##// END OF EJS Templates
permissions: flush members of user groups permissions to clear caches....
marcink -
r3153:37902585 default
parent child Browse files
Show More
@@ -1,109 +1,116 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2018 RhodeCode GmbH
3 # Copyright (C) 2011-2018 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from pyramid.view import view_config
23 from pyramid.view import view_config
24 from pyramid.httpexceptions import HTTPFound
24 from pyramid.httpexceptions import HTTPFound
25
25
26 from rhodecode import events
26 from rhodecode import events
27 from rhodecode.apps._base import RepoGroupAppView
27 from rhodecode.apps._base import RepoGroupAppView
28 from rhodecode.lib import helpers as h
28 from rhodecode.lib import helpers as h
29 from rhodecode.lib import audit_logger
29 from rhodecode.lib import audit_logger
30 from rhodecode.lib.auth import (
30 from rhodecode.lib.auth import (
31 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
31 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
32 from rhodecode.lib.utils2 import safe_int
33 from rhodecode.model.db import UserGroup
32 from rhodecode.model.repo_group import RepoGroupModel
34 from rhodecode.model.repo_group import RepoGroupModel
33 from rhodecode.model.forms import RepoGroupPermsForm
35 from rhodecode.model.forms import RepoGroupPermsForm
34 from rhodecode.model.meta import Session
36 from rhodecode.model.meta import Session
35
37
36 log = logging.getLogger(__name__)
38 log = logging.getLogger(__name__)
37
39
38
40
39 class RepoGroupPermissionsView(RepoGroupAppView):
41 class RepoGroupPermissionsView(RepoGroupAppView):
40 def load_default_context(self):
42 def load_default_context(self):
41 c = self._get_local_tmpl_context()
43 c = self._get_local_tmpl_context()
42
44
43 return c
45 return c
44
46
45 @LoginRequired()
47 @LoginRequired()
46 @HasRepoGroupPermissionAnyDecorator('group.admin')
48 @HasRepoGroupPermissionAnyDecorator('group.admin')
47 @view_config(
49 @view_config(
48 route_name='edit_repo_group_perms', request_method='GET',
50 route_name='edit_repo_group_perms', request_method='GET',
49 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
51 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
50 def edit_repo_group_permissions(self):
52 def edit_repo_group_permissions(self):
51 c = self.load_default_context()
53 c = self.load_default_context()
52 c.active = 'permissions'
54 c.active = 'permissions'
53 c.repo_group = self.db_repo_group
55 c.repo_group = self.db_repo_group
54 return self._get_template_context(c)
56 return self._get_template_context(c)
55
57
56 @LoginRequired()
58 @LoginRequired()
57 @HasRepoGroupPermissionAnyDecorator('group.admin')
59 @HasRepoGroupPermissionAnyDecorator('group.admin')
58 @CSRFRequired()
60 @CSRFRequired()
59 @view_config(
61 @view_config(
60 route_name='edit_repo_group_perms_update', request_method='POST',
62 route_name='edit_repo_group_perms_update', request_method='POST',
61 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
63 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
62 def edit_repo_groups_permissions_update(self):
64 def edit_repo_groups_permissions_update(self):
63 _ = self.request.translate
65 _ = self.request.translate
64 c = self.load_default_context()
66 c = self.load_default_context()
65 c.active = 'perms'
67 c.active = 'perms'
66 c.repo_group = self.db_repo_group
68 c.repo_group = self.db_repo_group
67
69
68 valid_recursive_choices = ['none', 'repos', 'groups', 'all']
70 valid_recursive_choices = ['none', 'repos', 'groups', 'all']
69 form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\
71 form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\
70 .to_python(self.request.POST)
72 .to_python(self.request.POST)
71
73
72 if not c.rhodecode_user.is_admin:
74 if not c.rhodecode_user.is_admin:
73 if self._revoke_perms_on_yourself(form):
75 if self._revoke_perms_on_yourself(form):
74 msg = _('Cannot change permission for yourself as admin')
76 msg = _('Cannot change permission for yourself as admin')
75 h.flash(msg, category='warning')
77 h.flash(msg, category='warning')
76 raise HTTPFound(
78 raise HTTPFound(
77 h.route_path('edit_repo_group_perms',
79 h.route_path('edit_repo_group_perms',
78 repo_group_name=self.db_repo_group_name))
80 repo_group_name=self.db_repo_group_name))
79
81
80 # iterate over all members(if in recursive mode) of this groups and
82 # iterate over all members(if in recursive mode) of this groups and
81 # set the permissions !
83 # set the permissions !
82 # this can be potentially heavy operation
84 # this can be potentially heavy operation
83 changes = RepoGroupModel().update_permissions(
85 changes = RepoGroupModel().update_permissions(
84 c.repo_group,
86 c.repo_group,
85 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
87 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
86 form['recursive'])
88 form['recursive'])
87
89
88 action_data = {
90 action_data = {
89 'added': changes['added'],
91 'added': changes['added'],
90 'updated': changes['updated'],
92 'updated': changes['updated'],
91 'deleted': changes['deleted'],
93 'deleted': changes['deleted'],
92 }
94 }
93 audit_logger.store_web(
95 audit_logger.store_web(
94 'repo_group.edit.permissions', action_data=action_data,
96 'repo_group.edit.permissions', action_data=action_data,
95 user=c.rhodecode_user)
97 user=c.rhodecode_user)
96
98
97 Session().commit()
99 Session().commit()
98 h.flash(_('Repository Group permissions updated'), category='success')
100 h.flash(_('Repository Group permissions updated'), category='success')
99
101
100 affected_user_ids = []
102 affected_user_ids = []
101 for change in changes['added'] + changes['updated'] + changes['deleted']:
103 for change in changes['added'] + changes['updated'] + changes['deleted']:
102 if change['type'] == 'user':
104 if change['type'] == 'user':
103 affected_user_ids.append(change['id'])
105 affected_user_ids.append(change['id'])
106 if change['type'] == 'user_group':
107 user_group = UserGroup.get(safe_int(change['id']))
108 if user_group:
109 group_members_ids = [x.user_id for x in user_group.members]
110 affected_user_ids.extend(group_members_ids)
104
111
105 events.trigger(events.UserPermissionsChange(affected_user_ids))
112 events.trigger(events.UserPermissionsChange(affected_user_ids))
106
113
107 raise HTTPFound(
114 raise HTTPFound(
108 h.route_path('edit_repo_group_perms',
115 h.route_path('edit_repo_group_perms',
109 repo_group_name=self.db_repo_group_name))
116 repo_group_name=self.db_repo_group_name))
@@ -1,95 +1,102 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2018 RhodeCode GmbH
3 # Copyright (C) 2011-2018 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from pyramid.httpexceptions import HTTPFound
23 from pyramid.httpexceptions import HTTPFound
24 from pyramid.view import view_config
24 from pyramid.view import view_config
25
25
26 from rhodecode import events
26 from rhodecode import events
27 from rhodecode.apps._base import RepoAppView
27 from rhodecode.apps._base import RepoAppView
28 from rhodecode.lib import helpers as h
28 from rhodecode.lib import helpers as h
29 from rhodecode.lib import audit_logger
29 from rhodecode.lib import audit_logger
30 from rhodecode.lib.auth import (
30 from rhodecode.lib.auth import (
31 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
31 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
32 from rhodecode.lib.utils2 import safe_int
33 from rhodecode.model.db import UserGroup
32 from rhodecode.model.forms import RepoPermsForm
34 from rhodecode.model.forms import RepoPermsForm
33 from rhodecode.model.meta import Session
35 from rhodecode.model.meta import Session
34 from rhodecode.model.repo import RepoModel
36 from rhodecode.model.repo import RepoModel
35
37
36 log = logging.getLogger(__name__)
38 log = logging.getLogger(__name__)
37
39
38
40
39 class RepoSettingsPermissionsView(RepoAppView):
41 class RepoSettingsPermissionsView(RepoAppView):
40
42
41 def load_default_context(self):
43 def load_default_context(self):
42 c = self._get_local_tmpl_context()
44 c = self._get_local_tmpl_context()
43 return c
45 return c
44
46
45 @LoginRequired()
47 @LoginRequired()
46 @HasRepoPermissionAnyDecorator('repository.admin')
48 @HasRepoPermissionAnyDecorator('repository.admin')
47 @view_config(
49 @view_config(
48 route_name='edit_repo_perms', request_method='GET',
50 route_name='edit_repo_perms', request_method='GET',
49 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
51 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
50 def edit_permissions(self):
52 def edit_permissions(self):
51 c = self.load_default_context()
53 c = self.load_default_context()
52 c.active = 'permissions'
54 c.active = 'permissions'
53 return self._get_template_context(c)
55 return self._get_template_context(c)
54
56
55 @LoginRequired()
57 @LoginRequired()
56 @HasRepoPermissionAnyDecorator('repository.admin')
58 @HasRepoPermissionAnyDecorator('repository.admin')
57 @CSRFRequired()
59 @CSRFRequired()
58 @view_config(
60 @view_config(
59 route_name='edit_repo_perms', request_method='POST',
61 route_name='edit_repo_perms', request_method='POST',
60 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
62 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
61 def edit_permissions_update(self):
63 def edit_permissions_update(self):
62 _ = self.request.translate
64 _ = self.request.translate
63 c = self.load_default_context()
65 c = self.load_default_context()
64 c.active = 'permissions'
66 c.active = 'permissions'
65 data = self.request.POST
67 data = self.request.POST
66 # store private flag outside of HTML to verify if we can modify
68 # store private flag outside of HTML to verify if we can modify
67 # default user permissions, prevents submission of FAKE post data
69 # default user permissions, prevents submission of FAKE post data
68 # into the form for private repos
70 # into the form for private repos
69 data['repo_private'] = self.db_repo.private
71 data['repo_private'] = self.db_repo.private
70 form = RepoPermsForm(self.request.translate)().to_python(data)
72 form = RepoPermsForm(self.request.translate)().to_python(data)
71 changes = RepoModel().update_permissions(
73 changes = RepoModel().update_permissions(
72 self.db_repo_name, form['perm_additions'], form['perm_updates'],
74 self.db_repo_name, form['perm_additions'], form['perm_updates'],
73 form['perm_deletions'])
75 form['perm_deletions'])
74
76
75 action_data = {
77 action_data = {
76 'added': changes['added'],
78 'added': changes['added'],
77 'updated': changes['updated'],
79 'updated': changes['updated'],
78 'deleted': changes['deleted'],
80 'deleted': changes['deleted'],
79 }
81 }
80 audit_logger.store_web(
82 audit_logger.store_web(
81 'repo.edit.permissions', action_data=action_data,
83 'repo.edit.permissions', action_data=action_data,
82 user=self._rhodecode_user, repo=self.db_repo)
84 user=self._rhodecode_user, repo=self.db_repo)
83
85
84 Session().commit()
86 Session().commit()
85 h.flash(_('Repository permissions updated'), category='success')
87 h.flash(_('Repository permissions updated'), category='success')
86
88
87 affected_user_ids = []
89 affected_user_ids = []
88 for change in changes['added'] + changes['updated'] + changes['deleted']:
90 for change in changes['added'] + changes['updated'] + changes['deleted']:
89 if change['type'] == 'user':
91 if change['type'] == 'user':
90 affected_user_ids.append(change['id'])
92 affected_user_ids.append(change['id'])
93 if change['type'] == 'user_group':
94 user_group = UserGroup.get(safe_int(change['id']))
95 if user_group:
96 group_members_ids = [x.user_id for x in user_group.members]
97 affected_user_ids.extend(group_members_ids)
91
98
92 events.trigger(events.UserPermissionsChange(affected_user_ids))
99 events.trigger(events.UserPermissionsChange(affected_user_ids))
93
100
94 raise HTTPFound(
101 raise HTTPFound(
95 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
102 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
@@ -1,545 +1,550 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2016-2018 RhodeCode GmbH
3 # Copyright (C) 2016-2018 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 import peppercorn
23 import peppercorn
24 import formencode
24 import formencode
25 import formencode.htmlfill
25 import formencode.htmlfill
26 from pyramid.httpexceptions import HTTPFound
26 from pyramid.httpexceptions import HTTPFound
27 from pyramid.view import view_config
27 from pyramid.view import view_config
28 from pyramid.response import Response
28 from pyramid.response import Response
29 from pyramid.renderers import render
29 from pyramid.renderers import render
30
30
31 from rhodecode import events
31 from rhodecode import events
32 from rhodecode.lib.exceptions import (
32 from rhodecode.lib.exceptions import (
33 RepoGroupAssignmentError, UserGroupAssignedException)
33 RepoGroupAssignmentError, UserGroupAssignedException)
34 from rhodecode.model.forms import (
34 from rhodecode.model.forms import (
35 UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,
35 UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,
36 UserPermissionsForm)
36 UserPermissionsForm)
37 from rhodecode.model.permission import PermissionModel
37 from rhodecode.model.permission import PermissionModel
38
38
39 from rhodecode.apps._base import UserGroupAppView
39 from rhodecode.apps._base import UserGroupAppView
40 from rhodecode.lib.auth import (
40 from rhodecode.lib.auth import (
41 LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)
41 LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)
42 from rhodecode.lib import helpers as h, audit_logger
42 from rhodecode.lib import helpers as h, audit_logger
43 from rhodecode.lib.utils2 import str2bool
43 from rhodecode.lib.utils2 import str2bool, safe_int
44 from rhodecode.model.db import User
44 from rhodecode.model.db import User, UserGroup
45 from rhodecode.model.meta import Session
45 from rhodecode.model.meta import Session
46 from rhodecode.model.user_group import UserGroupModel
46 from rhodecode.model.user_group import UserGroupModel
47
47
48 log = logging.getLogger(__name__)
48 log = logging.getLogger(__name__)
49
49
50
50
51 class UserGroupsView(UserGroupAppView):
51 class UserGroupsView(UserGroupAppView):
52
52
53 def load_default_context(self):
53 def load_default_context(self):
54 c = self._get_local_tmpl_context()
54 c = self._get_local_tmpl_context()
55
55
56 PermissionModel().set_global_permission_choices(
56 PermissionModel().set_global_permission_choices(
57 c, gettext_translator=self.request.translate)
57 c, gettext_translator=self.request.translate)
58
58
59 return c
59 return c
60
60
61 @LoginRequired()
61 @LoginRequired()
62 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
62 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
63 @view_config(
63 @view_config(
64 route_name='user_group_members_data', request_method='GET',
64 route_name='user_group_members_data', request_method='GET',
65 renderer='json_ext', xhr=True)
65 renderer='json_ext', xhr=True)
66 def user_group_members(self):
66 def user_group_members(self):
67 """
67 """
68 Return members of given user group
68 Return members of given user group
69 """
69 """
70 self.load_default_context()
70 self.load_default_context()
71 user_group = self.db_user_group
71 user_group = self.db_user_group
72 group_members_obj = sorted((x.user for x in user_group.members),
72 group_members_obj = sorted((x.user for x in user_group.members),
73 key=lambda u: u.username.lower())
73 key=lambda u: u.username.lower())
74
74
75 group_members = [
75 group_members = [
76 {
76 {
77 'id': user.user_id,
77 'id': user.user_id,
78 'first_name': user.first_name,
78 'first_name': user.first_name,
79 'last_name': user.last_name,
79 'last_name': user.last_name,
80 'username': user.username,
80 'username': user.username,
81 'icon_link': h.gravatar_url(user.email, 30),
81 'icon_link': h.gravatar_url(user.email, 30),
82 'value_display': h.person(user.email),
82 'value_display': h.person(user.email),
83 'value': user.username,
83 'value': user.username,
84 'value_type': 'user',
84 'value_type': 'user',
85 'active': user.active,
85 'active': user.active,
86 }
86 }
87 for user in group_members_obj
87 for user in group_members_obj
88 ]
88 ]
89
89
90 return {
90 return {
91 'members': group_members
91 'members': group_members
92 }
92 }
93
93
94 @LoginRequired()
94 @LoginRequired()
95 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
95 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
96 @view_config(
96 @view_config(
97 route_name='edit_user_group_perms_summary', request_method='GET',
97 route_name='edit_user_group_perms_summary', request_method='GET',
98 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
98 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
99 def user_group_perms_summary(self):
99 def user_group_perms_summary(self):
100 c = self.load_default_context()
100 c = self.load_default_context()
101 c.user_group = self.db_user_group
101 c.user_group = self.db_user_group
102 c.active = 'perms_summary'
102 c.active = 'perms_summary'
103 c.permissions = UserGroupModel().get_perms_summary(
103 c.permissions = UserGroupModel().get_perms_summary(
104 c.user_group.users_group_id)
104 c.user_group.users_group_id)
105 return self._get_template_context(c)
105 return self._get_template_context(c)
106
106
107 @LoginRequired()
107 @LoginRequired()
108 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
108 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
109 @view_config(
109 @view_config(
110 route_name='edit_user_group_perms_summary_json', request_method='GET',
110 route_name='edit_user_group_perms_summary_json', request_method='GET',
111 renderer='json_ext')
111 renderer='json_ext')
112 def user_group_perms_summary_json(self):
112 def user_group_perms_summary_json(self):
113 self.load_default_context()
113 self.load_default_context()
114 user_group = self.db_user_group
114 user_group = self.db_user_group
115 return UserGroupModel().get_perms_summary(user_group.users_group_id)
115 return UserGroupModel().get_perms_summary(user_group.users_group_id)
116
116
117 def _revoke_perms_on_yourself(self, form_result):
117 def _revoke_perms_on_yourself(self, form_result):
118 _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
118 _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
119 form_result['perm_updates'])
119 form_result['perm_updates'])
120 _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
120 _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
121 form_result['perm_additions'])
121 form_result['perm_additions'])
122 _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
122 _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
123 form_result['perm_deletions'])
123 form_result['perm_deletions'])
124 admin_perm = 'usergroup.admin'
124 admin_perm = 'usergroup.admin'
125 if _updates and _updates[0][1] != admin_perm or \
125 if _updates and _updates[0][1] != admin_perm or \
126 _additions and _additions[0][1] != admin_perm or \
126 _additions and _additions[0][1] != admin_perm or \
127 _deletions and _deletions[0][1] != admin_perm:
127 _deletions and _deletions[0][1] != admin_perm:
128 return True
128 return True
129 return False
129 return False
130
130
131 @LoginRequired()
131 @LoginRequired()
132 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
132 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
133 @CSRFRequired()
133 @CSRFRequired()
134 @view_config(
134 @view_config(
135 route_name='user_groups_update', request_method='POST',
135 route_name='user_groups_update', request_method='POST',
136 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
136 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
137 def user_group_update(self):
137 def user_group_update(self):
138 _ = self.request.translate
138 _ = self.request.translate
139
139
140 user_group = self.db_user_group
140 user_group = self.db_user_group
141 user_group_id = user_group.users_group_id
141 user_group_id = user_group.users_group_id
142
142
143 old_user_group_name = self.db_user_group_name
143 old_user_group_name = self.db_user_group_name
144 new_user_group_name = old_user_group_name
144 new_user_group_name = old_user_group_name
145
145
146 c = self.load_default_context()
146 c = self.load_default_context()
147 c.user_group = user_group
147 c.user_group = user_group
148 c.group_members_obj = [x.user for x in c.user_group.members]
148 c.group_members_obj = [x.user for x in c.user_group.members]
149 c.group_members_obj.sort(key=lambda u: u.username.lower())
149 c.group_members_obj.sort(key=lambda u: u.username.lower())
150 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
150 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
151 c.active = 'settings'
151 c.active = 'settings'
152
152
153 users_group_form = UserGroupForm(
153 users_group_form = UserGroupForm(
154 self.request.translate, edit=True,
154 self.request.translate, edit=True,
155 old_data=c.user_group.get_dict(), allow_disabled=True)()
155 old_data=c.user_group.get_dict(), allow_disabled=True)()
156
156
157 old_values = c.user_group.get_api_data()
157 old_values = c.user_group.get_api_data()
158
158
159 try:
159 try:
160 form_result = users_group_form.to_python(self.request.POST)
160 form_result = users_group_form.to_python(self.request.POST)
161 pstruct = peppercorn.parse(self.request.POST.items())
161 pstruct = peppercorn.parse(self.request.POST.items())
162 form_result['users_group_members'] = pstruct['user_group_members']
162 form_result['users_group_members'] = pstruct['user_group_members']
163
163
164 user_group, added_members, removed_members = \
164 user_group, added_members, removed_members = \
165 UserGroupModel().update(c.user_group, form_result)
165 UserGroupModel().update(c.user_group, form_result)
166 new_user_group_name = form_result['users_group_name']
166 new_user_group_name = form_result['users_group_name']
167
167
168 for user_id in added_members:
168 for user_id in added_members:
169 user = User.get(user_id)
169 user = User.get(user_id)
170 user_data = user.get_api_data()
170 user_data = user.get_api_data()
171 audit_logger.store_web(
171 audit_logger.store_web(
172 'user_group.edit.member.add',
172 'user_group.edit.member.add',
173 action_data={'user': user_data, 'old_data': old_values},
173 action_data={'user': user_data, 'old_data': old_values},
174 user=self._rhodecode_user)
174 user=self._rhodecode_user)
175
175
176 for user_id in removed_members:
176 for user_id in removed_members:
177 user = User.get(user_id)
177 user = User.get(user_id)
178 user_data = user.get_api_data()
178 user_data = user.get_api_data()
179 audit_logger.store_web(
179 audit_logger.store_web(
180 'user_group.edit.member.delete',
180 'user_group.edit.member.delete',
181 action_data={'user': user_data, 'old_data': old_values},
181 action_data={'user': user_data, 'old_data': old_values},
182 user=self._rhodecode_user)
182 user=self._rhodecode_user)
183
183
184 audit_logger.store_web(
184 audit_logger.store_web(
185 'user_group.edit', action_data={'old_data': old_values},
185 'user_group.edit', action_data={'old_data': old_values},
186 user=self._rhodecode_user)
186 user=self._rhodecode_user)
187
187
188 h.flash(_('Updated user group %s') % new_user_group_name,
188 h.flash(_('Updated user group %s') % new_user_group_name,
189 category='success')
189 category='success')
190
190
191 affected_user_ids = []
191 affected_user_ids = []
192 for user_id in added_members + removed_members:
192 for user_id in added_members + removed_members:
193 affected_user_ids.append(user_id)
193 affected_user_ids.append(user_id)
194
194
195 name_changed = old_user_group_name != new_user_group_name
195 name_changed = old_user_group_name != new_user_group_name
196 if name_changed:
196 if name_changed:
197 owner = User.get_by_username(form_result['user'])
197 owner = User.get_by_username(form_result['user'])
198 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
198 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
199 affected_user_ids.append(self._rhodecode_user.user_id)
199 affected_user_ids.append(self._rhodecode_user.user_id)
200 affected_user_ids.append(owner_id)
200 affected_user_ids.append(owner_id)
201
201
202 events.trigger(events.UserPermissionsChange(affected_user_ids))
202 events.trigger(events.UserPermissionsChange(affected_user_ids))
203
203
204 Session().commit()
204 Session().commit()
205 except formencode.Invalid as errors:
205 except formencode.Invalid as errors:
206 defaults = errors.value
206 defaults = errors.value
207 e = errors.error_dict or {}
207 e = errors.error_dict or {}
208
208
209 data = render(
209 data = render(
210 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
210 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
211 self._get_template_context(c), self.request)
211 self._get_template_context(c), self.request)
212 html = formencode.htmlfill.render(
212 html = formencode.htmlfill.render(
213 data,
213 data,
214 defaults=defaults,
214 defaults=defaults,
215 errors=e,
215 errors=e,
216 prefix_error=False,
216 prefix_error=False,
217 encoding="UTF-8",
217 encoding="UTF-8",
218 force_defaults=False
218 force_defaults=False
219 )
219 )
220 return Response(html)
220 return Response(html)
221
221
222 except Exception:
222 except Exception:
223 log.exception("Exception during update of user group")
223 log.exception("Exception during update of user group")
224 h.flash(_('Error occurred during update of user group %s')
224 h.flash(_('Error occurred during update of user group %s')
225 % new_user_group_name, category='error')
225 % new_user_group_name, category='error')
226
226
227 raise HTTPFound(
227 raise HTTPFound(
228 h.route_path('edit_user_group', user_group_id=user_group_id))
228 h.route_path('edit_user_group', user_group_id=user_group_id))
229
229
230 @LoginRequired()
230 @LoginRequired()
231 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
231 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
232 @CSRFRequired()
232 @CSRFRequired()
233 @view_config(
233 @view_config(
234 route_name='user_groups_delete', request_method='POST',
234 route_name='user_groups_delete', request_method='POST',
235 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
235 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
236 def user_group_delete(self):
236 def user_group_delete(self):
237 _ = self.request.translate
237 _ = self.request.translate
238 user_group = self.db_user_group
238 user_group = self.db_user_group
239
239
240 self.load_default_context()
240 self.load_default_context()
241 force = str2bool(self.request.POST.get('force'))
241 force = str2bool(self.request.POST.get('force'))
242
242
243 old_values = user_group.get_api_data()
243 old_values = user_group.get_api_data()
244 try:
244 try:
245 UserGroupModel().delete(user_group, force=force)
245 UserGroupModel().delete(user_group, force=force)
246 audit_logger.store_web(
246 audit_logger.store_web(
247 'user.delete', action_data={'old_data': old_values},
247 'user.delete', action_data={'old_data': old_values},
248 user=self._rhodecode_user)
248 user=self._rhodecode_user)
249 Session().commit()
249 Session().commit()
250 h.flash(_('Successfully deleted user group'), category='success')
250 h.flash(_('Successfully deleted user group'), category='success')
251 except UserGroupAssignedException as e:
251 except UserGroupAssignedException as e:
252 h.flash(str(e), category='error')
252 h.flash(str(e), category='error')
253 except Exception:
253 except Exception:
254 log.exception("Exception during deletion of user group")
254 log.exception("Exception during deletion of user group")
255 h.flash(_('An error occurred during deletion of user group'),
255 h.flash(_('An error occurred during deletion of user group'),
256 category='error')
256 category='error')
257 raise HTTPFound(h.route_path('user_groups'))
257 raise HTTPFound(h.route_path('user_groups'))
258
258
259 @LoginRequired()
259 @LoginRequired()
260 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
260 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
261 @view_config(
261 @view_config(
262 route_name='edit_user_group', request_method='GET',
262 route_name='edit_user_group', request_method='GET',
263 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
263 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
264 def user_group_edit(self):
264 def user_group_edit(self):
265 user_group = self.db_user_group
265 user_group = self.db_user_group
266
266
267 c = self.load_default_context()
267 c = self.load_default_context()
268 c.user_group = user_group
268 c.user_group = user_group
269 c.group_members_obj = [x.user for x in c.user_group.members]
269 c.group_members_obj = [x.user for x in c.user_group.members]
270 c.group_members_obj.sort(key=lambda u: u.username.lower())
270 c.group_members_obj.sort(key=lambda u: u.username.lower())
271 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
271 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
272
272
273 c.active = 'settings'
273 c.active = 'settings'
274
274
275 defaults = user_group.get_dict()
275 defaults = user_group.get_dict()
276 # fill owner
276 # fill owner
277 if user_group.user:
277 if user_group.user:
278 defaults.update({'user': user_group.user.username})
278 defaults.update({'user': user_group.user.username})
279 else:
279 else:
280 replacement_user = User.get_first_super_admin().username
280 replacement_user = User.get_first_super_admin().username
281 defaults.update({'user': replacement_user})
281 defaults.update({'user': replacement_user})
282
282
283 data = render(
283 data = render(
284 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
284 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
285 self._get_template_context(c), self.request)
285 self._get_template_context(c), self.request)
286 html = formencode.htmlfill.render(
286 html = formencode.htmlfill.render(
287 data,
287 data,
288 defaults=defaults,
288 defaults=defaults,
289 encoding="UTF-8",
289 encoding="UTF-8",
290 force_defaults=False
290 force_defaults=False
291 )
291 )
292 return Response(html)
292 return Response(html)
293
293
294 @LoginRequired()
294 @LoginRequired()
295 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
295 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
296 @view_config(
296 @view_config(
297 route_name='edit_user_group_perms', request_method='GET',
297 route_name='edit_user_group_perms', request_method='GET',
298 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
298 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
299 def user_group_edit_perms(self):
299 def user_group_edit_perms(self):
300 user_group = self.db_user_group
300 user_group = self.db_user_group
301 c = self.load_default_context()
301 c = self.load_default_context()
302 c.user_group = user_group
302 c.user_group = user_group
303 c.active = 'perms'
303 c.active = 'perms'
304
304
305 defaults = {}
305 defaults = {}
306 # fill user group users
306 # fill user group users
307 for p in c.user_group.user_user_group_to_perm:
307 for p in c.user_group.user_user_group_to_perm:
308 defaults.update({'u_perm_%s' % p.user.user_id:
308 defaults.update({'u_perm_%s' % p.user.user_id:
309 p.permission.permission_name})
309 p.permission.permission_name})
310
310
311 for p in c.user_group.user_group_user_group_to_perm:
311 for p in c.user_group.user_group_user_group_to_perm:
312 defaults.update({'g_perm_%s' % p.user_group.users_group_id:
312 defaults.update({'g_perm_%s' % p.user_group.users_group_id:
313 p.permission.permission_name})
313 p.permission.permission_name})
314
314
315 data = render(
315 data = render(
316 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
316 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
317 self._get_template_context(c), self.request)
317 self._get_template_context(c), self.request)
318 html = formencode.htmlfill.render(
318 html = formencode.htmlfill.render(
319 data,
319 data,
320 defaults=defaults,
320 defaults=defaults,
321 encoding="UTF-8",
321 encoding="UTF-8",
322 force_defaults=False
322 force_defaults=False
323 )
323 )
324 return Response(html)
324 return Response(html)
325
325
326 @LoginRequired()
326 @LoginRequired()
327 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
327 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
328 @CSRFRequired()
328 @CSRFRequired()
329 @view_config(
329 @view_config(
330 route_name='edit_user_group_perms_update', request_method='POST',
330 route_name='edit_user_group_perms_update', request_method='POST',
331 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
331 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
332 def user_group_update_perms(self):
332 def user_group_update_perms(self):
333 """
333 """
334 grant permission for given user group
334 grant permission for given user group
335 """
335 """
336 _ = self.request.translate
336 _ = self.request.translate
337
337
338 user_group = self.db_user_group
338 user_group = self.db_user_group
339 user_group_id = user_group.users_group_id
339 user_group_id = user_group.users_group_id
340 c = self.load_default_context()
340 c = self.load_default_context()
341 c.user_group = user_group
341 c.user_group = user_group
342 form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)
342 form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)
343
343
344 if not self._rhodecode_user.is_admin:
344 if not self._rhodecode_user.is_admin:
345 if self._revoke_perms_on_yourself(form):
345 if self._revoke_perms_on_yourself(form):
346 msg = _('Cannot change permission for yourself as admin')
346 msg = _('Cannot change permission for yourself as admin')
347 h.flash(msg, category='warning')
347 h.flash(msg, category='warning')
348 raise HTTPFound(
348 raise HTTPFound(
349 h.route_path('edit_user_group_perms',
349 h.route_path('edit_user_group_perms',
350 user_group_id=user_group_id))
350 user_group_id=user_group_id))
351
351
352 try:
352 try:
353 changes = UserGroupModel().update_permissions(
353 changes = UserGroupModel().update_permissions(
354 user_group,
354 user_group,
355 form['perm_additions'], form['perm_updates'],
355 form['perm_additions'], form['perm_updates'],
356 form['perm_deletions'])
356 form['perm_deletions'])
357
357
358 except RepoGroupAssignmentError:
358 except RepoGroupAssignmentError:
359 h.flash(_('Target group cannot be the same'), category='error')
359 h.flash(_('Target group cannot be the same'), category='error')
360 raise HTTPFound(
360 raise HTTPFound(
361 h.route_path('edit_user_group_perms',
361 h.route_path('edit_user_group_perms',
362 user_group_id=user_group_id))
362 user_group_id=user_group_id))
363
363
364 action_data = {
364 action_data = {
365 'added': changes['added'],
365 'added': changes['added'],
366 'updated': changes['updated'],
366 'updated': changes['updated'],
367 'deleted': changes['deleted'],
367 'deleted': changes['deleted'],
368 }
368 }
369 audit_logger.store_web(
369 audit_logger.store_web(
370 'user_group.edit.permissions', action_data=action_data,
370 'user_group.edit.permissions', action_data=action_data,
371 user=self._rhodecode_user)
371 user=self._rhodecode_user)
372
372
373 Session().commit()
373 Session().commit()
374 h.flash(_('User Group permissions updated'), category='success')
374 h.flash(_('User Group permissions updated'), category='success')
375
375
376 affected_user_ids = []
376 affected_user_ids = []
377 for change in changes['added'] + changes['updated'] + changes['deleted']:
377 for change in changes['added'] + changes['updated'] + changes['deleted']:
378 if change['type'] == 'user':
378 if change['type'] == 'user':
379 affected_user_ids.append(change['id'])
379 affected_user_ids.append(change['id'])
380 if change['type'] == 'user_group':
381 user_group = UserGroup.get(safe_int(change['id']))
382 if user_group:
383 group_members_ids = [x.user_id for x in user_group.members]
384 affected_user_ids.extend(group_members_ids)
380
385
381 events.trigger(events.UserPermissionsChange(affected_user_ids))
386 events.trigger(events.UserPermissionsChange(affected_user_ids))
382
387
383 raise HTTPFound(
388 raise HTTPFound(
384 h.route_path('edit_user_group_perms', user_group_id=user_group_id))
389 h.route_path('edit_user_group_perms', user_group_id=user_group_id))
385
390
386 @LoginRequired()
391 @LoginRequired()
387 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
392 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
388 @view_config(
393 @view_config(
389 route_name='edit_user_group_global_perms', request_method='GET',
394 route_name='edit_user_group_global_perms', request_method='GET',
390 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
395 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
391 def user_group_global_perms_edit(self):
396 def user_group_global_perms_edit(self):
392 user_group = self.db_user_group
397 user_group = self.db_user_group
393 c = self.load_default_context()
398 c = self.load_default_context()
394 c.user_group = user_group
399 c.user_group = user_group
395 c.active = 'global_perms'
400 c.active = 'global_perms'
396
401
397 c.default_user = User.get_default_user()
402 c.default_user = User.get_default_user()
398 defaults = c.user_group.get_dict()
403 defaults = c.user_group.get_dict()
399 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
404 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
400 defaults.update(c.user_group.get_default_perms())
405 defaults.update(c.user_group.get_default_perms())
401
406
402 data = render(
407 data = render(
403 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
408 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
404 self._get_template_context(c), self.request)
409 self._get_template_context(c), self.request)
405 html = formencode.htmlfill.render(
410 html = formencode.htmlfill.render(
406 data,
411 data,
407 defaults=defaults,
412 defaults=defaults,
408 encoding="UTF-8",
413 encoding="UTF-8",
409 force_defaults=False
414 force_defaults=False
410 )
415 )
411 return Response(html)
416 return Response(html)
412
417
413 @LoginRequired()
418 @LoginRequired()
414 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
419 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
415 @CSRFRequired()
420 @CSRFRequired()
416 @view_config(
421 @view_config(
417 route_name='edit_user_group_global_perms_update', request_method='POST',
422 route_name='edit_user_group_global_perms_update', request_method='POST',
418 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
423 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
419 def user_group_global_perms_update(self):
424 def user_group_global_perms_update(self):
420 _ = self.request.translate
425 _ = self.request.translate
421 user_group = self.db_user_group
426 user_group = self.db_user_group
422 user_group_id = self.db_user_group.users_group_id
427 user_group_id = self.db_user_group.users_group_id
423
428
424 c = self.load_default_context()
429 c = self.load_default_context()
425 c.user_group = user_group
430 c.user_group = user_group
426 c.active = 'global_perms'
431 c.active = 'global_perms'
427
432
428 try:
433 try:
429 # first stage that verifies the checkbox
434 # first stage that verifies the checkbox
430 _form = UserIndividualPermissionsForm(self.request.translate)
435 _form = UserIndividualPermissionsForm(self.request.translate)
431 form_result = _form.to_python(dict(self.request.POST))
436 form_result = _form.to_python(dict(self.request.POST))
432 inherit_perms = form_result['inherit_default_permissions']
437 inherit_perms = form_result['inherit_default_permissions']
433 user_group.inherit_default_permissions = inherit_perms
438 user_group.inherit_default_permissions = inherit_perms
434 Session().add(user_group)
439 Session().add(user_group)
435
440
436 if not inherit_perms:
441 if not inherit_perms:
437 # only update the individual ones if we un check the flag
442 # only update the individual ones if we un check the flag
438 _form = UserPermissionsForm(
443 _form = UserPermissionsForm(
439 self.request.translate,
444 self.request.translate,
440 [x[0] for x in c.repo_create_choices],
445 [x[0] for x in c.repo_create_choices],
441 [x[0] for x in c.repo_create_on_write_choices],
446 [x[0] for x in c.repo_create_on_write_choices],
442 [x[0] for x in c.repo_group_create_choices],
447 [x[0] for x in c.repo_group_create_choices],
443 [x[0] for x in c.user_group_create_choices],
448 [x[0] for x in c.user_group_create_choices],
444 [x[0] for x in c.fork_choices],
449 [x[0] for x in c.fork_choices],
445 [x[0] for x in c.inherit_default_permission_choices])()
450 [x[0] for x in c.inherit_default_permission_choices])()
446
451
447 form_result = _form.to_python(dict(self.request.POST))
452 form_result = _form.to_python(dict(self.request.POST))
448 form_result.update(
453 form_result.update(
449 {'perm_user_group_id': user_group.users_group_id})
454 {'perm_user_group_id': user_group.users_group_id})
450
455
451 PermissionModel().update_user_group_permissions(form_result)
456 PermissionModel().update_user_group_permissions(form_result)
452
457
453 Session().commit()
458 Session().commit()
454 h.flash(_('User Group global permissions updated successfully'),
459 h.flash(_('User Group global permissions updated successfully'),
455 category='success')
460 category='success')
456
461
457 except formencode.Invalid as errors:
462 except formencode.Invalid as errors:
458 defaults = errors.value
463 defaults = errors.value
459
464
460 data = render(
465 data = render(
461 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
466 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
462 self._get_template_context(c), self.request)
467 self._get_template_context(c), self.request)
463 html = formencode.htmlfill.render(
468 html = formencode.htmlfill.render(
464 data,
469 data,
465 defaults=defaults,
470 defaults=defaults,
466 errors=errors.error_dict or {},
471 errors=errors.error_dict or {},
467 prefix_error=False,
472 prefix_error=False,
468 encoding="UTF-8",
473 encoding="UTF-8",
469 force_defaults=False
474 force_defaults=False
470 )
475 )
471 return Response(html)
476 return Response(html)
472 except Exception:
477 except Exception:
473 log.exception("Exception during permissions saving")
478 log.exception("Exception during permissions saving")
474 h.flash(_('An error occurred during permissions saving'),
479 h.flash(_('An error occurred during permissions saving'),
475 category='error')
480 category='error')
476
481
477 raise HTTPFound(
482 raise HTTPFound(
478 h.route_path('edit_user_group_global_perms',
483 h.route_path('edit_user_group_global_perms',
479 user_group_id=user_group_id))
484 user_group_id=user_group_id))
480
485
481 @LoginRequired()
486 @LoginRequired()
482 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
487 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
483 @view_config(
488 @view_config(
484 route_name='edit_user_group_advanced', request_method='GET',
489 route_name='edit_user_group_advanced', request_method='GET',
485 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
490 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
486 def user_group_edit_advanced(self):
491 def user_group_edit_advanced(self):
487 user_group = self.db_user_group
492 user_group = self.db_user_group
488
493
489 c = self.load_default_context()
494 c = self.load_default_context()
490 c.user_group = user_group
495 c.user_group = user_group
491 c.active = 'advanced'
496 c.active = 'advanced'
492 c.group_members_obj = sorted(
497 c.group_members_obj = sorted(
493 (x.user for x in c.user_group.members),
498 (x.user for x in c.user_group.members),
494 key=lambda u: u.username.lower())
499 key=lambda u: u.username.lower())
495
500
496 c.group_to_repos = sorted(
501 c.group_to_repos = sorted(
497 (x.repository for x in c.user_group.users_group_repo_to_perm),
502 (x.repository for x in c.user_group.users_group_repo_to_perm),
498 key=lambda u: u.repo_name.lower())
503 key=lambda u: u.repo_name.lower())
499
504
500 c.group_to_repo_groups = sorted(
505 c.group_to_repo_groups = sorted(
501 (x.group for x in c.user_group.users_group_repo_group_to_perm),
506 (x.group for x in c.user_group.users_group_repo_group_to_perm),
502 key=lambda u: u.group_name.lower())
507 key=lambda u: u.group_name.lower())
503
508
504 c.group_to_review_rules = sorted(
509 c.group_to_review_rules = sorted(
505 (x.users_group for x in c.user_group.user_group_review_rules),
510 (x.users_group for x in c.user_group.user_group_review_rules),
506 key=lambda u: u.users_group_name.lower())
511 key=lambda u: u.users_group_name.lower())
507
512
508 return self._get_template_context(c)
513 return self._get_template_context(c)
509
514
510 @LoginRequired()
515 @LoginRequired()
511 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
516 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
512 @CSRFRequired()
517 @CSRFRequired()
513 @view_config(
518 @view_config(
514 route_name='edit_user_group_advanced_sync', request_method='POST',
519 route_name='edit_user_group_advanced_sync', request_method='POST',
515 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
520 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
516 def user_group_edit_advanced_set_synchronization(self):
521 def user_group_edit_advanced_set_synchronization(self):
517 _ = self.request.translate
522 _ = self.request.translate
518 user_group = self.db_user_group
523 user_group = self.db_user_group
519 user_group_id = user_group.users_group_id
524 user_group_id = user_group.users_group_id
520
525
521 existing = user_group.group_data.get('extern_type')
526 existing = user_group.group_data.get('extern_type')
522
527
523 if existing:
528 if existing:
524 new_state = user_group.group_data
529 new_state = user_group.group_data
525 new_state['extern_type'] = None
530 new_state['extern_type'] = None
526 else:
531 else:
527 new_state = user_group.group_data
532 new_state = user_group.group_data
528 new_state['extern_type'] = 'manual'
533 new_state['extern_type'] = 'manual'
529 new_state['extern_type_set_by'] = self._rhodecode_user.username
534 new_state['extern_type_set_by'] = self._rhodecode_user.username
530
535
531 try:
536 try:
532 user_group.group_data = new_state
537 user_group.group_data = new_state
533 Session().add(user_group)
538 Session().add(user_group)
534 Session().commit()
539 Session().commit()
535
540
536 h.flash(_('User Group synchronization updated successfully'),
541 h.flash(_('User Group synchronization updated successfully'),
537 category='success')
542 category='success')
538 except Exception:
543 except Exception:
539 log.exception("Exception during sync settings saving")
544 log.exception("Exception during sync settings saving")
540 h.flash(_('An error occurred during synchronization update'),
545 h.flash(_('An error occurred during synchronization update'),
541 category='error')
546 category='error')
542
547
543 raise HTTPFound(
548 raise HTTPFound(
544 h.route_path('edit_user_group_advanced',
549 h.route_path('edit_user_group_advanced',
545 user_group_id=user_group_id))
550 user_group_id=user_group_id))
General Comments 0
You need to be logged in to leave comments. Login now