Show More
@@ -1,529 +1,543 b'' | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 |
|
2 | |||
3 | # Copyright (C) 2016-2017 RhodeCode GmbH |
|
3 | # Copyright (C) 2016-2017 RhodeCode GmbH | |
4 | # |
|
4 | # | |
5 | # This program is free software: you can redistribute it and/or modify |
|
5 | # This program is free software: you can redistribute it and/or modify | |
6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
7 | # (only), as published by the Free Software Foundation. |
|
7 | # (only), as published by the Free Software Foundation. | |
8 | # |
|
8 | # | |
9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
13 | # |
|
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | # |
|
16 | # | |
17 | # This program is dual-licensed. If you wish to learn more about the |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
20 |
|
20 | |||
21 | import logging |
|
21 | import logging | |
22 |
|
22 | |||
23 | import peppercorn |
|
23 | import peppercorn | |
24 | import formencode |
|
24 | import formencode | |
25 | import formencode.htmlfill |
|
25 | import formencode.htmlfill | |
26 | from pyramid.httpexceptions import HTTPFound |
|
26 | from pyramid.httpexceptions import HTTPFound | |
27 | from pyramid.view import view_config |
|
27 | from pyramid.view import view_config | |
28 | from pyramid.response import Response |
|
28 | from pyramid.response import Response | |
29 | from pyramid.renderers import render |
|
29 | from pyramid.renderers import render | |
30 |
|
30 | |||
31 | from rhodecode.lib.exceptions import ( |
|
31 | from rhodecode.lib.exceptions import ( | |
32 | RepoGroupAssignmentError, UserGroupAssignedException) |
|
32 | RepoGroupAssignmentError, UserGroupAssignedException) | |
33 | from rhodecode.model.forms import ( |
|
33 | from rhodecode.model.forms import ( | |
34 | UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm, |
|
34 | UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm, | |
35 | UserPermissionsForm) |
|
35 | UserPermissionsForm) | |
36 | from rhodecode.model.permission import PermissionModel |
|
36 | from rhodecode.model.permission import PermissionModel | |
37 |
|
37 | |||
38 | from rhodecode.apps._base import UserGroupAppView |
|
38 | from rhodecode.apps._base import UserGroupAppView | |
39 | from rhodecode.lib.auth import ( |
|
39 | from rhodecode.lib.auth import ( | |
40 | LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired) |
|
40 | LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired) | |
41 | from rhodecode.lib import helpers as h, audit_logger |
|
41 | from rhodecode.lib import helpers as h, audit_logger | |
42 | from rhodecode.lib.utils2 import str2bool |
|
42 | from rhodecode.lib.utils2 import str2bool | |
43 | from rhodecode.model.db import ( |
|
43 | from rhodecode.model.db import ( | |
44 | joinedload, User, UserGroupRepoToPerm, UserGroupRepoGroupToPerm) |
|
44 | joinedload, User, UserGroupRepoToPerm, UserGroupRepoGroupToPerm) | |
45 | from rhodecode.model.meta import Session |
|
45 | from rhodecode.model.meta import Session | |
46 | from rhodecode.model.user_group import UserGroupModel |
|
46 | from rhodecode.model.user_group import UserGroupModel | |
47 |
|
47 | |||
48 | log = logging.getLogger(__name__) |
|
48 | log = logging.getLogger(__name__) | |
49 |
|
49 | |||
50 |
|
50 | |||
51 | class UserGroupsView(UserGroupAppView): |
|
51 | class UserGroupsView(UserGroupAppView): | |
52 |
|
52 | |||
53 | def load_default_context(self): |
|
53 | def load_default_context(self): | |
54 | c = self._get_local_tmpl_context() |
|
54 | c = self._get_local_tmpl_context() | |
55 |
|
55 | |||
56 | PermissionModel().set_global_permission_choices( |
|
56 | PermissionModel().set_global_permission_choices( | |
57 | c, gettext_translator=self.request.translate) |
|
57 | c, gettext_translator=self.request.translate) | |
58 |
|
58 | |||
59 | self._register_global_c(c) |
|
59 | self._register_global_c(c) | |
60 | return c |
|
60 | return c | |
61 |
|
61 | |||
62 | def _get_perms_summary(self, user_group_id): |
|
62 | def _get_perms_summary(self, user_group_id): | |
63 | permissions = { |
|
63 | permissions = { | |
64 | 'repositories': {}, |
|
64 | 'repositories': {}, | |
65 | 'repositories_groups': {}, |
|
65 | 'repositories_groups': {}, | |
66 | } |
|
66 | } | |
67 | ugroup_repo_perms = UserGroupRepoToPerm.query()\ |
|
67 | ugroup_repo_perms = UserGroupRepoToPerm.query()\ | |
68 | .options(joinedload(UserGroupRepoToPerm.permission))\ |
|
68 | .options(joinedload(UserGroupRepoToPerm.permission))\ | |
69 | .options(joinedload(UserGroupRepoToPerm.repository))\ |
|
69 | .options(joinedload(UserGroupRepoToPerm.repository))\ | |
70 | .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\ |
|
70 | .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\ | |
71 | .all() |
|
71 | .all() | |
72 |
|
72 | |||
73 | for gr in ugroup_repo_perms: |
|
73 | for gr in ugroup_repo_perms: | |
74 | permissions['repositories'][gr.repository.repo_name] \ |
|
74 | permissions['repositories'][gr.repository.repo_name] \ | |
75 | = gr.permission.permission_name |
|
75 | = gr.permission.permission_name | |
76 |
|
76 | |||
77 | ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ |
|
77 | ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ | |
78 | .options(joinedload(UserGroupRepoGroupToPerm.permission))\ |
|
78 | .options(joinedload(UserGroupRepoGroupToPerm.permission))\ | |
79 | .options(joinedload(UserGroupRepoGroupToPerm.group))\ |
|
79 | .options(joinedload(UserGroupRepoGroupToPerm.group))\ | |
80 | .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\ |
|
80 | .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\ | |
81 | .all() |
|
81 | .all() | |
82 |
|
82 | |||
83 | for gr in ugroup_group_perms: |
|
83 | for gr in ugroup_group_perms: | |
84 | permissions['repositories_groups'][gr.group.group_name] \ |
|
84 | permissions['repositories_groups'][gr.group.group_name] \ | |
85 | = gr.permission.permission_name |
|
85 | = gr.permission.permission_name | |
86 | return permissions |
|
86 | return permissions | |
87 |
|
87 | |||
88 | @LoginRequired() |
|
88 | @LoginRequired() | |
89 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
89 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
90 | @view_config( |
|
90 | @view_config( | |
91 | route_name='user_group_members_data', request_method='GET', |
|
91 | route_name='user_group_members_data', request_method='GET', | |
92 | renderer='json_ext', xhr=True) |
|
92 | renderer='json_ext', xhr=True) | |
93 | def user_group_members(self): |
|
93 | def user_group_members(self): | |
94 | """ |
|
94 | """ | |
95 | Return members of given user group |
|
95 | Return members of given user group | |
96 | """ |
|
96 | """ | |
97 | user_group = self.db_user_group |
|
97 | user_group = self.db_user_group | |
98 | group_members_obj = sorted((x.user for x in user_group.members), |
|
98 | group_members_obj = sorted((x.user for x in user_group.members), | |
99 | key=lambda u: u.username.lower()) |
|
99 | key=lambda u: u.username.lower()) | |
100 |
|
100 | |||
101 | group_members = [ |
|
101 | group_members = [ | |
102 | { |
|
102 | { | |
103 | 'id': user.user_id, |
|
103 | 'id': user.user_id, | |
104 | 'first_name': user.first_name, |
|
104 | 'first_name': user.first_name, | |
105 | 'last_name': user.last_name, |
|
105 | 'last_name': user.last_name, | |
106 | 'username': user.username, |
|
106 | 'username': user.username, | |
107 | 'icon_link': h.gravatar_url(user.email, 30), |
|
107 | 'icon_link': h.gravatar_url(user.email, 30), | |
108 | 'value_display': h.person(user.email), |
|
108 | 'value_display': h.person(user.email), | |
109 | 'value': user.username, |
|
109 | 'value': user.username, | |
110 | 'value_type': 'user', |
|
110 | 'value_type': 'user', | |
111 | 'active': user.active, |
|
111 | 'active': user.active, | |
112 | } |
|
112 | } | |
113 | for user in group_members_obj |
|
113 | for user in group_members_obj | |
114 | ] |
|
114 | ] | |
115 |
|
115 | |||
116 | return { |
|
116 | return { | |
117 | 'members': group_members |
|
117 | 'members': group_members | |
118 | } |
|
118 | } | |
119 |
|
119 | |||
120 | @LoginRequired() |
|
120 | @LoginRequired() | |
121 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
121 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
122 | @view_config( |
|
122 | @view_config( | |
123 | route_name='edit_user_group_perms_summary', request_method='GET', |
|
123 | route_name='edit_user_group_perms_summary', request_method='GET', | |
124 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
124 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
125 | def user_group_perms_summary(self): |
|
125 | def user_group_perms_summary(self): | |
126 | c = self.load_default_context() |
|
126 | c = self.load_default_context() | |
127 | c.user_group = self.db_user_group |
|
127 | c.user_group = self.db_user_group | |
128 | c.active = 'perms_summary' |
|
128 | c.active = 'perms_summary' | |
129 | c.permissions = self._get_perms_summary(c.user_group.users_group_id) |
|
129 | c.permissions = self._get_perms_summary(c.user_group.users_group_id) | |
130 | return self._get_template_context(c) |
|
130 | return self._get_template_context(c) | |
131 |
|
131 | |||
132 | @LoginRequired() |
|
132 | @LoginRequired() | |
133 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
133 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
134 | @view_config( |
|
134 | @view_config( | |
135 | route_name='edit_user_group_perms_summary_json', request_method='GET', |
|
135 | route_name='edit_user_group_perms_summary_json', request_method='GET', | |
136 | renderer='json_ext') |
|
136 | renderer='json_ext') | |
137 | def user_group_perms_summary_json(self): |
|
137 | def user_group_perms_summary_json(self): | |
138 | self.load_default_context() |
|
138 | self.load_default_context() | |
139 | user_group = self.db_user_group |
|
139 | user_group = self.db_user_group | |
140 | return self._get_perms_summary(user_group.users_group_id) |
|
140 | return self._get_perms_summary(user_group.users_group_id) | |
141 |
|
141 | |||
142 | def _revoke_perms_on_yourself(self, form_result): |
|
142 | def _revoke_perms_on_yourself(self, form_result): | |
143 | _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), |
|
143 | _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), | |
144 | form_result['perm_updates']) |
|
144 | form_result['perm_updates']) | |
145 | _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), |
|
145 | _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), | |
146 | form_result['perm_additions']) |
|
146 | form_result['perm_additions']) | |
147 | _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), |
|
147 | _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), | |
148 | form_result['perm_deletions']) |
|
148 | form_result['perm_deletions']) | |
149 | admin_perm = 'usergroup.admin' |
|
149 | admin_perm = 'usergroup.admin' | |
150 | if _updates and _updates[0][1] != admin_perm or \ |
|
150 | if _updates and _updates[0][1] != admin_perm or \ | |
151 | _additions and _additions[0][1] != admin_perm or \ |
|
151 | _additions and _additions[0][1] != admin_perm or \ | |
152 | _deletions and _deletions[0][1] != admin_perm: |
|
152 | _deletions and _deletions[0][1] != admin_perm: | |
153 | return True |
|
153 | return True | |
154 | return False |
|
154 | return False | |
155 |
|
155 | |||
156 | @LoginRequired() |
|
156 | @LoginRequired() | |
157 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
157 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
158 | @CSRFRequired() |
|
158 | @CSRFRequired() | |
159 | @view_config( |
|
159 | @view_config( | |
160 | route_name='user_groups_update', request_method='POST', |
|
160 | route_name='user_groups_update', request_method='POST', | |
161 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
161 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
162 | def user_group_update(self): |
|
162 | def user_group_update(self): | |
163 | _ = self.request.translate |
|
163 | _ = self.request.translate | |
164 |
|
164 | |||
165 | user_group = self.db_user_group |
|
165 | user_group = self.db_user_group | |
166 | user_group_id = user_group.users_group_id |
|
166 | user_group_id = user_group.users_group_id | |
167 |
|
167 | |||
168 | c = self.load_default_context() |
|
168 | c = self.load_default_context() | |
169 | c.user_group = user_group |
|
169 | c.user_group = user_group | |
170 | c.group_members_obj = [x.user for x in c.user_group.members] |
|
170 | c.group_members_obj = [x.user for x in c.user_group.members] | |
171 | c.group_members_obj.sort(key=lambda u: u.username.lower()) |
|
171 | c.group_members_obj.sort(key=lambda u: u.username.lower()) | |
172 | c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] |
|
172 | c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] | |
173 | c.active = 'settings' |
|
173 | c.active = 'settings' | |
174 |
|
174 | |||
175 | users_group_form = UserGroupForm( |
|
175 | users_group_form = UserGroupForm( | |
176 | edit=True, old_data=c.user_group.get_dict(), allow_disabled=True)() |
|
176 | edit=True, old_data=c.user_group.get_dict(), allow_disabled=True)() | |
177 |
|
177 | |||
178 | old_values = c.user_group.get_api_data() |
|
178 | old_values = c.user_group.get_api_data() | |
179 | user_group_name = self.request.POST.get('users_group_name') |
|
179 | user_group_name = self.request.POST.get('users_group_name') | |
180 | try: |
|
180 | try: | |
181 | form_result = users_group_form.to_python(self.request.POST) |
|
181 | form_result = users_group_form.to_python(self.request.POST) | |
182 | pstruct = peppercorn.parse(self.request.POST.items()) |
|
182 | pstruct = peppercorn.parse(self.request.POST.items()) | |
183 | form_result['users_group_members'] = pstruct['user_group_members'] |
|
183 | form_result['users_group_members'] = pstruct['user_group_members'] | |
184 |
|
184 | |||
185 | user_group, added_members, removed_members = \ |
|
185 | user_group, added_members, removed_members = \ | |
186 | UserGroupModel().update(c.user_group, form_result) |
|
186 | UserGroupModel().update(c.user_group, form_result) | |
187 | updated_user_group = form_result['users_group_name'] |
|
187 | updated_user_group = form_result['users_group_name'] | |
188 |
|
188 | |||
|
189 | for user_id in added_members: | |||
|
190 | user = User.get(user_id) | |||
|
191 | user_data = user.get_api_data() | |||
|
192 | audit_logger.store_web( | |||
|
193 | 'user_group.edit.member.add', | |||
|
194 | action_data={'user': user_data, 'old_data': old_values}, | |||
|
195 | user=self._rhodecode_user) | |||
|
196 | ||||
|
197 | for user_id in removed_members: | |||
|
198 | user = User.get(user_id) | |||
|
199 | user_data = user.get_api_data() | |||
|
200 | audit_logger.store_web( | |||
|
201 | 'user_group.edit.member.delete', | |||
|
202 | action_data={'user': user_data, 'old_data': old_values}, | |||
|
203 | user=self._rhodecode_user) | |||
|
204 | ||||
189 | audit_logger.store_web( |
|
205 | audit_logger.store_web( | |
190 | 'user_group.edit', action_data={'old_data': old_values}, |
|
206 | 'user_group.edit', action_data={'old_data': old_values}, | |
191 | user=self._rhodecode_user) |
|
207 | user=self._rhodecode_user) | |
192 |
|
208 | |||
193 | # TODO(marcink): use added/removed to set user_group.edit.member.add |
|
|||
194 |
|
||||
195 | h.flash(_('Updated user group %s') % updated_user_group, |
|
209 | h.flash(_('Updated user group %s') % updated_user_group, | |
196 | category='success') |
|
210 | category='success') | |
197 | Session().commit() |
|
211 | Session().commit() | |
198 | except formencode.Invalid as errors: |
|
212 | except formencode.Invalid as errors: | |
199 | defaults = errors.value |
|
213 | defaults = errors.value | |
200 | e = errors.error_dict or {} |
|
214 | e = errors.error_dict or {} | |
201 |
|
215 | |||
202 | data = render( |
|
216 | data = render( | |
203 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', |
|
217 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |
204 | self._get_template_context(c), self.request) |
|
218 | self._get_template_context(c), self.request) | |
205 | html = formencode.htmlfill.render( |
|
219 | html = formencode.htmlfill.render( | |
206 | data, |
|
220 | data, | |
207 | defaults=defaults, |
|
221 | defaults=defaults, | |
208 | errors=e, |
|
222 | errors=e, | |
209 | prefix_error=False, |
|
223 | prefix_error=False, | |
210 | encoding="UTF-8", |
|
224 | encoding="UTF-8", | |
211 | force_defaults=False |
|
225 | force_defaults=False | |
212 | ) |
|
226 | ) | |
213 | return Response(html) |
|
227 | return Response(html) | |
214 |
|
228 | |||
215 | except Exception: |
|
229 | except Exception: | |
216 | log.exception("Exception during update of user group") |
|
230 | log.exception("Exception during update of user group") | |
217 | h.flash(_('Error occurred during update of user group %s') |
|
231 | h.flash(_('Error occurred during update of user group %s') | |
218 | % user_group_name, category='error') |
|
232 | % user_group_name, category='error') | |
219 |
|
233 | |||
220 | raise HTTPFound( |
|
234 | raise HTTPFound( | |
221 | h.route_path('edit_user_group', user_group_id=user_group_id)) |
|
235 | h.route_path('edit_user_group', user_group_id=user_group_id)) | |
222 |
|
236 | |||
223 | @LoginRequired() |
|
237 | @LoginRequired() | |
224 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
238 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
225 | @CSRFRequired() |
|
239 | @CSRFRequired() | |
226 | @view_config( |
|
240 | @view_config( | |
227 | route_name='user_groups_delete', request_method='POST', |
|
241 | route_name='user_groups_delete', request_method='POST', | |
228 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
242 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
229 | def user_group_delete(self): |
|
243 | def user_group_delete(self): | |
230 | _ = self.request.translate |
|
244 | _ = self.request.translate | |
231 | user_group = self.db_user_group |
|
245 | user_group = self.db_user_group | |
232 |
|
246 | |||
233 | self.load_default_context() |
|
247 | self.load_default_context() | |
234 | force = str2bool(self.request.POST.get('force')) |
|
248 | force = str2bool(self.request.POST.get('force')) | |
235 |
|
249 | |||
236 | old_values = user_group.get_api_data() |
|
250 | old_values = user_group.get_api_data() | |
237 | try: |
|
251 | try: | |
238 | UserGroupModel().delete(user_group, force=force) |
|
252 | UserGroupModel().delete(user_group, force=force) | |
239 | audit_logger.store_web( |
|
253 | audit_logger.store_web( | |
240 | 'user.delete', action_data={'old_data': old_values}, |
|
254 | 'user.delete', action_data={'old_data': old_values}, | |
241 | user=self._rhodecode_user) |
|
255 | user=self._rhodecode_user) | |
242 | Session().commit() |
|
256 | Session().commit() | |
243 | h.flash(_('Successfully deleted user group'), category='success') |
|
257 | h.flash(_('Successfully deleted user group'), category='success') | |
244 | except UserGroupAssignedException as e: |
|
258 | except UserGroupAssignedException as e: | |
245 | h.flash(str(e), category='error') |
|
259 | h.flash(str(e), category='error') | |
246 | except Exception: |
|
260 | except Exception: | |
247 | log.exception("Exception during deletion of user group") |
|
261 | log.exception("Exception during deletion of user group") | |
248 | h.flash(_('An error occurred during deletion of user group'), |
|
262 | h.flash(_('An error occurred during deletion of user group'), | |
249 | category='error') |
|
263 | category='error') | |
250 | raise HTTPFound(h.route_path('user_groups')) |
|
264 | raise HTTPFound(h.route_path('user_groups')) | |
251 |
|
265 | |||
252 | @LoginRequired() |
|
266 | @LoginRequired() | |
253 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
267 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
254 | @view_config( |
|
268 | @view_config( | |
255 | route_name='edit_user_group', request_method='GET', |
|
269 | route_name='edit_user_group', request_method='GET', | |
256 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
270 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
257 | def user_group_edit(self): |
|
271 | def user_group_edit(self): | |
258 | user_group = self.db_user_group |
|
272 | user_group = self.db_user_group | |
259 |
|
273 | |||
260 | c = self.load_default_context() |
|
274 | c = self.load_default_context() | |
261 | c.user_group = user_group |
|
275 | c.user_group = user_group | |
262 | c.group_members_obj = [x.user for x in c.user_group.members] |
|
276 | c.group_members_obj = [x.user for x in c.user_group.members] | |
263 | c.group_members_obj.sort(key=lambda u: u.username.lower()) |
|
277 | c.group_members_obj.sort(key=lambda u: u.username.lower()) | |
264 | c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] |
|
278 | c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] | |
265 |
|
279 | |||
266 | c.active = 'settings' |
|
280 | c.active = 'settings' | |
267 |
|
281 | |||
268 | defaults = user_group.get_dict() |
|
282 | defaults = user_group.get_dict() | |
269 | # fill owner |
|
283 | # fill owner | |
270 | if user_group.user: |
|
284 | if user_group.user: | |
271 | defaults.update({'user': user_group.user.username}) |
|
285 | defaults.update({'user': user_group.user.username}) | |
272 | else: |
|
286 | else: | |
273 | replacement_user = User.get_first_super_admin().username |
|
287 | replacement_user = User.get_first_super_admin().username | |
274 | defaults.update({'user': replacement_user}) |
|
288 | defaults.update({'user': replacement_user}) | |
275 |
|
289 | |||
276 | data = render( |
|
290 | data = render( | |
277 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', |
|
291 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |
278 | self._get_template_context(c), self.request) |
|
292 | self._get_template_context(c), self.request) | |
279 | html = formencode.htmlfill.render( |
|
293 | html = formencode.htmlfill.render( | |
280 | data, |
|
294 | data, | |
281 | defaults=defaults, |
|
295 | defaults=defaults, | |
282 | encoding="UTF-8", |
|
296 | encoding="UTF-8", | |
283 | force_defaults=False |
|
297 | force_defaults=False | |
284 | ) |
|
298 | ) | |
285 | return Response(html) |
|
299 | return Response(html) | |
286 |
|
300 | |||
287 | @LoginRequired() |
|
301 | @LoginRequired() | |
288 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
302 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
289 | @view_config( |
|
303 | @view_config( | |
290 | route_name='edit_user_group_perms', request_method='GET', |
|
304 | route_name='edit_user_group_perms', request_method='GET', | |
291 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
305 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
292 | def user_group_edit_perms(self): |
|
306 | def user_group_edit_perms(self): | |
293 | user_group = self.db_user_group |
|
307 | user_group = self.db_user_group | |
294 | c = self.load_default_context() |
|
308 | c = self.load_default_context() | |
295 | c.user_group = user_group |
|
309 | c.user_group = user_group | |
296 | c.active = 'perms' |
|
310 | c.active = 'perms' | |
297 |
|
311 | |||
298 | defaults = {} |
|
312 | defaults = {} | |
299 | # fill user group users |
|
313 | # fill user group users | |
300 | for p in c.user_group.user_user_group_to_perm: |
|
314 | for p in c.user_group.user_user_group_to_perm: | |
301 | defaults.update({'u_perm_%s' % p.user.user_id: |
|
315 | defaults.update({'u_perm_%s' % p.user.user_id: | |
302 | p.permission.permission_name}) |
|
316 | p.permission.permission_name}) | |
303 |
|
317 | |||
304 | for p in c.user_group.user_group_user_group_to_perm: |
|
318 | for p in c.user_group.user_group_user_group_to_perm: | |
305 | defaults.update({'g_perm_%s' % p.user_group.users_group_id: |
|
319 | defaults.update({'g_perm_%s' % p.user_group.users_group_id: | |
306 | p.permission.permission_name}) |
|
320 | p.permission.permission_name}) | |
307 |
|
321 | |||
308 | data = render( |
|
322 | data = render( | |
309 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', |
|
323 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |
310 | self._get_template_context(c), self.request) |
|
324 | self._get_template_context(c), self.request) | |
311 | html = formencode.htmlfill.render( |
|
325 | html = formencode.htmlfill.render( | |
312 | data, |
|
326 | data, | |
313 | defaults=defaults, |
|
327 | defaults=defaults, | |
314 | encoding="UTF-8", |
|
328 | encoding="UTF-8", | |
315 | force_defaults=False |
|
329 | force_defaults=False | |
316 | ) |
|
330 | ) | |
317 | return Response(html) |
|
331 | return Response(html) | |
318 |
|
332 | |||
319 | @LoginRequired() |
|
333 | @LoginRequired() | |
320 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
334 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
321 | @CSRFRequired() |
|
335 | @CSRFRequired() | |
322 | @view_config( |
|
336 | @view_config( | |
323 | route_name='edit_user_group_perms_update', request_method='POST', |
|
337 | route_name='edit_user_group_perms_update', request_method='POST', | |
324 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
338 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
325 | def user_group_update_perms(self): |
|
339 | def user_group_update_perms(self): | |
326 | """ |
|
340 | """ | |
327 | grant permission for given user group |
|
341 | grant permission for given user group | |
328 | """ |
|
342 | """ | |
329 | _ = self.request.translate |
|
343 | _ = self.request.translate | |
330 |
|
344 | |||
331 | user_group = self.db_user_group |
|
345 | user_group = self.db_user_group | |
332 | user_group_id = user_group.users_group_id |
|
346 | user_group_id = user_group.users_group_id | |
333 | c = self.load_default_context() |
|
347 | c = self.load_default_context() | |
334 | c.user_group = user_group |
|
348 | c.user_group = user_group | |
335 | form = UserGroupPermsForm()().to_python(self.request.POST) |
|
349 | form = UserGroupPermsForm()().to_python(self.request.POST) | |
336 |
|
350 | |||
337 | if not self._rhodecode_user.is_admin: |
|
351 | if not self._rhodecode_user.is_admin: | |
338 | if self._revoke_perms_on_yourself(form): |
|
352 | if self._revoke_perms_on_yourself(form): | |
339 | msg = _('Cannot change permission for yourself as admin') |
|
353 | msg = _('Cannot change permission for yourself as admin') | |
340 | h.flash(msg, category='warning') |
|
354 | h.flash(msg, category='warning') | |
341 | raise HTTPFound( |
|
355 | raise HTTPFound( | |
342 | h.route_path('edit_user_group_perms', |
|
356 | h.route_path('edit_user_group_perms', | |
343 | user_group_id=user_group_id)) |
|
357 | user_group_id=user_group_id)) | |
344 |
|
358 | |||
345 | try: |
|
359 | try: | |
346 | changes = UserGroupModel().update_permissions( |
|
360 | changes = UserGroupModel().update_permissions( | |
347 | user_group_id, |
|
361 | user_group_id, | |
348 | form['perm_additions'], form['perm_updates'], |
|
362 | form['perm_additions'], form['perm_updates'], | |
349 | form['perm_deletions']) |
|
363 | form['perm_deletions']) | |
350 |
|
364 | |||
351 | except RepoGroupAssignmentError: |
|
365 | except RepoGroupAssignmentError: | |
352 | h.flash(_('Target group cannot be the same'), category='error') |
|
366 | h.flash(_('Target group cannot be the same'), category='error') | |
353 | raise HTTPFound( |
|
367 | raise HTTPFound( | |
354 | h.route_path('edit_user_group_perms', |
|
368 | h.route_path('edit_user_group_perms', | |
355 | user_group_id=user_group_id)) |
|
369 | user_group_id=user_group_id)) | |
356 |
|
370 | |||
357 | action_data = { |
|
371 | action_data = { | |
358 | 'added': changes['added'], |
|
372 | 'added': changes['added'], | |
359 | 'updated': changes['updated'], |
|
373 | 'updated': changes['updated'], | |
360 | 'deleted': changes['deleted'], |
|
374 | 'deleted': changes['deleted'], | |
361 | } |
|
375 | } | |
362 | audit_logger.store_web( |
|
376 | audit_logger.store_web( | |
363 | 'user_group.edit.permissions', action_data=action_data, |
|
377 | 'user_group.edit.permissions', action_data=action_data, | |
364 | user=self._rhodecode_user) |
|
378 | user=self._rhodecode_user) | |
365 |
|
379 | |||
366 | Session().commit() |
|
380 | Session().commit() | |
367 | h.flash(_('User Group permissions updated'), category='success') |
|
381 | h.flash(_('User Group permissions updated'), category='success') | |
368 | raise HTTPFound( |
|
382 | raise HTTPFound( | |
369 | h.route_path('edit_user_group_perms', user_group_id=user_group_id)) |
|
383 | h.route_path('edit_user_group_perms', user_group_id=user_group_id)) | |
370 |
|
384 | |||
371 | @LoginRequired() |
|
385 | @LoginRequired() | |
372 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
386 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
373 | @view_config( |
|
387 | @view_config( | |
374 | route_name='edit_user_group_global_perms', request_method='GET', |
|
388 | route_name='edit_user_group_global_perms', request_method='GET', | |
375 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
389 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
376 | def user_group_global_perms_edit(self): |
|
390 | def user_group_global_perms_edit(self): | |
377 | user_group = self.db_user_group |
|
391 | user_group = self.db_user_group | |
378 | c = self.load_default_context() |
|
392 | c = self.load_default_context() | |
379 | c.user_group = user_group |
|
393 | c.user_group = user_group | |
380 | c.active = 'global_perms' |
|
394 | c.active = 'global_perms' | |
381 |
|
395 | |||
382 | c.default_user = User.get_default_user() |
|
396 | c.default_user = User.get_default_user() | |
383 | defaults = c.user_group.get_dict() |
|
397 | defaults = c.user_group.get_dict() | |
384 | defaults.update(c.default_user.get_default_perms(suffix='_inherited')) |
|
398 | defaults.update(c.default_user.get_default_perms(suffix='_inherited')) | |
385 | defaults.update(c.user_group.get_default_perms()) |
|
399 | defaults.update(c.user_group.get_default_perms()) | |
386 |
|
400 | |||
387 | data = render( |
|
401 | data = render( | |
388 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', |
|
402 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |
389 | self._get_template_context(c), self.request) |
|
403 | self._get_template_context(c), self.request) | |
390 | html = formencode.htmlfill.render( |
|
404 | html = formencode.htmlfill.render( | |
391 | data, |
|
405 | data, | |
392 | defaults=defaults, |
|
406 | defaults=defaults, | |
393 | encoding="UTF-8", |
|
407 | encoding="UTF-8", | |
394 | force_defaults=False |
|
408 | force_defaults=False | |
395 | ) |
|
409 | ) | |
396 | return Response(html) |
|
410 | return Response(html) | |
397 |
|
411 | |||
398 | @LoginRequired() |
|
412 | @LoginRequired() | |
399 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
413 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
400 | @CSRFRequired() |
|
414 | @CSRFRequired() | |
401 | @view_config( |
|
415 | @view_config( | |
402 | route_name='edit_user_group_global_perms_update', request_method='POST', |
|
416 | route_name='edit_user_group_global_perms_update', request_method='POST', | |
403 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
417 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
404 | def user_group_global_perms_update(self): |
|
418 | def user_group_global_perms_update(self): | |
405 | _ = self.request.translate |
|
419 | _ = self.request.translate | |
406 | user_group = self.db_user_group |
|
420 | user_group = self.db_user_group | |
407 | user_group_id = self.db_user_group.users_group_id |
|
421 | user_group_id = self.db_user_group.users_group_id | |
408 |
|
422 | |||
409 | c = self.load_default_context() |
|
423 | c = self.load_default_context() | |
410 | c.user_group = user_group |
|
424 | c.user_group = user_group | |
411 | c.active = 'global_perms' |
|
425 | c.active = 'global_perms' | |
412 |
|
426 | |||
413 | try: |
|
427 | try: | |
414 | # first stage that verifies the checkbox |
|
428 | # first stage that verifies the checkbox | |
415 | _form = UserIndividualPermissionsForm() |
|
429 | _form = UserIndividualPermissionsForm() | |
416 | form_result = _form.to_python(dict(self.request.POST)) |
|
430 | form_result = _form.to_python(dict(self.request.POST)) | |
417 | inherit_perms = form_result['inherit_default_permissions'] |
|
431 | inherit_perms = form_result['inherit_default_permissions'] | |
418 | user_group.inherit_default_permissions = inherit_perms |
|
432 | user_group.inherit_default_permissions = inherit_perms | |
419 | Session().add(user_group) |
|
433 | Session().add(user_group) | |
420 |
|
434 | |||
421 | if not inherit_perms: |
|
435 | if not inherit_perms: | |
422 | # only update the individual ones if we un check the flag |
|
436 | # only update the individual ones if we un check the flag | |
423 | _form = UserPermissionsForm( |
|
437 | _form = UserPermissionsForm( | |
424 | [x[0] for x in c.repo_create_choices], |
|
438 | [x[0] for x in c.repo_create_choices], | |
425 | [x[0] for x in c.repo_create_on_write_choices], |
|
439 | [x[0] for x in c.repo_create_on_write_choices], | |
426 | [x[0] for x in c.repo_group_create_choices], |
|
440 | [x[0] for x in c.repo_group_create_choices], | |
427 | [x[0] for x in c.user_group_create_choices], |
|
441 | [x[0] for x in c.user_group_create_choices], | |
428 | [x[0] for x in c.fork_choices], |
|
442 | [x[0] for x in c.fork_choices], | |
429 | [x[0] for x in c.inherit_default_permission_choices])() |
|
443 | [x[0] for x in c.inherit_default_permission_choices])() | |
430 |
|
444 | |||
431 | form_result = _form.to_python(dict(self.request.POST)) |
|
445 | form_result = _form.to_python(dict(self.request.POST)) | |
432 | form_result.update( |
|
446 | form_result.update( | |
433 | {'perm_user_group_id': user_group.users_group_id}) |
|
447 | {'perm_user_group_id': user_group.users_group_id}) | |
434 |
|
448 | |||
435 | PermissionModel().update_user_group_permissions(form_result) |
|
449 | PermissionModel().update_user_group_permissions(form_result) | |
436 |
|
450 | |||
437 | Session().commit() |
|
451 | Session().commit() | |
438 | h.flash(_('User Group global permissions updated successfully'), |
|
452 | h.flash(_('User Group global permissions updated successfully'), | |
439 | category='success') |
|
453 | category='success') | |
440 |
|
454 | |||
441 | except formencode.Invalid as errors: |
|
455 | except formencode.Invalid as errors: | |
442 | defaults = errors.value |
|
456 | defaults = errors.value | |
443 |
|
457 | |||
444 | data = render( |
|
458 | data = render( | |
445 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', |
|
459 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |
446 | self._get_template_context(c), self.request) |
|
460 | self._get_template_context(c), self.request) | |
447 | html = formencode.htmlfill.render( |
|
461 | html = formencode.htmlfill.render( | |
448 | data, |
|
462 | data, | |
449 | defaults=defaults, |
|
463 | defaults=defaults, | |
450 | errors=errors.error_dict or {}, |
|
464 | errors=errors.error_dict or {}, | |
451 | prefix_error=False, |
|
465 | prefix_error=False, | |
452 | encoding="UTF-8", |
|
466 | encoding="UTF-8", | |
453 | force_defaults=False |
|
467 | force_defaults=False | |
454 | ) |
|
468 | ) | |
455 | return Response(html) |
|
469 | return Response(html) | |
456 | except Exception: |
|
470 | except Exception: | |
457 | log.exception("Exception during permissions saving") |
|
471 | log.exception("Exception during permissions saving") | |
458 | h.flash(_('An error occurred during permissions saving'), |
|
472 | h.flash(_('An error occurred during permissions saving'), | |
459 | category='error') |
|
473 | category='error') | |
460 |
|
474 | |||
461 | raise HTTPFound( |
|
475 | raise HTTPFound( | |
462 | h.route_path('edit_user_group_global_perms', |
|
476 | h.route_path('edit_user_group_global_perms', | |
463 | user_group_id=user_group_id)) |
|
477 | user_group_id=user_group_id)) | |
464 |
|
478 | |||
465 | @LoginRequired() |
|
479 | @LoginRequired() | |
466 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
480 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
467 | @view_config( |
|
481 | @view_config( | |
468 | route_name='edit_user_group_advanced', request_method='GET', |
|
482 | route_name='edit_user_group_advanced', request_method='GET', | |
469 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
483 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
470 | def user_group_edit_advanced(self): |
|
484 | def user_group_edit_advanced(self): | |
471 | user_group = self.db_user_group |
|
485 | user_group = self.db_user_group | |
472 |
|
486 | |||
473 | c = self.load_default_context() |
|
487 | c = self.load_default_context() | |
474 | c.user_group = user_group |
|
488 | c.user_group = user_group | |
475 | c.active = 'advanced' |
|
489 | c.active = 'advanced' | |
476 | c.group_members_obj = sorted( |
|
490 | c.group_members_obj = sorted( | |
477 | (x.user for x in c.user_group.members), |
|
491 | (x.user for x in c.user_group.members), | |
478 | key=lambda u: u.username.lower()) |
|
492 | key=lambda u: u.username.lower()) | |
479 |
|
493 | |||
480 | c.group_to_repos = sorted( |
|
494 | c.group_to_repos = sorted( | |
481 | (x.repository for x in c.user_group.users_group_repo_to_perm), |
|
495 | (x.repository for x in c.user_group.users_group_repo_to_perm), | |
482 | key=lambda u: u.repo_name.lower()) |
|
496 | key=lambda u: u.repo_name.lower()) | |
483 |
|
497 | |||
484 | c.group_to_repo_groups = sorted( |
|
498 | c.group_to_repo_groups = sorted( | |
485 | (x.group for x in c.user_group.users_group_repo_group_to_perm), |
|
499 | (x.group for x in c.user_group.users_group_repo_group_to_perm), | |
486 | key=lambda u: u.group_name.lower()) |
|
500 | key=lambda u: u.group_name.lower()) | |
487 |
|
501 | |||
488 | c.group_to_review_rules = sorted( |
|
502 | c.group_to_review_rules = sorted( | |
489 | (x.users_group for x in c.user_group.user_group_review_rules), |
|
503 | (x.users_group for x in c.user_group.user_group_review_rules), | |
490 | key=lambda u: u.users_group_name.lower()) |
|
504 | key=lambda u: u.users_group_name.lower()) | |
491 |
|
505 | |||
492 | return self._get_template_context(c) |
|
506 | return self._get_template_context(c) | |
493 |
|
507 | |||
494 | @LoginRequired() |
|
508 | @LoginRequired() | |
495 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') |
|
509 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |
496 | @CSRFRequired() |
|
510 | @CSRFRequired() | |
497 | @view_config( |
|
511 | @view_config( | |
498 | route_name='edit_user_group_advanced_sync', request_method='POST', |
|
512 | route_name='edit_user_group_advanced_sync', request_method='POST', | |
499 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') |
|
513 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |
500 | def user_group_edit_advanced_set_synchronization(self): |
|
514 | def user_group_edit_advanced_set_synchronization(self): | |
501 | _ = self.request.translate |
|
515 | _ = self.request.translate | |
502 | user_group = self.db_user_group |
|
516 | user_group = self.db_user_group | |
503 | user_group_id = user_group.users_group_id |
|
517 | user_group_id = user_group.users_group_id | |
504 |
|
518 | |||
505 | existing = user_group.group_data.get('extern_type') |
|
519 | existing = user_group.group_data.get('extern_type') | |
506 |
|
520 | |||
507 | if existing: |
|
521 | if existing: | |
508 | new_state = user_group.group_data |
|
522 | new_state = user_group.group_data | |
509 | new_state['extern_type'] = None |
|
523 | new_state['extern_type'] = None | |
510 | else: |
|
524 | else: | |
511 | new_state = user_group.group_data |
|
525 | new_state = user_group.group_data | |
512 | new_state['extern_type'] = 'manual' |
|
526 | new_state['extern_type'] = 'manual' | |
513 | new_state['extern_type_set_by'] = self._rhodecode_user.username |
|
527 | new_state['extern_type_set_by'] = self._rhodecode_user.username | |
514 |
|
528 | |||
515 | try: |
|
529 | try: | |
516 | user_group.group_data = new_state |
|
530 | user_group.group_data = new_state | |
517 | Session().add(user_group) |
|
531 | Session().add(user_group) | |
518 | Session().commit() |
|
532 | Session().commit() | |
519 |
|
533 | |||
520 | h.flash(_('User Group synchronization updated successfully'), |
|
534 | h.flash(_('User Group synchronization updated successfully'), | |
521 | category='success') |
|
535 | category='success') | |
522 | except Exception: |
|
536 | except Exception: | |
523 | log.exception("Exception during sync settings saving") |
|
537 | log.exception("Exception during sync settings saving") | |
524 | h.flash(_('An error occurred during synchronization update'), |
|
538 | h.flash(_('An error occurred during synchronization update'), | |
525 | category='error') |
|
539 | category='error') | |
526 |
|
540 | |||
527 | raise HTTPFound( |
|
541 | raise HTTPFound( | |
528 | h.route_path('edit_user_group_advanced', |
|
542 | h.route_path('edit_user_group_advanced', | |
529 | user_group_id=user_group_id)) |
|
543 | user_group_id=user_group_id)) |
General Comments 0
You need to be logged in to leave comments.
Login now