Show More
| @@ -34,6 +34,7 b' import traceback' | |||||
| 34 | from functools import wraps |
|
34 | from functools import wraps | |
| 35 |
|
35 | |||
| 36 | import ipaddress |
|
36 | import ipaddress | |
|
|
37 | from beaker.cache import cache_region | |||
| 37 | from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound |
|
38 | from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound | |
| 38 | from pylons.i18n.translation import _ |
|
39 | from pylons.i18n.translation import _ | |
| 39 | # NOTE(marcink): this has to be removed only after pyramid migration, |
|
40 | # NOTE(marcink): this has to be removed only after pyramid migration, | |
| @@ -48,7 +49,7 b' from rhodecode.model.meta import Session' | |||||
| 48 | from rhodecode.model.user import UserModel |
|
49 | from rhodecode.model.user import UserModel | |
| 49 | from rhodecode.model.db import ( |
|
50 | from rhodecode.model.db import ( | |
| 50 | User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember, |
|
51 | User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember, | |
| 51 | UserIpMap, UserApiKeys, RepoGroup) |
|
52 | UserIpMap, UserApiKeys, RepoGroup, UserGroup) | |
| 52 | from rhodecode.lib import caches |
|
53 | from rhodecode.lib import caches | |
| 53 | from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5 |
|
54 | from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5 | |
| 54 | from rhodecode.lib.utils import ( |
|
55 | from rhodecode.lib.utils import ( | |
| @@ -1003,6 +1004,66 b' class AuthUser(object):' | |||||
| 1003 | x[0] for x in self.permissions['user_groups'].iteritems() |
|
1004 | x[0] for x in self.permissions['user_groups'].iteritems() | |
| 1004 | if x[1] == 'usergroup.admin'] |
|
1005 | if x[1] == 'usergroup.admin'] | |
| 1005 |
|
1006 | |||
|
|
1007 | def repo_acl_ids(self, perms=None, cache=False): | |||
|
|
1008 | """ | |||
|
|
1009 | Returns list of repository ids that user have access to based on given | |||
|
|
1010 | perms. The cache flag should be only used in cases that are used for | |||
|
|
1011 | display purposes, NOT IN ANY CASE for permission checks. | |||
|
|
1012 | """ | |||
|
|
1013 | from rhodecode.model.scm import RepoList | |||
|
|
1014 | if not perms: | |||
|
|
1015 | perms = [ | |||
|
|
1016 | 'repository.read', 'repository.write', 'repository.admin'] | |||
|
|
1017 | ||||
|
|
1018 | def _cached_repo_acl(user_id, perm_def): | |||
|
|
1019 | return [x.repo_id for x in RepoList( | |||
|
|
1020 | Repository.query().all(), perm_set=perm_def)] | |||
|
|
1021 | ||||
|
|
1022 | compute = caches.conditional_cache( | |||
|
|
1023 | 'long_term', 'repo_acl_ids', | |||
|
|
1024 | condition=cache, func=_cached_repo_acl) | |||
|
|
1025 | return compute(self.user_id, perms) | |||
|
|
1026 | ||||
|
|
1027 | def repo_group_acl_ids(self, perms=None, cache=False): | |||
|
|
1028 | """ | |||
|
|
1029 | Returns list of repository group ids that user have access to based on given | |||
|
|
1030 | perms. The cache flag should be only used in cases that are used for | |||
|
|
1031 | display purposes, NOT IN ANY CASE for permission checks. | |||
|
|
1032 | """ | |||
|
|
1033 | from rhodecode.model.scm import RepoGroupList | |||
|
|
1034 | if not perms: | |||
|
|
1035 | perms = [ | |||
|
|
1036 | 'group.read', 'group.write', 'group.admin'] | |||
|
|
1037 | ||||
|
|
1038 | def _cached_repo_group_acl(user_id, perm_def): | |||
|
|
1039 | return [x.group_id for x in RepoGroupList( | |||
|
|
1040 | RepoGroup.query().all(), perm_set=perm_def)] | |||
|
|
1041 | ||||
|
|
1042 | compute = caches.conditional_cache( | |||
|
|
1043 | 'long_term', 'repo_group_acl_ids', | |||
|
|
1044 | condition=cache, func=_cached_repo_group_acl) | |||
|
|
1045 | return compute(self.user_id, perms) | |||
|
|
1046 | ||||
|
|
1047 | def user_group_acl_ids(self, perms=None, cache=False): | |||
|
|
1048 | """ | |||
|
|
1049 | Returns list of user group ids that user have access to based on given | |||
|
|
1050 | perms. The cache flag should be only used in cases that are used for | |||
|
|
1051 | display purposes, NOT IN ANY CASE for permission checks. | |||
|
|
1052 | """ | |||
|
|
1053 | from rhodecode.model.scm import UserGroupList | |||
|
|
1054 | if not perms: | |||
|
|
1055 | perms = [ | |||
|
|
1056 | 'usergroup.read', 'usergroup.write', 'usergroup.admin'] | |||
|
|
1057 | ||||
|
|
1058 | def _cached_user_group_acl(user_id, perm_def): | |||
|
|
1059 | return [x.users_group_id for x in UserGroupList( | |||
|
|
1060 | UserGroup.query().all(), perm_set=perm_def)] | |||
|
|
1061 | ||||
|
|
1062 | compute = caches.conditional_cache( | |||
|
|
1063 | 'long_term', 'user_group_acl_ids', | |||
|
|
1064 | condition=cache, func=_cached_user_group_acl) | |||
|
|
1065 | return compute(self.user_id, perms) | |||
|
|
1066 | ||||
| 1006 | @property |
|
1067 | @property | |
| 1007 | def ip_allowed(self): |
|
1068 | def ip_allowed(self): | |
| 1008 | """ |
|
1069 | """ | |
General Comments 0
You need to be logged in to leave comments.
Login now