##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
permissions: properly flush user cache permissions in more cases of permission changes....
marcink -
r3824:49be3910 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -43,6 +43,7 b' from rhodecode.model.comment import Comm'
43 43 from rhodecode.model.db import (
44 44 Session, ChangesetStatus, RepositoryField, Repository, RepoGroup,
45 45 ChangesetComment)
46 from rhodecode.model.permission import PermissionModel
46 47 from rhodecode.model.repo import RepoModel
47 48 from rhodecode.model.scm import ScmModel, RepoList
48 49 from rhodecode.model.settings import SettingsModel, VcsSettingsModel
@@ -1771,8 +1772,9 b' def grant_user_permission(request, apius'
1771 1772 }
1772 1773 audit_logger.store_api(
1773 1774 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1775 Session().commit()
1776 PermissionModel().flush_user_permission_caches(changes)
1774 1777
1775 Session().commit()
1776 1778 return {
1777 1779 'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
1778 1780 perm.permission_name, user.username, repo.repo_name
@@ -1833,8 +1835,9 b' def revoke_user_permission(request, apiu'
1833 1835 }
1834 1836 audit_logger.store_api(
1835 1837 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1838 Session().commit()
1839 PermissionModel().flush_user_permission_caches(changes)
1836 1840
1837 Session().commit()
1838 1841 return {
1839 1842 'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
1840 1843 user.username, repo.repo_name
@@ -1919,8 +1922,9 b' def grant_user_group_permission(request,'
1919 1922 }
1920 1923 audit_logger.store_api(
1921 1924 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1925 Session().commit()
1926 PermissionModel().flush_user_permission_caches(changes)
1922 1927
1923 Session().commit()
1924 1928 return {
1925 1929 'msg': 'Granted perm: `%s` for user group: `%s` in '
1926 1930 'repo: `%s`' % (
@@ -1992,8 +1996,9 b' def revoke_user_group_permission(request'
1992 1996 }
1993 1997 audit_logger.store_api(
1994 1998 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1999 Session().commit()
2000 PermissionModel().flush_user_permission_caches(changes)
1995 2001
1996 Session().commit()
1997 2002 return {
1998 2003 'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (
1999 2004 user_group.users_group_name, repo.repo_name
Show file before | Show file after | Hide comments
@@ -31,6 +31,7 b' from rhodecode.lib import audit_logger'
31 31 from rhodecode.lib.auth import (
32 32 HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAnyApi)
33 33 from rhodecode.model.db import Session
34 from rhodecode.model.permission import PermissionModel
34 35 from rhodecode.model.repo_group import RepoGroupModel
35 36 from rhodecode.model.scm import RepoGroupList
36 37 from rhodecode.model import validation_schema
@@ -465,8 +466,9 b' def grant_user_permission_to_repo_group('
465 466 audit_logger.store_api(
466 467 'repo_group.edit.permissions', action_data=action_data,
467 468 user=apiuser)
469 Session().commit()
470 PermissionModel().flush_user_permission_caches(changes)
468 471
469 Session().commit()
470 472 return {
471 473 'msg': 'Granted perm: `%s` (recursive:%s) for user: '
472 474 '`%s` in repo group: `%s`' % (
@@ -548,8 +550,9 b' def revoke_user_permission_from_repo_gro'
548 550 audit_logger.store_api(
549 551 'repo_group.edit.permissions', action_data=action_data,
550 552 user=apiuser)
553 Session().commit()
554 PermissionModel().flush_user_permission_caches(changes)
551 555
552 Session().commit()
553 556 return {
554 557 'msg': 'Revoked perm (recursive:%s) for user: '
555 558 '`%s` in repo group: `%s`' % (
@@ -641,8 +644,9 b' def grant_user_group_permission_to_repo_'
641 644 audit_logger.store_api(
642 645 'repo_group.edit.permissions', action_data=action_data,
643 646 user=apiuser)
647 Session().commit()
648 PermissionModel().flush_user_permission_caches(changes)
644 649
645 Session().commit()
646 650 return {
647 651 'msg': 'Granted perm: `%s` (recursive:%s) '
648 652 'for user group: `%s` in repo group: `%s`' % (
@@ -733,8 +737,9 b' def revoke_user_group_permission_from_re'
733 737 audit_logger.store_api(
734 738 'repo_group.edit.permissions', action_data=action_data,
735 739 user=apiuser)
740 Session().commit()
741 PermissionModel().flush_user_permission_caches(changes)
736 742
737 Session().commit()
738 743 return {
739 744 'msg': 'Revoked perm (recursive:%s) for user group: '
740 745 '`%s` in repo group: `%s`' % (
Show file before | Show file after | Hide comments
@@ -29,6 +29,7 b' from rhodecode.lib import audit_logger'
29 29 from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi
30 30 from rhodecode.lib.exceptions import UserGroupAssignedException
31 31 from rhodecode.model.db import Session
32 from rhodecode.model.permission import PermissionModel
32 33 from rhodecode.model.scm import UserGroupList
33 34 from rhodecode.model.user_group import UserGroupModel
34 35 from rhodecode.model import validation_schema
@@ -266,6 +267,10 b' def create_user_group('
266 267 'user_group.create', action_data={'data': creation_data},
267 268 user=apiuser)
268 269 Session().commit()
270
271 affected_user_ids = [apiuser.user_id, owner.user_id]
272 PermissionModel().trigger_permission_flush(affected_user_ids)
273
269 274 return {
270 275 'msg': 'created new user group `%s`' % group_name,
271 276 'user_group': creation_data
@@ -649,8 +654,9 b' def grant_user_permission_to_user_group('
649 654 audit_logger.store_api(
650 655 'user_group.edit.permissions', action_data=action_data,
651 656 user=apiuser)
657 Session().commit()
658 PermissionModel().flush_user_permission_caches(changes)
652 659
653 Session().commit()
654 660 return {
655 661 'msg':
656 662 'Granted perm: `%s` for user: `%s` in user group: `%s`' % (
@@ -718,8 +724,9 b' def revoke_user_permission_from_user_gro'
718 724 audit_logger.store_api(
719 725 'user_group.edit.permissions', action_data=action_data,
720 726 user=apiuser)
727 Session().commit()
728 PermissionModel().flush_user_permission_caches(changes)
721 729
722 Session().commit()
723 730 return {
724 731 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % (
725 732 user.username, user_group.users_group_name
@@ -795,8 +802,9 b' def grant_user_group_permission_to_user_'
795 802 audit_logger.store_api(
796 803 'user_group.edit.permissions', action_data=action_data,
797 804 user=apiuser)
805 Session().commit()
806 PermissionModel().flush_user_permission_caches(changes)
798 807
799 Session().commit()
800 808 return {
801 809 'msg': 'Granted perm: `%s` for user group: `%s` '
802 810 'in user group: `%s`' % (
@@ -873,8 +881,8 b' def revoke_user_group_permission_from_us'
873 881 audit_logger.store_api(
874 882 'user_group.edit.permissions', action_data=action_data,
875 883 user=apiuser)
876
877 884 Session().commit()
885 PermissionModel().flush_user_permission_caches(changes)
878 886
879 887 return {
880 888 'msg': 'Revoked perm for user group: '
Show file before | Show file after | Hide comments
@@ -142,7 +142,7 b' class AdminPermissionsView(BaseAppView, '
142 142 category='error')
143 143
144 144 affected_user_ids = [User.get_default_user().user_id]
145 events.trigger(events.UserPermissionsChange(affected_user_ids))
145 PermissionModel().trigger_permission_flush(affected_user_ids)
146 146
147 147 raise HTTPFound(h.route_path('admin_permissions_application'))
148 148
@@ -218,7 +218,7 b' class AdminPermissionsView(BaseAppView, '
218 218 category='error')
219 219
220 220 affected_user_ids = [User.get_default_user().user_id]
221 events.trigger(events.UserPermissionsChange(affected_user_ids))
221 PermissionModel().trigger_permission_flush(affected_user_ids)
222 222
223 223 raise HTTPFound(h.route_path('admin_permissions_object'))
224 224
@@ -320,7 +320,7 b' class AdminPermissionsView(BaseAppView, '
320 320 category='error')
321 321
322 322 affected_user_ids = [User.get_default_user().user_id]
323 events.trigger(events.UserPermissionsChange(affected_user_ids))
323 PermissionModel().trigger_permission_flush(affected_user_ids)
324 324
325 325 raise HTTPFound(h.route_path('admin_permissions_global'))
326 326
Show file before | Show file after | Hide comments
@@ -36,6 +36,7 b' from rhodecode.lib.auth import ('
36 36 from rhodecode.lib import helpers as h, audit_logger
37 37 from rhodecode.lib.utils2 import safe_int, safe_unicode, datetime_to_time
38 38 from rhodecode.model.forms import RepoGroupForm
39 from rhodecode.model.permission import PermissionModel
39 40 from rhodecode.model.repo_group import RepoGroupModel
40 41 from rhodecode.model.scm import RepoGroupList
41 42 from rhodecode.model.db import (
@@ -354,7 +355,7 b' class AdminRepoGroupsView(BaseAppView, D'
354 355 copy_perms = [perm['user_id'] for perm in user_group_perms]
355 356 # also include those newly created by copy
356 357 affected_user_ids.extend(copy_perms)
357 events.trigger(events.UserPermissionsChange(affected_user_ids))
358 PermissionModel().trigger_permission_flush(affected_user_ids)
358 359
359 360 raise HTTPFound(
360 361 h.route_path('repo_group_home',
Show file before | Show file after | Hide comments
@@ -39,6 +39,7 b' from rhodecode.lib import helpers as h'
39 39 from rhodecode.lib.utils import repo_name_slug
40 40 from rhodecode.lib.utils2 import safe_int, safe_unicode
41 41 from rhodecode.model.forms import RepoForm
42 from rhodecode.model.permission import PermissionModel
42 43 from rhodecode.model.repo import RepoModel
43 44 from rhodecode.model.scm import RepoList, RepoGroupList, ScmModel
44 45 from rhodecode.model.settings import SettingsModel
@@ -182,7 +183,7 b' class AdminReposView(BaseAppView, DataGr'
182 183 if copy_permissions:
183 184 # permission flush is done in repo creating
184 185 pass
185 events.trigger(events.UserPermissionsChange(affected_user_ids))
186 PermissionModel().trigger_permission_flush(affected_user_ids)
186 187
187 188 raise HTTPFound(
188 189 h.route_path('repo_creating', repo_name=repo_name,
Show file before | Show file after | Hide comments
@@ -266,6 +266,8 b' class AdminUserGroupsView(BaseAppView, D'
266 266 % user_group_name, category='error')
267 267 raise HTTPFound(h.route_path('user_groups_new'))
268 268
269 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
269 affected_user_ids = [self._rhodecode_user.user_id]
270 PermissionModel().trigger_permission_flush(affected_user_ids)
271
270 272 raise HTTPFound(
271 273 h.route_path('edit_user_group', user_group_id=user_group_id))
Show file before | Show file after | Hide comments
@@ -597,7 +597,7 b' class UsersView(UserAppView):'
597 597 category='error')
598 598
599 599 affected_user_ids = [user_id]
600 events.trigger(events.UserPermissionsChange(affected_user_ids))
600 PermissionModel().trigger_permission_flush(affected_user_ids)
601 601 raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
602 602
603 603 @LoginRequired()
Show file before | Show file after | Hide comments
@@ -23,14 +23,12 b' import logging'
23 23 from pyramid.view import view_config
24 24 from pyramid.httpexceptions import HTTPFound
25 25
26 from rhodecode import events
27 26 from rhodecode.apps._base import RepoGroupAppView
28 27 from rhodecode.lib import helpers as h
29 28 from rhodecode.lib import audit_logger
30 29 from rhodecode.lib.auth import (
31 30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
32 from rhodecode.lib.utils2 import safe_int
33 from rhodecode.model.db import UserGroup
31 from rhodecode.model.permission import PermissionModel
34 32 from rhodecode.model.repo_group import RepoGroupModel
35 33 from rhodecode.model.forms import RepoGroupPermsForm
36 34 from rhodecode.model.meta import Session
@@ -98,18 +96,7 b' class RepoGroupPermissionsView(RepoGroup'
98 96
99 97 Session().commit()
100 98 h.flash(_('Repository Group permissions updated'), category='success')
101
102 affected_user_ids = []
103 for change in changes['added'] + changes['updated'] + changes['deleted']:
104 if change['type'] == 'user':
105 affected_user_ids.append(change['id'])
106 if change['type'] == 'user_group':
107 user_group = UserGroup.get(safe_int(change['id']))
108 if user_group:
109 group_members_ids = [x.user_id for x in user_group.members]
110 affected_user_ids.extend(group_members_ids)
111
112 events.trigger(events.UserPermissionsChange(affected_user_ids))
99 PermissionModel().flush_user_permission_caches(changes)
113 100
114 101 raise HTTPFound(
115 102 h.route_path('edit_repo_group_perms',
Show file before | Show file after | Hide comments
@@ -33,6 +33,7 b' from rhodecode.lib.auth import ('
33 33 LoginRequired, HasPermissionAll,
34 34 HasRepoGroupPermissionAny, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
35 35 from rhodecode.model.db import Session, RepoGroup, User
36 from rhodecode.model.permission import PermissionModel
36 37 from rhodecode.model.scm import RepoGroupList
37 38 from rhodecode.model.repo_group import RepoGroupModel
38 39 from rhodecode.model.validation_schema.schemas import repo_group_schema
@@ -187,7 +188,7 b' class RepoGroupSettingsView(RepoGroupApp'
187 188 owner = User.get_by_username(schema_data['repo_group_owner'])
188 189 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
189 190 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
191 PermissionModel().trigger_permission_flush(affected_user_ids)
191 192
192 193 raise HTTPFound(
193 194 h.route_path('edit_repo_group', repo_group_name=new_repo_group_name))
Show file before | Show file after | Hide comments
@@ -28,6 +28,7 b' from rhodecode.apps._base import BaseApp'
28 28 from rhodecode.lib import helpers as h
29 29 from rhodecode.lib.auth import (NotAnonymous, HasRepoPermissionAny)
30 30 from rhodecode.model.db import Repository
31 from rhodecode.model.permission import PermissionModel
31 32 from rhodecode.model.validation_schema.types import RepoNameType
32 33
33 34 log = logging.getLogger(__name__)
@@ -122,4 +123,4 b' class RepoChecksView(BaseAppView):'
122 123 # repo is finished and created, we flush the permissions now
123 124 user_group_perms = db_repo.permissions(expand_from_user_groups=True)
124 125 affected_user_ids = [perm['user_id'] for perm in user_group_perms]
125 events.trigger(events.UserPermissionsChange(affected_user_ids))
126 PermissionModel().trigger_permission_flush(affected_user_ids)
Show file before | Show file after | Hide comments
@@ -36,6 +36,7 b' from rhodecode.lib.auth import ('
36 36 import rhodecode.lib.helpers as h
37 37 from rhodecode.lib.celerylib.utils import get_task_id
38 38 from rhodecode.model.db import coalesce, or_, Repository, RepoGroup
39 from rhodecode.model.permission import PermissionModel
39 40 from rhodecode.model.repo import RepoModel
40 41 from rhodecode.model.forms import RepoForkForm
41 42 from rhodecode.model.scm import ScmModel, RepoGroupList
@@ -259,7 +260,7 b' class RepoForksView(RepoAppView, DataGri'
259 260 # permission flush is done in repo creating
260 261 pass
261 262
262 events.trigger(events.UserPermissionsChange(affected_user_ids))
263 PermissionModel().trigger_permission_flush(affected_user_ids)
263 264
264 265 raise HTTPFound(
265 266 h.route_path('repo_creating', repo_name=repo_name,
Show file before | Show file after | Hide comments
@@ -23,16 +23,14 b' import logging'
23 23 from pyramid.httpexceptions import HTTPFound
24 24 from pyramid.view import view_config
25 25
26 from rhodecode import events
27 26 from rhodecode.apps._base import RepoAppView
28 27 from rhodecode.lib import helpers as h
29 28 from rhodecode.lib import audit_logger
30 29 from rhodecode.lib.auth import (
31 30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
32 from rhodecode.lib.utils2 import safe_int
33 from rhodecode.model.db import UserGroup
34 31 from rhodecode.model.forms import RepoPermsForm
35 32 from rhodecode.model.meta import Session
33 from rhodecode.model.permission import PermissionModel
36 34 from rhodecode.model.repo import RepoModel
37 35
38 36 log = logging.getLogger(__name__)
@@ -91,17 +89,7 b' class RepoSettingsPermissionsView(RepoAp'
91 89 Session().commit()
92 90 h.flash(_('Repository permissions updated'), category='success')
93 91
94 affected_user_ids = []
95 for change in changes['added'] + changes['updated'] + changes['deleted']:
96 if change['type'] == 'user':
97 affected_user_ids.append(change['id'])
98 if change['type'] == 'user_group':
99 user_group = UserGroup.get(safe_int(change['id']))
100 if user_group:
101 group_members_ids = [x.user_id for x in user_group.members]
102 affected_user_ids.extend(group_members_ids)
103
104 events.trigger(events.UserPermissionsChange(affected_user_ids))
92 PermissionModel().flush_user_permission_caches(changes)
105 93
106 94 raise HTTPFound(
107 95 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
Show file before | Show file after | Hide comments
@@ -33,6 +33,7 b' from rhodecode.lib.auth import ('
33 33 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
34 34 from rhodecode.model.db import RepositoryField, RepoGroup, Repository, User
35 35 from rhodecode.model.meta import Session
36 from rhodecode.model.permission import PermissionModel
36 37 from rhodecode.model.repo import RepoModel
37 38 from rhodecode.model.scm import RepoGroupList, ScmModel
38 39 from rhodecode.model.validation_schema.schemas import repo_schema
@@ -184,7 +185,7 b' class RepoSettingsView(RepoAppView):'
184 185 owner = User.get_by_username(schema_data['repo_owner'])
185 186 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
186 187 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
187 events.trigger(events.UserPermissionsChange(affected_user_ids))
188 PermissionModel().trigger_permission_flush(affected_user_ids)
188 189
189 190 raise HTTPFound(
190 191 h.route_path('edit_repo', repo_name=new_repo_name))
Show file before | Show file after | Hide comments
@@ -34,6 +34,7 b' from rhodecode.lib.exceptions import Att'
34 34 from rhodecode.lib.utils2 import safe_int
35 35 from rhodecode.lib.vcs import RepositoryError
36 36 from rhodecode.model.db import Session, UserFollowing, User, Repository
37 from rhodecode.model.permission import PermissionModel
37 38 from rhodecode.model.repo import RepoModel
38 39 from rhodecode.model.scm import ScmModel
39 40
@@ -110,7 +111,7 b' class RepoSettingsView(RepoAppView):'
110 111
111 112 # flush permissions for all users defined in permissions
112 113 affected_user_ids = self._get_users_with_permissions().keys()
113 events.trigger(events.UserPermissionsChange(affected_user_ids))
114 PermissionModel().trigger_permission_flush(affected_user_ids)
114 115
115 116 raise HTTPFound(h.route_path('home'))
116 117
Show file before | Show file after | Hide comments
@@ -199,7 +199,7 b' class UserGroupsView(UserGroupAppView):'
199 199 affected_user_ids.append(self._rhodecode_user.user_id)
200 200 affected_user_ids.append(owner_id)
201 201
202 events.trigger(events.UserPermissionsChange(affected_user_ids))
202 PermissionModel().trigger_permission_flush(affected_user_ids)
203 203
204 204 Session().commit()
205 205 except formencode.Invalid as errors:
@@ -383,7 +383,7 b' class UserGroupsView(UserGroupAppView):'
383 383 group_members_ids = [x.user_id for x in user_group.members]
384 384 affected_user_ids.extend(group_members_ids)
385 385
386 events.trigger(events.UserPermissionsChange(affected_user_ids))
386 PermissionModel().trigger_permission_flush(affected_user_ids)
387 387
388 388 raise HTTPFound(
389 389 h.route_path('edit_user_group_perms', user_group_id=user_group_id))
Show file before | Show file after | Hide comments
@@ -28,6 +28,7 b' import traceback'
28 28
29 29 from sqlalchemy.exc import DatabaseError
30 30
31 from rhodecode import events
31 32 from rhodecode.model import BaseModel
32 33 from rhodecode.model.db import (
33 34 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
@@ -556,3 +557,21 b' class PermissionModel(BaseModel):'
556 557 self.sa.rollback()
557 558 raise
558 559
560 def trigger_permission_flush(self, affected_user_ids):
561 events.trigger(events.UserPermissionsChange(affected_user_ids))
562
563 def flush_user_permission_caches(self, changes, affected_user_ids=None):
564 affected_user_ids = affected_user_ids or []
565
566 for change in changes['added'] + changes['updated'] + changes['deleted']:
567 if change['type'] == 'user':
568 affected_user_ids.append(change['id'])
569 if change['type'] == 'user_group':
570 user_group = UserGroup.get(safe_int(change['id']))
571 if user_group:
572 group_members_ids = [x.user_id for x in user_group.members]
573 affected_user_ids.extend(group_members_ids)
574
575 self.trigger_permission_flush(affected_user_ids)
576
577 return affected_user_ids
General Comments 0
You need to be logged in to leave comments. Login now