##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
repo-group: add path to exception when directory under which repo group should be created already exists.
marcink -
r1152:2e863d15 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,710 +1,711 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 """
23 23 repo group model for RhodeCode
24 24 """
25 25
26 26 import os
27 27 import datetime
28 28 import itertools
29 29 import logging
30 30 import shutil
31 31 import traceback
32 32 import string
33 33
34 34 from zope.cachedescriptors.property import Lazy as LazyProperty
35 35
36 36 from rhodecode import events
37 37 from rhodecode.model import BaseModel
38 38 from rhodecode.model.db import (
39 39 RepoGroup, UserRepoGroupToPerm, User, Permission, UserGroupRepoGroupToPerm,
40 40 UserGroup, Repository)
41 41 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
42 42 from rhodecode.lib.caching_query import FromCache
43 43 from rhodecode.lib.utils2 import action_logger_generic
44 44
45 45 log = logging.getLogger(__name__)
46 46
47 47
48 48 class RepoGroupModel(BaseModel):
49 49
50 50 cls = RepoGroup
51 51 PERSONAL_GROUP_DESC = 'personal repo group of user `%(username)s`'
52 52 PERSONAL_GROUP_PATTERN = '${username}' # default
53 53
54 54 def _get_user_group(self, users_group):
55 55 return self._get_instance(UserGroup, users_group,
56 56 callback=UserGroup.get_by_group_name)
57 57
58 58 def _get_repo_group(self, repo_group):
59 59 return self._get_instance(RepoGroup, repo_group,
60 60 callback=RepoGroup.get_by_group_name)
61 61
62 62 @LazyProperty
63 63 def repos_path(self):
64 64 """
65 65 Gets the repositories root path from database
66 66 """
67 67
68 68 settings_model = VcsSettingsModel(sa=self.sa)
69 69 return settings_model.get_repos_location()
70 70
71 71 def get_by_group_name(self, repo_group_name, cache=None):
72 72 repo = self.sa.query(RepoGroup) \
73 73 .filter(RepoGroup.group_name == repo_group_name)
74 74
75 75 if cache:
76 76 repo = repo.options(FromCache(
77 77 "sql_cache_short", "get_repo_group_%s" % repo_group_name))
78 78 return repo.scalar()
79 79
80 80 def get_default_create_personal_repo_group(self):
81 81 value = SettingsModel().get_setting_by_name(
82 82 'create_personal_repo_group')
83 83 return value.app_settings_value if value else None or False
84 84
85 85 def get_personal_group_name_pattern(self):
86 86 value = SettingsModel().get_setting_by_name(
87 87 'personal_repo_group_pattern')
88 88 val = value.app_settings_value if value else None
89 89 group_template = val or self.PERSONAL_GROUP_PATTERN
90 90
91 91 group_template = group_template.lstrip('/')
92 92 return group_template
93 93
94 94 def get_personal_group_name(self, user):
95 95 template = self.get_personal_group_name_pattern()
96 96 return string.Template(template).safe_substitute(
97 97 username=user.username,
98 98 user_id=user.user_id,
99 99 )
100 100
101 101 def create_personal_repo_group(self, user, commit_early=True):
102 102 desc = self.PERSONAL_GROUP_DESC % {'username': user.username}
103 103 personal_repo_group_name = self.get_personal_group_name(user)
104 104
105 105 # create a new one
106 106 RepoGroupModel().create(
107 107 group_name=personal_repo_group_name,
108 108 group_description=desc,
109 109 owner=user.username,
110 110 personal=True,
111 111 commit_early=commit_early)
112 112
113 113 def _create_default_perms(self, new_group):
114 114 # create default permission
115 115 default_perm = 'group.read'
116 116 def_user = User.get_default_user()
117 117 for p in def_user.user_perms:
118 118 if p.permission.permission_name.startswith('group.'):
119 119 default_perm = p.permission.permission_name
120 120 break
121 121
122 122 repo_group_to_perm = UserRepoGroupToPerm()
123 123 repo_group_to_perm.permission = Permission.get_by_key(default_perm)
124 124
125 125 repo_group_to_perm.group = new_group
126 126 repo_group_to_perm.user_id = def_user.user_id
127 127 return repo_group_to_perm
128 128
129 129 def _get_group_name_and_parent(self, group_name_full, repo_in_path=False,
130 130 get_object=False):
131 131 """
132 132 Get's the group name and a parent group name from given group name.
133 133 If repo_in_path is set to truth, we asume the full path also includes
134 134 repo name, in such case we clean the last element.
135 135
136 136 :param group_name_full:
137 137 """
138 138 split_paths = 1
139 139 if repo_in_path:
140 140 split_paths = 2
141 141 _parts = group_name_full.rsplit(RepoGroup.url_sep(), split_paths)
142 142
143 143 if repo_in_path and len(_parts) > 1:
144 144 # such case last element is the repo_name
145 145 _parts.pop(-1)
146 146 group_name_cleaned = _parts[-1] # just the group name
147 147 parent_repo_group_name = None
148 148
149 149 if len(_parts) > 1:
150 150 parent_repo_group_name = _parts[0]
151 151
152 152 parent_group = None
153 153 if parent_repo_group_name:
154 154 parent_group = RepoGroup.get_by_group_name(parent_repo_group_name)
155 155
156 156 if get_object:
157 157 return group_name_cleaned, parent_repo_group_name, parent_group
158 158
159 159 return group_name_cleaned, parent_repo_group_name
160 160
161 161 def check_exist_filesystem(self, group_name, exc_on_failure=True):
162 162 create_path = os.path.join(self.repos_path, group_name)
163 163 log.debug('creating new group in %s', create_path)
164 164
165 165 if os.path.isdir(create_path):
166 166 if exc_on_failure:
167 raise Exception('That directory already exists !')
167 abs_create_path = os.path.abspath(create_path)
168 raise Exception('Directory `{}` already exists !'.format(abs_create_path))
168 169 return False
169 170 return True
170 171
171 172 def _create_group(self, group_name):
172 173 """
173 174 makes repository group on filesystem
174 175
175 176 :param repo_name:
176 177 :param parent_id:
177 178 """
178 179
179 180 self.check_exist_filesystem(group_name)
180 181 create_path = os.path.join(self.repos_path, group_name)
181 182 log.debug('creating new group in %s', create_path)
182 183 os.makedirs(create_path, mode=0755)
183 184 log.debug('created group in %s', create_path)
184 185
185 186 def _rename_group(self, old, new):
186 187 """
187 188 Renames a group on filesystem
188 189
189 190 :param group_name:
190 191 """
191 192
192 193 if old == new:
193 194 log.debug('skipping group rename')
194 195 return
195 196
196 197 log.debug('renaming repository group from %s to %s', old, new)
197 198
198 199 old_path = os.path.join(self.repos_path, old)
199 200 new_path = os.path.join(self.repos_path, new)
200 201
201 202 log.debug('renaming repos paths from %s to %s', old_path, new_path)
202 203
203 204 if os.path.isdir(new_path):
204 205 raise Exception('Was trying to rename to already '
205 206 'existing dir %s' % new_path)
206 207 shutil.move(old_path, new_path)
207 208
208 209 def _delete_filesystem_group(self, group, force_delete=False):
209 210 """
210 211 Deletes a group from a filesystem
211 212
212 213 :param group: instance of group from database
213 214 :param force_delete: use shutil rmtree to remove all objects
214 215 """
215 216 paths = group.full_path.split(RepoGroup.url_sep())
216 217 paths = os.sep.join(paths)
217 218
218 219 rm_path = os.path.join(self.repos_path, paths)
219 220 log.info("Removing group %s", rm_path)
220 221 # delete only if that path really exists
221 222 if os.path.isdir(rm_path):
222 223 if force_delete:
223 224 shutil.rmtree(rm_path)
224 225 else:
225 226 # archive that group`
226 227 _now = datetime.datetime.now()
227 228 _ms = str(_now.microsecond).rjust(6, '0')
228 229 _d = 'rm__%s_GROUP_%s' % (
229 230 _now.strftime('%Y%m%d_%H%M%S_' + _ms), group.name)
230 231 shutil.move(rm_path, os.path.join(self.repos_path, _d))
231 232
232 233 def create(self, group_name, group_description, owner, just_db=False,
233 234 copy_permissions=False, personal=None, commit_early=True):
234 235
235 236 (group_name_cleaned,
236 237 parent_group_name) = RepoGroupModel()._get_group_name_and_parent(group_name)
237 238
238 239 parent_group = None
239 240 if parent_group_name:
240 241 parent_group = self._get_repo_group(parent_group_name)
241 242 if not parent_group:
242 243 # we tried to create a nested group, but the parent is not
243 244 # existing
244 245 raise ValueError(
245 246 'Parent group `%s` given in `%s` group name '
246 247 'is not yet existing.' % (parent_group_name, group_name))
247 248
248 249 # because we are doing a cleanup, we need to check if such directory
249 250 # already exists. If we don't do that we can accidentally delete
250 251 # existing directory via cleanup that can cause data issues, since
251 252 # delete does a folder rename to special syntax later cleanup
252 253 # functions can delete this
253 254 cleanup_group = self.check_exist_filesystem(group_name,
254 255 exc_on_failure=False)
255 256 try:
256 257 user = self._get_user(owner)
257 258 new_repo_group = RepoGroup()
258 259 new_repo_group.user = user
259 260 new_repo_group.group_description = group_description or group_name
260 261 new_repo_group.parent_group = parent_group
261 262 new_repo_group.group_name = group_name
262 263 new_repo_group.personal = personal
263 264
264 265 self.sa.add(new_repo_group)
265 266
266 267 # create an ADMIN permission for owner except if we're super admin,
267 268 # later owner should go into the owner field of groups
268 269 if not user.is_admin:
269 270 self.grant_user_permission(repo_group=new_repo_group,
270 271 user=owner, perm='group.admin')
271 272
272 273 if parent_group and copy_permissions:
273 274 # copy permissions from parent
274 275 user_perms = UserRepoGroupToPerm.query() \
275 276 .filter(UserRepoGroupToPerm.group == parent_group).all()
276 277
277 278 group_perms = UserGroupRepoGroupToPerm.query() \
278 279 .filter(UserGroupRepoGroupToPerm.group == parent_group).all()
279 280
280 281 for perm in user_perms:
281 282 # don't copy over the permission for user who is creating
282 283 # this group, if he is not super admin he get's admin
283 284 # permission set above
284 285 if perm.user != user or user.is_admin:
285 286 UserRepoGroupToPerm.create(
286 287 perm.user, new_repo_group, perm.permission)
287 288
288 289 for perm in group_perms:
289 290 UserGroupRepoGroupToPerm.create(
290 291 perm.users_group, new_repo_group, perm.permission)
291 292 else:
292 293 perm_obj = self._create_default_perms(new_repo_group)
293 294 self.sa.add(perm_obj)
294 295
295 296 # now commit the changes, earlier so we are sure everything is in
296 297 # the database.
297 298 if commit_early:
298 299 self.sa.commit()
299 300 if not just_db:
300 301 self._create_group(new_repo_group.group_name)
301 302
302 303 # trigger the post hook
303 304 from rhodecode.lib.hooks_base import log_create_repository_group
304 305 repo_group = RepoGroup.get_by_group_name(group_name)
305 306 log_create_repository_group(
306 307 created_by=user.username, **repo_group.get_dict())
307 308
308 309 # Trigger create event.
309 310 events.trigger(events.RepoGroupCreateEvent(repo_group))
310 311
311 312 return new_repo_group
312 313 except Exception:
313 314 self.sa.rollback()
314 315 log.exception('Exception occurred when creating repository group, '
315 316 'doing cleanup...')
316 317 # rollback things manually !
317 318 repo_group = RepoGroup.get_by_group_name(group_name)
318 319 if repo_group:
319 320 RepoGroup.delete(repo_group.group_id)
320 321 self.sa.commit()
321 322 if cleanup_group:
322 323 RepoGroupModel()._delete_filesystem_group(repo_group)
323 324 raise
324 325
325 326 def update_permissions(
326 327 self, repo_group, perm_additions=None, perm_updates=None,
327 328 perm_deletions=None, recursive=None, check_perms=True,
328 329 cur_user=None):
329 330 from rhodecode.model.repo import RepoModel
330 331 from rhodecode.lib.auth import HasUserGroupPermissionAny
331 332
332 333 if not perm_additions:
333 334 perm_additions = []
334 335 if not perm_updates:
335 336 perm_updates = []
336 337 if not perm_deletions:
337 338 perm_deletions = []
338 339
339 340 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
340 341
341 342 def _set_perm_user(obj, user, perm):
342 343 if isinstance(obj, RepoGroup):
343 344 self.grant_user_permission(
344 345 repo_group=obj, user=user, perm=perm)
345 346 elif isinstance(obj, Repository):
346 347 # private repos will not allow to change the default
347 348 # permissions using recursive mode
348 349 if obj.private and user == User.DEFAULT_USER:
349 350 return
350 351
351 352 # we set group permission but we have to switch to repo
352 353 # permission
353 354 perm = perm.replace('group.', 'repository.')
354 355 RepoModel().grant_user_permission(
355 356 repo=obj, user=user, perm=perm)
356 357
357 358 def _set_perm_group(obj, users_group, perm):
358 359 if isinstance(obj, RepoGroup):
359 360 self.grant_user_group_permission(
360 361 repo_group=obj, group_name=users_group, perm=perm)
361 362 elif isinstance(obj, Repository):
362 363 # we set group permission but we have to switch to repo
363 364 # permission
364 365 perm = perm.replace('group.', 'repository.')
365 366 RepoModel().grant_user_group_permission(
366 367 repo=obj, group_name=users_group, perm=perm)
367 368
368 369 def _revoke_perm_user(obj, user):
369 370 if isinstance(obj, RepoGroup):
370 371 self.revoke_user_permission(repo_group=obj, user=user)
371 372 elif isinstance(obj, Repository):
372 373 RepoModel().revoke_user_permission(repo=obj, user=user)
373 374
374 375 def _revoke_perm_group(obj, user_group):
375 376 if isinstance(obj, RepoGroup):
376 377 self.revoke_user_group_permission(
377 378 repo_group=obj, group_name=user_group)
378 379 elif isinstance(obj, Repository):
379 380 RepoModel().revoke_user_group_permission(
380 381 repo=obj, group_name=user_group)
381 382
382 383 # start updates
383 384 updates = []
384 385 log.debug('Now updating permissions for %s in recursive mode:%s',
385 386 repo_group, recursive)
386 387
387 388 # initialize check function, we'll call that multiple times
388 389 has_group_perm = HasUserGroupPermissionAny(*req_perms)
389 390
390 391 for obj in repo_group.recursive_groups_and_repos():
391 392 # iterated obj is an instance of a repos group or repository in
392 393 # that group, recursive option can be: none, repos, groups, all
393 394 if recursive == 'all':
394 395 obj = obj
395 396 elif recursive == 'repos':
396 397 # skip groups, other than this one
397 398 if isinstance(obj, RepoGroup) and not obj == repo_group:
398 399 continue
399 400 elif recursive == 'groups':
400 401 # skip repos
401 402 if isinstance(obj, Repository):
402 403 continue
403 404 else: # recursive == 'none':
404 405 # DEFAULT option - don't apply to iterated objects
405 406 # also we do a break at the end of this loop. if we are not
406 407 # in recursive mode
407 408 obj = repo_group
408 409
409 410 # update permissions
410 411 for member_id, perm, member_type in perm_updates:
411 412 member_id = int(member_id)
412 413 if member_type == 'user':
413 414 # this updates also current one if found
414 415 _set_perm_user(obj, user=member_id, perm=perm)
415 416 else: # set for user group
416 417 member_name = UserGroup.get(member_id).users_group_name
417 418 if not check_perms or has_group_perm(member_name,
418 419 user=cur_user):
419 420 _set_perm_group(obj, users_group=member_id, perm=perm)
420 421
421 422 # set new permissions
422 423 for member_id, perm, member_type in perm_additions:
423 424 member_id = int(member_id)
424 425 if member_type == 'user':
425 426 _set_perm_user(obj, user=member_id, perm=perm)
426 427 else: # set for user group
427 428 # check if we have permissions to alter this usergroup
428 429 member_name = UserGroup.get(member_id).users_group_name
429 430 if not check_perms or has_group_perm(member_name,
430 431 user=cur_user):
431 432 _set_perm_group(obj, users_group=member_id, perm=perm)
432 433
433 434 # delete permissions
434 435 for member_id, perm, member_type in perm_deletions:
435 436 member_id = int(member_id)
436 437 if member_type == 'user':
437 438 _revoke_perm_user(obj, user=member_id)
438 439 else: # set for user group
439 440 # check if we have permissions to alter this usergroup
440 441 member_name = UserGroup.get(member_id).users_group_name
441 442 if not check_perms or has_group_perm(member_name,
442 443 user=cur_user):
443 444 _revoke_perm_group(obj, user_group=member_id)
444 445
445 446 updates.append(obj)
446 447 # if it's not recursive call for all,repos,groups
447 448 # break the loop and don't proceed with other changes
448 449 if recursive not in ['all', 'repos', 'groups']:
449 450 break
450 451
451 452 return updates
452 453
453 454 def update(self, repo_group, form_data):
454 455 try:
455 456 repo_group = self._get_repo_group(repo_group)
456 457 old_path = repo_group.full_path
457 458
458 459 # change properties
459 460 if 'group_description' in form_data:
460 461 repo_group.group_description = form_data['group_description']
461 462
462 463 if 'enable_locking' in form_data:
463 464 repo_group.enable_locking = form_data['enable_locking']
464 465
465 466 if 'group_parent_id' in form_data:
466 467 parent_group = (
467 468 self._get_repo_group(form_data['group_parent_id']))
468 469 repo_group.group_parent_id = (
469 470 parent_group.group_id if parent_group else None)
470 471 repo_group.parent_group = parent_group
471 472
472 473 # mikhail: to update the full_path, we have to explicitly
473 474 # update group_name
474 475 group_name = form_data.get('group_name', repo_group.name)
475 476 repo_group.group_name = repo_group.get_new_name(group_name)
476 477
477 478 new_path = repo_group.full_path
478 479
479 480 if 'user' in form_data:
480 481 repo_group.user = User.get_by_username(form_data['user'])
481 482
482 483 self.sa.add(repo_group)
483 484
484 485 # iterate over all members of this groups and do fixes
485 486 # set locking if given
486 487 # if obj is a repoGroup also fix the name of the group according
487 488 # to the parent
488 489 # if obj is a Repo fix it's name
489 490 # this can be potentially heavy operation
490 491 for obj in repo_group.recursive_groups_and_repos():
491 492 # set the value from it's parent
492 493 obj.enable_locking = repo_group.enable_locking
493 494 if isinstance(obj, RepoGroup):
494 495 new_name = obj.get_new_name(obj.name)
495 496 log.debug('Fixing group %s to new name %s',
496 497 obj.group_name, new_name)
497 498 obj.group_name = new_name
498 499 elif isinstance(obj, Repository):
499 500 # we need to get all repositories from this new group and
500 501 # rename them accordingly to new group path
501 502 new_name = obj.get_new_name(obj.just_name)
502 503 log.debug('Fixing repo %s to new name %s',
503 504 obj.repo_name, new_name)
504 505 obj.repo_name = new_name
505 506 self.sa.add(obj)
506 507
507 508 self._rename_group(old_path, new_path)
508 509
509 510 # Trigger update event.
510 511 events.trigger(events.RepoGroupUpdateEvent(repo_group))
511 512
512 513 return repo_group
513 514 except Exception:
514 515 log.error(traceback.format_exc())
515 516 raise
516 517
517 518 def delete(self, repo_group, force_delete=False, fs_remove=True):
518 519 repo_group = self._get_repo_group(repo_group)
519 520 if not repo_group:
520 521 return False
521 522 try:
522 523 self.sa.delete(repo_group)
523 524 if fs_remove:
524 525 self._delete_filesystem_group(repo_group, force_delete)
525 526 else:
526 527 log.debug('skipping removal from filesystem')
527 528
528 529 # Trigger delete event.
529 530 events.trigger(events.RepoGroupDeleteEvent(repo_group))
530 531 return True
531 532
532 533 except Exception:
533 534 log.error('Error removing repo_group %s', repo_group)
534 535 raise
535 536
536 537 def grant_user_permission(self, repo_group, user, perm):
537 538 """
538 539 Grant permission for user on given repository group, or update
539 540 existing one if found
540 541
541 542 :param repo_group: Instance of RepoGroup, repositories_group_id,
542 543 or repositories_group name
543 544 :param user: Instance of User, user_id or username
544 545 :param perm: Instance of Permission, or permission_name
545 546 """
546 547
547 548 repo_group = self._get_repo_group(repo_group)
548 549 user = self._get_user(user)
549 550 permission = self._get_perm(perm)
550 551
551 552 # check if we have that permission already
552 553 obj = self.sa.query(UserRepoGroupToPerm)\
553 554 .filter(UserRepoGroupToPerm.user == user)\
554 555 .filter(UserRepoGroupToPerm.group == repo_group)\
555 556 .scalar()
556 557 if obj is None:
557 558 # create new !
558 559 obj = UserRepoGroupToPerm()
559 560 obj.group = repo_group
560 561 obj.user = user
561 562 obj.permission = permission
562 563 self.sa.add(obj)
563 564 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
564 565 action_logger_generic(
565 566 'granted permission: {} to user: {} on repogroup: {}'.format(
566 567 perm, user, repo_group), namespace='security.repogroup')
567 568 return obj
568 569
569 570 def revoke_user_permission(self, repo_group, user):
570 571 """
571 572 Revoke permission for user on given repository group
572 573
573 574 :param repo_group: Instance of RepoGroup, repositories_group_id,
574 575 or repositories_group name
575 576 :param user: Instance of User, user_id or username
576 577 """
577 578
578 579 repo_group = self._get_repo_group(repo_group)
579 580 user = self._get_user(user)
580 581
581 582 obj = self.sa.query(UserRepoGroupToPerm)\
582 583 .filter(UserRepoGroupToPerm.user == user)\
583 584 .filter(UserRepoGroupToPerm.group == repo_group)\
584 585 .scalar()
585 586 if obj:
586 587 self.sa.delete(obj)
587 588 log.debug('Revoked perm on %s on %s', repo_group, user)
588 589 action_logger_generic(
589 590 'revoked permission from user: {} on repogroup: {}'.format(
590 591 user, repo_group), namespace='security.repogroup')
591 592
592 593 def grant_user_group_permission(self, repo_group, group_name, perm):
593 594 """
594 595 Grant permission for user group on given repository group, or update
595 596 existing one if found
596 597
597 598 :param repo_group: Instance of RepoGroup, repositories_group_id,
598 599 or repositories_group name
599 600 :param group_name: Instance of UserGroup, users_group_id,
600 601 or user group name
601 602 :param perm: Instance of Permission, or permission_name
602 603 """
603 604 repo_group = self._get_repo_group(repo_group)
604 605 group_name = self._get_user_group(group_name)
605 606 permission = self._get_perm(perm)
606 607
607 608 # check if we have that permission already
608 609 obj = self.sa.query(UserGroupRepoGroupToPerm)\
609 610 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
610 611 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
611 612 .scalar()
612 613
613 614 if obj is None:
614 615 # create new
615 616 obj = UserGroupRepoGroupToPerm()
616 617
617 618 obj.group = repo_group
618 619 obj.users_group = group_name
619 620 obj.permission = permission
620 621 self.sa.add(obj)
621 622 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
622 623 action_logger_generic(
623 624 'granted permission: {} to usergroup: {} on repogroup: {}'.format(
624 625 perm, group_name, repo_group), namespace='security.repogroup')
625 626 return obj
626 627
627 628 def revoke_user_group_permission(self, repo_group, group_name):
628 629 """
629 630 Revoke permission for user group on given repository group
630 631
631 632 :param repo_group: Instance of RepoGroup, repositories_group_id,
632 633 or repositories_group name
633 634 :param group_name: Instance of UserGroup, users_group_id,
634 635 or user group name
635 636 """
636 637 repo_group = self._get_repo_group(repo_group)
637 638 group_name = self._get_user_group(group_name)
638 639
639 640 obj = self.sa.query(UserGroupRepoGroupToPerm)\
640 641 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
641 642 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
642 643 .scalar()
643 644 if obj:
644 645 self.sa.delete(obj)
645 646 log.debug('Revoked perm to %s on %s', repo_group, group_name)
646 647 action_logger_generic(
647 648 'revoked permission from usergroup: {} on repogroup: {}'.format(
648 649 group_name, repo_group), namespace='security.repogroup')
649 650
650 651 def get_repo_groups_as_dict(self, repo_group_list=None, admin=False,
651 652 super_user_actions=False):
652 653
653 654 from rhodecode.lib.utils import PartialRenderer
654 655 _render = PartialRenderer('data_table/_dt_elements.html')
655 656 c = _render.c
656 657 h = _render.h
657 658
658 659 def quick_menu(repo_group_name):
659 660 return _render('quick_repo_group_menu', repo_group_name)
660 661
661 662 def repo_group_lnk(repo_group_name):
662 663 return _render('repo_group_name', repo_group_name)
663 664
664 665 def desc(desc, personal):
665 666 prefix = h.escaped_stylize(u'[personal] ') if personal else ''
666 667
667 668 if c.visual.stylify_metatags:
668 669 desc = h.urlify_text(prefix + h.escaped_stylize(desc))
669 670 else:
670 671 desc = h.urlify_text(prefix + h.html_escape(desc))
671 672
672 673 return _render('repo_group_desc', desc)
673 674
674 675 def repo_group_actions(repo_group_id, repo_group_name, gr_count):
675 676 return _render(
676 677 'repo_group_actions', repo_group_id, repo_group_name, gr_count)
677 678
678 679 def repo_group_name(repo_group_name, children_groups):
679 680 return _render("repo_group_name", repo_group_name, children_groups)
680 681
681 682 def user_profile(username):
682 683 return _render('user_profile', username)
683 684
684 685 repo_group_data = []
685 686 for group in repo_group_list:
686 687
687 688 row = {
688 689 "menu": quick_menu(group.group_name),
689 690 "name": repo_group_lnk(group.group_name),
690 691 "name_raw": group.group_name,
691 692 "desc": desc(group.group_description, group.personal),
692 693 "top_level_repos": 0,
693 694 "owner": user_profile(group.user.username)
694 695 }
695 696 if admin:
696 697 repo_count = group.repositories.count()
697 698 children_groups = map(
698 699 h.safe_unicode,
699 700 itertools.chain((g.name for g in group.parents),
700 701 (x.name for x in [group])))
701 702 row.update({
702 703 "action": repo_group_actions(
703 704 group.group_id, group.group_name, repo_count),
704 705 "top_level_repos": repo_count,
705 706 "name": repo_group_name(group.group_name, children_groups),
706 707
707 708 })
708 709 repo_group_data.append(row)
709 710
710 711 return repo_group_data
General Comments 0
You need to be logged in to leave comments. Login now