rhodecode-enterprise-ce Commit - r68:36f83786

bugfix: fixed and updated a bunch of api tests which...

dan -

r68:36f83786 default

parent child

The requested changes are too big and content was truncated. Show full diff

rhodecode/api/tests/test_update_repo.py

0 +38 -21

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.repo import RepoModel
             from rhodecode.tests import TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_LOGIN
             from rhodecode.api.tests.utils import (
-                build_data, api_call, assert_error, assert_ok, crash)
+                build_data, api_call, assert_error, assert_ok, crash, jsonify)
             from rhodecode.tests.fixture import Fixture
             fixture = Fixture()
+            UPDATE_REPO_NAME = 'api_update_me'
+            class SAME_AS_UPDATES(object): """ Constant used for tests below """
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestApiUpdateRepo(object):
-                @pytest.mark.parametrize("changing_attr, updates", [
-                    ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),
+                @pytest.mark.parametrize("changing_attr, updates, expected", [
-                    ('description', {'description': 'new description'}),
+                    ('owner', {'owner': TEST_USER_REGULAR_LOGIN}, SAME_AS_UPDATES),
-                    ('active', {'active': True}),
+                    ('description', {'description': 'new description'}, SAME_AS_UPDATES),
-                    ('active', {'active': False}),
+                    ('clone_uri', {'clone_uri': 'http://foo.com/repo'}, SAME_AS_UPDATES),
-                    ('clone_uri', {'clone_uri': 'http://foo.com/repo'}),
+                    ('clone_uri', {'clone_uri': None}, {'clone_uri': ''}),
-                    ('clone_uri', {'clone_uri': None}),
+                    ('clone_uri', {'clone_uri': ''}, {'clone_uri': ''}),
-                    ('landing_rev', {'landing_rev': 'branch:master'}),
+                    ('landing_rev', {'landing_rev': 'branch:master'},
-                    ('enable_statistics', {'enable_statistics': True}),
+                                    {'landing_rev': ['branch', 'master']}),
-                    ('enable_locking', {'enable_locking': True}),
+                    ('enable_statistics', {'enable_statistics': True}, SAME_AS_UPDATES),
-                    ('enable_downloads', {'enable_downloads': True}),
+                    ('enable_locking', {'enable_locking': True}, SAME_AS_UPDATES),
-                    ('name', {'name': 'new_repo_name'}),
+                    ('enable_downloads', {'enable_downloads': True}, SAME_AS_UPDATES),
-                    ('repo_group', {'group': 'test_group_for_update'}),
+                    ('name', {'name': 'new_repo_name'},
+                             {'repo_name': 'new_repo_name'}),
+                    ('repo_group',
+                        {'group': 'test_group_for_update'},
+                        {'repo_name': 'test_group_for_update/%s' % UPDATE_REPO_NAME}),
                 ])
-                def test_api_update_repo(self, changing_attr, updates, backend):
+                def test_api_update_repo(self, changing_attr, updates, expected, backend):
-                    repo_name = 'api_update_me'
+                    repo_name = UPDATE_REPO_NAME
                     repo = fixture.create_repo(repo_name, repo_type=backend.alias)
                     if changing_attr == 'repo_group':
                         fixture.create_repo_group(updates['group'])
+                    expected_api_data = repo.get_api_data(include_secrets=True)
+                    if expected is SAME_AS_UPDATES:
+                        expected_api_data.update(updates)
+                    else:
+                        expected_api_data.update(expected)
                     id_, params = build_data(
                         self.apikey, 'update_repo', repoid=repo_name, **updates)
                     response = api_call(self.app, params)
                     if changing_attr == 'name':
                         repo_name = updates['name']
                     if changing_attr == 'repo_group':
                         repo_name = '/'.join([updates['group'], repo_name])
                     try:
                         expected = {
                             'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo_name),
-                            'repository': repo.get_api_data(include_secrets=True)
+                            'repository': jsonify(expected_api_data)
                         }
                         assert_ok(id_, expected, given=response.body)
                     finally:
                         fixture.destroy_repo(repo_name)
                         if changing_attr == 'repo_group':
                             fixture.destroy_repo_group(updates['group'])
                 def test_api_update_repo_fork_of_field(self, backend):
                     master_repo = backend.create_repo()
                     repo = backend.create_repo()
                     updates = {
                         'fork_of': master_repo.repo_name
                     }
+                    expected_api_data = repo.get_api_data(include_secrets=True)
+                    expected_api_data.update(updates)
                     id_, params = build_data(
                         self.apikey, 'update_repo', repoid=repo.repo_name, **updates)
                     response = api_call(self.app, params)
                     expected = {
                         'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo.repo_name),
-                        'repository': repo.get_api_data(include_secrets=True)
+                        'repository': jsonify(expected_api_data)
                     }
                     assert_ok(id_, expected, given=response.body)
                     result = response.json['result']['repository']
                     assert result['fork_of'] == master_repo.repo_name
                 def test_api_update_repo_fork_of_not_found(self, backend):
                     master_repo_name = 'fake-parent-repo'
                     repo = backend.create_repo()
                     updates = {
                         'fork_of': master_repo_name
                     }
                     id_, params = build_data(
                         self.apikey, 'update_repo', repoid=repo.repo_name, **updates)
                     response = api_call(self.app, params)
                     expected = 'repository `{}` does not exist'.format(master_repo_name)
                     assert_error(id_, expected, given=response.body)
                 def test_api_update_repo_with_repo_group_not_existing(self):
                     repo_name = 'admin_owned'
                     fixture.create_repo(repo_name)
                     updates = {'group': 'test_group_for_update'}
                     id_, params = build_data(
                         self.apikey, 'update_repo', repoid=repo_name, **updates)
                     response = api_call(self.app, params)
                     try:
                         expected = 'repository group `%s` does not exist' % (
                             updates['group'],)
                         assert_error(id_, expected, given=response.body)
                     finally:
                         fixture.destroy_repo(repo_name)
                 def test_api_update_repo_regular_user_not_allowed(self):
                     repo_name = 'admin_owned'
                     fixture.create_repo(repo_name)
                     updates = {'active': False}
                     id_, params = build_data(
                         self.apikey_regular, 'update_repo', repoid=repo_name, **updates)
                     response = api_call(self.app, params)
                     try:
                         expected = 'repository `%s` does not exist' % (repo_name,)
                         assert_error(id_, expected, given=response.body)
                     finally:
                         fixture.destroy_repo(repo_name)
                 @mock.patch.object(RepoModel, 'update', crash)
                 def test_api_update_repo_exception_occurred(self, backend):
-                    repo_name = 'api_update_me'
+                    repo_name = UPDATE_REPO_NAME
                     fixture.create_repo(repo_name, repo_type=backend.alias)
                     id_, params = build_data(
                         self.apikey, 'update_repo', repoid=repo_name,
                         owner=TEST_USER_ADMIN_LOGIN,)
                     response = api_call(self.app, params)
                     try:
                         expected = 'failed to update repo `%s`' % (repo_name,)
                         assert_error(id_, expected, given=response.body)
                     finally:
                         fixture.destroy_repo(repo_name)

rhodecode/api/tests/test_update_user_group.py

0 +11 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.tests import TEST_USER_REGULAR_LOGIN
             from rhodecode.api.tests.utils import (
-                build_data, api_call, assert_error, assert_ok, crash)
+                build_data, api_call, assert_error, assert_ok, crash, jsonify)
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestUpdateUserGroup(object):
                 @pytest.mark.parametrize("changing_attr, updates", [
                     ('group_name', {'group_name': 'new_group_name'}),
                     ('group_name', {'group_name': 'test_group_for_update'}),
                     ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),
                     ('active', {'active': False}),
                     ('active', {'active': True})
                 ])
                 def test_api_update_user_group(self, changing_attr, updates, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
+                    expected_api_data = user_group.get_api_data()
+                    expected_api_data.update(updates)
                     id_, params = build_data(
                         self.apikey, 'update_user_group', usergroupid=group_name,
                         **updates)
                     response = api_call(self.app, params)
                     expected = {
                         'msg': 'updated user group ID:%s %s' % (
                             user_group.users_group_id, user_group.users_group_name),
-                        'user_group': user_group.get_api_data()
+                        'user_group': jsonify(expected_api_data)
                     }
                     assert_ok(id_, expected, given=response.body)
                 @pytest.mark.parametrize("changing_attr, updates", [
                     # TODO: mikhail: decide if we need to test against the commented params
                     # ('group_name', {'group_name': 'new_group_name'}),
                     # ('group_name', {'group_name': 'test_group_for_update'}),
                     ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),
                     ('active', {'active': False}),
                     ('active', {'active': True})
                 ])
                 def test_api_update_user_group_regular_user(
                         self, changing_attr, updates, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
+                    expected_api_data = user_group.get_api_data()
+                    expected_api_data.update(updates)
                     # grant permission to this user
                     user = UserModel().get_by_username(self.TEST_USER_LOGIN)
                     user_util.grant_user_permission_to_user_group(
                         user_group, user, 'usergroup.admin')
                     id_, params = build_data(
                         self.apikey_regular, 'update_user_group',
                         usergroupid=group_name, **updates)
                     response = api_call(self.app, params)
                     expected = {
                         'msg': 'updated user group ID:%s %s' % (
                             user_group.users_group_id, user_group.users_group_name),
-                        'user_group': user_group.get_api_data()
+                        'user_group': jsonify(expected_api_data)
                     }
                     assert_ok(id_, expected, given=response.body)
                 def test_api_update_user_group_regular_user_no_permission(self, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
                     id_, params = build_data(
                         self.apikey_regular, 'update_user_group', usergroupid=group_name)
                     response = api_call(self.app, params)
                     expected = 'user group `%s` does not exist' % (group_name)
                     assert_error(id_, expected, given=response.body)
                 @mock.patch.object(UserGroupModel, 'update', crash)
                 def test_api_update_user_group_exception_occurred(self, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
                     id_, params = build_data(
                         self.apikey, 'update_user_group', usergroupid=group_name)
                     response = api_call(self.app, params)
                     expected = 'failed to update user group `%s`' % (group_name,)
                     assert_error(id_, expected, given=response.body)

rhodecode/api/views/repo_api.py

0 +2 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import time
             import colander
             from rhodecode import BACKENDS
             from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCForbidden, json
             from rhodecode.api.utils import (
                 has_superadmin_permission, Optional, OAttr, get_repo_or_error,
                 get_user_group_or_error, get_user_or_error, has_repo_permissions,
                 get_perm_or_error, store_update, get_repo_group_or_error, parse_args,
                 get_origin, build_commit_data)
             from rhodecode.lib.auth import (
                 HasPermissionAnyApi, HasRepoGroupPermissionAnyApi,
                 HasUserGroupPermissionAnyApi)
             from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
             from rhodecode.lib.utils import map_groups
             from rhodecode.lib.utils2 import str2bool, time_to_datetime
             from rhodecode.model.changeset_status import ChangesetStatusModel
             from rhodecode.model.comment import ChangesetCommentsModel
             from rhodecode.model.db import (
                 Session, ChangesetStatus, RepositoryField, Repository)
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.scm import ScmModel, RepoList
             from rhodecode.model.settings import SettingsModel
             from rhodecode.model.validation_schema import RepoSchema
             log = logging.getLogger(__name__)
             @jsonrpc_method()
             def get_repo(request, apiuser, repoid, cache=Optional(True)):
                 """
                 Gets an existing repository by its name or repository_id.
                 The members section so the output returns users groups or users
                 associated with that repository.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id.
                 :type repoid: str or int
                 :param cache: use the cached value for last changeset
                 :type: cache: Optional(bool)
                 Example output:
                 .. code-block:: bash
                     {
                       "error": null,
                       "id": <repo_id>,
                       "result": {
                         "clone_uri": null,
                         "created_on": "timestamp",
                         "description": "repo description",
                         "enable_downloads": false,
                         "enable_locking": false,
                         "enable_statistics": false,
                         "followers": [
                           {
                             "active": true,
                             "admin": false,
                             "api_key": "****************************************",
                             "api_keys": [
                               "****************************************"
                             ],
                             "email": "user@example.com",
                             "emails": [
                               "user@example.com"
                             ],
                             "extern_name": "rhodecode",
                             "extern_type": "rhodecode",
                             "firstname": "username",
                             "ip_addresses": [],
                             "language": null,
                             "last_login": "2015-09-16T17:16:35.854",
                             "lastname": "surname",
                             "user_id": <user_id>,
                             "username": "name"
                           }
                         ],
                         "fork_of": "parent-repo",
                         "landing_rev": [
                           "rev",
                           "tip"
                         ],
                         "last_changeset": {
                           "author": "User <user@example.com>",
                           "branch": "default",
                           "date": "timestamp",
                           "message": "last commit message",
                           "parents": [
                             {
                               "raw_id": "commit-id"
                             }
                           ],
                           "raw_id": "commit-id",
                           "revision": <revision number>,
                           "short_id": "short id"
                         },
                         "lock_reason": null,
                         "locked_by": null,
                         "locked_date": null,
                         "members": [
                           {
                             "name": "super-admin-name",
                             "origin": "super-admin",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "owner-name",
                             "origin": "owner",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "user-group-name",
                             "origin": "permission",
                             "permission": "repository.write",
                             "type": "user_group"
                           }
                         ],
                         "owner": "owner-name",
                         "permissions": [
                           {
                             "name": "super-admin-name",
                             "origin": "super-admin",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "owner-name",
                             "origin": "owner",
                             "permission": "repository.admin",
                             "type": "user"
                           },
                           {
                             "name": "user-group-name",
                             "origin": "permission",
                             "permission": "repository.write",
                             "type": "user_group"
                           }
                         ],
                         "private": true,
                         "repo_id": 676,
                         "repo_name": "user-group/repo-name",
                         "repo_type": "hg"
                       }
                     }
                 """
                 repo = get_repo_or_error(repoid)
                 cache = Optional.extract(cache)
                 include_secrets = False
                 if has_superadmin_permission(apiuser):
                     include_secrets = True
                 else:
                     # check if we have at least read permission for this repo !
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 permissions = []
                 for _user in repo.permissions():
                     user_data = {
                         'name': _user.username,
                         'permission': _user.permission,
                         'origin': get_origin(_user),
                         'type': "user",
                     }
                     permissions.append(user_data)
                 for _user_group in repo.permission_user_groups():
                     user_group_data = {
                         'name': _user_group.users_group_name,
                         'permission': _user_group.permission,
                         'origin': get_origin(_user_group),
                         'type': "user_group",
                     }
                     permissions.append(user_group_data)
                 following_users = [
                     user.user.get_api_data(include_secrets=include_secrets)
                     for user in repo.followers]
                 if not cache:
                     repo.update_commit_cache()
                 data = repo.get_api_data(include_secrets=include_secrets)
                 data['members'] = permissions  # TODO: this should be deprecated soon
                 data['permissions'] = permissions
                 data['followers'] = following_users
                 return data
             @jsonrpc_method()
             def get_repos(request, apiuser):
                 """
                 Lists all existing repositories.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                               {
                                 "repo_id" :          "<repo_id>",
                                 "repo_name" :        "<reponame>"
                                 "repo_type" :        "<repo_type>",
                                 "clone_uri" :        "<clone_uri>",
                                 "private": :         "<bool>",
                                 "created_on" :       "<datetimecreated>",
                                 "description" :      "<description>",
                                 "landing_rev":       "<landing_rev>",
                                 "owner":             "<repo_owner>",
                                 "fork_of":           "<name_of_fork_parent>",
                                 "enable_downloads":  "<bool>",
                                 "enable_locking":    "<bool>",
                                 "enable_statistics": "<bool>",
                               },
                               ...
                             ]
                     error:  null
                 """
                 include_secrets = has_superadmin_permission(apiuser)
                 _perms = ('repository.read', 'repository.write', 'repository.admin',)
                 extras = {'user': apiuser}
                 repo_list = RepoList(
                     RepoModel().get_all(), perm_set=_perms, extra_kwargs=extras)
                 return [repo.get_api_data(include_secrets=include_secrets)
                         for repo in repo_list]
             @jsonrpc_method()
             def get_repo_changeset(request, apiuser, repoid, revision,
                                    details=Optional('basic')):
                 """
                 Returns information about a changeset.
                 Additionally parameters define the amount of details returned by
                 this function.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository id
                 :type repoid: str or int
                 :param revision: revision for which listing should be done
                 :type revision: str
                 :param details: details can be 'basic|extended|full' full gives diff
                     info details like the diff itself, and number of changed files etc.
                 :type details: Optional(str)
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 _changes_details_types = ['basic', 'extended', 'full']
                 if changes_details not in _changes_details_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (
                             ','.join(_changes_details_types)))
                 pre_load = ['author', 'branch', 'date', 'message', 'parents',
                             'status', '_commit', '_file_paths']
                 try:
                     cs = repo.get_commit(commit_id=revision, pre_load=pre_load)
                 except TypeError as e:
                     raise JSONRPCError(e.message)
                 _cs_json = cs.__json__()
                 _cs_json['diff'] = build_commit_data(cs, changes_details)
                 if changes_details == 'full':
                     _cs_json['refs'] = {
                         'branches': [cs.branch],
                         'bookmarks': getattr(cs, 'bookmarks', []),
                         'tags': cs.tags
                     }
                 return _cs_json
             @jsonrpc_method()
             def get_repo_changesets(request, apiuser, repoid, start_rev, limit,
                                     details=Optional('basic')):
                 """
                 Returns a set of commits limited by the number starting
                 from the `start_rev` option.
                 Additional parameters define the amount of details returned by this
                 function.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param start_rev: The starting revision from where to get changesets.
                 :type start_rev: str
                 :param limit: Limit the number of commits to this amount
                 :type limit: str or int
                 :param details: Set the level of detail returned. Valid option are:
                     ``basic``, ``extended`` and ``full``.
                 :type details: Optional(str)
                 .. note::
                    Setting the parameter `details` to the value ``full`` is extensive
                    and returns details like the diff itself, and the number
                    of changed files.
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 changes_details = Optional.extract(details)
                 _changes_details_types = ['basic', 'extended', 'full']
                 if changes_details not in _changes_details_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (
                             ','.join(_changes_details_types)))
                 limit = int(limit)
                 pre_load = ['author', 'branch', 'date', 'message', 'parents',
                             'status', '_commit', '_file_paths']
                 vcs_repo = repo.scm_instance()
                 # SVN needs a special case to distinguish its index and commit id
                 if vcs_repo and vcs_repo.alias == 'svn' and (start_rev == '0'):
                     start_rev = vcs_repo.commit_ids[0]
                 try:
                     commits = vcs_repo.get_commits(
                         start_id=start_rev, pre_load=pre_load)
                 except TypeError as e:
                     raise JSONRPCError(e.message)
                 except Exception:
                     log.exception('Fetching of commits failed')
                     raise JSONRPCError('Error occurred during commit fetching')
                 ret = []
                 for cnt, commit in enumerate(commits):
                     if cnt >= limit != -1:
                         break
                     _cs_json = commit.__json__()
                     _cs_json['diff'] = build_commit_data(commit, changes_details)
                     if changes_details == 'full':
                         _cs_json['refs'] = {
                             'branches': [commit.branch],
                             'bookmarks': getattr(commit, 'bookmarks', []),
                             'tags': commit.tags
                         }
                     ret.append(_cs_json)
                 return ret
             @jsonrpc_method()
             def get_repo_nodes(request, apiuser, repoid, revision, root_path,
                                ret_type=Optional('all'), details=Optional('basic')):
                 """
                 Returns a list of nodes and children in a flat list for a given
                 path at given revision.
                 It's possible to specify ret_type to show only `files` or `dirs`.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param revision: The revision for which listing should be done.
                 :type revision: str
                 :param root_path: The path from which to start displaying.
                 :type root_path: str
                 :param ret_type: Set the return type. Valid options are
                     ``all`` (default), ``files`` and ``dirs``.
                 :type ret_type: Optional(str)
                 :param details: Returns extended information about nodes, such as
                     md5, binary, and or content.  The valid options are ``basic`` and
                     ``full``.
                 :type details: Optional(str)
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                               {
                                 "name" : "<name>"
                                 "type" : "<type>",
                                 "binary": "<true|false>" (only in extended mode)
                                 "md5"  : "<md5 of file content>" (only in extended mode)
                               },
                               ...
                             ]
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 ret_type = Optional.extract(ret_type)
                 details = Optional.extract(details)
                 _extended_types = ['basic', 'full']
                 if details not in _extended_types:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (','.join(_extended_types)))
                 extended_info = False
                 content = False
                 if details == 'basic':
                     extended_info = True
                 if details == 'full':
                     extended_info = content = True
                 _map = {}
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     _scm = repo.scm_instance()
                     if _scm.is_empty():
                         return []
                     _d, _f = ScmModel().get_nodes(
                         repo, revision, root_path, flat=False,
                         extended_info=extended_info, content=content)
                     _map = {
                         'all': _d + _f,
                         'files': _f,
                         'dirs': _d,
                     }
                     return _map[ret_type]
                 except KeyError:
                     raise JSONRPCError(
                         'ret_type must be one of %s' % (','.join(sorted(_map.keys()))))
                 except Exception:
                     log.exception("Exception occurred while trying to get repo nodes")
                     raise JSONRPCError(
                         'failed to get repo: `%s` nodes' % repo.repo_name
                     )
             @jsonrpc_method()
             def get_repo_refs(request, apiuser, repoid):
                 """
                 Returns a dictionary of current references. It returns
                 bookmarks, branches, closed_branches, and tags for given repository
                 It's possible to specify ret_type to show only `files` or `dirs`.
                 This command can only be run using an |authtoken| with admin rights,
                 or users with at least read rights to |repos|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: [
                               TODO...
                             ]
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write', 'repository.read',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     # check if repo is not empty by any chance, skip quicker if it is.
                     vcs_instance = repo.scm_instance()
                     refs = vcs_instance.refs()
                     return refs
                 except Exception:
                     log.exception("Exception occurred while trying to get repo refs")
                     raise JSONRPCError(
                         'failed to get repo: `%s` references' % repo.repo_name
                     )
             @jsonrpc_method()
             def create_repo(request, apiuser, repo_name, repo_type,
                             owner=Optional(OAttr('apiuser')), description=Optional(''),
                             private=Optional(False), clone_uri=Optional(None),
                             landing_rev=Optional('rev:tip'),
                             enable_statistics=Optional(False),
                             enable_locking=Optional(False),
                             enable_downloads=Optional(False),
                             copy_permissions=Optional(False)):
                 """
                 Creates a repository.
                 * If the repository name contains "/", all the required repository
                   groups will be created.
                   For example "foo/bar/baz" will create |repo| groups "foo" and "bar"
                   (with "foo" as parent). It will also create the "baz" repository
                   with "bar" as |repo| group.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repo_name: Set the repository name.
                 :type repo_name: str
                 :param repo_type: Set the repository type; 'hg','git', or 'svn'.
                 :type repo_type: str
                 :param owner: user_id or username
                 :type owner: Optional(str)
                 :param description: Set the repository description.
                 :type description: Optional(str)
                 :param private:
                 :type private: bool
                 :param clone_uri:
                 :type clone_uri: str
                 :param landing_rev: <rev_type>:<rev>
                 :type landing_rev: str
                 :param enable_locking:
                 :type enable_locking: bool
                 :param enable_downloads:
                 :type enable_downloads: bool
                 :param enable_statistics:
                 :type enable_statistics: bool
                 :param copy_permissions: Copy permission from group in which the
                     repository is being created.
                 :type copy_permissions: bool
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Created new repository `<reponame>`",
                               "success": true,
                               "task": "<celery task id or None if done sync>"
                             }
                     error:  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                      'failed to create repository `<repo_name>`
                   }
                 """
                 schema = RepoSchema()
                 try:
                     data = schema.deserialize({
                         'repo_name': repo_name
                     })
                 except colander.Invalid as e:
                     raise JSONRPCError("Validation failed: %s" % (e.asdict(),))
                 repo_name = data['repo_name']
                 (repo_name_cleaned,
                  parent_group_name) = RepoGroupModel()._get_group_name_and_parent(
                     repo_name)
                 if not HasPermissionAnyApi(
                         'hg.admin', 'hg.create.repository')(user=apiuser):
                     # check if we have admin permission for this repo group if given !
                     if parent_group_name:
                         repogroupid = parent_group_name
                         repo_group = get_repo_group_or_error(parent_group_name)
                         _perms = ('group.admin',)
                         if not HasRepoGroupPermissionAnyApi(*_perms)(
                                 user=apiuser, group_name=repo_group.group_name):
                             raise JSONRPCError(
                                 'repository group `%s` does not exist' % (
                                     repogroupid,))
                     else:
                         raise JSONRPCForbidden()
                 if not has_superadmin_permission(apiuser):
                     if not isinstance(owner, Optional):
                         # forbid setting owner for non-admins
                         raise JSONRPCError(
                             'Only RhodeCode admin can specify `owner` param')
                 if isinstance(owner, Optional):
                     owner = apiuser.user_id
                 owner = get_user_or_error(owner)
                 if RepoModel().get_by_repo_name(repo_name):
                     raise JSONRPCError("repo `%s` already exist" % repo_name)
                 defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
                 if isinstance(private, Optional):
                     private = defs.get('repo_private') or Optional.extract(private)
                 if isinstance(repo_type, Optional):
                     repo_type = defs.get('repo_type')
                 if isinstance(enable_statistics, Optional):
                     enable_statistics = defs.get('repo_enable_statistics')
                 if isinstance(enable_locking, Optional):
                     enable_locking = defs.get('repo_enable_locking')
                 if isinstance(enable_downloads, Optional):
                     enable_downloads = defs.get('repo_enable_downloads')
                 clone_uri = Optional.extract(clone_uri)
                 description = Optional.extract(description)
                 landing_rev = Optional.extract(landing_rev)
                 copy_permissions = Optional.extract(copy_permissions)
                 try:
                     # create structure of groups and return the last group
                     repo_group = map_groups(repo_name)
                     data = {
                         'repo_name': repo_name_cleaned,
                         'repo_name_full': repo_name,
                         'repo_type': repo_type,
                         'repo_description': description,
                         'owner': owner,
                         'repo_private': private,
                         'clone_uri': clone_uri,
                         'repo_group': repo_group.group_id if repo_group else None,
                         'repo_landing_rev': landing_rev,
                         'enable_statistics': enable_statistics,
                         'enable_locking': enable_locking,
                         'enable_downloads': enable_downloads,
                         'repo_copy_permissions': copy_permissions,
                     }
                     if repo_type not in BACKENDS.keys():
                         raise Exception("Invalid backend type %s" % repo_type)
                     task = RepoModel().create(form_data=data, cur_user=owner)
                     from celery.result import BaseAsyncResult
                     task_id = None
                     if isinstance(task, BaseAsyncResult):
                         task_id = task.task_id
                     # no commit, it's done in RepoModel, or async via celery
                     return {
                         'msg': "Created new repository `%s`" % (repo_name,),
                         'success': True,  # cannot return the repo data here since fork
                         # cann be done async
                         'task': task_id
                     }
                 except Exception:
                     log.exception(
                         u"Exception while trying to create the repository %s",
                         repo_name)
                     raise JSONRPCError(
                         'failed to create repository `%s`' % (repo_name,))
             @jsonrpc_method()
             def add_field_to_repo(request, apiuser, repoid, key, label=Optional(''),
                                   description=Optional('')):
                 """
                 Adds an extra field to a repository.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository id.
                 :type repoid: str or int
                 :param key: Create a unique field key for this repository.
                 :type key: str
                 :param label:
                 :type label: Optional(str)
                 :param description:
                 :type description: Optional(str)
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 label = Optional.extract(label) or key
                 description = Optional.extract(description)
                 field = RepositoryField.get_by_key_name(key, repo)
                 if field:
                     raise JSONRPCError('Field with key '
                                        '`%s` exists for repo `%s`' % (key, repoid))
                 try:
                     RepoModel().add_repo_field(repo, key, field_label=label,
                                                field_desc=description)
                     Session().commit()
                     return {
                         'msg': "Added new repository field `%s`" % (key,),
                         'success': True,
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to add field to repo")
                     raise JSONRPCError(
                         'failed to create new field for repository `%s`' % (repoid,))
             @jsonrpc_method()
             def remove_field_from_repo(request, apiuser, repoid, key):
                 """
                 Removes an extra field from a repository.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param key: Set the unique field key for this repository.
                 :type key: str
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 field = RepositoryField.get_by_key_name(key, repo)
                 if not field:
                     raise JSONRPCError('Field with key `%s` does not '
                                        'exists for repo `%s`' % (key, repoid))
                 try:
                     RepoModel().delete_repo_field(repo, field_key=key)
                     Session().commit()
                     return {
                         'msg': "Deleted repository field `%s`" % (key,),
                         'success': True,
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying to delete field from repo")
                     raise JSONRPCError(
                         'failed to delete field for repository `%s`' % (repoid,))
             @jsonrpc_method()
             def update_repo(request, apiuser, repoid, name=Optional(None),
                             owner=Optional(OAttr('apiuser')),
                             group=Optional(None),
+                            active=Optional(True),
                             fork_of=Optional(None),
                             description=Optional(''), private=Optional(False),
                             clone_uri=Optional(None), landing_rev=Optional('rev:tip'),
                             enable_statistics=Optional(False),
                             enable_locking=Optional(False),
                             enable_downloads=Optional(False),
                             fields=Optional('')):
                 """
                 Updates a repository with the given information.
                 This command can only be run using an |authtoken| with at least
                 write permissions to the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: repository name or repository ID.
                 :type repoid: str or int
                 :param name: Update the |repo| name.
                 :type name: str
                 :param owner: Set the |repo| owner.
                 :type owner: str
                 :param group: Set the |repo| group the |repo| belongs to.
                 :type group: str
                 :param fork_of: Set the master |repo| name.
                 :type fork_of: str
                 :param description: Update the |repo| description.
                 :type description: str
                 :param private: Set the |repo| as private. (True | False)
                 :type private: bool
                 :param clone_uri: Update the |repo| clone URI.
                 :type clone_uri: str
                 :param landing_rev: Set the |repo| landing revision. Default is
                     ``tip``.
                 :type landing_rev: str
                 :param enable_statistics: Enable statistics on the |repo|,
                     (True | False).
                 :type enable_statistics: bool
                 :param enable_locking: Enable |repo| locking.
                 :type enable_locking: bool
                 :param enable_downloads: Enable downloads from the |repo|,
                     (True | False).
                 :type enable_downloads: bool
                 :param fields: Add extra fields to the |repo|. Use the following
                     example format: ``field_key=field_val,field_key2=fieldval2``.
                     Escape ', ' with \,
                 :type fields: str
                 """
                 repo = get_repo_or_error(repoid)
                 include_secrets = False
                 if has_superadmin_permission(apiuser):
                     include_secrets = True
                 else:
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 updates = {
                     # update function requires this.
                     'repo_name': repo.just_name
                 }
                 repo_group = group
                 if not isinstance(repo_group, Optional):
                     repo_group = get_repo_group_or_error(repo_group)
                     repo_group = repo_group.group_id
                 repo_fork_of = fork_of
                 if not isinstance(repo_fork_of, Optional):
                     repo_fork_of = get_repo_or_error(repo_fork_of)
                     repo_fork_of = repo_fork_of.repo_id
                 try:
                     store_update(updates, name, 'repo_name')
                     store_update(updates, repo_group, 'repo_group')
                     store_update(updates, repo_fork_of, 'fork_id')
                     store_update(updates, owner, 'user')
+                    store_update(updates, active, 'active')
                     store_update(updates, description, 'repo_description')
                     store_update(updates, private, 'repo_private')
                     store_update(updates, clone_uri, 'clone_uri')
                     store_update(updates, landing_rev, 'repo_landing_rev')
                     store_update(updates, enable_statistics, 'repo_enable_statistics')
                     store_update(updates, enable_locking, 'repo_enable_locking')
                     store_update(updates, enable_downloads, 'repo_enable_downloads')
                     # extra fields
                     fields = parse_args(Optional.extract(fields), key_prefix='ex_')
                     if fields:
                         updates.update(fields)
                     RepoModel().update(repo, **updates)
                     Session().commit()
                     return {
                         'msg': 'updated repo ID:%s %s' % (
                             repo.repo_id, repo.repo_name),
                         'repository': repo.get_api_data(
                             include_secrets=include_secrets)
                     }
                 except Exception:
                     log.exception(
                         u"Exception while trying to update the repository %s",
                         repoid)
                     raise JSONRPCError('failed to update repo `%s`' % repoid)
             @jsonrpc_method()
             def fork_repo(request, apiuser, repoid, fork_name,
                           owner=Optional(OAttr('apiuser')),
                           description=Optional(''), copy_permissions=Optional(False),
                           private=Optional(False), landing_rev=Optional('rev:tip')):
                 """
                 Creates a fork of the specified |repo|.
                 * If using |RCE| with Celery this will immediately return a success
                   message, even though the fork will be created asynchronously.
                 This command can only be run using an |authtoken| with fork
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set repository name or repository ID.
                 :type repoid: str or int
                 :param fork_name: Set the fork name.
                 :type fork_name: str
                 :param owner: Set the fork owner.
                 :type owner: str
                 :param description: Set the fork descripton.
                 :type description: str
                 :param copy_permissions: Copy permissions from parent |repo|. The
                     default is False.
                 :type copy_permissions: bool
                 :param private: Make the fork private. The default is False.
                 :type private: bool
                 :param landing_rev: Set the landing revision. The default is tip.
                 Example output:
                 .. code-block:: bash
                     id : <id_for_response>
                     api_key : "<api_key>"
                     args:     {
                                 "repoid" :          "<reponame or repo_id>",
                                 "fork_name":        "<forkname>",
                                 "owner":            "<username or user_id = Optional(=apiuser)>",
                                 "description":      "<description>",
                                 "copy_permissions": "<bool>",
                                 "private":          "<bool>",
                                 "landing_rev":      "<landing_rev>"
                               }
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Created fork of `<reponame>` as `<forkname>`",
                               "success": true,
                               "task": "<celery task id or None if done sync>"
                             }
                     error:  null
                 """
                 if not has_superadmin_permission(apiuser):
                     if not HasPermissionAnyApi('hg.fork.repository')(user=apiuser):
                         raise JSONRPCForbidden()
                 repo = get_repo_or_error(repoid)
                 repo_name = repo.repo_name
                 (fork_name_cleaned,
                  parent_group_name) = RepoGroupModel()._get_group_name_and_parent(
                     fork_name)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for
                     # this repo that we fork !
                     _perms = (
                         'repository.admin', 'repository.write', 'repository.read')
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                     if not isinstance(owner, Optional):
                         # forbid setting owner for non super admins
                         raise JSONRPCError(
                             'Only RhodeCode admin can specify `owner` param'
                         )
                     # check if we have a create.repo permission if not maybe the parent
                     # group permission
                     if not HasPermissionAnyApi('hg.create.repository')(user=apiuser):
                         if parent_group_name:
                             repogroupid = parent_group_name
                             repo_group = get_repo_group_or_error(parent_group_name)
                             _perms = ('group.admin',)
                             if not HasRepoGroupPermissionAnyApi(*_perms)(
                                     user=apiuser, group_name=repo_group.group_name):
                                 raise JSONRPCError(
                                     'repository group `%s` does not exist' % (
                                         repogroupid,))
                         else:
                             raise JSONRPCForbidden()
                 _repo = RepoModel().get_by_repo_name(fork_name)
                 if _repo:
                     type_ = 'fork' if _repo.fork else 'repo'
                     raise JSONRPCError("%s `%s` already exist" % (type_, fork_name))
                 if isinstance(owner, Optional):
                     owner = apiuser.user_id
                 owner = get_user_or_error(owner)
                 try:
                     # create structure of groups and return the last group
                     repo_group = map_groups(fork_name)
                     form_data = {
                         'repo_name': fork_name_cleaned,
                         'repo_name_full': fork_name,
                         'repo_group': repo_group.group_id if repo_group else None,
                         'repo_type': repo.repo_type,
                         'description': Optional.extract(description),
                         'private': Optional.extract(private),
                         'copy_permissions': Optional.extract(copy_permissions),
                         'landing_rev': Optional.extract(landing_rev),
                         'fork_parent_id': repo.repo_id,
                     }
                     task = RepoModel().create_fork(form_data, cur_user=owner)
                     # no commit, it's done in RepoModel, or async via celery
                     from celery.result import BaseAsyncResult
                     task_id = None
                     if isinstance(task, BaseAsyncResult):
                         task_id = task.task_id
                     return {
                         'msg': 'Created fork of `%s` as `%s`' % (
                             repo.repo_name, fork_name),
                         'success': True,  # cannot return the repo data here since fork
                         # can be done async
                         'task': task_id
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to fork a repo")
                     raise JSONRPCError(
                         'failed to fork repository `%s` as `%s`' % (
                             repo_name, fork_name))
             @jsonrpc_method()
             def delete_repo(request, apiuser, repoid, forks=Optional('')):
                 """
                 Deletes a repository.
                 * When the `forks` parameter is set it's possible to detach or delete
                   forks of deleted repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param forks: Set to `detach` or `delete` forks from the |repo|.
                 :type forks: Optional(str)
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg": "Deleted repository `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     handle_forks = Optional.extract(forks)
                     _forks_msg = ''
                     _forks = [f for f in repo.forks]
                     if handle_forks == 'detach':
                         _forks_msg = ' ' + 'Detached %s forks' % len(_forks)
                     elif handle_forks == 'delete':
                         _forks_msg = ' ' + 'Deleted %s forks' % len(_forks)
                     elif _forks:
                         raise JSONRPCError(
                             'Cannot delete `%s` it still contains attached forks' %
                             (repo.repo_name,)
                         )
                     RepoModel().delete(repo, forks=forks)
                     Session().commit()
                     return {
                         'msg': 'Deleted repository `%s`%s' % (
                             repo.repo_name, _forks_msg),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to delete repo")
                     raise JSONRPCError(
                         'failed to delete repository `%s`' % (repo.repo_name,)
                     )
             #TODO: marcink, change name ?
             @jsonrpc_method()
             def invalidate_cache(request, apiuser, repoid, delete_keys=Optional(False)):
                 """
                 Invalidates the cache for the specified repository.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Sets the repository name or repository ID.
                 :type repoid: str or int
                 :param delete_keys: This deletes the invalidated keys instead of
                     just flagging them.
                 :type delete_keys: Optional(``True`` | ``False``)
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'msg': Cache for repository `<repository name>` was invalidated,
                     'repository': <repository name>
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error : {
                      'Error occurred during cache invalidation action'
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin', 'repository.write',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 delete = Optional.extract(delete_keys)
                 try:
                     ScmModel().mark_for_invalidation(repo.repo_name, delete=delete)
                     return {
                         'msg': 'Cache for repository `%s` was invalidated' % (repoid,),
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying to invalidate repo cache")
                     raise JSONRPCError(
                         'Error occurred during cache invalidation action'
                     )
             #TODO: marcink, change name ?
             @jsonrpc_method()
             def lock(request, apiuser, repoid, locked=Optional(None),
                      userid=Optional(OAttr('apiuser'))):
                 """
                 Sets the lock state of the specified |repo| by the given user.
                 From more information, see :ref:`repo-locking`.
                 * If the ``userid`` option is not set, the repository is locked to the
                   user who called the method.
                 * If the ``locked`` parameter is not set, the current lock state of the
                   repository is displayed.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Sets the repository name or repository ID.
                 :type repoid: str or int
                 :param locked: Sets the lock state.
                 :type locked: Optional(``True`` | ``False``)
                 :param userid: Set the repository lock to this user.
                 :type userid: Optional(str or int)
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     'repo': '<reponame>',
                     'locked': <bool: lock state>,
                     'locked_since': <int: lock timestamp>,
                     'locked_by': <username of person who made the lock>,
                     'lock_reason': <str: reason for locking>,
                     'lock_state_changed': <bool: True if lock state has been changed in this request>,
                     'msg': 'Repo `<reponame>` locked by `<username>` on <timestamp>.'
                     or
                     'msg': 'Repo `<repository name>` not locked.'
                     or
                     'msg': 'User `<user name>` set lock state for repo `<repository name>` to `<new lock state>`'
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     'Error occurred locking repository `<reponame>`
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least write permission for this repo !
                     _perms = ('repository.admin', 'repository.write',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                     # make sure normal user does not pass someone else userid,
                     # he is not allowed to do that
                     if not isinstance(userid, Optional) and userid != apiuser.user_id:
                         raise JSONRPCError('userid is not the same as your user')
                 if isinstance(userid, Optional):
                     userid = apiuser.user_id
                 user = get_user_or_error(userid)
                 if isinstance(locked, Optional):
                     lockobj = repo.locked
                     if lockobj[0] is None:
                         _d = {
                             'repo': repo.repo_name,
                             'locked': False,
                             'locked_since': None,
                             'locked_by': None,
                             'lock_reason': None,
                             'lock_state_changed': False,
                             'msg': 'Repo `%s` not locked.' % repo.repo_name
                         }
                         return _d
                     else:
                         _user_id, _time, _reason = lockobj
                         lock_user = get_user_or_error(userid)
                         _d = {
                             'repo': repo.repo_name,
                             'locked': True,
                             'locked_since': _time,
                             'locked_by': lock_user.username,
                             'lock_reason': _reason,
                             'lock_state_changed': False,
                             'msg': ('Repo `%s` locked by `%s` on `%s`.'
                                     % (repo.repo_name, lock_user.username,
                                        json.dumps(time_to_datetime(_time))))
                         }
                         return _d
                 # force locked state through a flag
                 else:
                     locked = str2bool(locked)
                     lock_reason = Repository.LOCK_API
                     try:
                         if locked:
                             lock_time = time.time()
                             Repository.lock(repo, user.user_id, lock_time, lock_reason)
                         else:
                             lock_time = None
                             Repository.unlock(repo)
                         _d = {
                             'repo': repo.repo_name,
                             'locked': locked,
                             'locked_since': lock_time,
                             'locked_by': user.username,
                             'lock_reason': lock_reason,
                             'lock_state_changed': True,
                             'msg': ('User `%s` set lock state for repo `%s` to `%s`'
                                     % (user.username, repo.repo_name, locked))
                         }
                         return _d
                     except Exception:
                         log.exception(
                             "Exception occurred while trying to lock repository")
                         raise JSONRPCError(
                             'Error occurred locking repository `%s`' % repo.repo_name
                         )
             @jsonrpc_method()
             def comment_commit(
                     request, apiuser, repoid, commit_id, message,
                     userid=Optional(OAttr('apiuser')), status=Optional(None)):
                 """
                 Set a commit comment, and optionally change the status of the commit.
                 This command can be executed only using api_key belonging to user
                 with admin rights, or repository administrator.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param commit_id: Specify the commit_id for which to set a comment.
                 :type commit_id: str
                 :param message: The comment text.
                 :type message: str
                 :param userid: Set the user name of the comment creator.
                 :type userid: Optional(str or int)
                 :param status: status, one of 'not_reviewed', 'approved', 'rejected',
                    'under_review'
                 :type status: str
                 Example error output:
                 .. code-block:: json
                     {
                         "id" : <id_given_in_input>,
                         "result" : {
                             "msg": "Commented on commit `<commit_id>` for repository `<repoid>`",
                             "status_change": null or <status>,
                             "success": true
                         },
                         "error" :  null
                     }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 if isinstance(userid, Optional):
                     userid = apiuser.user_id
                 user = get_user_or_error(userid)
                 status = Optional.extract(status)
                 allowed_statuses = [x[0] for x in ChangesetStatus.STATUSES]
                 if status and status not in allowed_statuses:
                     raise JSONRPCError('Bad status, must be on '
                                        'of %s got %s' % (allowed_statuses, status,))
                 try:
                     rc_config = SettingsModel().get_all_settings()
                     renderer = rc_config.get('rhodecode_markup_renderer', 'rst')
                     comm = ChangesetCommentsModel().create(
                         message, repo, user, revision=commit_id, status_change=status,
                         renderer=renderer)
                     if status:
                         # also do a status change
                         try:
                             ChangesetStatusModel().set_status(
                                 repo, status, user, comm, revision=commit_id,
                                 dont_allow_on_closed_pull_request=True
                             )
                         except StatusChangeOnClosedPullRequestError:
                             log.exception(
                                 "Exception occurred while trying to change repo commit status")
                             msg = ('Changing status on a changeset associated with '
                                    'a closed pull request is not allowed')
                             raise JSONRPCError(msg)
                     Session().commit()
                     return {
                         'msg': (
                             'Commented on commit `%s` for repository `%s`' % (
                                 comm.revision, repo.repo_name)),
                         'status_change': status,
                         'success': True,
                     }
                 except JSONRPCError:
                     # catch any inside errors, and re-raise them to prevent from
                     # below global catch to silence them
                     raise
                 except Exception:
                     log.exception("Exception occurred while trying to comment on commit")
                     raise JSONRPCError(
                         'failed to set comment on repository `%s`' % (repo.repo_name,)
                     )
             @jsonrpc_method()
             def grant_user_permission(request, apiuser, repoid, userid, perm):
                 """
                 Grant permissions for the specified user on the given repository,
                 or update existing permissions if found.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param userid: Set the user name.
                 :type userid: str
                 :param perm: Set the user permissions, using the following format
                     ``(repository.(none|read|write|admin))``
                 :type perm: str
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Granted perm: `<perm>` for user: `<username>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 user = get_user_or_error(userid)
                 perm = get_perm_or_error(perm)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
                     Session().commit()
                     return {
                         'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
                             perm.permission_name, user.username, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying edit permissions for repo")
                     raise JSONRPCError(
                         'failed to edit permission for user: `%s` in repo: `%s`' % (
                             userid, repoid
                         )
                     )
             @jsonrpc_method()
             def revoke_user_permission(request, apiuser, repoid, userid):
                 """
                 Revoke permission for a user on the specified repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param userid: Set the user name of revoked user.
                 :type userid: str or int
                 Example error output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm for user: `<username>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 user = get_user_or_error(userid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     RepoModel().revoke_user_permission(repo=repo, user=user)
                     Session().commit()
                     return {
                         'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
                             user.username, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying revoke permissions to repo")
                     raise JSONRPCError(
                         'failed to edit permission for user: `%s` in repo: `%s`' % (
                             userid, repoid
                         )
                     )
             @jsonrpc_method()
             def grant_user_group_permission(request, apiuser, repoid, usergroupid, perm):
                 """
                 Grant permission for a user group on the specified repository,
                 or update existing permissions.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param usergroupid: Specify the ID of the user group.
                 :type usergroupid: str or int
                 :param perm: Set the user group permissions using the following
                     format: (repository.(none|read|write|admin))
                 :type perm: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",
                     "success": true
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "failed to edit permission for user group: `<usergroup>` in repo `<repo>`'
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 perm = get_perm_or_error(perm)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 try:
                     RepoModel().grant_user_group_permission(
                         repo=repo, group_name=user_group, perm=perm)
                     Session().commit()
                     return {
                         'msg': 'Granted perm: `%s` for user group: `%s` in '
                                'repo: `%s`' % (
                                    perm.permission_name, user_group.users_group_name,
                                    repo.repo_name
                                ),
                         'success': True
                     }
                 except Exception:
                     log.exception(
                         "Exception occurred while trying change permission on repo")
                     raise JSONRPCError(
                         'failed to edit permission for user group: `%s` in '
                         'repo: `%s`' % (
                             usergroupid, repo.repo_name
                         )
                     )
             @jsonrpc_method()
             def revoke_user_group_permission(request, apiuser, repoid, usergroupid):
                 """
                 Revoke the permissions of a user group on a given repository.
                 This command can only be run using an |authtoken| with admin
                 permissions on the |repo|.
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: Set the repository name or repository ID.
                 :type repoid: str or int
                 :param usergroupid: Specify the user group ID.
                 :type usergroupid: str or int
                 Example output:
                 .. code-block:: bash
                     id : <id_given_in_input>
                     result: {
                               "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",
                               "success": true
                             }
                     error:  null
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 user_group = get_user_group_or_error(usergroupid)
                 if not has_superadmin_permission(apiuser):
                     # check if we have at least read permission for this user group !
                     _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
                     if not HasUserGroupPermissionAnyApi(*_perms)(
                             user=apiuser, user_group_name=user_group.users_group_name):
                         raise JSONRPCError(
                             'user group `%s` does not exist' % (usergroupid,))
                 try:
                     RepoModel().revoke_user_group_permission(
                         repo=repo, group_name=user_group)
                     Session().commit()
                     return {
                         'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (
                             user_group.users_group_name, repo.repo_name
                         ),
                         'success': True
                     }
                 except Exception:
                     log.exception("Exception occurred while trying revoke "
                                   "user group permission on repo")
                     raise JSONRPCError(
                         'failed to edit permission for user group: `%s` in '
                         'repo: `%s`' % (
                             user_group.users_group_name, repo.repo_name
                         )
                     )
             @jsonrpc_method()
             def pull(request, apiuser, repoid):
                 """
                 Triggers a pull on the given repository from a remote location. You
                 can use this to keep remote repositories up-to-date.
                 This command can only be run using an |authtoken| with admin
                 rights to the specified repository. For more information,
                 see :ref:`config-token-ref`.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "Pulled from `<repository name>`"
                     "repository": "<repository name>"
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "Unable to pull changes from `<reponame>`"
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     ScmModel().pull_changes(repo.repo_name, apiuser.username)
                     return {
                         'msg': 'Pulled from `%s`' % repo.repo_name,
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception("Exception occurred while trying to "
                                   "pull changes from remote location")
                     raise JSONRPCError(
                         'Unable to pull changes from `%s`' % repo.repo_name
                     )
             @jsonrpc_method()
             def strip(request, apiuser, repoid, revision, branch):
                 """
                 Strips the given revision from the specified repository.
                 * This will remove the revision and all of its decendants.
                 This command can only be run using an |authtoken| with admin rights to
                 the specified repository.
                 This command takes the following options:
                 :param apiuser: This is filled automatically from the |authtoken|.
                 :type apiuser: AuthUser
                 :param repoid: The repository name or repository ID.
                 :type repoid: str or int
                 :param revision: The revision you wish to strip.
                 :type revision: str
                 :param branch: The branch from which to strip the revision.
                 :type branch: str
                 Example output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : {
                     "msg": "'Stripped commit <commit_hash> from repo `<repository name>`'"
                     "repository": "<repository name>"
                   }
                   error :  null
                 Example error output:
                 .. code-block:: bash
                   id : <id_given_in_input>
                   result : null
                   error :  {
                     "Unable to strip commit <commit_hash> from repo `<repository name>`"
                   }
                 """
                 repo = get_repo_or_error(repoid)
                 if not has_superadmin_permission(apiuser):
                     _perms = ('repository.admin',)
                     has_repo_permissions(apiuser, repoid, repo, _perms)
                 try:
                     ScmModel().strip(repo, revision, branch)
                     return {
                         'msg': 'Stripped commit %s from repo `%s`' % (
                             revision, repo.repo_name),
                         'repository': repo.repo_name
                     }
                 except Exception:
                     log.exception("Exception while trying to strip")
                     raise JSONRPCError(
                         'Unable to strip commit %s from repo `%s`' % (
                             revision, repo.repo_name)
                     )

rhodecode/model/db.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/user_group.py

0 +7 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2016  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             user group model for RhodeCode
             """
             import logging
             import traceback
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.model import BaseModel
             from rhodecode.model.db import UserGroupMember, UserGroup,\
                 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\
                 UserGroupUserGroupToPerm, UserGroupRepoGroupToPerm
             from rhodecode.lib.exceptions import UserGroupAssignedException,\
                 RepoGroupAssignmentError
             from rhodecode.lib.utils2 import get_current_rhodecode_user, action_logger_generic
             log = logging.getLogger(__name__)
             class UserGroupModel(BaseModel):
                 cls = UserGroup
                 def _get_user_group(self, user_group):
                     return self._get_instance(UserGroup, user_group,
                                               callback=UserGroup.get_by_group_name)
                 def _create_default_perms(self, user_group):
                     # create default permission
                     default_perm = 'usergroup.read'
                     def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('usergroup.'):
                             default_perm = p.permission.permission_name
                             break
                     user_group_to_perm = UserUserGroupToPerm()
                     user_group_to_perm.permission = Permission.get_by_key(default_perm)
                     user_group_to_perm.user_group = user_group
                     user_group_to_perm.user_id = def_user.user_id
                     return user_group_to_perm
                 def update_permissions(self, user_group, perm_additions=None, perm_updates=None,
                                        perm_deletions=None, check_perms=True, cur_user=None):
                     from rhodecode.lib.auth import HasUserGroupPermissionAny
                     if not perm_additions:
                         perm_additions = []
                     if not perm_updates:
                         perm_updates = []
                     if not perm_deletions:
                         perm_deletions = []
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     # update permissions
                     for member_id, perm, member_type in perm_updates:
                         member_id = int(member_id)
                         if member_type == 'user':
                             # this updates existing one
                             self.grant_user_permission(
                                 user_group=user_group, user=member_id, perm=perm
                             )
                         else:
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(*req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     target_user_group=user_group, user_group=member_id, perm=perm
                                 )
                     # set new permissions
                     for member_id, perm, member_type in perm_additions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             self.grant_user_permission(
                                 user_group=user_group, user=member_id, perm=perm
                             )
                         else:
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(*req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     target_user_group=user_group, user_group=member_id, perm=perm
                                 )
                     # delete permissions
                     for member_id, perm, member_type in perm_deletions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             self.revoke_user_permission(user_group=user_group, user=member_id)
                         else:
                             #check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(*req_perms)(member_name, user=cur_user):
                                 self.revoke_user_group_permission(
                                     target_user_group=user_group, user_group=member_id
                                 )
                 def get(self, user_group_id, cache=False):
                     return UserGroup.get(user_group_id)
                 def get_group(self, user_group):
                     return self._get_user_group(user_group)
                 def get_by_name(self, name, cache=False, case_insensitive=False):
                     return UserGroup.get_by_group_name(name, cache, case_insensitive)
                 def create(self, name, description, owner, active=True, group_data=None):
                     try:
                         new_user_group = UserGroup()
                         new_user_group.user = self._get_user(owner)
                         new_user_group.users_group_name = name
                         new_user_group.user_group_description = description
                         new_user_group.users_group_active = active
                         if group_data:
                             new_user_group.group_data = group_data
                         self.sa.add(new_user_group)
                         perm_obj = self._create_default_perms(new_user_group)
                         self.sa.add(perm_obj)
                         self.grant_user_permission(user_group=new_user_group,
                                                    user=owner, perm='usergroup.admin')
                         return new_user_group
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _get_memberships_for_user_ids(self, user_group, user_id_list):
                     members = []
                     for user_id in user_id_list:
                         member = self._get_membership(user_group.users_group_id, user_id)
                         members.append(member)
                     return members
                 def _get_added_and_removed_user_ids(self, user_group, user_id_list):
                     current_members = user_group.members or []
                     current_members_ids = [m.user.user_id for m in current_members]
                     added_members = [
                         user_id for user_id in user_id_list
                         if user_id not in current_members_ids]
                     if user_id_list == []:
                         # all members were deleted
                         deleted_members = current_members_ids
                     else:
                         deleted_members = [
                             user_id for user_id in current_members_ids
                             if user_id not in user_id_list]
                     return (added_members, deleted_members)
                 def _set_users_as_members(self, user_group, user_ids):
                     user_group.members = []
                     self.sa.flush()
                     members = self._get_memberships_for_user_ids(
                         user_group, user_ids)
                     user_group.members = members
                     self.sa.add(user_group)
                 def _update_members_from_user_ids(self, user_group, user_ids):
                     added, removed = self._get_added_and_removed_user_ids(
                         user_group, user_ids)
                     self._set_users_as_members(user_group, user_ids)
                     self._log_user_changes('added to', user_group, added)
                     self._log_user_changes('removed from', user_group, removed)
                 def _clean_members_data(self, members_data):
                     # TODO: anderson: this should be in the form validation but I couldn't
                     # make it work there as it conflicts with the other validator
                     if not members_data:
                         members_data = []
                     if isinstance(members_data, basestring):
                         new_members = [members_data]
                     else:
                         new_members = members_data
                     new_members = [int(uid) for uid in new_members]
                     return new_members
                 def update(self, user_group, form_data):
                     user_group = self._get_user_group(user_group)
                     if 'users_group_name' in form_data:
                         user_group.users_group_name = form_data['users_group_name']
                     if 'users_group_active' in form_data:
                         user_group.users_group_active = form_data['users_group_active']
                     if 'user_group_description' in form_data:
                         user_group.user_group_description = form_data[
                             'user_group_description']
                     # handle owner change
                     if 'user' in form_data:
                         owner = form_data['user']
                         if isinstance(owner, basestring):
-                            user_group.user = User.get_by_username(form_data['user'])
+                            owner = User.get_by_username(form_data['user'])
+                        if not isinstance(owner, User):
+                            raise ValueError(
+                                'invalid owner for user group: %s' % form_data['user'])
+                        user_group.user = owner
                     if 'users_group_members' in form_data:
                         members_id_list = self._clean_members_data(
                             form_data['users_group_members'])
                         self._update_members_from_user_ids(user_group, members_id_list)
                     self.sa.add(user_group)
                 def delete(self, user_group, force=False):
                     """
                     Deletes repository group, unless force flag is used
                     raises exception if there are members in that group, else deletes
                     group and users
                     :param user_group:
                     :param force:
                     """
                     user_group = self._get_user_group(user_group)
                     try:
                         # check if this group is not assigned to repo
                         assigned_to_repo = [x.repository for x in UserGroupRepoToPerm.query()\
                             .filter(UserGroupRepoToPerm.users_group == user_group).all()]
                         # check if this group is not assigned to repo
                         assigned_to_repo_group = [x.group for x in UserGroupRepoGroupToPerm.query()\
                             .filter(UserGroupRepoGroupToPerm.users_group == user_group).all()]
                         if (assigned_to_repo or assigned_to_repo_group) and not force:
                             assigned = ','.join(map(safe_str,
                                                 assigned_to_repo+assigned_to_repo_group))
                             raise UserGroupAssignedException(
                                 'UserGroup assigned to %s' % (assigned,))
                         self.sa.delete(user_group)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _log_user_changes(self, action, user_group, user_or_users):
                     users = user_or_users
                     if not isinstance(users, (list, tuple)):
                         users = [users]
                     rhodecode_user = get_current_rhodecode_user()
                     ipaddr = getattr(rhodecode_user, 'ip_addr', '')
                     group_name = user_group.users_group_name
                     for user_or_user_id in users:
                         user = self._get_user(user_or_user_id)
                         log_text = 'User {user} {action} {group}'.format(
                             action=action, user=user.username, group=group_name)
                         log.info('Logging action: {0} by {1} ip:{2}'.format(
                                  log_text, rhodecode_user, ipaddr))
                 def _find_user_in_group(self, user, user_group):
                     user_group_member = None
                     for m in user_group.members:
                         if m.user_id == user.user_id:
                             # Found this user's membership row
                             user_group_member = m
                             break
                     return user_group_member
                 def _get_membership(self, user_group_id, user_id):
                     user_group_member = UserGroupMember(user_group_id, user_id)
                     return user_group_member
                 def add_user_to_group(self, user_group, user):
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     user_member = self._find_user_in_group(user, user_group)
                     if user_member:
                         # user already in the group, skip
                         return True
                     member = self._get_membership(
                         user_group.users_group_id, user.user_id)
                     user_group.members.append(member)
                     try:
                         self.sa.add(member)
                     except Exception:
                         # what could go wrong here?
                         log.error(traceback.format_exc())
                         raise
                     self._log_user_changes('added to', user_group, user)
                     return member
                 def remove_user_from_group(self, user_group, user):
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     user_group_member = self._find_user_in_group(user, user_group)
                     if not user_group_member:
                         # User isn't in that group
                         return False
                     try:
                         self.sa.delete(user_group_member)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                     self._log_user_changes('removed from', user_group, user)
                     return True
                 def has_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     return UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserGroupToPerm()
                     new.users_group = user_group
                     new.permission = perm
                     self.sa.add(new)
                     return new
                 def revoke_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     obj = UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm).scalar()
                     if obj:
                         self.sa.delete(obj)
                 def grant_user_permission(self, user_group, user, perm):
                     """
                     Grant permission for user on given user group, or update
                     existing one if found
                     :param user_group: Instance of UserGroup, users_group_id,
                         or users_group_name
                     :param user: Instance of User, user_id or username
                     :param perm: Instance of Permission, or permission_name
                     """
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserUserGroupToPerm)\
                         .filter(UserUserGroupToPerm.user == user)\
                         .filter(UserUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserUserGroupToPerm()
                     obj.user_group = user_group
                     obj.user = user
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, user, user_group)
                     action_logger_generic(
                         'granted permission: {} to user: {} on usergroup: {}'.format(
                             perm, user, user_group), namespace='security.usergroup')
                     return obj
                 def revoke_user_permission(self, user_group, user):
                     """
                     Revoke permission for user on given user group
                     :param user_group: Instance of UserGroup, users_group_id,
                         or users_group name
                     :param user: Instance of User, user_id or username
                     """
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     obj = self.sa.query(UserUserGroupToPerm)\
                         .filter(UserUserGroupToPerm.user == user)\
                         .filter(UserUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm on %s on %s', user_group, user)
                         action_logger_generic(
                             'revoked permission from user: {} on usergroup: {}'.format(
                                 user, user_group), namespace='security.usergroup')
                 def grant_user_group_permission(self, target_user_group, user_group, perm):
                     """
                     Grant user group permission for given target_user_group
                     :param target_user_group:
                     :param user_group:
                     :param perm:
                     """
                     target_user_group = self._get_user_group(target_user_group)
                     user_group = self._get_user_group(user_group)
                     permission = self._get_perm(perm)
                     # forbid assigning same user group to itself
                     if target_user_group == user_group:
                         raise RepoGroupAssignmentError('target repo:%s cannot be '
                                                        'assigned to itself' % target_user_group)
                     # check if we have that permission already
                     obj = self.sa.query(UserGroupUserGroupToPerm)\
                         .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
                         .filter(UserGroupUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserGroupUserGroupToPerm()
                     obj.user_group = user_group
                     obj.target_user_group = target_user_group
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug(
                         'Granted perm %s to %s on %s', perm, target_user_group, user_group)
                     action_logger_generic(
                         'granted permission: {} to usergroup: {} on usergroup: {}'.format(
                             perm, user_group, target_user_group),
                         namespace='security.usergroup')
                     return obj
                 def revoke_user_group_permission(self, target_user_group, user_group):
                     """
                     Revoke user group permission for given target_user_group
                     :param target_user_group:
                     :param user_group:
                     """
                     target_user_group = self._get_user_group(target_user_group)
                     user_group = self._get_user_group(user_group)
                     obj = self.sa.query(UserGroupUserGroupToPerm)\
                         .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
                         .filter(UserGroupUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug(
                             'Revoked perm on %s on %s', target_user_group, user_group)
                         action_logger_generic(
                             'revoked permission from usergroup: {} on usergroup: {}'.format(
                                 user_group, target_user_group),
                             namespace='security.repogroup')
                 def enforce_groups(self, user, groups, extern_type=None):
                     user = self._get_user(user)
                     log.debug('Enforcing groups %s on user %s', groups, user)
                     current_groups = user.group_member
                     # find the external created groups
                     externals = [x.users_group for x in current_groups
                                  if 'extern_type' in x.users_group.group_data]
                     # calculate from what groups user should be removed
                     # externals that are not in groups
                     for gr in externals:
                         if gr.users_group_name not in groups:
                             log.debug('Removing user %s from user group %s', user, gr)
                             self.remove_user_from_group(gr, user)
                     # now we calculate in which groups user should be == groups params
                     owner = User.get_first_admin().username
                     for gr in set(groups):
                         existing_group = UserGroup.get_by_group_name(gr)
                         if not existing_group:
                             desc = 'Automatically created from plugin:%s' % extern_type
                             # we use first admin account to set the owner of the group
                             existing_group = UserGroupModel().create(gr, desc, owner,
                                                     group_data={'extern_type': extern_type})
                         # we can only add users to special groups created via plugins
                         managed = 'extern_type' in existing_group.group_data
                         if managed:
                             log.debug('Adding user %s to user group %s', user, gr)
                             UserGroupModel().add_user_to_group(existing_group, user)
                         else:
                             log.debug('Skipping addition to group %s since it is '
                                       'not managed by auth plugins' % gr)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages