permission')
3078 group = relationship('RepoGroup')
3079
3080 @classmethod
3081 def create(cls, user_group, repository_group, permission):
3082 n = cls()
3083 n.users_group = user_group
3084 n.group = repository_group
3085 n.permission = permission
3086 Session().add(n)
3087 return n
3088
3089 def __unicode__(self):
3090 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
3091
3092
3093 class Statistics(Base, BaseModel):
3094 __tablename__ = 'statistics'
3095 __table_args__ = (
3096 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3097 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3098 )
3099 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3100 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
3101 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
3102 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
3103 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
3104 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
3105
3106 repository = relationship('Repository', single_parent=True)
3107
3108
3109 class UserFollowing(Base, BaseModel):
3110 __tablename__ = 'user_followings'
3111 __table_args__ = (
3112 UniqueConstraint('user_id', 'follows_repository_id'),
3113 UniqueConstraint('user_id', 'follows_user_id'),
3114 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3115 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3116 )
3117
3118 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3119 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3120 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
3121 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
3122 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
3123
3124 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
3125
3126 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
3127 follows_repository = relationship('Repository', order_by='Repository.repo_name')
3128
3129 @classmethod
3130 def get_repo_followers(cls, repo_id):
3131 return cls.query().filter(cls.follows_repo_id == repo_id)
3132
3133
3134 class CacheKey(Base, BaseModel):
3135 __tablename__ = 'cache_invalidation'
3136 __table_args__ = (
3137 UniqueConstraint('cache_key'),
3138 Index('key_idx', 'cache_key'),
3139 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3140 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3141 )
3142 CACHE_TYPE_ATOM = 'ATOM'
3143 CACHE_TYPE_RSS = 'RSS'
3144 CACHE_TYPE_README = 'README'
3145
3146 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3147 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3148 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3149 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3150
3151 def __init__(self, cache_key, cache_args=''):
3152 self.cache_key = cache_key
3153 self.cache_args = cache_args
3154 self.cache_active = False
3155
3156 def __unicode__(self):
3157 return u"<%s('%s:%s[%s]')>" % (
3158 self.__class__.__name__,
3159 self.cache_id, self.cache_key, self.cache_active)
3160
3161 def _cache_key_partition(self):
3162 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3163 return prefix, repo_name, suffix
3164
3165 def get_prefix(self):
3166 """
3167 Try to extract prefix from existing cache key. The key could consist
3168 of prefix, repo_name, suffix
3169 """
3170 # this returns prefix, repo_name, suffix
3171 return self._cache_key_partition()[0]
3172
3173 def get_suffix(self):
3174 """
3175 get suffix that might have been used in _get_cache_key to
3176 generate self.cache_key. Only used for informational purposes
3177 in repo_edit.mako.
3178 """
3179 # prefix, repo_name, suffix
3180 return self._cache_key_partition()[2]
3181
3182 @classmethod
3183 def delete_all_cache(cls):
3184 """
3185 Delete all cache keys from database.
3186 Should only be run when all instances are down and all entries
3187 thus stale.
3188 """
3189 cls.query().delete()
3190 Session().commit()
3191
3192 @classmethod
3193 def get_cache_key(cls, repo_name, cache_type):
3194 """
3195
3196 Generate a cache key for this process of RhodeCode instance.
3197 Prefix most likely will be process id or maybe explicitly set
3198 instance_id from .ini file.
3199 """
3200 import rhodecode
3201 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
3202
3203 repo_as_unicode = safe_unicode(repo_name)
3204 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
3205 if cache_type else repo_as_unicode
3206
3207 return u'{}{}'.format(prefix, key)
3208
3209 @classmethod
3210 def set_invalidate(cls, repo_name, delete=False):
3211 """
3212 Mark all caches of a repo as invalid in the database.
3213 """
3214
3215 try:
3216 qry = Session().query(cls).filter(cls.cache_args == repo_name)
3217 if delete:
3218 log.debug('cache objects deleted for repo %s',
3219 safe_str(repo_name))
3220 qry.delete()
3221 else:
3222 log.debug('cache objects marked as invalid for repo %s',
3223 safe_str(repo_name))
3224 qry.update({"cache_active": False})
3225
3226 Session().commit()
3227 except Exception:
3228 log.exception(
3229 'Cache key invalidation failed for repository %s',
3230 safe_str(repo_name))
3231 Session().rollback()
3232
3233 @classmethod
3234 def get_active_cache(cls, cache_key):
3235 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3236 if inv_obj:
3237 return inv_obj
3238 return None
3239
3240
3241 class ChangesetComment(Base, BaseModel):
3242 __tablename__ = 'changeset_comments'
3243 __table_args__ = (
3244 Index('cc_revision_idx', 'revision'),
3245 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3246 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3247 )
3248
3249 COMMENT_OUTDATED = u'comment_outdated'
3250 COMMENT_TYPE_NOTE = u'note'
3251 COMMENT_TYPE_TODO = u'todo'
3252 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3253
3254 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3255 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3256 revision = Column('revision', String(40), nullable=True)
3257 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3258 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3259 line_no = Column('line_no', Unicode(10), nullable=True)
3260 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3261 f_path = Column('f_path', Unicode(1000), nullable=True)
3262 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3263 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3264 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3265 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3266 renderer = Column('renderer', Unicode(64), nullable=True)
3267 display_state = Column('display_state', Unicode(128), nullable=True)
3268
3269 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3270 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3271 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, backref='resolved_by')
3272 author = relationship('User', lazy='joined')
3273 repo = relationship('Repository')
3274 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3275 pull_request = relationship('PullRequest', lazy='joined')
3276 pull_request_version = relationship('PullRequestVersion')
3277
3278 @classmethod
3279 def get_users(cls, revision=None, pull_request_id=None):
3280 """
3281 Returns user associated with this ChangesetComment. ie those
3282 who actually commented
3283
3284 :param cls:
3285 :param revision:
3286 """
3287 q = Session().query(User)\
3288 .join(ChangesetComment.author)
3289 if revision:
3290 q = q.filter(cls.revision == revision)
3291 elif pull_request_id:
3292 q = q.filter(cls.pull_request_id == pull_request_id)
3293 return q.all()
3294
3295 @classmethod
3296 def get_index_from_version(cls, pr_version, versions):
3297 num_versions = [x.pull_request_version_id for x in versions]
3298 try:
3299 return num_versions.index(pr_version) +1
3300 except (IndexError, ValueError):
3301 return
3302
3303 @property
3304 def outdated(self):
3305 return self.display_state == self.COMMENT_OUTDATED
3306
3307 def outdated_at_version(self, version):
3308 """
3309 Checks if comment is outdated for given pull request version
3310 """
3311 return self.outdated and self.pull_request_version_id != version
3312
3313 def older_than_version(self, version):
3314 """
3315 Checks if comment is made from previous version than given
3316 """
3317 if version is None:
3318 return self.pull_request_version_id is not None
3319
3320 return self.pull_request_version_id < version
3321
3322 @property
3323 def resolved(self):
3324 return self.resolved_by[0] if self.resolved_by else None
3325
3326 @property
3327 def is_todo(self):
3328 return self.comment_type == self.COMMENT_TYPE_TODO
3329
3330 @property
3331 def is_inline(self):
3332 return self.line_no and self.f_path
3333
3334 def get_index_version(self, versions):
3335 return self.get_index_from_version(
3336 self.pull_request_version_id, versions)
3337
3338 def __repr__(self):
3339 if self.comment_id:
3340 return '<DB:Comment #%s>' % self.comment_id
3341 else:
3342 return '<DB:Comment at %#x>' % id(self)
3343
3344 def get_api_data(self):
3345 comment = self
3346 data = {
3347 'comment_id': comment.comment_id,
3348 'comment_type': comment.comment_type,
3349 'comment_text': comment.text,
3350 'comment_status': comment.status_change,
3351 'comment_f_path': comment.f_path,
3352 'comment_lineno': comment.line_no,
3353 'comment_author': comment.author,
3354 'comment_created_on': comment.created_on
3355 }
3356 return data
3357
3358 def __json__(self):
3359 data = dict()
3360 data.update(self.get_api_data())
3361 return data
3362
3363
3364 class ChangesetStatus(Base, BaseModel):
3365 __tablename__ = 'changeset_statuses'
3366 __table_args__ = (
3367 Index('cs_revision_idx', 'revision'),
3368 Index('cs_version_idx', 'version'),
3369 UniqueConstraint('repo_id', 'revision', 'version'),
3370 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3371 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3372 )
3373 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3374 STATUS_APPROVED = 'approved'
3375 STATUS_REJECTED = 'rejected'
3376 STATUS_UNDER_REVIEW = 'under_review'
3377
3378 STATUSES = [
3379 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3380 (STATUS_APPROVED, _("Approved")),
3381 (STATUS_REJECTED, _("Rejected")),
3382 (STATUS_UNDER_REVIEW, _("Under Review")),
3383 ]
3384
3385 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3386 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3387 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3388 revision = Column('revision', String(40), nullable=False)
3389 status = Column('status', String(128), nullable=False, default=DEFAULT)
3390 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3391 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3392 version = Column('version', Integer(), nullable=False, default=0)
3393 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3394
3395 author = relationship('User', lazy='joined')
3396 repo = relationship('Repository')
3397 comment = relationship('ChangesetComment', lazy='joined')
3398 pull_request = relationship('PullRequest', lazy='joined')
3399
3400 def __unicode__(self):
3401 return u"<%s('%s[v%s]:%s')>" % (
3402 self.__class__.__name__,
3403 self.status, self.version, self.author
3404 )
3405
3406 @classmethod
3407 def get_status_lbl(cls, value):
3408 return dict(cls.STATUSES).get(value)
3409
3410 @property
3411 def status_lbl(self):
3412 return ChangesetStatus.get_status_lbl(self.status)
3413
3414 def get_api_data(self):
3415 status = self
3416 data = {
3417 'status_id': status.changeset_status_id,
3418 'status': status.status,
3419 }
3420 return data
3421
3422 def __json__(self):
3423 data = dict()
3424 data.update(self.get_api_data())
3425 return data
3426
3427
3428 class _PullRequestBase(BaseModel):
3429 """
3430 Common attributes of pull request and version entries.
3431 """
3432
3433 # .status values
3434 STATUS_NEW = u'new'
3435 STATUS_OPEN = u'open'
3436 STATUS_CLOSED = u'closed'
3437
3438 title = Column('title', Unicode(255), nullable=True)
3439 description = Column(
3440 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3441 nullable=True)
3442 # new/open/closed status of pull request (not approve/reject/etc)
3443 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3444 created_on = Column(
3445 'created_on', DateTime(timezone=False), nullable=False,
3446 default=datetime.datetime.now)
3447 updated_on = Column(
3448 'updated_on', DateTime(timezone=False), nullable=False,
3449 default=datetime.datetime.now)
3450
3451 @declared_attr
3452 def user_id(cls):
3453 return Column(
3454 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3455 unique=None)
3456
3457 # 500 revisions max
3458 _revisions = Column(
3459 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3460
3461 @declared_attr
3462 def source_repo_id(cls):
3463 # TODO: dan: rename column to source_repo_id
3464 return Column(
3465 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3466 nullable=False)
3467
3468 source_ref = Column('org_ref', Unicode(255), nullable=False)
3469
3470 @declared_attr
3471 def target_repo_id(cls):
3472 # TODO: dan: rename column to target_repo_id
3473 return Column(
3474 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3475 nullable=False)
3476
3477 target_ref = Column('other_ref', Unicode(255), nullable=False)
3478 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3479
3480 # TODO: dan: rename column to last_merge_source_rev
3481 _last_merge_source_rev = Column(
3482 'last_merge_org_rev', String(40), nullable=True)
3483 # TODO: dan: rename column to last_merge_target_rev
3484 _last_merge_target_rev = Column(
3485 'last_merge_other_rev', String(40), nullable=True)
3486 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3487 merge_rev = Column('merge_rev', String(40), nullable=True)
3488
3489 reviewer_data = Column(
3490 'reviewer_data_json', MutationObj.as_mutable(
3491 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3492
3493 @property
3494 def reviewer_data_json(self):
3495 return json.dumps(self.reviewer_data)
3496
3497 @hybrid_property
3498 def description_safe(self):
3499 from rhodecode.lib import helpers as h
3500 return h.escape(self.description)
3501
3502 @hybrid_property
3503 def revisions(self):
3504 return self._revisions.split(':') if self._revisions else []
3505
3506 @revisions.setter
3507 def revisions(self, val):
3508 self._revisions = ':'.join(val)
3509
3510 @hybrid_property
3511 def last_merge_status(self):
3512 return safe_int(self._last_merge_status)
3513
3514 @last_merge_status.setter
3515 def last_merge_status(self, val):
3516 self._last_merge_status = val
3517
3518 @declared_attr
3519 def author(cls):
3520 return relationship('User', lazy='joined')
3521
3522 @declared_attr
3523 def source_repo(cls):
3524 return relationship(
3525 'Repository',
3526 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3527
3528 @property
3529 def source_ref_parts(self):
3530 return self.unicode_to_reference(self.source_ref)
3531
3532 @declared_attr
3533 def target_repo(cls):
3534 return relationship(
3535 'Repository',
3536 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3537
3538 @property
3539 def target_ref_parts(self):
3540 return self.unicode_to_reference(self.target_ref)
3541
3542 @property
3543 def shadow_merge_ref(self):
3544 return self.unicode_to_reference(self._shadow_merge_ref)
3545
3546 @shadow_merge_ref.setter
3547 def shadow_merge_ref(self, ref):
3548 self._shadow_merge_ref = self.reference_to_unicode(ref)
3549
3550 def unicode_to_reference(self, raw):
3551 """
3552 Convert a unicode (or string) to a reference object.
3553 If unicode evaluates to False it returns None.
3554 """
3555 if raw:
3556 refs = raw.split(':')
3557 return Reference(*refs)
3558 else:
3559 return None
3560
3561 def reference_to_unicode(self, ref):
3562 """
3563 Convert a reference object to unicode.
3564 If reference is None it returns None.
3565 """
3566 if ref:
3567 return u':'.join(ref)
3568 else:
3569 return None
3570
3571 def get_api_data(self, with_merge_state=True):
3572 from rhodecode.model.pull_request import PullRequestModel
3573
3574 pull_request = self
3575 if with_merge_state:
3576 merge_status = PullRequestModel().merge_status(pull_request)
3577 merge_state = {
3578 'status': merge_status[0],
3579 'message': safe_unicode(merge_status[1]),
3580 }
3581 else:
3582 merge_state = {'status': 'not_available',
3583 'message': 'not_available'}
3584
3585 merge_data = {
3586 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3587 'reference': (
3588 pull_request.shadow_merge_ref._asdict()
3589 if pull_request.shadow_merge_ref else None),
3590 }
3591
3592 data = {
3593 'pull_request_id': pull_request.pull_request_id,
3594 'url': PullRequestModel().get_url(pull_request),
3595 'title': pull_request.title,
3596 'description': pull_request.description,
3597 'status': pull_request.status,
3598 'created_on': pull_request.created_on,
3599 'updated_on': pull_request.updated_on,
3600 'commit_ids': pull_request.revisions,
3601 'review_status': pull_request.calculated_review_status(),
3602 'mergeable': merge_state,
3603 'source': {
3604 'clone_url': pull_request.source_repo.clone_url(),
3605 'repository': pull_request.source_repo.repo_name,
3606 'reference': {
3607 'name': pull_request.source_ref_parts.name,
3608 'type': pull_request.source_ref_parts.type,
3609 'commit_id': pull_request.source_ref_parts.commit_id,
3610 },
3611 },
3612 'target': {
3613 'clone_url': pull_request.target_repo.clone_url(),
3614 'repository': pull_request.target_repo.repo_name,
3615 'reference': {
3616 'name': pull_request.target_ref_parts.name,
3617 'type': pull_request.target_ref_parts.type,
3618 'commit_id': pull_request.target_ref_parts.commit_id,
3619 },
3620 },
3621 'merge': merge_data,
3622 'author': pull_request.author.get_api_data(include_secrets=False,
3623 details='basic'),
3624 'reviewers': [
3625 {
3626 'user': reviewer.get_api_data(include_secrets=False,
3627 details='basic'),
3628 'reasons': reasons,
3629 'review_status': st[0][1].status if st else 'not_reviewed',
3630 }
3631 for obj, reviewer, reasons, mandatory, st in
3632 pull_request.reviewers_statuses()
3633 ]
3634 }
3635
3636 return data
3637
3638
3639 class PullRequest(Base, _PullRequestBase):
3640 __tablename__ = 'pull_requests'
3641 __table_args__ = (
3642 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3643 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3644 )
3645
3646 pull_request_id = Column(
3647 'pull_request_id', Integer(), nullable=False, primary_key=True)
3648
3649 def __repr__(self):
3650 if self.pull_request_id:
3651 return '<DB:PullRequest #%s>' % self.pull_request_id
3652 else:
3653 return '<DB:PullRequest at %#x>' % id(self)
3654
3655 reviewers = relationship('PullRequestReviewers',
3656 cascade="all, delete, delete-orphan")
3657 statuses = relationship('ChangesetStatus',
3658 cascade="all, delete, delete-orphan")
3659 comments = relationship('ChangesetComment',
3660 cascade="all, delete, delete-orphan")
3661 versions = relationship('PullRequestVersion',
3662 cascade="all, delete, delete-orphan",
3663 lazy='dynamic')
3664
3665 @classmethod
3666 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3667 internal_methods=None):
3668
3669 class PullRequestDisplay(object):
3670 """
3671 Special object wrapper for showing PullRequest data via Versions
3672 It mimics PR object as close as possible. This is read only object
3673 just for display
3674 """
3675
3676 def __init__(self, attrs, internal=None):
3677 self.attrs = attrs
3678 # internal have priority over the given ones via attrs
3679 self.internal = internal or ['versions']
3680
3681 def __getattr__(self, item):
3682 if item in self.internal:
3683 return getattr(self, item)
3684 try:
3685 return self.attrs[item]
3686 except KeyError:
3687 raise AttributeError(
3688 '%s object has no attribute %s' % (self, item))
3689
3690 def __repr__(self):
3691 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3692
3693 def versions(self):
3694 return pull_request_obj.versions.order_by(
3695 PullRequestVersion.pull_request_version_id).all()
3696
3697 def is_closed(self):
3698 return pull_request_obj.is_closed()
3699
3700 @property
3701 def pull_request_version_id(self):
3702 return getattr(pull_request_obj, 'pull_request_version_id', None)
3703
3704 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3705
3706 attrs.author = StrictAttributeDict(
3707 pull_request_obj.author.get_api_data())
3708 if pull_request_obj.target_repo:
3709 attrs.target_repo = StrictAttributeDict(
3710 pull_request_obj.target_repo.get_api_data())
3711 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3712
3713 if pull_request_obj.source_repo:
3714 attrs.source_repo = StrictAttributeDict(
3715 pull_request_obj.source_repo.get_api_data())
3716 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3717
3718 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3719 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3720 attrs.revisions = pull_request_obj.revisions
3721
3722 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3723 attrs.reviewer_data = org_pull_request_obj.reviewer_data
3724 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
3725
3726 return PullRequestDisplay(attrs, internal=internal_methods)
3727
3728 def is_closed(self):
3729 return self.status == self.STATUS_CLOSED
3730
3731 def __json__(self):
3732 return {
3733 'revisions': self.revisions,
3734 }
3735
3736 def calculated_review_status(self):
3737 from rhodecode.model.changeset_status import ChangesetStatusModel
3738 return ChangesetStatusModel().calculated_review_status(self)
3739
3740 def reviewers_statuses(self):
3741 from rhodecode.model.changeset_status import ChangesetStatusModel
3742 return ChangesetStatusModel().reviewers_statuses(self)
3743
3744 @property
3745 def workspace_id(self):
3746 from rhodecode.model.pull_request import PullRequestModel
3747 return PullRequestModel()._workspace_id(self)
3748
3749 def get_shadow_repo(self):
3750 workspace_id = self.workspace_id
3751 vcs_obj = self.target_repo.scm_instance()
3752 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3753 workspace_id)
3754 return vcs_obj._get_shadow_instance(shadow_repository_path)
3755
3756
3757 class PullRequestVersion(Base, _PullRequestBase):
3758 __tablename__ = 'pull_request_versions'
3759 __table_args__ = (
3760 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3761 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3762 )
3763
3764 pull_request_version_id = Column(
3765 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3766 pull_request_id = Column(
3767 'pull_request_id', Integer(),
3768 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3769 pull_request = relationship('PullRequest')
3770
3771 def __repr__(self):
3772 if self.pull_request_version_id:
3773 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3774 else:
3775 return '<DB:PullRequestVersion at %#x>' % id(self)
3776
3777 @property
3778 def reviewers(self):
3779 return self.pull_request.reviewers
3780
3781 @property
3782 def versions(self):
3783 return self.pull_request.versions
3784
3785 def is_closed(self):
3786 # calculate from original
3787 return self.pull_request.status == self.STATUS_CLOSED
3788
3789 def calculated_review_status(self):
3790 return self.pull_request.calculated_review_status()
3791
3792 def reviewers_statuses(self):
3793 return self.pull_request.reviewers_statuses()
3794
3795
3796 class PullRequestReviewers(Base, BaseModel):
3797 __tablename__ = 'pull_request_reviewers'
3798 __table_args__ = (
3799 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3800 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3801 )
3802
3803 @hybrid_property
3804 def reasons(self):
3805 if not self._reasons:
3806 return []
3807 return self._reasons
3808
3809 @reasons.setter
3810 def reasons(self, val):
3811 val = val or []
3812 if any(not isinstance(x, basestring) for x in val):
3813 raise Exception('invalid reasons type, must be list of strings')
3814 self._reasons = val
3815
3816 pull_requests_reviewers_id = Column(
3817 'pull_requests_reviewers_id', Integer(), nullable=False,
3818 primary_key=True)
3819 pull_request_id = Column(
3820 "pull_request_id", Integer(),
3821 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3822 user_id = Column(
3823 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3824 _reasons = Column(
3825 'reason', MutationList.as_mutable(
3826 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3827
3828 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
3829 user = relationship('User')
3830 pull_request = relationship('PullRequest')
3831
3832 rule_data = Column(
3833 'rule_data_json',
3834 JsonType(dialect_map=dict(mysql=UnicodeText(16384))))
3835
3836 def rule_user_group_data(self):
3837 """
3838 Returns the voting user group rule data for this reviewer
3839 """
3840
3841 if self.rule_data and 'vote_rule' in self.rule_data:
3842 user_group_data = {}
3843 if 'rule_user_group_entry_id' in self.rule_data:
3844 # means a group with voting rules !
3845 user_group_data['id'] = self.rule_data['rule_user_group_entry_id']
3846 user_group_data['name'] = self.rule_data['rule_name']
3847 user_group_data['vote_rule'] = self.rule_data['vote_rule']
3848
3849 return user_group_data
3850
3851 def __unicode__(self):
3852 return u"<%s('id:%s')>" % (self.__class__.__name__,
3853 self.pull_requests_reviewers_id)
3854
3855
3856 class Notification(Base, BaseModel):
3857 __tablename__ = 'notifications'
3858 __table_args__ = (
3859 Index('notification_type_idx', 'type'),
3860 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3861 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3862 )
3863
3864 TYPE_CHANGESET_COMMENT = u'cs_comment'
3865 TYPE_MESSAGE = u'message'
3866 TYPE_MENTION = u'mention'
3867 TYPE_REGISTRATION = u'registration'
3868 TYPE_PULL_REQUEST = u'pull_request'
3869 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3870
3871 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3872 subject = Column('subject', Unicode(512), nullable=True)
3873 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3874 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3875 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3876 type_ = Column('type', Unicode(255))
3877
3878 created_by_user = relationship('User')
3879 notifications_to_users = relationship('UserNotification', lazy='joined',
3880 cascade="all, delete, delete-orphan")
3881
3882 @property
3883 def recipients(self):
3884 return [x.user for x in UserNotification.query()\
3885 .filter(UserNotification.notification == self)\
3886 .order_by(UserNotification.user_id.asc()).all()]
3887
3888 @classmethod
3889 def create(cls, created_by, subject, body, recipients, type_=None):
3890 if type_ is None:
3891 type_ = Notification.TYPE_MESSAGE
3892
3893 notification = cls()
3894 notification.created_by_user = created_by
3895 notification.subject = subject
3896 notification.body = body
3897 notification.type_ = type_
3898 notification.created_on = datetime.datetime.now()
3899
3900 for u in recipients:
3901 assoc = UserNotification()
3902 assoc.notification = notification
3903
3904 # if created_by is inside recipients mark his notification
3905 # as read
3906 if u.user_id == created_by.user_id:
3907 assoc.read = True
3908
3909 u.notifications.append(assoc)
3910 Session().add(notification)
3911
3912 return notification
3913
3914
3915 class UserNotification(Base, BaseModel):
3916 __tablename__ = 'user_to_notification'
3917 __table_args__ = (
3918 UniqueConstraint('user_id', 'notification_id'),
3919 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3920 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3921 )
3922 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3923 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3924 read = Column('read', Boolean, default=False)
3925 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3926
3927 user = relationship('User', lazy="joined")
3928 notification = relationship('Notification', lazy="joined",
3929 order_by=lambda: Notification.created_on.desc(),)
3930
3931 def mark_as_read(self):
3932 self.read = True
3933 Session().add(self)
3934
3935
3936 class Gist(Base, BaseModel):
3937 __tablename__ = 'gists'
3938 __table_args__ = (
3939 Index('g_gist_access_id_idx', 'gist_access_id'),
3940 Index('g_created_on_idx', 'created_on'),
3941 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3942 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3943 )
3944 GIST_PUBLIC = u'public'
3945 GIST_PRIVATE = u'private'
3946 DEFAULT_FILENAME = u'gistfile1.txt'
3947
3948 ACL_LEVEL_PUBLIC = u'acl_public'
3949 ACL_LEVEL_PRIVATE = u'acl_private'
3950
3951 gist_id = Column('gist_id', Integer(), primary_key=True)
3952 gist_access_id = Column('gist_access_id', Unicode(250))
3953 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3954 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3955 gist_expires = Column('gist_expires', Float(53), nullable=False)
3956 gist_type = Column('gist_type', Unicode(128), nullable=False)
3957 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3958 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3959 acl_level = Column('acl_level', Unicode(128), nullable=True)
3960
3961 owner = relationship('User')
3962
3963 def __repr__(self):
3964 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3965
3966 @hybrid_property
3967 def description_safe(self):
3968 from rhodecode.lib import helpers as h
3969 return h.escape(self.gist_description)
3970
3971 @classmethod
3972 def get_or_404(cls, id_):
3973 from pyramid.httpexceptions import HTTPNotFound
3974
3975 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3976 if not res:
3977 raise HTTPNotFound()
3978 return res
3979
3980 @classmethod
3981 def get_by_access_id(cls, gist_access_id):
3982 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3983
3984 def gist_url(self):
3985 from rhodecode.model.gist import GistModel
3986 return GistModel().get_url(self)
3987
3988 @classmethod
3989 def base_path(cls):
3990 """
3991 Returns base path when all gists are stored
3992
3993 :param cls:
3994 """
3995 from rhodecode.model.gist import GIST_STORE_LOC
3996 q = Session().query(RhodeCodeUi)\
3997 .filter(RhodeCodeUi.ui_key == URL_SEP)
3998 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3999 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
4000
4001 def get_api_data(self):
4002 """
4003 Common function for generating gist related data for API
4004 """
4005 gist = self
4006 data = {
4007 'gist_id': gist.gist_id,
4008 'type': gist.gist_type,
4009 'access_id': gist.gist_access_id,
4010 'description': gist.gist_description,
4011 'url': gist.gist_url(),
4012 'expires': gist.gist_expires,
4013 'created_on': gist.created_on,
4014 'modified_at': gist.modified_at,
4015 'content': None,
4016 'acl_level': gist.acl_level,
4017 }
4018 return data
4019
4020 def __json__(self):
4021 data = dict(
4022 )
4023 data.update(self.get_api_data())
4024 return data
4025 # SCM functions
4026
4027 def scm_instance(self, **kwargs):
4028 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
4029 return get_vcs_instance(
4030 repo_path=safe_str(full_repo_path), create=False)
4031
4032
4033 class ExternalIdentity(Base, BaseModel):
4034 __tablename__ = 'external_identities'
4035 __table_args__ = (
4036 Index('local_user_id_idx', 'local_user_id'),
4037 Index('external_id_idx', 'external_id'),
4038 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4039 'mysql_charset': 'utf8'})
4040
4041 external_id = Column('external_id', Unicode(255), default=u'',
4042 primary_key=True)
4043 external_username = Column('external_username', Unicode(1024), default=u'')
4044 local_user_id = Column('local_user_id', Integer(),
4045 ForeignKey('users.user_id'), primary_key=True)
4046 provider_name = Column('provider_name', Unicode(255), default=u'',
4047 primary_key=True)
4048 access_token = Column('access_token', String(1024), default=u'')
4049 alt_token = Column('alt_token', String(1024), default=u'')
4050 token_secret = Column('token_secret', String(1024), default=u'')
4051
4052 @classmethod
4053 def by_external_id_and_provider(cls, external_id, provider_name,
4054 local_user_id=None):
4055 """
4056 Returns ExternalIdentity instance based on search params
4057
4058 :param external_id:
4059 :param provider_name:
4060 :return: ExternalIdentity
4061 """
4062 query = cls.query()
4063 query = query.filter(cls.external_id == external_id)
4064 query = query.filter(cls.provider_name == provider_name)
4065 if local_user_id:
4066 query = query.filter(cls.local_user_id == local_user_id)
4067 return query.first()
4068
4069 @classmethod
4070 def user_by_external_id_and_provider(cls, external_id, provider_name):
4071 """
4072 Returns User instance based on search params
4073
4074 :param external_id:
4075 :param provider_name:
4076 :return: User
4077 """
4078 query = User.query()
4079 query = query.filter(cls.external_id == external_id)
4080 query = query.filter(cls.provider_name == provider_name)
4081 query = query.filter(User.user_id == cls.local_user_id)
4082 return query.first()
4083
4084 @classmethod
4085 def by_local_user_id(cls, local_user_id):
4086 """
4087 Returns all tokens for user
4088
4089 :param local_user_id:
4090 :return: ExternalIdentity
4091 """
4092 query = cls.query()
4093 query = query.filter(cls.local_user_id == local_user_id)
4094 return query
4095
4096
4097 class Integration(Base, BaseModel):
4098 __tablename__ = 'integrations'
4099 __table_args__ = (
4100 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4101 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
4102 )
4103
4104 integration_id = Column('integration_id', Integer(), primary_key=True)
4105 integration_type = Column('integration_type', String(255))
4106 enabled = Column('enabled', Boolean(), nullable=False)
4107 name = Column('name', String(255), nullable=False)
4108 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
4109 default=False)
4110
4111 settings = Column(
4112 'settings_json', MutationObj.as_mutable(
4113 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
4114 repo_id = Column(
4115 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
4116 nullable=True, unique=None, default=None)
4117 repo = relationship('Repository', lazy='joined')
4118
4119 repo_group_id = Column(
4120 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
4121 nullable=True, unique=None, default=None)
4122 repo_group = relationship('RepoGroup', lazy='joined')
4123
4124 @property
4125 def scope(self):
4126 if self.repo:
4127 return repr(self.repo)
4128 if self.repo_group:
4129 if self.child_repos_only:
4130 return repr(self.repo_group) + ' (child repos only)'
4131 else:
4132 return repr(self.repo_group) + ' (recursive)'
4133 if self.child_repos_only:
4134 return 'root_repos'
4135 return 'global'
4136
4137 def __repr__(self):
4138 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4139
4140
4141 class RepoReviewRuleUser(Base, BaseModel):
4142 __tablename__ = 'repo_review_rules_users'
4143 __table_args__ = (
4144 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4145 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4146 )
4147
4148 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4149 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4150 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4151 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4152 user = relationship('User')
4153
4154 def rule_data(self):
4155 return {
4156 'mandatory': self.mandatory
4157 }
4158
4159
4160 class RepoReviewRuleUserGroup(Base, BaseModel):
4161 __tablename__ = 'repo_review_rules_users_groups'
4162 __table_args__ = (
4163 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4164 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4165 )
4166 VOTE_RULE_ALL = -1
4167
4168 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4169 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4170 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4171 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4172 vote_rule = Column("vote_rule", Integer(), nullable=True, default=VOTE_RULE_ALL)
4173 users_group = relationship('UserGroup')
4174
4175 def rule_data(self):
4176 return {
4177 'mandatory': self.mandatory,
4178 'vote_rule': self.vote_rule
4179 }
4180
4181 @property
4182 def vote_rule_label(self):
4183 if not self.vote_rule or self.vote_rule == self.VOTE_RULE_ALL:
4184 return 'all must vote'
4185 else:
4186 return 'min. vote {}'.format(self.vote_rule)
4187
4188
4189 class RepoReviewRule(Base, BaseModel):
4190 __tablename__ = 'repo_review_rules'
4191 __table_args__ = (
4192 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4193 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4194 )
4195
4196 repo_review_rule_id = Column(
4197 'repo_review_rule_id', Integer(), primary_key=True)
4198 repo_id = Column(
4199 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4200 repo = relationship('Repository', backref='review_rules')
4201
4202 review_rule_name = Column('review_rule_name', String(255))
4203 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4204 _target_branch_pattern = Column("target_branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4205 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4206
4207 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4208 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4209 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4210 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4211
4212 rule_users = relationship('RepoReviewRuleUser')
4213 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4214
4215 def _validate_glob(self, value):
4216 re.compile('^' + glob2re(value) + '$')
4217
4218 @hybrid_property
4219 def source_branch_pattern(self):
4220 return self._branch_pattern or '*'
4221
4222 @source_branch_pattern.setter
4223 def source_branch_pattern(self, value):
4224 self._validate_glob(value)
4225 self._branch_pattern = value or '*'
4226
4227 @hybrid_property
4228 def target_branch_pattern(self):
4229 return self._target_branch_pattern or '*'
4230
4231 @target_branch_pattern.setter
4232 def target_branch_pattern(self, value):
4233 self._validate_glob(value)
4234 self._target_branch_pattern = value or '*'
4235
4236 @hybrid_property
4237 def file_pattern(self):
4238 return self._file_pattern or '*'
4239
4240 @file_pattern.setter
4241 def file_pattern(self, value):
4242 self._validate_glob(value)
4243 self._file_pattern = value or '*'
4244
4245 def matches(self, source_branch, target_branch, files_changed):
4246 """
4247 Check if this review rule matches a branch/files in a pull request
4248
4249 :param source_branch: source branch name for the commit
4250 :param target_branch: target branch name for the commit
4251 :param files_changed: list of file paths changed in the pull request
4252 """
4253
4254 source_branch = source_branch or ''
4255 target_branch = target_branch or ''
4256 files_changed = files_changed or []
4257
4258 branch_matches = True
4259 if source_branch or target_branch:
4260 if self.source_branch_pattern == '*':
4261 source_branch_match = True
4262 else:
4263 source_branch_regex = re.compile(
4264 '^' + glob2re(self.source_branch_pattern) + '$')
4265 source_branch_match = bool(source_branch_regex.search(source_branch))
4266 if self.target_branch_pattern == '*':
4267 target_branch_match = True
4268 else:
4269 target_branch_regex = re.compile(
4270 '^' + glob2re(self.target_branch_pattern) + '$')
4271 target_branch_match = bool(target_branch_regex.search(target_branch))
4272
4273 branch_matches = source_branch_match and target_branch_match
4274
4275 files_matches = True
4276 if self.file_pattern != '*':
4277 files_matches = False
4278 file_regex = re.compile(glob2re(self.file_pattern))
4279 for filename in files_changed:
4280 if file_regex.search(filename):
4281 files_matches = True
4282 break
4283
4284 return branch_matches and files_matches
4285
4286 @property
4287 def review_users(self):
4288 """ Returns the users which this rule applies to """
4289
4290 users = collections.OrderedDict()
4291
4292 for rule_user in self.rule_users:
4293 if rule_user.user.active:
4294 if rule_user.user not in users:
4295 users[rule_user.user.username] = {
4296 'user': rule_user.user,
4297 'source': 'user',
4298 'source_data': {},
4299 'data': rule_user.rule_data()
4300 }
4301
4302 for rule_user_group in self.rule_user_groups:
4303 source_data = {
4304 'user_group_id': rule_user_group.users_group.users_group_id,
4305 'name': rule_user_group.users_group.users_group_name,
4306 'members': len(rule_user_group.users_group.members)
4307 }
4308 for member in rule_user_group.users_group.members:
4309 if member.user.active:
4310 key = member.user.username
4311 if key in users:
4312 # skip this member as we have him already
4313 # this prevents from override the "first" matched
4314 # users with duplicates in multiple groups
4315 continue
4316
4317 users[key] = {
4318 'user': member.user,
4319 'source': 'user_group',
4320 'source_data': source_data,
4321 'data': rule_user_group.rule_data()
4322 }
4323
4324 return users
4325
4326 def user_group_vote_rule(self):
4327 rules = []
4328 if self.rule_user_groups:
4329 for user_group in self.rule_user_groups:
4330 rules.append(user_group)
4331 return rules
4332
4333 def __repr__(self):
4334 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4335 self.repo_review_rule_id, self.repo)
4336
4337
4338 class ScheduleEntry(Base, BaseModel):
4339 __tablename__ = 'schedule_entries'
4340 __table_args__ = (
4341 UniqueConstraint('schedule_name', name='s_schedule_name_idx'),
4342 UniqueConstraint('task_uid', name='s_task_uid_idx'),
4343 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4344 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4345 )
4346 schedule_types = ['crontab', 'timedelta', 'integer']
4347 schedule_entry_id = Column('schedule_entry_id', Integer(), primary_key=True)
4348
4349 schedule_name = Column("schedule_name", String(255), nullable=False, unique=None, default=None)
4350 schedule_description = Column("schedule_description", String(10000), nullable=True, unique=None, default=None)
4351 schedule_enabled = Column("schedule_enabled", Boolean(), nullable=False, unique=None, default=True)
4352
4353 _schedule_type = Column("schedule_type", String(255), nullable=False, unique=None, default=None)
4354 schedule_definition = Column('schedule_definition_json', MutationObj.as_mutable(JsonType(default=lambda: "", dialect_map=dict(mysql=LONGTEXT()))))
4355
4356 schedule_last_run = Column('schedule_last_run', DateTime(timezone=False), nullable=True, unique=None, default=None)
4357 schedule_total_run_count = Column('schedule_total_run_count', Integer(), nullable=True, unique=None, default=0)
4358
4359 # task
4360 task_uid = Column("task_uid", String(255), nullable=False, unique=None, default=None)
4361 task_dot_notation = Column("task_dot_notation", String(4096), nullable=False, unique=None, default=None)
4362 task_args = Column('task_args_json', MutationObj.as_mutable(JsonType(default=list, dialect_map=dict(mysql=LONGTEXT()))))
4363 task_kwargs = Column('task_kwargs_json', MutationObj.as_mutable(JsonType(default=dict, dialect_map=dict(mysql=LONGTEXT()))))
4364
4365 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4366 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=None)
4367
4368 @hybrid_property
4369 def schedule_type(self):
4370 return self._schedule_type
4371
4372 @schedule_type.setter
4373 def schedule_type(self, val):
4374 if val not in self.schedule_types:
4375 raise ValueError('Value must be on of `{}` and got `{}`'.format(
4376 val, self.schedule_type))
4377
4378 self._schedule_type = val
4379
4380 @classmethod
4381 def get_uid(cls, obj):
4382 args = obj.task_args
4383 kwargs = obj.task_kwargs
4384 if isinstance(args, JsonRaw):
4385 try:
4386 args = json.loads(args)
4387 except ValueError:
4388 args = tuple()
4389
4390 if isinstance(kwargs, JsonRaw):
4391 try:
4392 kwargs = json.loads(kwargs)
4393 except ValueError:
4394 kwargs = dict()
4395
4396 dot_notation = obj.task_dot_notation
4397 val = '.'.join(map(safe_str, [
4398 sorted(dot_notation), args, sorted(kwargs.items())]))
4399 return hashlib.sha1(val).hexdigest()
4400
4401 @classmethod
4402 def get_by_schedule_name(cls, schedule_name):
4403 return cls.query().filter(cls.schedule_name == schedule_name).scalar()
4404
4405 @classmethod
4406 def get_by_schedule_id(cls, schedule_id):
4407 return cls.query().filter(cls.schedule_entry_id == schedule_id).scalar()
4408
4409 @property
4410 def task(self):
4411 return self.task_dot_notation
4412
4413 @property
4414 def schedule(self):
4415 from rhodecode.lib.celerylib.utils import raw_2_schedule
4416 schedule = raw_2_schedule(self.schedule_definition, self.schedule_type)
4417 return schedule
4418
4419 @property
4420 def args(self):
4421 try:
4422 return list(self.task_args or [])
4423 except ValueError:
4424 return list()
4425
4426 @property
4427 def kwargs(self):
4428 try:
4429 return dict(self.task_kwargs or {})
4430 except ValueError:
4431 return dict()
4432
4433 def _as_raw(self, val):
4434 if hasattr(val, 'de_coerce'):
4435 val = val.de_coerce()
4436 if val:
4437 val = json.dumps(val)
4438
4439 return val
4440
4441 @property
4442 def schedule_definition_raw(self):
4443 return self._as_raw(self.schedule_definition)
4444
4445 @property
4446 def args_raw(self):
4447 return self._as_raw(self.task_args)
4448
4449 @property
4450 def kwargs_raw(self):
4451 return self._as_raw(self.task_kwargs)
4452
4453 def __repr__(self):
4454 return '<DB:ScheduleEntry({}:{})>'.format(
4455 self.schedule_entry_id, self.schedule_name)
4456
4457
4458 @event.listens_for(ScheduleEntry, 'before_update')
4459 def update_task_uid(mapper, connection, target):
4460 target.task_uid = ScheduleEntry.get_uid(target)
4461
4462
4463 @event.listens_for(ScheduleEntry, 'before_insert')
4464 def set_task_uid(mapper, connection, target):
4465 target.task_uid = ScheduleEntry.get_uid(target)
4466
4467
4468 class _BaseBranchPerms(BaseModel):
4469 @classmethod
4470 def compute_hash(cls, value):
4471 return md5_safe(value)
4472
4473 @hybrid_property
4474 def branch_pattern(self):
4475 return self._branch_pattern or '*'
4476
4477 @hybrid_property
4478 def branch_hash(self):
4479 return self._branch_hash
4480
4481 def _validate_glob(self, value):
4482 re.compile('^' + glob2re(value) + '$')
4483
4484 @branch_pattern.setter
4485 def branch_pattern(self, value):
4486 self._validate_glob(value)
4487 self._branch_pattern = value or '*'
4488 # set the Hash when setting the branch pattern
4489 self._branch_hash = self.compute_hash(self._branch_pattern)
4490
4491 def matches(self, branch):
4492 """
4493 Check if this the branch matches entry
4494
4495 :param branch: branch name for the commit
4496 """
4497
4498 branch = branch or ''
4499
4500 branch_matches = True
4501 if branch:
4502 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4503 branch_matches = bool(branch_regex.search(branch))
4504
4505 return branch_matches
4506
4507
4508 class UserToRepoBranchPermission(Base, _BaseBranchPerms):
4509 __tablename__ = 'user_to_repo_branch_permissions'
4510 __table_args__ = (
4511 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4512 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4513 )
4514
4515 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4516
4517 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4518 repo = relationship('Repository', backref='user_branch_perms')
4519
4520 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4521 permission = relationship('Permission')
4522
4523 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('repo_to_perm.repo_to_perm_id'), nullable=False, unique=None, default=None)
4524 user_repo_to_perm = relationship('UserRepoToPerm')
4525
4526 rule_order = Column('rule_order', Integer(), nullable=False)
4527 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4528 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4529
4530 def __unicode__(self):
4531 return u'<UserBranchPermission(%s => %r)>' % (
4532 self.user_repo_to_perm, self.branch_pattern)
4533
4534
4535 class UserGroupToRepoBranchPermission(Base, _BaseBranchPerms):
4536 __tablename__ = 'user_group_to_repo_branch_permissions'
4537 __table_args__ = (
4538 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4539 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4540 )
4541
4542 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4543
4544 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4545 repo = relationship('Repository', backref='user_group_branch_perms')
4546
4547 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4548 permission = relationship('Permission')
4549
4550 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('users_group_repo_to_perm.users_group_to_perm_id'), nullable=False, unique=None, default=None)
4551 user_group_repo_to_perm = relationship('UserGroupRepoToPerm')
4552
4553 rule_order = Column('rule_order', Integer(), nullable=False)
4554 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4555 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4556
4557 def __unicode__(self):
4558 return u'<UserBranchPermission(%s => %r)>' % (
4559 self.user_group_repo_to_perm, self.branch_pattern)
4560
4561
4562 class DbMigrateVersion(Base, BaseModel):
4563 __tablename__ = 'db_migrate_version'
4564 __table_args__ = (
4565 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4566 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4567 )
4568 repository_id = Column('repository_id', String(250), primary_key=True)
4569 repository_path = Column('repository_path', Text)
4570 version = Column('version', Integer)
4571
4572
4573 class DbSession(Base, BaseModel):
4574 __tablename__ = 'db_session'
4575 __table_args__ = (
4576 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4577 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4578 )
4579
4580 def __repr__(self):
4581 return '<DB:DbSession({})>'.format(self.id)
4582
4583 id = Column('id', Integer())
4584 namespace = Column('namespace', String(255), primary_key=True)
4585 accessed = Column('accessed', DateTime, nullable=False)
4586 created = Column('created', DateTime, nullable=False)
4587 data = Column('data', PickleType, nullable=False)
Show file before | Show file after | Hide comments
@@ -0,0 +1,46 b''
1 import logging
2
3 from sqlalchemy import *
4 from sqlalchemy.engine import reflection
5 from sqlalchemy.dialects.mysql import LONGTEXT
6
7 from alembic.migration import MigrationContext
8 from alembic.operations import Operations
9
10 from rhodecode.lib.dbmigrate.utils import create_default_permissions, \
11 create_default_object_permission
12 from rhodecode.model import meta
13 from rhodecode.lib.dbmigrate.versions import _reset_base, notify
14
15 log = logging.getLogger(__name__)
16
17
18 def upgrade(migrate_engine):
19 """
20 Upgrade operations go here.
21 Don't create your own engine; bind migrate_engine to your metadata
22 """
23 _reset_base(migrate_engine)
24 from rhodecode.lib.dbmigrate.schema import db_4_13_0_0 as db
25
26 # issue fixups
27 fixups(db, meta.Session)
28
29
30 def downgrade(migrate_engine):
31 meta = MetaData()
32 meta.bind = migrate_engine
33
34
35 def fixups(models, _SESSION):
36 # create default permissions
37 create_default_permissions(_SESSION, models)
38 log.info('created default global permissions definitions')
39 _SESSION().commit()
40
41 # # fix default object permissions
42 # create_default_object_permission(_SESSION, models)
43
44 log.info('created default permission')
45 _SESSION().commit()
46
Show file before | Show file after | Hide comments
@@ -0,0 +1,39 b''
1 import logging
2
3 from sqlalchemy import *
4 from sqlalchemy.engine import reflection
5 from sqlalchemy.dialects.mysql import LONGTEXT
6
7 from alembic.migration import MigrationContext
8 from alembic.operations import Operations
9
10 from rhodecode.model import meta
11 from rhodecode.lib.dbmigrate.versions import _reset_base, notify
12
13 log = logging.getLogger(__name__)
14
15
16 def upgrade(migrate_engine):
17 """
18 Upgrade operations go here.
19 Don't create your own engine; bind migrate_engine to your metadata
20 """
21 _reset_base(migrate_engine)
22 from rhodecode.lib.dbmigrate.schema import db_4_13_0_0 as db
23
24 db.UserToRepoBranchPermission.__table__.create()
25 db.UserGroupToRepoBranchPermission.__table__.create()
26
27 # issue fixups
28 fixups(db, meta.Session)
29
30
31 def downgrade(migrate_engine):
32 meta = MetaData()
33 meta.bind = migrate_engine
34
35
36 def fixups(models, _SESSION):
37 pass
38
39
Show file before | Show file after | Hide comments
@@ -0,0 +1,43 b''
1 import logging
2
3 from sqlalchemy import *
4
5 from rhodecode.lib.dbmigrate.utils import (
6 create_default_object_permission, create_default_permissions)
7
8 from rhodecode.model import meta
9 from rhodecode.lib.dbmigrate.versions import _reset_base, notify
10
11 log = logging.getLogger(__name__)
12
13
14 def upgrade(migrate_engine):
15 """
16 Upgrade operations go here.
17 Don't create your own engine; bind migrate_engine to your metadata
18 """
19 _reset_base(migrate_engine)
20 from rhodecode.lib.dbmigrate.schema import db_4_13_0_0 as db
21
22 # issue fixups
23 fixups(db, meta.Session)
24
25
26 def downgrade(migrate_engine):
27 meta = MetaData()
28 meta.bind = migrate_engine
29
30
31 def fixups(models, _SESSION):
32 # create default permissions
33 create_default_permissions(_SESSION, models)
34 log.info('created default global permissions definitions')
35 _SESSION().commit()
36
37 # fix default object permissions
38 create_default_object_permission(_SESSION, models)
39
40 log.info('created default permission')
41 _SESSION().commit()
42
43
Show file before | Show file after | Hide comments
@@ -0,0 +1,9 b''
1 <div class="panel panel-default">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('Default Permissions for Branches.')}</h3>
4 </div>
5 <div class="panel-body">
6 <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4>
7 <img style="width: 100%; height: 100%" src="${h.asset('images/ee_features/admin_branch_permissions.png')}"/>
8 </div>
9 </div>
Show file before | Show file after | Hide comments
@@ -0,0 +1,9 b''
1 <div class="panel panel-default">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('Repository Branch Permissions.')}</h3>
4 </div>
5 <div class="panel-body">
6 <h4>${_('This feature is available in RhodeCode EE edition only. Contact {sales_email} to obtain a trial license.').format(sales_email='<a href="mailto:sales@rhodecode.com">sales@rhodecode.com</a>')|n}</h4>
7 <img style="width: 100%; height: 100%" src="${h.asset('images/ee_features/repo_branch_permissions.png')}"/>
8 </div>
9 </div>
Show file before | Show file after | Hide comments
@@ -51,7 +51,7 b' PYRAMID_SETTINGS = {}'
51 EXTENSIONS = {}
51 EXTENSIONS = {}
52
52
53 __version__ = ('.'.join((str(each) for each in VERSION[:3])))
53 __version__ = ('.'.join((str(each) for each in VERSION[:3])))
54 __dbversion__ = 87 # defines current db version for migrations
54 __dbversion__ = 90 # defines current db version for migrations
55 __platform__ = platform.system()
55 __platform__ = platform.system()
56 __license__ = 'AGPLv3, and Commercial License'
56 __license__ = 'AGPLv3, and Commercial License'
57 __author__ = 'RhodeCode GmbH'
57 __author__ = 'RhodeCode GmbH'
Show file before | Show file after | Hide comments
@@ -210,6 +210,11 b' def admin_routes(config):'
210 name='admin_permissions_object_update',
210 name='admin_permissions_object_update',
211 pattern='/permissions/object/update')
211 pattern='/permissions/object/update')
212
212
213 # Branch perms EE feature
214 config.add_route(
215 name='admin_permissions_branch',
216 pattern='/permissions/branch')
217
213 config.add_route(
218 config.add_route(
214 name='admin_permissions_ips',
219 name='admin_permissions_ips',
215 pattern='/permissions/ips')
220 pattern='/permissions/ips')
Show file before | Show file after | Hide comments
@@ -182,7 +182,8 b' class AdminPermissionsView(BaseAppView, '
182 self.request.translate,
182 self.request.translate,
183 [x[0] for x in c.repo_perms_choices],
183 [x[0] for x in c.repo_perms_choices],
184 [x[0] for x in c.group_perms_choices],
184 [x[0] for x in c.group_perms_choices],
185 [x[0] for x in c.user_group_perms_choices])()
185 [x[0] for x in c.user_group_perms_choices],
186 )()
186
187
187 try:
188 try:
188 form_result = _form.to_python(dict(self.request.POST))
189 form_result = _form.to_python(dict(self.request.POST))
@@ -218,6 +219,30 b' class AdminPermissionsView(BaseAppView, '
218 @LoginRequired()
219 @LoginRequired()
219 @HasPermissionAllDecorator('hg.admin')
220 @HasPermissionAllDecorator('hg.admin')
220 @view_config(
221 @view_config(
222 route_name='admin_permissions_branch', request_method='GET',
223 renderer='rhodecode:templates/admin/permissions/permissions.mako')
224 def permissions_branch(self):
225 c = self.load_default_context()
226 c.active = 'branch'
227
228 c.user = User.get_default_user(refresh=True)
229 defaults = {}
230 defaults.update(c.user.get_default_perms())
231
232 data = render(
233 'rhodecode:templates/admin/permissions/permissions.mako',
234 self._get_template_context(c), self.request)
235 html = formencode.htmlfill.render(
236 data,
237 defaults=defaults,
238 encoding="UTF-8",
239 force_defaults=False
240 )
241 return Response(html)
242
243 @LoginRequired()
244 @HasPermissionAllDecorator('hg.admin')
245 @view_config(
221 route_name='admin_permissions_global', request_method='GET',
246 route_name='admin_permissions_global', request_method='GET',
222 renderer='rhodecode:templates/admin/permissions/permissions.mako')
247 renderer='rhodecode:templates/admin/permissions/permissions.mako')
223 def permissions_global(self):
248 def permissions_global(self):
Show file before | Show file after | Hide comments
@@ -345,6 +345,15 b' def includeme(config):'
345 name='edit_repo_perms',
345 name='edit_repo_perms',
346 pattern='/{repo_name:.*?[^/]}/settings/permissions', repo_route=True)
346 pattern='/{repo_name:.*?[^/]}/settings/permissions', repo_route=True)
347
347
348 # Permissions Branch (EE feature)
349 config.add_route(
350 name='edit_repo_perms_branch',
351 pattern='/{repo_name:.*?[^/]}/settings/branch_permissions', repo_route=True)
352 config.add_route(
353 name='edit_repo_perms_branch_delete',
354 pattern='/{repo_name:.*?[^/]}/settings/branch_permissions/{rule_id}/delete',
355 repo_route=True)
356
348 # Maintenance
357 # Maintenance
349 config.add_route(
358 config.add_route(
350 name='edit_repo_maintenance',
359 name='edit_repo_maintenance',
Show file before | Show file after | Hide comments
@@ -367,10 +367,38 b' class PermOriginDict(dict):'
367 self.perm_origin_stack = collections.OrderedDict()
367 self.perm_origin_stack = collections.OrderedDict()
368
368
369 def __setitem__(self, key, (perm, origin)):
369 def __setitem__(self, key, (perm, origin)):
370 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
370 self.perm_origin_stack.setdefault(key, []).append(
371 (perm, origin))
371 dict.__setitem__(self, key, perm)
372 dict.__setitem__(self, key, perm)
372
373
373
374
375 class BranchPermOriginDict(PermOriginDict):
376 """
377 Dedicated branch permissions dict, with tracking of patterns and origins.
378
379 >>> perms = BranchPermOriginDict()
380 >>> perms['resource'] = '*pattern', 'read', 'default'
381 >>> perms['resource']
382 {'*pattern': 'read'}
383 >>> perms['resource'] = '*pattern', 'write', 'admin'
384 >>> perms['resource']
385 {'*pattern': 'write'}
386 >>> perms.perm_origin_stack
387 {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
388 """
389 def __setitem__(self, key, (pattern, perm, origin)):
390
391 self.perm_origin_stack.setdefault(key, {}) \
392 .setdefault(pattern, []).append((perm, origin))
393
394 if key in self:
395 self[key].__setitem__(pattern, perm)
396 else:
397 patterns = collections.OrderedDict()
398 patterns[pattern] = perm
399 dict.__setitem__(self, key, patterns)
400
401
374 class PermissionCalculator(object):
402 class PermissionCalculator(object):
375
403
376 def __init__(
404 def __init__(
@@ -395,6 +423,7 b' class PermissionCalculator(object):'
395 self.permissions_repositories = PermOriginDict()
423 self.permissions_repositories = PermOriginDict()
396 self.permissions_repository_groups = PermOriginDict()
424 self.permissions_repository_groups = PermOriginDict()
397 self.permissions_user_groups = PermOriginDict()
425 self.permissions_user_groups = PermOriginDict()
426 self.permissions_repository_branches = BranchPermOriginDict()
398 self.permissions_global = set()
427 self.permissions_global = set()
399
428
400 self.default_repo_perms = Permission.get_default_repo_perms(
429 self.default_repo_perms = Permission.get_default_repo_perms(
@@ -405,6 +434,11 b' class PermissionCalculator(object):'
405 Permission.get_default_user_group_perms(
434 Permission.get_default_user_group_perms(
406 self.default_user_id, self.scope_user_group_id)
435 self.default_user_id, self.scope_user_group_id)
407
436
437 # default branch perms
438 self.default_branch_repo_perms = \
439 Permission.get_default_repo_branch_perms(
440 self.default_user_id, self.scope_repo_id)
441
408 def calculate(self):
442 def calculate(self):
409 if self.user_is_admin and not self.calculate_super_admin:
443 if self.user_is_admin and not self.calculate_super_admin:
410 return self._admin_permissions()
444 return self._admin_permissions()
@@ -413,6 +447,7 b' class PermissionCalculator(object):'
413 self._calculate_global_permissions()
447 self._calculate_global_permissions()
414 self._calculate_default_permissions()
448 self._calculate_default_permissions()
415 self._calculate_repository_permissions()
449 self._calculate_repository_permissions()
450 self._calculate_repository_branch_permissions()
416 self._calculate_repository_group_permissions()
451 self._calculate_repository_group_permissions()
417 self._calculate_user_group_permissions()
452 self._calculate_user_group_permissions()
418 return self._permission_structure()
453 return self._permission_structure()
@@ -443,6 +478,15 b' class PermissionCalculator(object):'
443 p = 'usergroup.admin'
478 p = 'usergroup.admin'
444 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN
479 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN
445
480
481 # branch permissions
482 # TODO(marcink): validate this, especially
483 # how this should work using multiple patterns specified ??
484 # looks ok, but still needs double check !!
485 for perm in self.default_branch_repo_perms:
486 r_k = perm.UserRepoToPerm.repository.repo_name
487 p = 'branch.push_force'
488 self.permissions_repository_branches[r_k] = '*', p, PermOrigin.SUPER_ADMIN
489
446 return self._permission_structure()
490 return self._permission_structure()
447
491
448 def _calculate_global_default_permissions(self):
492 def _calculate_global_default_permissions(self):
@@ -472,18 +516,14 b' class PermissionCalculator(object):'
472 # now we read the defined permissions and overwrite what we have set
516 # now we read the defined permissions and overwrite what we have set
473 # before those can be configured from groups or users explicitly.
517 # before those can be configured from groups or users explicitly.
474
518
475 # TODO: johbo: This seems to be out of sync, find out the reason
519 # In case we want to extend this list we should make sure
476 # for the comment below and update it.
520 # this is in sync with User.DEFAULT_USER_PERMISSIONS definitions
477
478 # In case we want to extend this list we should be always in sync with
479 # User.DEFAULT_USER_PERMISSIONS definitions
480 _configurable = frozenset([
521 _configurable = frozenset([
481 'hg.fork.none', 'hg.fork.repository',
522 'hg.fork.none', 'hg.fork.repository',
482 'hg.create.none', 'hg.create.repository',
523 'hg.create.none', 'hg.create.repository',
483 'hg.usergroup.create.false', 'hg.usergroup.create.true',
524 'hg.usergroup.create.false', 'hg.usergroup.create.true',
484 'hg.repogroup.create.false', 'hg.repogroup.create.true',
525 'hg.repogroup.create.false', 'hg.repogroup.create.true',
485 'hg.create.write_on_repogroup.false',
526 'hg.create.write_on_repogroup.false', 'hg.create.write_on_repogroup.true',
486 'hg.create.write_on_repogroup.true',
487 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
527 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
488 ])
528 ])
489
529
@@ -506,7 +546,7 b' class PermissionCalculator(object):'
506 for gr, perms in _explicit_grouped_perms:
546 for gr, perms in _explicit_grouped_perms:
507 # since user can be in multiple groups iterate over them and
547 # since user can be in multiple groups iterate over them and
508 # select the lowest permissions first (more explicit)
548 # select the lowest permissions first (more explicit)
509 # TODO: marcink: do this^^
549 # TODO(marcink): do this^^
510
550
511 # group doesn't inherit default permissions so we actually set them
551 # group doesn't inherit default permissions so we actually set them
512 if not gr.inherit_default_permissions:
552 if not gr.inherit_default_permissions:
@@ -533,8 +573,8 b' class PermissionCalculator(object):'
533
573
534 def _calculate_default_permissions(self):
574 def _calculate_default_permissions(self):
535 """
575 """
536 Set default user permissions for repositories, repository groups
576 Set default user permissions for repositories, repository branches,
537 taken from the default user.
577 repository groups, user groups taken from the default user.
538
578
539 Calculate inheritance of object permissions based on what we have now
579 Calculate inheritance of object permissions based on what we have now
540 in GLOBAL permissions. We check if .false is in GLOBAL since this is
580 in GLOBAL permissions. We check if .false is in GLOBAL since this is
@@ -551,8 +591,7 b' class PermissionCalculator(object):'
551 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
591 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
552 in self.permissions_global)
592 in self.permissions_global)
553
593
554 # defaults for repositories, taken from `default` user permissions
594 # default permissions for repositories, taken from `default` user permissions
555 # on given repo
556 for perm in self.default_repo_perms:
595 for perm in self.default_repo_perms:
557 r_k = perm.UserRepoToPerm.repository.repo_name
596 r_k = perm.UserRepoToPerm.repository.repo_name
558 p = perm.Permission.permission_name
597 p = perm.Permission.permission_name
@@ -585,8 +624,24 b' class PermissionCalculator(object):'
585 o = PermOrigin.SUPER_ADMIN
624 o = PermOrigin.SUPER_ADMIN
586 self.permissions_repositories[r_k] = p, o
625 self.permissions_repositories[r_k] = p, o
587
626
588 # defaults for repository groups taken from `default` user permission
627 # default permissions branch for repositories, taken from `default` user permissions
589 # on given group
628 for perm in self.default_branch_repo_perms:
629
630 r_k = perm.UserRepoToPerm.repository.repo_name
631 p = perm.Permission.permission_name
632 pattern = perm.UserToRepoBranchPermission.branch_pattern
633 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
634
635 if not self.explicit:
636 # TODO(marcink): fix this for multiple entries
637 cur_perm = self.permissions_repository_branches.get(r_k) or 'branch.none'
638 p = self._choose_permission(p, cur_perm)
639
640 # NOTE(marcink): register all pattern/perm instances in this
641 # special dict that aggregates entries
642 self.permissions_repository_branches[r_k] = pattern, p, o
643
644 # default permissions for repository groups taken from `default` user permission
590 for perm in self.default_repo_groups_perms:
645 for perm in self.default_repo_groups_perms:
591 rg_k = perm.UserRepoGroupToPerm.group.group_name
646 rg_k = perm.UserRepoGroupToPerm.group.group_name
592 p = perm.Permission.permission_name
647 p = perm.Permission.permission_name
@@ -611,8 +666,7 b' class PermissionCalculator(object):'
611 o = PermOrigin.SUPER_ADMIN
666 o = PermOrigin.SUPER_ADMIN
612 self.permissions_repository_groups[rg_k] = p, o
667 self.permissions_repository_groups[rg_k] = p, o
613
668
614 # defaults for user groups taken from `default` user permission
669 # default permissions for user groups taken from `default` user permission
615 # on given user group
616 for perm in self.default_user_group_perms:
670 for perm in self.default_user_group_perms:
617 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
671 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
618 p = perm.Permission.permission_name
672 p = perm.Permission.permission_name
@@ -703,6 +757,49 b' class PermissionCalculator(object):'
703 o = PermOrigin.SUPER_ADMIN
757 o = PermOrigin.SUPER_ADMIN
704 self.permissions_repositories[r_k] = p, o
758 self.permissions_repositories[r_k] = p, o
705
759
760 def _calculate_repository_branch_permissions(self):
761 # user group for repositories permissions
762 user_repo_branch_perms_from_user_group = Permission\
763 .get_default_repo_branch_perms_from_user_group(
764 self.user_id, self.scope_repo_id)
765
766 multiple_counter = collections.defaultdict(int)
767 for perm in user_repo_branch_perms_from_user_group:
768 r_k = perm.UserGroupRepoToPerm.repository.repo_name
769 p = perm.Permission.permission_name
770 pattern = perm.UserGroupToRepoBranchPermission.branch_pattern
771 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
772 .users_group.users_group_name
773
774 multiple_counter[r_k] += 1
775 if multiple_counter[r_k] > 1:
776 # TODO(marcink): fix this for multi branch support, and multiple entries
777 cur_perm = self.permissions_repository_branches[r_k]
778 p = self._choose_permission(p, cur_perm)
779
780 self.permissions_repository_branches[r_k] = pattern, p, o
781
782 # user explicit branch permissions for repositories, overrides
783 # any specified by the group permission
784 user_repo_branch_perms = Permission.get_default_repo_branch_perms(
785 self.user_id, self.scope_repo_id)
786 for perm in user_repo_branch_perms:
787
788 r_k = perm.UserRepoToPerm.repository.repo_name
789 p = perm.Permission.permission_name
790 pattern = perm.UserToRepoBranchPermission.branch_pattern
791 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
792
793 if not self.explicit:
794 # TODO(marcink): fix this for multiple entries
795 cur_perm = self.permissions_repository_branches.get(r_k) or 'branch.none'
796 p = self._choose_permission(p, cur_perm)
797
798 # NOTE(marcink): register all pattern/perm instances in this
799 # special dict that aggregates entries
800 self.permissions_repository_branches[r_k] = pattern, p, o
801
802
706 def _calculate_repository_group_permissions(self):
803 def _calculate_repository_group_permissions(self):
707 """
804 """
708 Repository group permissions for the current user.
805 Repository group permissions for the current user.
@@ -845,6 +942,7 b' class PermissionCalculator(object):'
845 return {
942 return {
846 'global': self.permissions_global,
943 'global': self.permissions_global,
847 'repositories': self.permissions_repositories,
944 'repositories': self.permissions_repositories,
945 'repository_branches': self.permissions_repository_branches,
848 'repositories_groups': self.permissions_repository_groups,
946 'repositories_groups': self.permissions_repository_groups,
849 'user_groups': self.permissions_user_groups,
947 'user_groups': self.permissions_user_groups,
850 }
948 }
@@ -956,6 +1054,9 b' class AuthUser(object):'
956 perms['user_groups'] = {
1054 perms['user_groups'] = {
957 k: v for k, v in perms['user_groups'].items()
1055 k: v for k, v in perms['user_groups'].items()
958 if v != 'usergroup.none'}
1056 if v != 'usergroup.none'}
1057 perms['repository_branches'] = {
1058 k: v for k, v in perms['repository_branches'].iteritems()
1059 if v != 'branch.none'}
959 return perms
1060 return perms
960
1061
961 @LazyProperty
1062 @LazyProperty
@@ -1800,7 +1901,6 b' class PermsFunction(object):'
1800 def __call__(self, check_location='', user=None):
1901 def __call__(self, check_location='', user=None):
1801 if not user:
1902 if not user:
1802 log.debug('Using user attribute from global request')
1903 log.debug('Using user attribute from global request')
1803 # TODO: remove this someday,put as user as attribute here
1804 request = self._get_request()
1904 request = self._get_request()
1805 user = request.user
1905 user = request.user
1806
1906
Show file before | Show file after | Hide comments
@@ -751,6 +751,13 b' class AttributeDict(AttributeDictBase):'
751
751
752
752
753
753
754 class OrderedDefaultDict(collections.OrderedDict, collections.defaultdict):
755 def __init__(self, default_factory=None, *args, **kwargs):
756 # in python3 you can omit the args to super
757 super(OrderedDefaultDict, self).__init__(*args, **kwargs)
758 self.default_factory = default_factory
759
760
754 def fix_PATH(os_=None):
761 def fix_PATH(os_=None):
755 """
762 """
756 Get current active python path, and append it to PATH variable to fix
763 Get current active python path, and append it to PATH variable to fix
Show file before | Show file after | Hide comments
@@ -1913,6 +1913,7 b' class Repository(Base, BaseModel):'
1913 for _usr in q.all():
1913 for _usr in q.all():
1914 usr = AttributeDict(_usr.user.get_dict())
1914 usr = AttributeDict(_usr.user.get_dict())
1915 usr.permission = _usr.permission.permission_name
1915 usr.permission = _usr.permission.permission_name
1916 usr.permission_id = _usr.repo_to_perm_id
1916 perm_rows.append(usr)
1917 perm_rows.append(usr)
1917
1918
1918 # filter the perm rows by 'default' first and then sort them by
1919 # filter the perm rows by 'default' first and then sort them by
@@ -1926,6 +1927,7 b' class Repository(Base, BaseModel):'
1926 usr = AttributeDict(self.user.get_dict())
1927 usr = AttributeDict(self.user.get_dict())
1927 usr.owner_row = True
1928 usr.owner_row = True
1928 usr.permission = _admin_perm
1929 usr.permission = _admin_perm
1930 usr.permission_id = None
1929 owner_row.append(usr)
1931 owner_row.append(usr)
1930
1932
1931 super_admin_rows = []
1933 super_admin_rows = []
@@ -1938,6 +1940,7 b' class Repository(Base, BaseModel):'
1938 usr = AttributeDict(usr.get_dict())
1940 usr = AttributeDict(usr.get_dict())
1939 usr.admin_row = True
1941 usr.admin_row = True
1940 usr.permission = _admin_perm
1942 usr.permission = _admin_perm
1943 usr.permission_id = None
1941 super_admin_rows.append(usr)
1944 super_admin_rows.append(usr)
1942
1945
1943 return super_admin_rows + owner_row + perm_rows
1946 return super_admin_rows + owner_row + perm_rows
@@ -2694,6 +2697,11 b' class Permission(Base, BaseModel):'
2694 ('usergroup.write', _('User group write access')),
2697 ('usergroup.write', _('User group write access')),
2695 ('usergroup.admin', _('User group admin access')),
2698 ('usergroup.admin', _('User group admin access')),
2696
2699
2700 ('branch.none', _('Branch no permissions')),
2701 ('branch.merge', _('Branch access by web merge')),
2702 ('branch.push', _('Branch access by push')),
2703 ('branch.push_force', _('Branch access by push with force')),
2704
2697 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2705 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2698 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2706 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2699
2707
@@ -2723,11 +2731,16 b' class Permission(Base, BaseModel):'
2723 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2731 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2724 ]
2732 ]
2725
2733
2726 # definition of system default permissions for DEFAULT user
2734 # definition of system default permissions for DEFAULT user, created on
2735 # system setup
2727 DEFAULT_USER_PERMISSIONS = [
2736 DEFAULT_USER_PERMISSIONS = [
2737 # object perms
2728 'repository.read',
2738 'repository.read',
2729 'group.read',
2739 'group.read',
2730 'usergroup.read',
2740 'usergroup.read',
2741 # branch, for backward compat we need same value as before so forced pushed
2742 'branch.push_force',
2743 # global
2731 'hg.create.repository',
2744 'hg.create.repository',
2732 'hg.repogroup.create.false',
2745 'hg.repogroup.create.false',
2733 'hg.usergroup.create.false',
2746 'hg.usergroup.create.false',
@@ -2758,6 +2771,11 b' class Permission(Base, BaseModel):'
2758 'usergroup.write': 3,
2771 'usergroup.write': 3,
2759 'usergroup.admin': 4,
2772 'usergroup.admin': 4,
2760
2773
2774 'branch.none': 0,
2775 'branch.merge': 1,
2776 'branch.push': 3,
2777 'branch.push_force': 4,
2778
2761 'hg.repogroup.create.false': 0,
2779 'hg.repogroup.create.false': 0,
2762 'hg.repogroup.create.true': 1,
2780 'hg.repogroup.create.true': 1,
2763
2781
@@ -2794,6 +2812,21 b' class Permission(Base, BaseModel):'
2794 return q.all()
2812 return q.all()
2795
2813
2796 @classmethod
2814 @classmethod
2815 def get_default_repo_branch_perms(cls, user_id, repo_id=None):
2816 q = Session().query(UserToRepoBranchPermission, UserRepoToPerm, Permission) \
2817 .join(
2818 Permission,
2819 UserToRepoBranchPermission.permission_id == Permission.permission_id) \
2820 .join(
2821 UserRepoToPerm,
2822 UserToRepoBranchPermission.rule_to_perm_id == UserRepoToPerm.repo_to_perm_id) \
2823 .filter(UserRepoToPerm.user_id == user_id)
2824
2825 if repo_id:
2826 q = q.filter(UserToRepoBranchPermission.repository_id == repo_id)
2827 return q.order_by(UserToRepoBranchPermission.rule_order).all()
2828
2829 @classmethod
2797 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2830 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2798 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2831 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2799 .join(
2832 .join(
@@ -2818,10 +2851,37 b' class Permission(Base, BaseModel):'
2818 return q.all()
2851 return q.all()
2819
2852
2820 @classmethod
2853 @classmethod
2854 def get_default_repo_branch_perms_from_user_group(cls, user_id, repo_id=None):
2855 q = Session().query(UserGroupToRepoBranchPermission, UserGroupRepoToPerm, Permission) \
2856 .join(
2857 Permission,
2858 UserGroupToRepoBranchPermission.permission_id == Permission.permission_id) \
2859 .join(
2860 UserGroupRepoToPerm,
2861 UserGroupToRepoBranchPermission.rule_to_perm_id == UserGroupRepoToPerm.users_group_to_perm_id) \
2862 .join(
2863 UserGroup,
2864 UserGroupRepoToPerm.users_group_id == UserGroup.users_group_id) \
2865 .join(
2866 UserGroupMember,
2867 UserGroupRepoToPerm.users_group_id == UserGroupMember.users_group_id) \
2868 .filter(
2869 UserGroupMember.user_id == user_id,
2870 UserGroup.users_group_active == true())
2871
2872 if repo_id:
2873 q = q.filter(UserGroupToRepoBranchPermission.repository_id == repo_id)
2874 return q.order_by(UserGroupToRepoBranchPermission.rule_order).all()
2875
2876 @classmethod
2821 def get_default_group_perms(cls, user_id, repo_group_id=None):
2877 def get_default_group_perms(cls, user_id, repo_group_id=None):
2822 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2878 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2823 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2879 .join(
2824 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2880 Permission,
2881 UserRepoGroupToPerm.permission_id == Permission.permission_id)\
2882 .join(
2883 RepoGroup,
2884 UserRepoGroupToPerm.group_id == RepoGroup.group_id)\
2825 .filter(UserRepoGroupToPerm.user_id == user_id)
2885 .filter(UserRepoGroupToPerm.user_id == user_id)
2826 if repo_group_id:
2886 if repo_group_id:
2827 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2887 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
@@ -2910,6 +2970,8 b' class UserRepoToPerm(Base, BaseModel):'
2910 repository = relationship('Repository')
2970 repository = relationship('Repository')
2911 permission = relationship('Permission')
2971 permission = relationship('Permission')
2912
2972
2973 branch_perm_entry = relationship('UserToRepoBranchPermission', cascade="all, delete, delete-orphan", lazy='joined')
2974
2913 @classmethod
2975 @classmethod
2914 def create(cls, user, repository, permission):
2976 def create(cls, user, repository, permission):
2915 n = cls()
2977 n = cls()
@@ -4470,6 +4532,100 b' def set_task_uid(mapper, connection, tar'
4470 target.task_uid = ScheduleEntry.get_uid(target)
4532 target.task_uid = ScheduleEntry.get_uid(target)
4471
4533
4472
4534
4535 class _BaseBranchPerms(BaseModel):
4536 @classmethod
4537 def compute_hash(cls, value):
4538 return sha1_safe(value)
4539
4540 @hybrid_property
4541 def branch_pattern(self):
4542 return self._branch_pattern or '*'
4543
4544 @hybrid_property
4545 def branch_hash(self):
4546 return self._branch_hash
4547
4548 def _validate_glob(self, value):
4549 re.compile('^' + glob2re(value) + '$')
4550
4551 @branch_pattern.setter
4552 def branch_pattern(self, value):
4553 self._validate_glob(value)
4554 self._branch_pattern = value or '*'
4555 # set the Hash when setting the branch pattern
4556 self._branch_hash = self.compute_hash(self._branch_pattern)
4557
4558 def matches(self, branch):
4559 """
4560 Check if this the branch matches entry
4561
4562 :param branch: branch name for the commit
4563 """
4564
4565 branch = branch or ''
4566
4567 branch_matches = True
4568 if branch:
4569 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4570 branch_matches = bool(branch_regex.search(branch))
4571
4572 return branch_matches
4573
4574
4575 class UserToRepoBranchPermission(Base, _BaseBranchPerms):
4576 __tablename__ = 'user_to_repo_branch_permissions'
4577 __table_args__ = (
4578 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4579 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4580 )
4581
4582 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4583
4584 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4585 repo = relationship('Repository', backref='user_branch_perms')
4586
4587 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4588 permission = relationship('Permission')
4589
4590 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('repo_to_perm.repo_to_perm_id'), nullable=False, unique=None, default=None)
4591 user_repo_to_perm = relationship('UserRepoToPerm')
4592
4593 rule_order = Column('rule_order', Integer(), nullable=False)
4594 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4595 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4596
4597 def __unicode__(self):
4598 return u'<UserBranchPermission(%s => %r)>' % (
4599 self.user_repo_to_perm, self.branch_pattern)
4600
4601
4602 class UserGroupToRepoBranchPermission(Base, _BaseBranchPerms):
4603 __tablename__ = 'user_group_to_repo_branch_permissions'
4604 __table_args__ = (
4605 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4606 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4607 )
4608
4609 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4610
4611 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4612 repo = relationship('Repository', backref='user_group_branch_perms')
4613
4614 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4615 permission = relationship('Permission')
4616
4617 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('users_group_repo_to_perm.users_group_to_perm_id'), nullable=False, unique=None, default=None)
4618 user_group_repo_to_perm = relationship('UserGroupRepoToPerm')
4619
4620 rule_order = Column('rule_order', Integer(), nullable=False)
4621 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4622 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4623
4624 def __unicode__(self):
4625 return u'<UserBranchPermission(%s => %r)>' % (
4626 self.user_group_repo_to_perm, self.branch_pattern)
4627
4628
4473 class DbMigrateVersion(Base, BaseModel):
4629 class DbMigrateVersion(Base, BaseModel):
4474 __tablename__ = 'db_migrate_version'
4630 __tablename__ = 'db_migrate_version'
4475 __table_args__ = (
4631 __table_args__ = (
Show file before | Show file after | Hide comments
@@ -504,12 +504,26 b' def ObjectPermissionsForm(localizer, rep'
504 overwrite_default_repo = v.StringBoolean(if_missing=False)
504 overwrite_default_repo = v.StringBoolean(if_missing=False)
505 overwrite_default_group = v.StringBoolean(if_missing=False)
505 overwrite_default_group = v.StringBoolean(if_missing=False)
506 overwrite_default_user_group = v.StringBoolean(if_missing=False)
506 overwrite_default_user_group = v.StringBoolean(if_missing=False)
507
507 default_repo_perm = v.OneOf(repo_perms_choices)
508 default_repo_perm = v.OneOf(repo_perms_choices)
508 default_group_perm = v.OneOf(group_perms_choices)
509 default_group_perm = v.OneOf(group_perms_choices)
509 default_user_group_perm = v.OneOf(user_group_perms_choices)
510 default_user_group_perm = v.OneOf(user_group_perms_choices)
511
510 return _ObjectPermissionsForm
512 return _ObjectPermissionsForm
511
513
512
514
515 def BranchPermissionsForm(localizer, branch_perms_choices):
516 _ = localizer
517
518 class _BranchPermissionsForm(formencode.Schema):
519 allow_extra_fields = True
520 filter_extra_fields = True
521 overwrite_default_branch = v.StringBoolean(if_missing=False)
522 default_branch_perm = v.OneOf(branch_perms_choices)
523
524 return _BranchPermissionsForm
525
526
513 def UserPermissionsForm(localizer, create_choices, create_on_write_choices,
527 def UserPermissionsForm(localizer, create_choices, create_on_write_choices,
514 repo_group_create_choices, user_group_create_choices,
528 repo_group_create_choices, user_group_create_choices,
515 fork_choices, inherit_default_permissions_choices):
529 fork_choices, inherit_default_permissions_choices):
Show file before | Show file after | Hide comments
@@ -31,7 +31,7 b' from sqlalchemy.exc import DatabaseError'
31 from rhodecode.model import BaseModel
31 from rhodecode.model import BaseModel
32 from rhodecode.model.db import (
32 from rhodecode.model.db import (
33 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
33 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
34 UserUserGroupToPerm, UserGroup, UserGroupToPerm)
34 UserUserGroupToPerm, UserGroup, UserGroupToPerm, UserToRepoBranchPermission)
35 from rhodecode.lib.utils2 import str2bool, safe_int
35 from rhodecode.lib.utils2 import str2bool, safe_int
36
36
37 log = logging.getLogger(__name__)
37 log = logging.getLogger(__name__)
@@ -59,6 +59,9 b' class PermissionModel(BaseModel):'
59 'default_repo_perm': None,
59 'default_repo_perm': None,
60 'default_group_perm': None,
60 'default_group_perm': None,
61 'default_user_group_perm': None,
61 'default_user_group_perm': None,
62
63 # branch
64 'default_branch_perm': None,
62 }
65 }
63
66
64 def set_global_permission_choices(self, c_obj, gettext_translator):
67 def set_global_permission_choices(self, c_obj, gettext_translator):
@@ -82,6 +85,12 b' class PermissionModel(BaseModel):'
82 ('usergroup.write', _('Write'),),
85 ('usergroup.write', _('Write'),),
83 ('usergroup.admin', _('Admin'),)]
86 ('usergroup.admin', _('Admin'),)]
84
87
88 c_obj.branch_perms_choices = [
89 ('branch.none', _('Protected/No Access'),),
90 ('branch.merge', _('Web merge'),),
91 ('branch.push', _('Push'),),
92 ('branch.push_force', _('Force Push'),)]
93
85 c_obj.register_choices = [
94 c_obj.register_choices = [
86 ('hg.register.none', _('Disabled')),
95 ('hg.register.none', _('Disabled')),
87 ('hg.register.manual_activate', _('Allowed with manual account activation')),
96 ('hg.register.manual_activate', _('Allowed with manual account activation')),
@@ -133,6 +142,10 b' class PermissionModel(BaseModel):'
133 if perm.permission.permission_name.startswith('usergroup.'):
142 if perm.permission.permission_name.startswith('usergroup.'):
134 defaults['default_user_group_perm' + suffix] = perm.permission.permission_name
143 defaults['default_user_group_perm' + suffix] = perm.permission.permission_name
135
144
145 # branch
146 if perm.permission.permission_name.startswith('branch.'):
147 defaults['default_branch_perm' + suffix] = perm.permission.permission_name
148
136 # creation of objects
149 # creation of objects
137 if perm.permission.permission_name.startswith('hg.create.write_on_repogroup'):
150 if perm.permission.permission_name.startswith('hg.create.write_on_repogroup'):
138 defaults['default_repo_create_on_write' + suffix] = perm.permission.permission_name
151 defaults['default_repo_create_on_write' + suffix] = perm.permission.permission_name
@@ -199,6 +212,9 b' class PermissionModel(BaseModel):'
199 'default_repo_perm': 'repository.',
212 'default_repo_perm': 'repository.',
200 'default_group_perm': 'group.',
213 'default_group_perm': 'group.',
201 'default_user_group_perm': 'usergroup.',
214 'default_user_group_perm': 'usergroup.',
215 # branch
216 'default_branch_perm': 'branch.',
217
202 }[field_name]
218 }[field_name]
203 for field in keep_fields:
219 for field in keep_fields:
204 pat = get_pat(field)
220 pat = get_pat(field)
@@ -236,8 +252,12 b' class PermissionModel(BaseModel):'
236 _global_perms = self.global_perms.copy()
252 _global_perms = self.global_perms.copy()
237 if obj_type not in ['user', 'user_group']:
253 if obj_type not in ['user', 'user_group']:
238 raise ValueError("obj_type must be on of 'user' or 'user_group'")
254 raise ValueError("obj_type must be on of 'user' or 'user_group'")
239 if len(_global_perms) != len(Permission.DEFAULT_USER_PERMISSIONS):
255 global_perms = len(_global_perms)
240 raise Exception('Inconsistent permissions definition')
256 default_user_perms = len(Permission.DEFAULT_USER_PERMISSIONS)
257 if global_perms != default_user_perms:
258 raise Exception(
259 'Inconsistent permissions definition. Got {} vs {}'.format(
260 global_perms, default_user_perms))
241
261
242 if obj_type == 'user':
262 if obj_type == 'user':
243 self._clear_user_perms(object.user_id, preserve)
263 self._clear_user_perms(object.user_id, preserve)
@@ -337,8 +357,8 b' class PermissionModel(BaseModel):'
337
357
338 def create_default_user_group_permissions(self, user_group, force=False):
358 def create_default_user_group_permissions(self, user_group, force=False):
339 """
359 """
340 Creates only missing default permissions for user group, if force is set it
360 Creates only missing default permissions for user group, if force is
341 resets the default permissions for that user group
361 set it resets the default permissions for that user group
342
362
343 :param user_group:
363 :param user_group:
344 :param force:
364 :param force:
@@ -366,6 +386,7 b' class PermissionModel(BaseModel):'
366 'default_repo_perm',
386 'default_repo_perm',
367 'default_group_perm',
387 'default_group_perm',
368 'default_user_group_perm',
388 'default_user_group_perm',
389 'default_branch_perm',
369
390
370 'default_repo_group_create',
391 'default_repo_group_create',
371 'default_user_group_create',
392 'default_user_group_create',
@@ -392,6 +413,7 b' class PermissionModel(BaseModel):'
392 'default_repo_perm',
413 'default_repo_perm',
393 'default_group_perm',
414 'default_group_perm',
394 'default_user_group_perm',
415 'default_user_group_perm',
416 'default_branch_perm',
395
417
396 'default_register',
418 'default_register',
397 'default_password_reset',
419 'default_password_reset',
@@ -414,6 +436,7 b' class PermissionModel(BaseModel):'
414 'default_repo_perm',
436 'default_repo_perm',
415 'default_group_perm',
437 'default_group_perm',
416 'default_user_group_perm',
438 'default_user_group_perm',
439 'default_branch_perm',
417
440
418 'default_register',
441 'default_register',
419 'default_password_reset',
442 'default_password_reset',
@@ -440,6 +463,7 b' class PermissionModel(BaseModel):'
440 'default_repo_create',
463 'default_repo_create',
441 'default_fork_create',
464 'default_fork_create',
442 'default_inherit_default_permissions',
465 'default_inherit_default_permissions',
466 'default_branch_perm',
443
467
444 'default_register',
468 'default_register',
445 'default_password_reset',
469 'default_password_reset',
@@ -477,8 +501,57 b' class PermissionModel(BaseModel):'
477 .all():
501 .all():
478 g2p.permission = _def
502 g2p.permission = _def
479 self.sa.add(g2p)
503 self.sa.add(g2p)
504
505 # COMMIT
480 self.sa.commit()
506 self.sa.commit()
481 except (DatabaseError,):
507 except (DatabaseError,):
482 log.exception('Failed to set default object permissions')
508 log.exception('Failed to set default object permissions')
483 self.sa.rollback()
509 self.sa.rollback()
484 raise
510 raise
511
512 def update_branch_permissions(self, form_result):
513 if 'perm_user_id' in form_result:
514 perm_user = User.get(safe_int(form_result['perm_user_id']))
515 else:
516 # used mostly to do lookup for default user
517 perm_user = User.get_by_username(form_result['perm_user_name'])
518 try:
519
520 # stage 2 reset defaults and set them from form data
521 self._set_new_user_perms(perm_user, form_result, preserve=[
522 'default_repo_perm',
523 'default_group_perm',
524 'default_user_group_perm',
525
526 'default_repo_group_create',
527 'default_user_group_create',
528 'default_repo_create_on_write',
529 'default_repo_create',
530 'default_fork_create',
531 'default_inherit_default_permissions',
532
533 'default_register',
534 'default_password_reset',
535 'default_extern_activate'])
536
537 # overwrite default branch permissions
538 if form_result['overwrite_default_branch']:
539 _def_name = \
540 form_result['default_branch_perm'].split('branch.')[-1]
541
542 _def = Permission.get_by_key('branch.' + _def_name)
543
544 # TODO(marcink): those are bind to repo, perms, we need to unfold user somehow from this
545 for g2p in self.sa.query(UserToRepoBranchPermission) \
546 .filter(UserToRepoBranchPermission.user == perm_user) \
547 .all():
548 g2p.permission = _def
549 self.sa.add(g2p)
550
551 # COMMIT
552 self.sa.commit()
553 except (DatabaseError,):
554 log.exception('Failed to set default branch permissions')
555 self.sa.rollback()
556 raise
557
Show file before | Show file after | Hide comments
@@ -116,6 +116,11 b''
116 .label;
116 .label;
117 padding-top: 5px;
117 padding-top: 5px;
118 }
118 }
119 .label-branch-perm {
120 .label;
121 width: 20px;
122 }
123
119 // Used to position content on the right side of a .label
124 // Used to position content on the right side of a .label
120 .content,
125 .content,
121 .side-by-side-selector {
126 .side-by-side-selector {
@@ -135,6 +140,15 b''
135 }
140 }
136 }
141 }
137
142
143 .input-branch-perm {
144 .input;
145 margin-left: 90px;
146 }
147
148 .input-branch-perm-order {
149 width: 40px;
150 }
151
138 .checkboxes,
152 .checkboxes,
139 .input,
153 .input,
140 .select {
154 .select {
@@ -169,6 +183,9 b''
169 }
183 }
170
184
171 .input {
185 .input {
186 .branch-perm {
187 width: 80px;
188 }
172 .medium {
189 .medium {
173 width: @fields-input-m;
190 width: @fields-input-m;
174 }
191 }
Show file before | Show file after | Hide comments
@@ -462,7 +462,7 b' ul.auth_plugins {'
462
462
463 .radios {
463 .radios {
464 position: relative;
464 position: relative;
465 width: 405px;
465 width: 505px;
466 }
466 }
467 }
467 }
468
468
Show file before | Show file after | Hide comments
@@ -159,3 +159,9 b''
159 &:extend(.icon-svn-transparent:before);
159 &:extend(.icon-svn-transparent:before);
160 }
160 }
161 }
161 }
162
163 .icon-user-group:before {
164 &:extend(.icon-group:before);
165 margin: 0;
166 font-size: 16px;
167 }
Show file before | Show file after | Hide comments
@@ -109,13 +109,21 b''
109 &.read {
109 &.read {
110 &:extend(.tag1);
110 &:extend(.tag1);
111 }
111 }
112
113 &.write {
112 &.write {
114 &:extend(.tag4);
113 &:extend(.tag4);
115 }
114 }
116 &.admin {
115 &.admin {
117 &:extend(.tag5);
116 &:extend(.tag5);
118 }
117 }
118 &.merge {
119 &:extend(.tag1);
120 }
121 &.push {
122 &:extend(.tag4);
123 }
124 &.push_force {
125 &:extend(.tag5);
126 }
119 }
127 }
120
128
121 .phase-draft {
129 .phase-draft {
Show file before | Show file after | Hide comments
@@ -87,6 +87,7 b' function registerRCRoutes() {'
87 pyroutes.register('admin_permissions_global_update', '/_admin/permissions/global/update', []);
87 pyroutes.register('admin_permissions_global_update', '/_admin/permissions/global/update', []);
88 pyroutes.register('admin_permissions_object', '/_admin/permissions/object', []);
88 pyroutes.register('admin_permissions_object', '/_admin/permissions/object', []);
89 pyroutes.register('admin_permissions_object_update', '/_admin/permissions/object/update', []);
89 pyroutes.register('admin_permissions_object_update', '/_admin/permissions/object/update', []);
90 pyroutes.register('admin_permissions_branch', '/_admin/permissions/branch', []);
90 pyroutes.register('admin_permissions_ips', '/_admin/permissions/ips', []);
91 pyroutes.register('admin_permissions_ips', '/_admin/permissions/ips', []);
91 pyroutes.register('admin_permissions_overview', '/_admin/permissions/overview', []);
92 pyroutes.register('admin_permissions_overview', '/_admin/permissions/overview', []);
92 pyroutes.register('admin_permissions_auth_token_access', '/_admin/permissions/auth_token_access', []);
93 pyroutes.register('admin_permissions_auth_token_access', '/_admin/permissions/auth_token_access', []);
@@ -233,6 +234,8 b' function registerRCRoutes() {'
233 pyroutes.register('edit_repo_advanced_hooks', '/%(repo_name)s/settings/advanced/hooks', ['repo_name']);
234 pyroutes.register('edit_repo_advanced_hooks', '/%(repo_name)s/settings/advanced/hooks', ['repo_name']);
234 pyroutes.register('edit_repo_caches', '/%(repo_name)s/settings/caches', ['repo_name']);
235 pyroutes.register('edit_repo_caches', '/%(repo_name)s/settings/caches', ['repo_name']);
235 pyroutes.register('edit_repo_perms', '/%(repo_name)s/settings/permissions', ['repo_name']);
236 pyroutes.register('edit_repo_perms', '/%(repo_name)s/settings/permissions', ['repo_name']);
237 pyroutes.register('edit_repo_perms_branch', '/%(repo_name)s/settings/branch_permissions', ['repo_name']);
238 pyroutes.register('edit_repo_perms_branch_delete', '/%(repo_name)s/settings/branch_permissions/%(rule_id)s/delete', ['repo_name', 'rule_id']);
236 pyroutes.register('edit_repo_maintenance', '/%(repo_name)s/settings/maintenance', ['repo_name']);
239 pyroutes.register('edit_repo_maintenance', '/%(repo_name)s/settings/maintenance', ['repo_name']);
237 pyroutes.register('edit_repo_maintenance_execute', '/%(repo_name)s/settings/maintenance/execute', ['repo_name']);
240 pyroutes.register('edit_repo_maintenance_execute', '/%(repo_name)s/settings/maintenance/execute', ['repo_name']);
238 pyroutes.register('edit_repo_fields', '/%(repo_name)s/settings/fields', ['repo_name']);
241 pyroutes.register('edit_repo_fields', '/%(repo_name)s/settings/fields', ['repo_name']);
Show file before | Show file after | Hide comments
@@ -38,7 +38,7 b' var api;'
38 { data: {"_": "group_name",
38 { data: {"_": "group_name",
39 "sort": "group_name"}, title: "${_('Name')}", className: "td-componentname," ,
39 "sort": "group_name"}, title: "${_('Name')}", className: "td-componentname," ,
40 render: function (data,type,full,meta)
40 render: function (data,type,full,meta)
41 {return '<div><i class="icon-group" title="User group">'+data+'</i></div>'}},
41 {return '<div><i class="icon-user-group" title="User group">'+data+'</i></div>'}},
42
42
43 { data: {"_": "group_description",
43 { data: {"_": "group_description",
44 "sort": "group_description"}, title: "${_('Description')}", className: "td-description" },
44 "sort": "group_description"}, title: "${_('Description')}", className: "td-description" },
Show file before | Show file after | Hide comments
@@ -38,6 +38,9 b''
38 <li class="${'active' if c.active=='objects' else ''}">
38 <li class="${'active' if c.active=='objects' else ''}">
39 <a href="${h.route_path('admin_permissions_object')}">${_('Object')}</a>
39 <a href="${h.route_path('admin_permissions_object')}">${_('Object')}</a>
40 </li>
40 </li>
41 <li class="${'active' if c.active=='branch' else ''}">
42 <a href="${h.route_path('admin_permissions_branch')}">${_('Branch')}</a>
43 </li>
41 <li class="${'active' if c.active=='ips' else ''}">
44 <li class="${'active' if c.active=='ips' else ''}">
42 <a href="${h.route_path('admin_permissions_ips')}">${_('IP Whitelist')}</a>
45 <a href="${h.route_path('admin_permissions_ips')}">${_('IP Whitelist')}</a>
43 </li>
46 </li>
Show file before | Show file after | Hide comments
@@ -3,7 +3,10 b''
3 <h3 class="panel-title">${_('Default Permissions for Repositories, User Groups and Repository Groups.')}</h3>
3 <h3 class="panel-title">${_('Default Permissions for Repositories, User Groups and Repository Groups.')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 <p>${_('Default system permissions. Each permissions management entity will be created with the following default settings. Check the overwrite checkbox to force any permission changes on already existing settings.')}
6 <p>
7 ${_('Default access permissions. This defines permissions for the `default` user from which other users inherit permissions.')}
8 <br/>
9 ${_('Check the overwrite checkbox to force change all previously defined permissions for `default` user to the new selected value.')}
7 </p>
10 </p>
8 ${h.secure_form(h.route_path('admin_permissions_object_update'), request=request)}
11 ${h.secure_form(h.route_path('admin_permissions_object_update'), request=request)}
9 <div class="form">
12 <div class="form">
@@ -45,7 +48,7 b''
45 ${h.select('default_user_group_perm','',c.user_group_perms_choices)}
48 ${h.select('default_user_group_perm','',c.user_group_perms_choices)}
46 ${h.checkbox('overwrite_default_user_group','true')}
49 ${h.checkbox('overwrite_default_user_group','true')}
47 <label for="overwrite_default_user_group">
50 <label for="overwrite_default_user_group">
48 <span class="tooltip" title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
51 <span class="tooltip" title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on user groups will be lost'))}">
49 ${_('Overwrite Existing Settings')}
52 ${_('Overwrite Existing Settings')}
50 </span>
53 </span>
51 </label>
54 </label>
Show file before | Show file after | Hide comments
@@ -57,7 +57,7 b''
57 %if _user.username != h.DEFAULT_USER:
57 %if _user.username != h.DEFAULT_USER:
58 <span class="btn btn-link btn-danger revoke_perm"
58 <span class="btn btn-link btn-danger revoke_perm"
59 member="${_user.user_id}" member_type="user">
59 member="${_user.user_id}" member_type="user">
60 <i class="icon-remove"></i> ${_('Revoke')}
60 ${_('Revoke')}
61 </span>
61 </span>
62 %endif
62 %endif
63 </td>
63 </td>
@@ -92,7 +92,7 b''
92 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.write', checked=_user_group.permission=='group.write')}</td>
92 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.write', checked=_user_group.permission=='group.write')}</td>
93 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.admin', checked=_user_group.permission=='group.admin')}</td>
93 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'group.admin', checked=_user_group.permission=='group.admin')}</td>
94 <td class="td-componentname">
94 <td class="td-componentname">
95 <i class="icon-group" ></i>
95 <i class="icon-user-group"></i>
96 %if h.HasPermissionAny('hg.admin')():
96 %if h.HasPermissionAny('hg.admin')():
97 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
97 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
98 ${_user_group.users_group_name}
98 ${_user_group.users_group_name}
@@ -104,17 +104,27 b''
104 <td class="td-action">
104 <td class="td-action">
105 <span class="btn btn-link btn-danger revoke_perm"
105 <span class="btn btn-link btn-danger revoke_perm"
106 member="${_user_group.users_group_id}" member_type="user_group">
106 member="${_user_group.users_group_id}" member_type="user_group">
107 <i class="icon-remove"></i> ${_('Revoke')}
107 ${_('Revoke')}
108 </span>
108 </span>
109 </td>
109 </td>
110 </tr>
110 </tr>
111 %endfor
111 %endfor
112
112
113 <tr class="new_members" id="add_perm_input"></tr>
113 <tr class="new_members" id="add_perm_input"></tr>
114 <tr>
115 <td></td>
116 <td></td>
117 <td></td>
118 <td></td>
119 <td></td>
120 <td>
121 <span id="add_perm" class="link">
122 ${_('Add user/user group')}
123 </span>
124 </td>
125 </tr>
114 </table>
126 </table>
115 <div id="add_perm" class="link">
127
116 ${_('Add new')}
117 </div>
118 <div class="fields">
128 <div class="fields">
119 <div class="field">
129 <div class="field">
120 <div class="label label-radio">
130 <div class="label label-radio">
Show file before | Show file after | Hide comments
@@ -48,6 +48,9 b''
48 <li class="${'active' if c.active=='permissions' else ''}">
48 <li class="${'active' if c.active=='permissions' else ''}">
49 <a href="${h.route_path('edit_repo_perms', repo_name=c.repo_name)}">${_('Permissions')}</a>
49 <a href="${h.route_path('edit_repo_perms', repo_name=c.repo_name)}">${_('Permissions')}</a>
50 </li>
50 </li>
51 <li class="${'active' if c.active=='permissions_branch' else ''}">
52 <a href="${h.route_path('edit_repo_perms_branch', repo_name=c.repo_name)}">${_('Branch Permissions')}</a>
53 </li>
51 <li class="${'active' if c.active=='advanced' else ''}">
54 <li class="${'active' if c.active=='advanced' else ''}">
52 <a href="${h.route_path('edit_repo_advanced', repo_name=c.repo_name)}">${_('Advanced')}</a>
55 <a href="${h.route_path('edit_repo_advanced', repo_name=c.repo_name)}">${_('Advanced')}</a>
53 </li>
56 </li>
Show file before | Show file after | Hide comments
@@ -67,7 +67,7 b''
67 %if _user.username != h.DEFAULT_USER:
67 %if _user.username != h.DEFAULT_USER:
68 <span class="btn btn-link btn-danger revoke_perm"
68 <span class="btn btn-link btn-danger revoke_perm"
69 member="${_user.user_id}" member_type="user">
69 member="${_user.user_id}" member_type="user">
70 <i class="icon-remove"></i> ${_('Revoke')}
70 ${_('Revoke')}
71 </span>
71 </span>
72 %endif
72 %endif
73 </td>
73 </td>
@@ -83,7 +83,7 b''
83 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.write', checked=_user_group.permission=='repository.write')}</td>
83 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.write', checked=_user_group.permission=='repository.write')}</td>
84 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.admin', checked=_user_group.permission=='repository.admin')}</td>
84 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'repository.admin', checked=_user_group.permission=='repository.admin')}</td>
85 <td class="td-componentname">
85 <td class="td-componentname">
86 <i class="icon-group" ></i>
86 <i class="icon-user-group"></i>
87 %if h.HasPermissionAny('hg.admin')():
87 %if h.HasPermissionAny('hg.admin')():
88 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
88 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
89 ${_user_group.users_group_name}
89 ${_user_group.users_group_name}
@@ -95,16 +95,28 b''
95 <td class="td-action">
95 <td class="td-action">
96 <span class="btn btn-link btn-danger revoke_perm"
96 <span class="btn btn-link btn-danger revoke_perm"
97 member="${_user_group.users_group_id}" member_type="user_group">
97 member="${_user_group.users_group_id}" member_type="user_group">
98 <i class="icon-remove"></i> ${_('Revoke')}
98 ${_('Revoke')}
99 </span>
99 </span>
100 </td>
100 </td>
101 </tr>
101 </tr>
102 %endfor
102 %endfor
103 <tr class="new_members" id="add_perm_input"></tr>
103 <tr class="new_members" id="add_perm_input"></tr>
104
105 <tr>
106 <td></td>
107 <td></td>
108 <td></td>
109 <td></td>
110 <td></td>
111 <td>
112 <span id="add_perm" class="link">
113 ${_('Add user/user group')}
114 </span>
115 </td>
116 </tr>
117
104 </table>
118 </table>
105 <div id="add_perm" class="link">
119
106 ${_('Add new')}
107 </div>
108 <div class="buttons">
120 <div class="buttons">
109 ${h.submit('save',_('Save'),class_="btn btn-primary")}
121 ${h.submit('save',_('Save'),class_="btn btn-primary")}
110 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
122 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
Show file before | Show file after | Hide comments
@@ -59,7 +59,7 b''
59 %if _user.username != h.DEFAULT_USER:
59 %if _user.username != h.DEFAULT_USER:
60 <span class="btn btn-link btn-danger revoke_perm"
60 <span class="btn btn-link btn-danger revoke_perm"
61 member="${_user.user_id}" member_type="user">
61 member="${_user.user_id}" member_type="user">
62 <i class="icon-remove"></i> ${_('revoke')}
62 ${_('Revoke')}
63 </span>
63 </span>
64 %endif
64 %endif
65 </td>
65 </td>
@@ -94,7 +94,7 b''
94 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.write')}</td>
94 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.write')}</td>
95 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.admin')}</td>
95 <td class="td-radio">${h.radio('g_perm_%s' % _user_group.users_group_id,'usergroup.admin')}</td>
96 <td class="td-user">
96 <td class="td-user">
97 <i class="icon-group" ></i>
97 <i class="icon-user-group"></i>
98 %if h.HasPermissionAny('hg.admin')():
98 %if h.HasPermissionAny('hg.admin')():
99 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
99 <a href="${h.route_path('edit_user_group',user_group_id=_user_group.users_group_id)}">
100 ${_user_group.users_group_name}
100 ${_user_group.users_group_name}
@@ -106,16 +106,26 b''
106 <td class="td-action">
106 <td class="td-action">
107 <span class="btn btn-link btn-danger revoke_perm"
107 <span class="btn btn-link btn-danger revoke_perm"
108 member="${_user_group.users_group_id}" member_type="user_group">
108 member="${_user_group.users_group_id}" member_type="user_group">
109 <i class="icon-remove"></i> ${_('revoke')}
109 ${_('Revoke')}
110 </span>
110 </span>
111 </td>
111 </td>
112 </tr>
112 </tr>
113 %endfor
113 %endfor
114 <tr class="new_members" id="add_perm_input"></tr>
114 <tr class="new_members" id="add_perm_input"></tr>
115 <tr>
116 <td></td>
117 <td></td>
118 <td></td>
119 <td></td>
120 <td></td>
121 <td>
122 <span id="add_perm" class="link">
123 ${_('Add user/user group')}
124 </span>
125 </td>
126 </tr>
115 </table>
127 </table>
116 <div id="add_perm" class="link">
128
117 ${_('Add new')}
118 </div>
119 <div class="buttons">
129 <div class="buttons">
120 ${h.submit('save',_('Save'),class_="btn btn-primary")}
130 ${h.submit('save',_('Save'),class_="btn btn-primary")}
121 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
131 ${h.reset('reset',_('Reset'),class_="btn btn-danger")}
Show file before | Show file after | Hide comments
@@ -53,7 +53,7 b' var api;'
53 { data: {"_": "group_name",
53 { data: {"_": "group_name",
54 "sort": "group_name"}, title: "${_('Name')}", className: "td-componentname," ,
54 "sort": "group_name"}, title: "${_('Name')}", className: "td-componentname," ,
55 render: function (data,type,full,meta)
55 render: function (data,type,full,meta)
56 {return '<div><i class="icon-group" title="User group">'+data+'</i></div>'}},
56 {return '<div><i class="icon-user-group" title="User group">'+data+'</i></div>'}},
57
57
58 { data: {"_": "group_description",
58 { data: {"_": "group_description",
59 "sort": "group_description"}, title: "${_('Description')}", className: "td-description" },
59 "sort": "group_description"}, title: "${_('Description')}", className: "td-description" },
Show file before | Show file after | Hide comments
@@ -4,11 +4,20 b''
4 ## ${p.perms_summary(c.perm_user.permissions)}
4 ## ${p.perms_summary(c.perm_user.permissions)}
5
5
6 <%def name="perms_summary(permissions, show_all=False, actions=True, side_link=None)">
6 <%def name="perms_summary(permissions, show_all=False, actions=True, side_link=None)">
7 <% section_to_label = {
8 'global': 'Global Permissions',
9 'repository_branches': 'Repository Branch Rules',
10 'repositories': 'Repository Permissions',
11 'user_groups': 'User Group Permissions',
12 'repositories_groups': 'Repository Group Permissions',
13 } %>
7 <div id="perms" class="table fields">
14 <div id="perms" class="table fields">
8 %for section in sorted(permissions.keys()):
15 %for section in sorted(permissions.keys(), key=lambda item: {'global': 0, 'repository_branches': 1}.get(item, 1000)):
9 <div class="panel panel-default">
16 <div class="panel panel-default">
10 <div class="panel-heading">
17 <div class="panel-heading" id="${section.replace("_","-")}-permissions">
11 <h3 class="panel-title">${section.replace("_"," ").capitalize()}</h3>
18 <h3 class="panel-title">${section_to_label.get(section, section)} - ${len(permissions[section])}
19 <a class="permalink" href="#${section.replace("_","-")}-permissions"> ΒΆ</a>
20 </h3>
12 % if side_link:
21 % if side_link:
13 <div class="pull-right">
22 <div class="pull-right">
14 <a href="${side_link}">${_('in JSON format')}</a>
23 <a href="${side_link}">${_('in JSON format')}</a>
@@ -18,15 +27,24 b''
18 <div class="panel-body">
27 <div class="panel-body">
19 <div class="perms_section_head field">
28 <div class="perms_section_head field">
20 <div class="radios">
29 <div class="radios">
21 %if section != 'global':
30 % if section == 'repository_branches':
22 <span class="permissions_boxes">
31 <span class="permissions_boxes">
23 <span class="desc">${_('show')}: </span>
32 <span class="desc">${_('show')}: </span>
24 ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_%s' % section}"><span class="perm_tag none">${_('none')}</span></label>
33 ${h.checkbox('perms_filter_none_%s' % section, 'none', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_{}'.format(section)}"><span class="perm_tag none">${_('none')}</span></label>
25 ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')} <label for="${'perms_filter_read_%s' % section}"><span class="perm_tag read">${_('read')}</span></label>
34 ${h.checkbox('perms_filter_merge_%s' % section, 'merge', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='merge')} <label for="${'perms_filter_merge_{}'.format(section)}"><span class="perm_tag merge">${_('merge')}</span></label>
26 ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_%s' % section}"> <span class="perm_tag write">${_('write')}</span></label>
35 ${h.checkbox('perms_filter_push_%s' % section, 'push', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push')} <label for="${'perms_filter_push_{}'.format(section)}"> <span class="perm_tag push">${_('push')}</span></label>
27 ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_%s' % section}"><span class="perm_tag admin">${_('admin')}</span></label>
36 ${h.checkbox('perms_filter_push_force_%s' % section, 'push_force', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='push_force')} <label for="${'perms_filter_push_force_{}'.format(section)}"><span class="perm_tag push_force">${_('push force')}</span></label>
37 </span>
38 % elif section != 'global':
39 <span class="permissions_boxes">
40 <span class="desc">${_('show')}: </span>
41 ${h.checkbox('perms_filter_none_%s' % section, 'none', '', class_='perm_filter filter_%s' % section, section=section, perm_type='none')} <label for="${'perms_filter_none_{}'.format(section)}"><span class="perm_tag none">${_('none')}</span></label>
42 ${h.checkbox('perms_filter_read_%s' % section, 'read', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='read')} <label for="${'perms_filter_read_{}'.format(section)}"><span class="perm_tag read">${_('read')}</span></label>
43 ${h.checkbox('perms_filter_write_%s' % section, 'write', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='write')} <label for="${'perms_filter_write_{}'.format(section)}"> <span class="perm_tag write">${_('write')}</span></label>
44 ${h.checkbox('perms_filter_admin_%s' % section, 'admin', 'checked', class_='perm_filter filter_%s' % section, section=section, perm_type='admin')} <label for="${'perms_filter_admin_{}'.format(section)}"><span class="perm_tag admin">${_('admin')}</span></label>
28 </span>
45 </span>
29 %endif
46 % endif
47
30 </div>
48 </div>
31 </div>
49 </div>
32 <div class="field">
50 <div class="field">
@@ -72,12 +90,10 b''
72 %endif
90 %endif
73 %else:
91 %else:
74 %if not val_lbl:
92 %if not val_lbl:
75 ${
93 ${{'false': False,
76 {'false': False,
77 'true': True,
94 'true': True,
78 'none': False,
95 'none': False,
79 'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false')
96 'repository': True}.get(val[1][0] if 0 < len(val[1]) else 'false')}
80 }
81 %else:
97 %else:
82 <span class="perm_tag ${val[1][0]}">${val_lbl}.${val[1][0]}</span>
98 <span class="perm_tag ${val[1][0]}">${val_lbl}.${val[1][0]}</span>
83 %endif
99 %endif
@@ -142,7 +158,72 b''
142 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
158 edit_url=h.route_path('user_edit_global_perms', user_id=c.user.user_id), edit_global_url=h.route_path('admin_permissions_object'))}
143
159
144 </tbody>
160 </tbody>
161 ## Branch perms
162 %elif section == 'repository_branches':
163 <thead>
164 <tr>
165 <th>${_('Name')}</th>
166 <th>${_('Pattern')}</th>
167 <th>${_('Permission')}</th>
168 %if actions:
169 <th>${_('Edit Branch Permission')}</th>
170 %endif
171 </thead>
172 <tbody class="section_${section}">
173 <%
174 def name_sorter(permissions):
175 def custom_sorter(item):
176 return item[0]
177 return sorted(permissions, key=custom_sorter)
178
179 def branch_sorter(permissions):
180 def custom_sorter(item):
181 ## none, merge, push, push_force
182 section = item[1].split('.')[-1]
183 section_importance = {'none': u'0',
184 'merge': u'1',
185 'push': u'2',
186 'push_force': u'3'}.get(section)
187 ## sort by importance + name
188 return section_importance + item[0]
189 return sorted(permissions, key=custom_sorter)
190 %>
191 %for k, section_perms in name_sorter(permissions[section].items()):
192 % for pattern, perm in branch_sorter(section_perms.items()):
193 <tr class="perm_row ${'{}_{}'.format(section, perm.split('.')[-1])}">
194 <td class="td-name">
195 <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
196 </td>
197 <td>${pattern}</td>
198 <td class="td-tags">
199 ## TODO: calculate origin somehow
200 ## % for i, ((_pat, perm), origin) in enumerate((permissions[section].perm_origin_stack[k])):
201
202 <div>
203 <% i = 0 %>
204 <% origin = 'unknown' %>
205 <% _css_class = i > 0 and 'perm_overriden' or '' %>
206
207 <span class="${_css_class} perm_tag ${perm.split('.')[-1]}">
208 ${perm}
209 ##(${origin})
210 </span>
211 </div>
212 ## % endfor
213 </td>
214 %if actions:
215 <td class="td-action">
216 <a href="${h.route_path('edit_repo_perms_branch',repo_name=k)}">${_('edit')}</a>
217 </td>
218 %endif
219 </tr>
220 % endfor
221 %endfor
222 </tbody>
223
224 ## Repos/Repo Groups/users groups perms
145 %else:
225 %else:
226
146 ## none/read/write/admin permissions on groups/repos etc
227 ## none/read/write/admin permissions on groups/repos etc
147 <thead>
228 <thead>
148 <tr>
229 <tr>
@@ -167,8 +248,11 b''
167 return sorted(permissions, key=custom_sorter)
248 return sorted(permissions, key=custom_sorter)
168 %>
249 %>
169 %for k, section_perm in sorter(permissions[section].items()):
250 %for k, section_perm in sorter(permissions[section].items()):
170 %if section_perm.split('.')[-1] != 'none' or show_all:
251 <% perm_value = section_perm.split('.')[-1] %>
171 <tr class="perm_row ${'%s_%s' % (section, section_perm.split('.')[-1])}">
252 <% _css_class = 'display:none' if perm_value in ['none'] else '' %>
253
254 %if perm_value != 'none' or show_all:
255 <tr class="perm_row ${'{}_{}'.format(section, section_perm.split('.')[-1])}" style="${_css_class}">
172 <td class="td-name">
256 <td class="td-name">
173 %if section == 'repositories':
257 %if section == 'repositories':
174 <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
258 <a href="${h.route_path('repo_summary',repo_name=k)}">${k}</a>
@@ -183,7 +267,7 b''
183 %if hasattr(permissions[section], 'perm_origin_stack'):
267 %if hasattr(permissions[section], 'perm_origin_stack'):
184 <div>
268 <div>
185 %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
269 %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
186
270 <% _css_class = i > 0 and 'perm_overriden' or '' %>
187 % if i > 0:
271 % if i > 0:
188 <div style="color: #979797">
272 <div style="color: #979797">
189 <i class="icon-arrow_up"></i>
273 <i class="icon-arrow_up"></i>
@@ -193,7 +277,7 b''
193 % endif
277 % endif
194
278
195 <div>
279 <div>
196 <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}">
280 <span class="${_css_class} perm_tag ${perm.split('.')[-1]}">
197 ${perm} (${origin})
281 ${perm} (${origin})
198 </span>
282 </span>
199 </div>
283 </div>
@@ -220,7 +304,7 b''
220 %endfor
304 %endfor
221
305
222 <tr id="empty_${section}" class="noborder" style="display:none;">
306 <tr id="empty_${section}" class="noborder" style="display:none;">
223 <td colspan="6">${_('No permission defined')}</td>
307 <td colspan="6">${_('No matching permission defined')}</td>
224 </tr>
308 </tr>
225
309
226 </tbody>
310 </tbody>
@@ -236,15 +320,16 b''
236
320
237 <script>
321 <script>
238 $(document).ready(function(){
322 $(document).ready(function(){
239 var show_empty = function(section){
323 var showEmpty = function(section){
240 var visible = $('.section_{0} tr.perm_row:visible'.format(section)).length;
324 var visible = $('.section_{0} tr.perm_row:visible'.format(section)).length;
241 if(visible == 0){
325 if(visible === 0){
242 $('#empty_{0}'.format(section)).show();
326 $('#empty_{0}'.format(section)).show();
243 }
327 }
244 else{
328 else{
245 $('#empty_{0}'.format(section)).hide();
329 $('#empty_{0}'.format(section)).hide();
246 }
330 }
247 };
331 };
332
248 $('.perm_filter').on('change', function(e){
333 $('.perm_filter').on('change', function(e){
249 var self = this;
334 var self = this;
250 var section = $(this).attr('section');
335 var section = $(this).attr('section');
@@ -261,7 +346,7 b''
261 $('.'+section+'_'+perm_type).hide();
346 $('.'+section+'_'+perm_type).hide();
262 }
347 }
263 });
348 });
264 show_empty(section);
349 showEmpty(section);
265 })
350 })
266 })
351 })
267 </script>
352 </script>
Show file before | Show file after | Hide comments
@@ -284,7 +284,7 b''
284
284
285 <%def name="user_group_name(user_group_name)">
285 <%def name="user_group_name(user_group_name)">
286 <div>
286 <div>
287 <i class="icon-group" title="${_('User group')}"></i>
287 <i class="icon-user-group" title="${_('User group')}"></i>
288 ${h.link_to_group(user_group_name)}
288 ${h.link_to_group(user_group_name)}
289 </div>
289 </div>
290 </%def>
290 </%def>
Show file before | Show file after | Hide comments
@@ -534,7 +534,7 b''
534 </tbody>
534 </tbody>
535 </table>
535 </table>
536 <div class="link" id="add_perm">
536 <div class="link" id="add_perm">
537 Add new
537 Add user/user group
538 </div>
538 </div>
539
539
540
540
Show file before | Show file after | Hide comments
@@ -8,12 +8,11 b''
8 <div class="panel-heading">${title}</div>
8 <div class="panel-heading">${title}</div>
9 <div class="panel-body">
9 <div class="panel-body">
10
10
11 <div tal:condition="errormsg"
11 <div tal:condition="errormsg" class="clearfix alert alert-error">
12 class="clearfix alert alert-danger">
12 <span i18n:translate="">
13 <p i18n:translate="">
14 There was a problem with this section
13 There was a problem with this section
15 </p>
14 </span>
16 <p>${errormsg}</p>
15 <div>${errormsg}</div>
17 </div>
16 </div>
18
17
19 <div tal:condition="description">
18 <div tal:condition="description">
Show file before | Show file after | Hide comments
@@ -140,6 +140,10 b' class TestPermissions(object):'
140 assert repo_perms(user)[repo.repo_name] == 'repository.admin'
140 assert repo_perms(user)[repo.repo_name] == 'repository.admin'
141 repo.user = org_owner
141 repo.user = org_owner
142
142
143 def test_default_owner_branch_perms(self, user_util, test_user_group):
144 user = user_util.create_user()
145 assert branch_perms(user) == {}
146
143 def test_default_owner_repo_group_perms(self, user_util, test_repo_group):
147 def test_default_owner_repo_group_perms(self, user_util, test_repo_group):
144 user = user_util.create_user()
148 user = user_util.create_user()
145 org_owner = test_repo_group.user
149 org_owner = test_repo_group.user
@@ -360,13 +364,15 b' class TestPermissions(object):'
360 user_model.revoke_perm(self.u1, 'hg.fork.repository')
364 user_model.revoke_perm(self.u1, 'hg.fork.repository')
361 user_model.grant_perm(self.u1, 'hg.fork.none')
365 user_model.grant_perm(self.u1, 'hg.fork.none')
362
366
367 # TODO(marcink): check branch permissions now ?
368
363 # make sure inherit flag is turned off
369 # make sure inherit flag is turned off
364 self.u1.inherit_default_permissions = False
370 self.u1.inherit_default_permissions = False
365 Session().commit()
371 Session().commit()
366
372
367 # this user will have non inherited permissions from he's
373 # this user will have non inherited permissions from he's
368 # explicitly set permissions
374 # explicitly set permissions
369 assert global_perms(self.u1) == set([
375 assert global_perms(self.u1) == {
370 'hg.create.none',
376 'hg.create.none',
371 'hg.fork.none',
377 'hg.fork.none',
372 'hg.register.manual_activate',
378 'hg.register.manual_activate',
@@ -375,7 +381,8 b' class TestPermissions(object):'
375 'repository.read',
381 'repository.read',
376 'group.read',
382 'group.read',
377 'usergroup.read',
383 'usergroup.read',
378 ])
384 'branch.push_force',
385 }
379
386
380 def test_non_inherited_permissions_from_default_on_user_disabled(self):
387 def test_non_inherited_permissions_from_default_on_user_disabled(self):
381 user_model = UserModel()
388 user_model = UserModel()
@@ -396,9 +403,11 b' class TestPermissions(object):'
396 self.u1.inherit_default_permissions = False
403 self.u1.inherit_default_permissions = False
397 Session().commit()
404 Session().commit()
398
405
406 # TODO(marcink): check branch perms
407
399 # this user will have non inherited permissions from he's
408 # this user will have non inherited permissions from he's
400 # explicitly set permissions
409 # explicitly set permissions
401 assert global_perms(self.u1) == set([
410 assert global_perms(self.u1) == {
402 'hg.create.repository',
411 'hg.create.repository',
403 'hg.fork.repository',
412 'hg.fork.repository',
404 'hg.register.manual_activate',
413 'hg.register.manual_activate',
@@ -407,7 +416,8 b' class TestPermissions(object):'
407 'repository.read',
416 'repository.read',
408 'group.read',
417 'group.read',
409 'usergroup.read',
418 'usergroup.read',
410 ])
419 'branch.push_force',
420 }
411
421
412 @pytest.mark.parametrize('perm, expected_perm', [
422 @pytest.mark.parametrize('perm, expected_perm', [
413 ('hg.inherit_default_perms.false', 'repository.none', ),
423 ('hg.inherit_default_perms.false', 'repository.none', ),
@@ -425,8 +435,10 b' class TestPermissions(object):'
425 self.u1.inherit_default_permissions = True
435 self.u1.inherit_default_permissions = True
426 Session().commit()
436 Session().commit()
427
437
438 # TODO(marcink): check branch perms
439
428 # this user will have inherited permissions from default user
440 # this user will have inherited permissions from default user
429 assert global_perms(self.u1) == set([
441 assert global_perms(self.u1) == {
430 'hg.create.none',
442 'hg.create.none',
431 'hg.fork.none',
443 'hg.fork.none',
432 'hg.register.manual_activate',
444 'hg.register.manual_activate',
@@ -435,11 +447,12 b' class TestPermissions(object):'
435 'repository.read',
447 'repository.read',
436 'group.read',
448 'group.read',
437 'usergroup.read',
449 'usergroup.read',
450 'branch.push_force',
438 'hg.create.write_on_repogroup.true',
451 'hg.create.write_on_repogroup.true',
439 'hg.usergroup.create.false',
452 'hg.usergroup.create.false',
440 'hg.repogroup.create.false',
453 'hg.repogroup.create.false',
441 perm,
454 perm
442 ])
455 }
443
456
444 assert set(repo_perms(self.u1).values()) == set([expected_perm])
457 assert set(repo_perms(self.u1).values()) == set([expected_perm])
445
458
@@ -693,6 +706,11 b' def repo_perms(user):'
693 return auth_user.permissions['repositories']
706 return auth_user.permissions['repositories']
694
707
695
708
709 def branch_perms(user):
710 auth_user = AuthUser(user_id=user.user_id)
711 return auth_user.permissions['repository_branches']
712
713
696 def group_perms(user):
714 def group_perms(user):
697 auth_user = AuthUser(user_id=user.user_id)
715 auth_user = AuthUser(user_id=user.user_id)
698 return auth_user.permissions['repositories_groups']
716 return auth_user.permissions['repositories_groups']
Show file before | Show file after | Hide comments
@@ -66,5 +66,5 b' class TestTags(BackendTestMixin):'
66 def test_name_with_slash(self):
66 def test_name_with_slash(self):
67 self.repo.tag('19/10/11', 'joe')
67 self.repo.tag('19/10/11', 'joe')
68 assert '19/10/11' in self.repo.tags
68 assert '19/10/11' in self.repo.tags
69 self.repo.tag('11', 'joe')
69 self.repo.tag('rel.11', 'joe')
70 assert '11' in self.repo.tags
70 assert 'rel.11' in self.repo.tags
General Comments 0
You need to be logged in to leave comments. Login now