##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
core: added more accurate time measurement for called functions
marcink -
r3853:5f8c0244 default
parent child Browse files
Show More

The requested changes are too big and content was truncated. Show full diff

Show file before | Show file after | Hide comments
@@ -1,154 +1,154 b''
1 1 """
2 2 gunicorn config extension and hooks. Sets additional configuration that is
3 3 available post the .ini config.
4 4
5 5 - workers = ${cpu_number}
6 6 - threads = 1
7 7 - proc_name = ${gunicorn_proc_name}
8 8 - worker_class = sync
9 9 - worker_connections = 10
10 10 - max_requests = 1000
11 11 - max_requests_jitter = 30
12 12 - timeout = 21600
13 13
14 14 """
15 15
16 16 import multiprocessing
17 17 import sys
18 18 import time
19 19 import datetime
20 20 import threading
21 21 import traceback
22 22 from gunicorn.glogging import Logger
23 23
24 24
25 25 # GLOBAL
26 26 errorlog = '-'
27 27 accesslog = '-'
28 28 loglevel = 'debug'
29 29
30 30 # SECURITY
31 31
32 32 # The maximum size of HTTP request line in bytes.
33 33 # 0 for unlimited
34 34 limit_request_line = 0
35 35
36 36 # Limit the number of HTTP headers fields in a request.
37 37 # By default this value is 100 and can’t be larger than 32768.
38 38 limit_request_fields = 10240
39 39
40 40 # Limit the allowed size of an HTTP request header field.
41 41 # Value is a positive number or 0.
42 42 # Setting it to 0 will allow unlimited header field sizes.
43 43 limit_request_field_size = 0
44 44
45 45
46 46 # Timeout for graceful workers restart.
47 47 # After receiving a restart signal, workers have this much time to finish
48 48 # serving requests. Workers still alive after the timeout (starting from the
49 49 # receipt of the restart signal) are force killed.
50 50 graceful_timeout = 30
51 51
52 52
53 53 # The number of seconds to wait for requests on a Keep-Alive connection.
54 54 # Generally set in the 1-5 seconds range.
55 55 keepalive = 2
56 56
57 57
58 58 # SERVER MECHANICS
59 59 # None == system temp dir
60 60 # worker_tmp_dir is recommended to be set to some tmpfs
61 61 worker_tmp_dir = None
62 62 tmp_upload_dir = None
63 63
64 64 # Custom log format
65 65 access_log_format = (
66 66 '%(t)s [%(p)-8s] GNCRN %(h)-15s rqt:%(L)s %(s)s %(b)-6s "%(m)s:%(U)s %(q)s" usr:%(u)s "%(f)s" "%(a)s"')
67 67
68 68 # self adjust workers based on CPU count
69 69 # workers = multiprocessing.cpu_count() * 2 + 1
70 70
71 71
72 72 def post_fork(server, worker):
73 73 server.log.info("[<%-10s>] WORKER spawned", worker.pid)
74 74
75 75
76 76 def pre_fork(server, worker):
77 77 pass
78 78
79 79
80 80 def pre_exec(server):
81 81 server.log.info("Forked child, re-executing.")
82 82
83 83
84 84 def on_starting(server):
85 85 server.log.info("Server is starting.")
86 86
87 87
88 88 def when_ready(server):
89 89 server.log.info("Server is ready. Spawning workers")
90 90
91 91
92 92 def on_reload(server):
93 93 pass
94 94
95 95
96 96 def worker_int(worker):
97 97 worker.log.info("[<%-10s>] worker received INT or QUIT signal", worker.pid)
98 98
99 99 # get traceback info, on worker crash
100 100 id2name = dict([(th.ident, th.name) for th in threading.enumerate()])
101 101 code = []
102 102 for thread_id, stack in sys._current_frames().items():
103 103 code.append(
104 104 "\n# Thread: %s(%d)" % (id2name.get(thread_id, ""), thread_id))
105 105 for fname, lineno, name, line in traceback.extract_stack(stack):
106 106 code.append('File: "%s", line %d, in %s' % (fname, lineno, name))
107 107 if line:
108 108 code.append(" %s" % (line.strip()))
109 109 worker.log.debug("\n".join(code))
110 110
111 111
112 112 def worker_abort(worker):
113 113 worker.log.info("[<%-10s>] worker received SIGABRT signal", worker.pid)
114 114
115 115
116 116 def worker_exit(server, worker):
117 117 worker.log.info("[<%-10s>] worker exit", worker.pid)
118 118
119 119
120 120 def child_exit(server, worker):
121 121 worker.log.info("[<%-10s>] worker child exit", worker.pid)
122 122
123 123
124 124 def pre_request(worker, req):
125 125 worker.start_time = time.time()
126 126 worker.log.debug(
127 127 "GNCRN PRE WORKER [cnt:%s]: %s %s", worker.nr, req.method, req.path)
128 128
129 129
130 130 def post_request(worker, req, environ, resp):
131 131 total_time = time.time() - worker.start_time
132 132 worker.log.debug(
133 "GNCRN POST WORKER [cnt:%s]: %s %s resp: %s, Load Time: %.3fs",
133 "GNCRN POST WORKER [cnt:%s]: %s %s resp: %s, Load Time: %.4fs",
134 134 worker.nr, req.method, req.path, resp.status_code, total_time)
135 135
136 136
137 137 class RhodeCodeLogger(Logger):
138 138 """
139 139 Custom Logger that allows some customization that gunicorn doesn't allow
140 140 """
141 141
142 142 datefmt = r"%Y-%m-%d %H:%M:%S"
143 143
144 144 def __init__(self, cfg):
145 145 Logger.__init__(self, cfg)
146 146
147 147 def now(self):
148 148 """ return date in RhodeCode Log format """
149 149 now = time.time()
150 150 msecs = int((now - long(now)) * 1000)
151 151 return time.strftime(self.datefmt, time.localtime(now)) + '.{0:03d}'.format(msecs)
152 152
153 153
154 154 logger_class = RhodeCodeLogger
Show file before | Show file after | Hide comments
@@ -1,112 +1,112 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 import logging
23 23
24 24 from rhodecode.api import jsonrpc_method
25 25 from rhodecode.api.exc import JSONRPCValidationError
26 26 from rhodecode.api.utils import Optional
27 27 from rhodecode.lib.index import searcher_from_config
28 28 from rhodecode.model import validation_schema
29 29 from rhodecode.model.validation_schema.schemas import search_schema
30 30
31 31 log = logging.getLogger(__name__)
32 32
33 33
34 34 @jsonrpc_method()
35 35 def search(request, apiuser, search_query, search_type, page_limit=Optional(10),
36 36 page=Optional(1), search_sort=Optional('newfirst'),
37 37 repo_name=Optional(None), repo_group_name=Optional(None)):
38 38 """
39 39 Fetch Full Text Search results using API.
40 40
41 41 :param apiuser: This is filled automatically from the |authtoken|.
42 42 :type apiuser: AuthUser
43 43 :param search_query: Search query.
44 44 :type search_query: str
45 45 :param search_type: Search type. The following are valid options:
46 46 * commit
47 47 * content
48 48 * path
49 49 :type search_type: str
50 50 :param page_limit: Page item limit, from 1 to 500. Default 10 items.
51 51 :type page_limit: Optional(int)
52 52 :param page: Page number. Default first page.
53 53 :type page: Optional(int)
54 54 :param search_sort: Search sort order. Default newfirst. The following are valid options:
55 55 * newfirst
56 56 * oldfirst
57 57 :type search_sort: Optional(str)
58 58 :param repo_name: Filter by one repo. Default is all.
59 59 :type repo_name: Optional(str)
60 60 :param repo_group_name: Filter by one repo group. Default is all.
61 61 :type repo_group_name: Optional(str)
62 62 """
63 63
64 64 data = {'execution_time': ''}
65 65 repo_name = Optional.extract(repo_name)
66 66 repo_group_name = Optional.extract(repo_group_name)
67 67
68 68 schema = search_schema.SearchParamsSchema()
69 69
70 70 try:
71 71 search_params = schema.deserialize(
72 72 dict(search_query=search_query,
73 73 search_type=search_type,
74 74 search_sort=Optional.extract(search_sort),
75 75 page_limit=Optional.extract(page_limit),
76 76 requested_page=Optional.extract(page))
77 77 )
78 78 except validation_schema.Invalid as err:
79 79 raise JSONRPCValidationError(colander_exc=err)
80 80
81 81 search_query = search_params.get('search_query')
82 82 search_type = search_params.get('search_type')
83 83 search_sort = search_params.get('search_sort')
84 84
85 85 if search_params.get('search_query'):
86 86 page_limit = search_params['page_limit']
87 87 requested_page = search_params['requested_page']
88 88
89 89 searcher = searcher_from_config(request.registry.settings)
90 90
91 91 try:
92 92 search_result = searcher.search(
93 93 search_query, search_type, apiuser, repo_name, repo_group_name,
94 94 requested_page=requested_page, page_limit=page_limit, sort=search_sort)
95 95
96 96 data.update(dict(
97 97 results=list(search_result['results']), page=requested_page,
98 98 item_count=search_result['count'],
99 99 items_per_page=page_limit))
100 100 finally:
101 101 searcher.cleanup()
102 102
103 103 if not search_result['error']:
104 data['execution_time'] = '%s results (%.3f seconds)' % (
104 data['execution_time'] = '%s results (%.4f seconds)' % (
105 105 search_result['count'],
106 106 search_result['runtime'])
107 107 else:
108 108 node = schema['search_query']
109 109 raise JSONRPCValidationError(
110 110 colander_exc=validation_schema.Invalid(node, search_result['error']))
111 111
112 112 return data
Show file before | Show file after | Hide comments
@@ -1,242 +1,242 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2017-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20 import pytz
21 21 import logging
22 22
23 23 from pyramid.view import view_config
24 24 from pyramid.response import Response
25 25 from webhelpers.feedgenerator import Rss201rev2Feed, Atom1Feed
26 26
27 27 from rhodecode.apps._base import RepoAppView
28 28 from rhodecode.lib import audit_logger
29 29 from rhodecode.lib import rc_cache
30 30 from rhodecode.lib import helpers as h
31 31 from rhodecode.lib.auth import (
32 32 LoginRequired, HasRepoPermissionAnyDecorator)
33 33 from rhodecode.lib.diffs import DiffProcessor, LimitedDiffContainer
34 34 from rhodecode.lib.utils2 import str2bool, safe_int, md5_safe
35 35 from rhodecode.model.db import UserApiKeys, CacheKey
36 36
37 37 log = logging.getLogger(__name__)
38 38
39 39
40 40 class RepoFeedView(RepoAppView):
41 41 def load_default_context(self):
42 42 c = self._get_local_tmpl_context()
43 43 self._load_defaults()
44 44 return c
45 45
46 46 def _get_config(self):
47 47 import rhodecode
48 48 config = rhodecode.CONFIG
49 49
50 50 return {
51 51 'language': 'en-us',
52 52 'feed_ttl': '5', # TTL of feed,
53 53 'feed_include_diff':
54 54 str2bool(config.get('rss_include_diff', False)),
55 55 'feed_items_per_page':
56 56 safe_int(config.get('rss_items_per_page', 20)),
57 57 'feed_diff_limit':
58 58 # we need to protect from parsing huge diffs here other way
59 59 # we can kill the server
60 60 safe_int(config.get('rss_cut_off_limit', 32 * 1024)),
61 61 }
62 62
63 63 def _load_defaults(self):
64 64 _ = self.request.translate
65 65 config = self._get_config()
66 66 # common values for feeds
67 67 self.description = _('Changes on %s repository')
68 68 self.title = self.title = _('%s %s feed') % (self.db_repo_name, '%s')
69 69 self.language = config["language"]
70 70 self.ttl = config["feed_ttl"]
71 71 self.feed_include_diff = config['feed_include_diff']
72 72 self.feed_diff_limit = config['feed_diff_limit']
73 73 self.feed_items_per_page = config['feed_items_per_page']
74 74
75 75 def _changes(self, commit):
76 76 diff_processor = DiffProcessor(
77 77 commit.diff(), diff_limit=self.feed_diff_limit)
78 78 _parsed = diff_processor.prepare(inline_diff=False)
79 79 limited_diff = isinstance(_parsed, LimitedDiffContainer)
80 80
81 81 return diff_processor, _parsed, limited_diff
82 82
83 83 def _get_title(self, commit):
84 84 return h.shorter(commit.message, 160)
85 85
86 86 def _get_description(self, commit):
87 87 _renderer = self.request.get_partial_renderer(
88 88 'rhodecode:templates/feed/atom_feed_entry.mako')
89 89 diff_processor, parsed_diff, limited_diff = self._changes(commit)
90 90 filtered_parsed_diff, has_hidden_changes = self.path_filter.filter_patchset(parsed_diff)
91 91 return _renderer(
92 92 'body',
93 93 commit=commit,
94 94 parsed_diff=filtered_parsed_diff,
95 95 limited_diff=limited_diff,
96 96 feed_include_diff=self.feed_include_diff,
97 97 diff_processor=diff_processor,
98 98 has_hidden_changes=has_hidden_changes
99 99 )
100 100
101 101 def _set_timezone(self, date, tzinfo=pytz.utc):
102 102 if not getattr(date, "tzinfo", None):
103 103 date.replace(tzinfo=tzinfo)
104 104 return date
105 105
106 106 def _get_commits(self):
107 107 return list(self.rhodecode_vcs_repo[-self.feed_items_per_page:])
108 108
109 109 def uid(self, repo_id, commit_id):
110 110 return '{}:{}'.format(md5_safe(repo_id), md5_safe(commit_id))
111 111
112 112 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_FEED])
113 113 @HasRepoPermissionAnyDecorator(
114 114 'repository.read', 'repository.write', 'repository.admin')
115 115 @view_config(
116 116 route_name='atom_feed_home', request_method='GET',
117 117 renderer=None)
118 118 @view_config(
119 119 route_name='atom_feed_home_old', request_method='GET',
120 120 renderer=None)
121 121 def atom(self):
122 122 """
123 123 Produce an atom-1.0 feed via feedgenerator module
124 124 """
125 125 self.load_default_context()
126 126
127 127 cache_namespace_uid = 'cache_repo_instance.{}_{}'.format(
128 128 self.db_repo.repo_id, CacheKey.CACHE_TYPE_FEED)
129 129 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
130 130 repo_id=self.db_repo.repo_id)
131 131
132 132 region = rc_cache.get_or_create_region('cache_repo_longterm',
133 133 cache_namespace_uid)
134 134
135 135 condition = not self.path_filter.is_enabled
136 136
137 137 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
138 138 condition=condition)
139 139 def generate_atom_feed(repo_id, _repo_name, _feed_type):
140 140 feed = Atom1Feed(
141 141 title=self.title % _repo_name,
142 142 link=h.route_url('repo_summary', repo_name=_repo_name),
143 143 description=self.description % _repo_name,
144 144 language=self.language,
145 145 ttl=self.ttl
146 146 )
147 147
148 148 for commit in reversed(self._get_commits()):
149 149 date = self._set_timezone(commit.date)
150 150 feed.add_item(
151 151 unique_id=self.uid(repo_id, commit.raw_id),
152 152 title=self._get_title(commit),
153 153 author_name=commit.author,
154 154 description=self._get_description(commit),
155 155 link=h.route_url(
156 156 'repo_commit', repo_name=_repo_name,
157 157 commit_id=commit.raw_id),
158 158 pubdate=date,)
159 159
160 160 return feed.mime_type, feed.writeString('utf-8')
161 161
162 162 inv_context_manager = rc_cache.InvalidationContext(
163 163 uid=cache_namespace_uid, invalidation_namespace=invalidation_namespace)
164 164 with inv_context_manager as invalidation_context:
165 165 args = (self.db_repo.repo_id, self.db_repo.repo_name, 'atom',)
166 166 # re-compute and store cache if we get invalidate signal
167 167 if invalidation_context.should_invalidate():
168 168 mime_type, feed = generate_atom_feed.refresh(*args)
169 169 else:
170 170 mime_type, feed = generate_atom_feed(*args)
171 171
172 log.debug('Repo ATOM feed computed in %.3fs',
172 log.debug('Repo ATOM feed computed in %.4fs',
173 173 inv_context_manager.compute_time)
174 174
175 175 response = Response(feed)
176 176 response.content_type = mime_type
177 177 return response
178 178
179 179 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_FEED])
180 180 @HasRepoPermissionAnyDecorator(
181 181 'repository.read', 'repository.write', 'repository.admin')
182 182 @view_config(
183 183 route_name='rss_feed_home', request_method='GET',
184 184 renderer=None)
185 185 @view_config(
186 186 route_name='rss_feed_home_old', request_method='GET',
187 187 renderer=None)
188 188 def rss(self):
189 189 """
190 190 Produce an rss2 feed via feedgenerator module
191 191 """
192 192 self.load_default_context()
193 193
194 194 cache_namespace_uid = 'cache_repo_instance.{}_{}'.format(
195 195 self.db_repo.repo_id, CacheKey.CACHE_TYPE_FEED)
196 196 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
197 197 repo_id=self.db_repo.repo_id)
198 198 region = rc_cache.get_or_create_region('cache_repo_longterm',
199 199 cache_namespace_uid)
200 200
201 201 condition = not self.path_filter.is_enabled
202 202
203 203 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
204 204 condition=condition)
205 205 def generate_rss_feed(repo_id, _repo_name, _feed_type):
206 206 feed = Rss201rev2Feed(
207 207 title=self.title % _repo_name,
208 208 link=h.route_url('repo_summary', repo_name=_repo_name),
209 209 description=self.description % _repo_name,
210 210 language=self.language,
211 211 ttl=self.ttl
212 212 )
213 213
214 214 for commit in reversed(self._get_commits()):
215 215 date = self._set_timezone(commit.date)
216 216 feed.add_item(
217 217 unique_id=self.uid(repo_id, commit.raw_id),
218 218 title=self._get_title(commit),
219 219 author_name=commit.author,
220 220 description=self._get_description(commit),
221 221 link=h.route_url(
222 222 'repo_commit', repo_name=_repo_name,
223 223 commit_id=commit.raw_id),
224 224 pubdate=date,)
225 225
226 226 return feed.mime_type, feed.writeString('utf-8')
227 227
228 228 inv_context_manager = rc_cache.InvalidationContext(
229 229 uid=cache_namespace_uid, invalidation_namespace=invalidation_namespace)
230 230 with inv_context_manager as invalidation_context:
231 231 args = (self.db_repo.repo_id, self.db_repo.repo_name, 'rss',)
232 232 # re-compute and store cache if we get invalidate signal
233 233 if invalidation_context.should_invalidate():
234 234 mime_type, feed = generate_rss_feed.refresh(*args)
235 235 else:
236 236 mime_type, feed = generate_rss_feed(*args)
237 237 log.debug(
238 'Repo RSS feed computed in %.3fs', inv_context_manager.compute_time)
238 'Repo RSS feed computed in %.4fs', inv_context_manager.compute_time)
239 239
240 240 response = Response(feed)
241 241 response.content_type = mime_type
242 242 return response
Show file before | Show file after | Hide comments
@@ -1,396 +1,396 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import logging
22 22 import string
23 23 import rhodecode
24 24
25 25 from pyramid.view import view_config
26 26
27 27 from rhodecode.lib.view_utils import get_format_ref_id
28 28 from rhodecode.apps._base import RepoAppView
29 29 from rhodecode.config.conf import (LANGUAGES_EXTENSIONS_MAP)
30 30 from rhodecode.lib import helpers as h, rc_cache
31 31 from rhodecode.lib.utils2 import safe_str, safe_int
32 32 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator
33 33 from rhodecode.lib.markup_renderer import MarkupRenderer, relative_links
34 34 from rhodecode.lib.ext_json import json
35 35 from rhodecode.lib.vcs.backends.base import EmptyCommit
36 36 from rhodecode.lib.vcs.exceptions import (
37 37 CommitError, EmptyRepositoryError, CommitDoesNotExistError)
38 38 from rhodecode.model.db import Statistics, CacheKey, User
39 39 from rhodecode.model.meta import Session
40 40 from rhodecode.model.repo import ReadmeFinder
41 41 from rhodecode.model.scm import ScmModel
42 42
43 43 log = logging.getLogger(__name__)
44 44
45 45
46 46 class RepoSummaryView(RepoAppView):
47 47
48 48 def load_default_context(self):
49 49 c = self._get_local_tmpl_context(include_app_defaults=True)
50 50 c.rhodecode_repo = None
51 51 if not c.repository_requirements_missing:
52 52 c.rhodecode_repo = self.rhodecode_vcs_repo
53 53 return c
54 54
55 55 def _get_readme_data(self, db_repo, renderer_type):
56 56
57 57 log.debug('Looking for README file')
58 58
59 59 cache_namespace_uid = 'cache_repo_instance.{}_{}'.format(
60 60 db_repo.repo_id, CacheKey.CACHE_TYPE_README)
61 61 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
62 62 repo_id=self.db_repo.repo_id)
63 63 region = rc_cache.get_or_create_region('cache_repo_longterm', cache_namespace_uid)
64 64
65 65 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid)
66 66 def generate_repo_readme(repo_id, _repo_name, _renderer_type):
67 67 readme_data = None
68 68 readme_node = None
69 69 readme_filename = None
70 70 commit = self._get_landing_commit_or_none(db_repo)
71 71 if commit:
72 72 log.debug("Searching for a README file.")
73 73 readme_node = ReadmeFinder(_renderer_type).search(commit)
74 74 if readme_node:
75 75 log.debug('Found README node: %s', readme_node)
76 76 relative_urls = {
77 77 'raw': h.route_path(
78 78 'repo_file_raw', repo_name=_repo_name,
79 79 commit_id=commit.raw_id, f_path=readme_node.path),
80 80 'standard': h.route_path(
81 81 'repo_files', repo_name=_repo_name,
82 82 commit_id=commit.raw_id, f_path=readme_node.path),
83 83 }
84 84 readme_data = self._render_readme_or_none(
85 85 commit, readme_node, relative_urls)
86 86 readme_filename = readme_node.unicode_path
87 87
88 88 return readme_data, readme_filename
89 89
90 90 inv_context_manager = rc_cache.InvalidationContext(
91 91 uid=cache_namespace_uid, invalidation_namespace=invalidation_namespace)
92 92 with inv_context_manager as invalidation_context:
93 93 args = (db_repo.repo_id, db_repo.repo_name, renderer_type,)
94 94 # re-compute and store cache if we get invalidate signal
95 95 if invalidation_context.should_invalidate():
96 96 instance = generate_repo_readme.refresh(*args)
97 97 else:
98 98 instance = generate_repo_readme(*args)
99 99
100 100 log.debug(
101 'Repo readme generated and computed in %.3fs',
101 'Repo readme generated and computed in %.4fs',
102 102 inv_context_manager.compute_time)
103 103 return instance
104 104
105 105 def _get_landing_commit_or_none(self, db_repo):
106 106 log.debug("Getting the landing commit.")
107 107 try:
108 108 commit = db_repo.get_landing_commit()
109 109 if not isinstance(commit, EmptyCommit):
110 110 return commit
111 111 else:
112 112 log.debug("Repository is empty, no README to render.")
113 113 except CommitError:
114 114 log.exception(
115 115 "Problem getting commit when trying to render the README.")
116 116
117 117 def _render_readme_or_none(self, commit, readme_node, relative_urls):
118 118 log.debug(
119 119 'Found README file `%s` rendering...', readme_node.path)
120 120 renderer = MarkupRenderer()
121 121 try:
122 122 html_source = renderer.render(
123 123 readme_node.content, filename=readme_node.path)
124 124 if relative_urls:
125 125 return relative_links(html_source, relative_urls)
126 126 return html_source
127 127 except Exception:
128 128 log.exception(
129 129 "Exception while trying to render the README")
130 130
131 131 def _load_commits_context(self, c):
132 132 p = safe_int(self.request.GET.get('page'), 1)
133 133 size = safe_int(self.request.GET.get('size'), 10)
134 134
135 135 def url_generator(**kw):
136 136 query_params = {
137 137 'size': size
138 138 }
139 139 query_params.update(kw)
140 140 return h.route_path(
141 141 'repo_summary_commits',
142 142 repo_name=c.rhodecode_db_repo.repo_name, _query=query_params)
143 143
144 144 pre_load = ['author', 'branch', 'date', 'message']
145 145 try:
146 146 collection = self.rhodecode_vcs_repo.get_commits(
147 147 pre_load=pre_load, translate_tags=False)
148 148 except EmptyRepositoryError:
149 149 collection = self.rhodecode_vcs_repo
150 150
151 151 c.repo_commits = h.RepoPage(
152 152 collection, page=p, items_per_page=size, url=url_generator)
153 153 page_ids = [x.raw_id for x in c.repo_commits]
154 154 c.comments = self.db_repo.get_comments(page_ids)
155 155 c.statuses = self.db_repo.statuses(page_ids)
156 156
157 157 def _prepare_and_set_clone_url(self, c):
158 158 username = ''
159 159 if self._rhodecode_user.username != User.DEFAULT_USER:
160 160 username = safe_str(self._rhodecode_user.username)
161 161
162 162 _def_clone_uri = _def_clone_uri_id = c.clone_uri_tmpl
163 163 _def_clone_uri_ssh = c.clone_uri_ssh_tmpl
164 164
165 165 if '{repo}' in _def_clone_uri:
166 166 _def_clone_uri_id = _def_clone_uri.replace('{repo}', '_{repoid}')
167 167 elif '{repoid}' in _def_clone_uri:
168 168 _def_clone_uri_id = _def_clone_uri.replace('_{repoid}', '{repo}')
169 169
170 170 c.clone_repo_url = self.db_repo.clone_url(
171 171 user=username, uri_tmpl=_def_clone_uri)
172 172 c.clone_repo_url_id = self.db_repo.clone_url(
173 173 user=username, uri_tmpl=_def_clone_uri_id)
174 174 c.clone_repo_url_ssh = self.db_repo.clone_url(
175 175 uri_tmpl=_def_clone_uri_ssh, ssh=True)
176 176
177 177 @LoginRequired()
178 178 @HasRepoPermissionAnyDecorator(
179 179 'repository.read', 'repository.write', 'repository.admin')
180 180 @view_config(
181 181 route_name='repo_summary_commits', request_method='GET',
182 182 renderer='rhodecode:templates/summary/summary_commits.mako')
183 183 def summary_commits(self):
184 184 c = self.load_default_context()
185 185 self._prepare_and_set_clone_url(c)
186 186 self._load_commits_context(c)
187 187 return self._get_template_context(c)
188 188
189 189 @LoginRequired()
190 190 @HasRepoPermissionAnyDecorator(
191 191 'repository.read', 'repository.write', 'repository.admin')
192 192 @view_config(
193 193 route_name='repo_summary', request_method='GET',
194 194 renderer='rhodecode:templates/summary/summary.mako')
195 195 @view_config(
196 196 route_name='repo_summary_slash', request_method='GET',
197 197 renderer='rhodecode:templates/summary/summary.mako')
198 198 @view_config(
199 199 route_name='repo_summary_explicit', request_method='GET',
200 200 renderer='rhodecode:templates/summary/summary.mako')
201 201 def summary(self):
202 202 c = self.load_default_context()
203 203
204 204 # Prepare the clone URL
205 205 self._prepare_and_set_clone_url(c)
206 206
207 207 # update every 5 min
208 208 if self.db_repo.last_commit_cache_update_diff > 60 * 5:
209 209 self.db_repo.update_commit_cache()
210 210
211 211 # If enabled, get statistics data
212 212
213 213 c.show_stats = bool(self.db_repo.enable_statistics)
214 214
215 215 stats = Session().query(Statistics) \
216 216 .filter(Statistics.repository == self.db_repo) \
217 217 .scalar()
218 218
219 219 c.stats_percentage = 0
220 220
221 221 if stats and stats.languages:
222 222 c.no_data = False is self.db_repo.enable_statistics
223 223 lang_stats_d = json.loads(stats.languages)
224 224
225 225 # Sort first by decreasing count and second by the file extension,
226 226 # so we have a consistent output.
227 227 lang_stats_items = sorted(lang_stats_d.iteritems(),
228 228 key=lambda k: (-k[1], k[0]))[:10]
229 229 lang_stats = [(x, {"count": y,
230 230 "desc": LANGUAGES_EXTENSIONS_MAP.get(x)})
231 231 for x, y in lang_stats_items]
232 232
233 233 c.trending_languages = json.dumps(lang_stats)
234 234 else:
235 235 c.no_data = True
236 236 c.trending_languages = json.dumps({})
237 237
238 238 scm_model = ScmModel()
239 239 c.enable_downloads = self.db_repo.enable_downloads
240 240 c.repository_followers = scm_model.get_followers(self.db_repo)
241 241 c.repository_forks = scm_model.get_forks(self.db_repo)
242 242
243 243 # first interaction with the VCS instance after here...
244 244 if c.repository_requirements_missing:
245 245 self.request.override_renderer = \
246 246 'rhodecode:templates/summary/missing_requirements.mako'
247 247 return self._get_template_context(c)
248 248
249 249 c.readme_data, c.readme_file = \
250 250 self._get_readme_data(self.db_repo, c.visual.default_renderer)
251 251
252 252 # loads the summary commits template context
253 253 self._load_commits_context(c)
254 254
255 255 return self._get_template_context(c)
256 256
257 257 def get_request_commit_id(self):
258 258 return self.request.matchdict['commit_id']
259 259
260 260 @LoginRequired()
261 261 @HasRepoPermissionAnyDecorator(
262 262 'repository.read', 'repository.write', 'repository.admin')
263 263 @view_config(
264 264 route_name='repo_stats', request_method='GET',
265 265 renderer='json_ext')
266 266 def repo_stats(self):
267 267 commit_id = self.get_request_commit_id()
268 268 show_stats = bool(self.db_repo.enable_statistics)
269 269 repo_id = self.db_repo.repo_id
270 270
271 271 cache_seconds = safe_int(
272 272 rhodecode.CONFIG.get('rc_cache.cache_repo.expiration_time'))
273 273 cache_on = cache_seconds > 0
274 274 log.debug(
275 275 'Computing REPO TREE for repo_id %s commit_id `%s` '
276 276 'with caching: %s[TTL: %ss]' % (
277 277 repo_id, commit_id, cache_on, cache_seconds or 0))
278 278
279 279 cache_namespace_uid = 'cache_repo.{}'.format(repo_id)
280 280 region = rc_cache.get_or_create_region('cache_repo', cache_namespace_uid)
281 281
282 282 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
283 283 condition=cache_on)
284 284 def compute_stats(repo_id, commit_id, show_stats):
285 285 code_stats = {}
286 286 size = 0
287 287 try:
288 288 scm_instance = self.db_repo.scm_instance()
289 289 commit = scm_instance.get_commit(commit_id)
290 290
291 291 for node in commit.get_filenodes_generator():
292 292 size += node.size
293 293 if not show_stats:
294 294 continue
295 295 ext = string.lower(node.extension)
296 296 ext_info = LANGUAGES_EXTENSIONS_MAP.get(ext)
297 297 if ext_info:
298 298 if ext in code_stats:
299 299 code_stats[ext]['count'] += 1
300 300 else:
301 301 code_stats[ext] = {"count": 1, "desc": ext_info}
302 302 except (EmptyRepositoryError, CommitDoesNotExistError):
303 303 pass
304 304 return {'size': h.format_byte_size_binary(size),
305 305 'code_stats': code_stats}
306 306
307 307 stats = compute_stats(self.db_repo.repo_id, commit_id, show_stats)
308 308 return stats
309 309
310 310 @LoginRequired()
311 311 @HasRepoPermissionAnyDecorator(
312 312 'repository.read', 'repository.write', 'repository.admin')
313 313 @view_config(
314 314 route_name='repo_refs_data', request_method='GET',
315 315 renderer='json_ext')
316 316 def repo_refs_data(self):
317 317 _ = self.request.translate
318 318 self.load_default_context()
319 319
320 320 repo = self.rhodecode_vcs_repo
321 321 refs_to_create = [
322 322 (_("Branch"), repo.branches, 'branch'),
323 323 (_("Tag"), repo.tags, 'tag'),
324 324 (_("Bookmark"), repo.bookmarks, 'book'),
325 325 ]
326 326 res = self._create_reference_data(repo, self.db_repo_name, refs_to_create)
327 327 data = {
328 328 'more': False,
329 329 'results': res
330 330 }
331 331 return data
332 332
333 333 @LoginRequired()
334 334 @HasRepoPermissionAnyDecorator(
335 335 'repository.read', 'repository.write', 'repository.admin')
336 336 @view_config(
337 337 route_name='repo_refs_changelog_data', request_method='GET',
338 338 renderer='json_ext')
339 339 def repo_refs_changelog_data(self):
340 340 _ = self.request.translate
341 341 self.load_default_context()
342 342
343 343 repo = self.rhodecode_vcs_repo
344 344
345 345 refs_to_create = [
346 346 (_("Branches"), repo.branches, 'branch'),
347 347 (_("Closed branches"), repo.branches_closed, 'branch_closed'),
348 348 # TODO: enable when vcs can handle bookmarks filters
349 349 # (_("Bookmarks"), repo.bookmarks, "book"),
350 350 ]
351 351 res = self._create_reference_data(
352 352 repo, self.db_repo_name, refs_to_create)
353 353 data = {
354 354 'more': False,
355 355 'results': res
356 356 }
357 357 return data
358 358
359 359 def _create_reference_data(self, repo, full_repo_name, refs_to_create):
360 360 format_ref_id = get_format_ref_id(repo)
361 361
362 362 result = []
363 363 for title, refs, ref_type in refs_to_create:
364 364 if refs:
365 365 result.append({
366 366 'text': title,
367 367 'children': self._create_reference_items(
368 368 repo, full_repo_name, refs, ref_type,
369 369 format_ref_id),
370 370 })
371 371 return result
372 372
373 373 def _create_reference_items(self, repo, full_repo_name, refs, ref_type, format_ref_id):
374 374 result = []
375 375 is_svn = h.is_svn(repo)
376 376 for ref_name, raw_id in refs.iteritems():
377 377 files_url = self._create_files_url(
378 378 repo, full_repo_name, ref_name, raw_id, is_svn)
379 379 result.append({
380 380 'text': ref_name,
381 381 'id': format_ref_id(ref_name, raw_id),
382 382 'raw_id': raw_id,
383 383 'type': ref_type,
384 384 'files_url': files_url,
385 385 'idx': 0,
386 386 })
387 387 return result
388 388
389 389 def _create_files_url(self, repo, full_repo_name, ref_name, raw_id, is_svn):
390 390 use_commit_id = '/' in ref_name or is_svn
391 391 return h.route_path(
392 392 'repo_files',
393 393 repo_name=full_repo_name,
394 394 f_path=ref_name if is_svn else '',
395 395 commit_id=raw_id if use_commit_id else ref_name,
396 396 _query=dict(at=ref_name))
Show file before | Show file after | Hide comments
@@ -1,164 +1,164 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import logging
22 22 import urllib
23 23 from pyramid.view import view_config
24 24 from webhelpers.util import update_params
25 25
26 26 from rhodecode.apps._base import BaseAppView, RepoAppView, RepoGroupAppView
27 27 from rhodecode.lib.auth import (
28 28 LoginRequired, HasRepoPermissionAnyDecorator, HasRepoGroupPermissionAnyDecorator)
29 29 from rhodecode.lib.helpers import Page
30 30 from rhodecode.lib.utils2 import safe_str
31 31 from rhodecode.lib.index import searcher_from_config
32 32 from rhodecode.model import validation_schema
33 33 from rhodecode.model.validation_schema.schemas import search_schema
34 34
35 35 log = logging.getLogger(__name__)
36 36
37 37
38 38 def perform_search(request, tmpl_context, repo_name=None, repo_group_name=None):
39 39 searcher = searcher_from_config(request.registry.settings)
40 40 formatted_results = []
41 41 execution_time = ''
42 42
43 43 schema = search_schema.SearchParamsSchema()
44 44 search_tags = []
45 45 search_params = {}
46 46 errors = []
47 47 try:
48 48 search_params = schema.deserialize(
49 49 dict(
50 50 search_query=request.GET.get('q'),
51 51 search_type=request.GET.get('type'),
52 52 search_sort=request.GET.get('sort'),
53 53 search_max_lines=request.GET.get('max_lines'),
54 54 page_limit=request.GET.get('page_limit'),
55 55 requested_page=request.GET.get('page'),
56 56 )
57 57 )
58 58 except validation_schema.Invalid as e:
59 59 errors = e.children
60 60
61 61 def url_generator(**kw):
62 62 q = urllib.quote(safe_str(search_query))
63 63 return update_params(
64 64 "?q=%s&type=%s&max_lines=%s" % (
65 65 q, safe_str(search_type), search_max_lines), **kw)
66 66
67 67 c = tmpl_context
68 68 search_query = search_params.get('search_query')
69 69 search_type = search_params.get('search_type')
70 70 search_sort = search_params.get('search_sort')
71 71 search_max_lines = search_params.get('search_max_lines')
72 72 if search_params.get('search_query'):
73 73 page_limit = search_params['page_limit']
74 74 requested_page = search_params['requested_page']
75 75
76 76 try:
77 77 search_result = searcher.search(
78 78 search_query, search_type, c.auth_user, repo_name, repo_group_name,
79 79 requested_page=requested_page, page_limit=page_limit, sort=search_sort)
80 80
81 81 formatted_results = Page(
82 82 search_result['results'], page=requested_page,
83 83 item_count=search_result['count'],
84 84 items_per_page=page_limit, url=url_generator)
85 85 finally:
86 86 searcher.cleanup()
87 87
88 88 search_tags = searcher.extract_search_tags(search_query)
89 89
90 90 if not search_result['error']:
91 execution_time = '%s results (%.3f seconds)' % (
91 execution_time = '%s results (%.4f seconds)' % (
92 92 search_result['count'],
93 93 search_result['runtime'])
94 94 elif not errors:
95 95 node = schema['search_query']
96 96 errors = [
97 97 validation_schema.Invalid(node, search_result['error'])]
98 98
99 99 c.perm_user = c.auth_user
100 100 c.repo_name = repo_name
101 101 c.repo_group_name = repo_group_name
102 102 c.sort = search_sort
103 103 c.url_generator = url_generator
104 104 c.errors = errors
105 105 c.formatted_results = formatted_results
106 106 c.runtime = execution_time
107 107 c.cur_query = search_query
108 108 c.search_type = search_type
109 109 c.searcher = searcher
110 110 c.search_tags = search_tags
111 111
112 112
113 113 class SearchView(BaseAppView):
114 114 def load_default_context(self):
115 115 c = self._get_local_tmpl_context()
116 116 return c
117 117
118 118 @LoginRequired()
119 119 @view_config(
120 120 route_name='search', request_method='GET',
121 121 renderer='rhodecode:templates/search/search.mako')
122 122 def search(self):
123 123 c = self.load_default_context()
124 124 perform_search(self.request, c)
125 125 return self._get_template_context(c)
126 126
127 127
128 128 class SearchRepoView(RepoAppView):
129 129 def load_default_context(self):
130 130 c = self._get_local_tmpl_context()
131 131 c.active = 'search'
132 132 return c
133 133
134 134 @LoginRequired()
135 135 @HasRepoPermissionAnyDecorator(
136 136 'repository.read', 'repository.write', 'repository.admin')
137 137 @view_config(
138 138 route_name='search_repo', request_method='GET',
139 139 renderer='rhodecode:templates/search/search.mako')
140 140 @view_config(
141 141 route_name='search_repo_alt', request_method='GET',
142 142 renderer='rhodecode:templates/search/search.mako')
143 143 def search_repo(self):
144 144 c = self.load_default_context()
145 145 perform_search(self.request, c, repo_name=self.db_repo_name)
146 146 return self._get_template_context(c)
147 147
148 148
149 149 class SearchRepoGroupView(RepoGroupAppView):
150 150 def load_default_context(self):
151 151 c = self._get_local_tmpl_context()
152 152 c.active = 'search'
153 153 return c
154 154
155 155 @LoginRequired()
156 156 @HasRepoGroupPermissionAnyDecorator(
157 157 'group.read', 'group.write', 'group.admin')
158 158 @view_config(
159 159 route_name='search_repo_group', request_method='GET',
160 160 renderer='rhodecode:templates/search/search.mako')
161 161 def search_repo_group(self):
162 162 c = self.load_default_context()
163 163 perform_search(self.request, c, repo_group_name=self.db_repo_group_name)
164 164 return self._get_template_context(c)
Show file before | Show file after | Hide comments
@@ -1,797 +1,797 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 Authentication modules
23 23 """
24 24 import socket
25 25 import string
26 26 import colander
27 27 import copy
28 28 import logging
29 29 import time
30 30 import traceback
31 31 import warnings
32 32 import functools
33 33
34 34 from pyramid.threadlocal import get_current_registry
35 35
36 36 from rhodecode.authentication.interface import IAuthnPluginRegistry
37 37 from rhodecode.authentication.schema import AuthnPluginSettingsSchemaBase
38 38 from rhodecode.lib import rc_cache
39 39 from rhodecode.lib.auth import PasswordGenerator, _RhodeCodeCryptoBCrypt
40 40 from rhodecode.lib.utils2 import safe_int, safe_str
41 41 from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \
42 42 LdapPasswordError
43 43 from rhodecode.model.db import User
44 44 from rhodecode.model.meta import Session
45 45 from rhodecode.model.settings import SettingsModel
46 46 from rhodecode.model.user import UserModel
47 47 from rhodecode.model.user_group import UserGroupModel
48 48
49 49
50 50 log = logging.getLogger(__name__)
51 51
52 52 # auth types that authenticate() function can receive
53 53 VCS_TYPE = 'vcs'
54 54 HTTP_TYPE = 'http'
55 55
56 56 external_auth_session_key = 'rhodecode.external_auth'
57 57
58 58
59 59 class hybrid_property(object):
60 60 """
61 61 a property decorator that works both for instance and class
62 62 """
63 63 def __init__(self, fget, fset=None, fdel=None, expr=None):
64 64 self.fget = fget
65 65 self.fset = fset
66 66 self.fdel = fdel
67 67 self.expr = expr or fget
68 68 functools.update_wrapper(self, fget)
69 69
70 70 def __get__(self, instance, owner):
71 71 if instance is None:
72 72 return self.expr(owner)
73 73 else:
74 74 return self.fget(instance)
75 75
76 76 def __set__(self, instance, value):
77 77 self.fset(instance, value)
78 78
79 79 def __delete__(self, instance):
80 80 self.fdel(instance)
81 81
82 82
83 83 class LazyFormencode(object):
84 84 def __init__(self, formencode_obj, *args, **kwargs):
85 85 self.formencode_obj = formencode_obj
86 86 self.args = args
87 87 self.kwargs = kwargs
88 88
89 89 def __call__(self, *args, **kwargs):
90 90 from inspect import isfunction
91 91 formencode_obj = self.formencode_obj
92 92 if isfunction(formencode_obj):
93 93 # case we wrap validators into functions
94 94 formencode_obj = self.formencode_obj(*args, **kwargs)
95 95 return formencode_obj(*self.args, **self.kwargs)
96 96
97 97
98 98 class RhodeCodeAuthPluginBase(object):
99 99 # UID is used to register plugin to the registry
100 100 uid = None
101 101
102 102 # cache the authentication request for N amount of seconds. Some kind
103 103 # of authentication methods are very heavy and it's very efficient to cache
104 104 # the result of a call. If it's set to None (default) cache is off
105 105 AUTH_CACHE_TTL = None
106 106 AUTH_CACHE = {}
107 107
108 108 auth_func_attrs = {
109 109 "username": "unique username",
110 110 "firstname": "first name",
111 111 "lastname": "last name",
112 112 "email": "email address",
113 113 "groups": '["list", "of", "groups"]',
114 114 "user_group_sync":
115 115 'True|False defines if returned user groups should be synced',
116 116 "extern_name": "name in external source of record",
117 117 "extern_type": "type of external source of record",
118 118 "admin": 'True|False defines if user should be RhodeCode super admin',
119 119 "active":
120 120 'True|False defines active state of user internally for RhodeCode',
121 121 "active_from_extern":
122 122 "True|False|None, active state from the external auth, "
123 123 "None means use definition from RhodeCode extern_type active value"
124 124
125 125 }
126 126 # set on authenticate() method and via set_auth_type func.
127 127 auth_type = None
128 128
129 129 # set on authenticate() method and via set_calling_scope_repo, this is a
130 130 # calling scope repository when doing authentication most likely on VCS
131 131 # operations
132 132 acl_repo_name = None
133 133
134 134 # List of setting names to store encrypted. Plugins may override this list
135 135 # to store settings encrypted.
136 136 _settings_encrypted = []
137 137
138 138 # Mapping of python to DB settings model types. Plugins may override or
139 139 # extend this mapping.
140 140 _settings_type_map = {
141 141 colander.String: 'unicode',
142 142 colander.Integer: 'int',
143 143 colander.Boolean: 'bool',
144 144 colander.List: 'list',
145 145 }
146 146
147 147 # list of keys in settings that are unsafe to be logged, should be passwords
148 148 # or other crucial credentials
149 149 _settings_unsafe_keys = []
150 150
151 151 def __init__(self, plugin_id):
152 152 self._plugin_id = plugin_id
153 153
154 154 def __str__(self):
155 155 return self.get_id()
156 156
157 157 def _get_setting_full_name(self, name):
158 158 """
159 159 Return the full setting name used for storing values in the database.
160 160 """
161 161 # TODO: johbo: Using the name here is problematic. It would be good to
162 162 # introduce either new models in the database to hold Plugin and
163 163 # PluginSetting or to use the plugin id here.
164 164 return 'auth_{}_{}'.format(self.name, name)
165 165
166 166 def _get_setting_type(self, name):
167 167 """
168 168 Return the type of a setting. This type is defined by the SettingsModel
169 169 and determines how the setting is stored in DB. Optionally the suffix
170 170 `.encrypted` is appended to instruct SettingsModel to store it
171 171 encrypted.
172 172 """
173 173 schema_node = self.get_settings_schema().get(name)
174 174 db_type = self._settings_type_map.get(
175 175 type(schema_node.typ), 'unicode')
176 176 if name in self._settings_encrypted:
177 177 db_type = '{}.encrypted'.format(db_type)
178 178 return db_type
179 179
180 180 @classmethod
181 181 def docs(cls):
182 182 """
183 183 Defines documentation url which helps with plugin setup
184 184 """
185 185 return ''
186 186
187 187 @classmethod
188 188 def icon(cls):
189 189 """
190 190 Defines ICON in SVG format for authentication method
191 191 """
192 192 return ''
193 193
194 194 def is_enabled(self):
195 195 """
196 196 Returns true if this plugin is enabled. An enabled plugin can be
197 197 configured in the admin interface but it is not consulted during
198 198 authentication.
199 199 """
200 200 auth_plugins = SettingsModel().get_auth_plugins()
201 201 return self.get_id() in auth_plugins
202 202
203 203 def is_active(self, plugin_cached_settings=None):
204 204 """
205 205 Returns true if the plugin is activated. An activated plugin is
206 206 consulted during authentication, assumed it is also enabled.
207 207 """
208 208 return self.get_setting_by_name(
209 209 'enabled', plugin_cached_settings=plugin_cached_settings)
210 210
211 211 def get_id(self):
212 212 """
213 213 Returns the plugin id.
214 214 """
215 215 return self._plugin_id
216 216
217 217 def get_display_name(self):
218 218 """
219 219 Returns a translation string for displaying purposes.
220 220 """
221 221 raise NotImplementedError('Not implemented in base class')
222 222
223 223 def get_settings_schema(self):
224 224 """
225 225 Returns a colander schema, representing the plugin settings.
226 226 """
227 227 return AuthnPluginSettingsSchemaBase()
228 228
229 229 def get_settings(self):
230 230 """
231 231 Returns the plugin settings as dictionary.
232 232 """
233 233 settings = {}
234 234 raw_settings = SettingsModel().get_all_settings()
235 235 for node in self.get_settings_schema():
236 236 settings[node.name] = self.get_setting_by_name(
237 237 node.name, plugin_cached_settings=raw_settings)
238 238 return settings
239 239
240 240 def get_setting_by_name(self, name, default=None, plugin_cached_settings=None):
241 241 """
242 242 Returns a plugin setting by name.
243 243 """
244 244 full_name = 'rhodecode_{}'.format(self._get_setting_full_name(name))
245 245 if plugin_cached_settings:
246 246 plugin_settings = plugin_cached_settings
247 247 else:
248 248 plugin_settings = SettingsModel().get_all_settings()
249 249
250 250 if full_name in plugin_settings:
251 251 return plugin_settings[full_name]
252 252 else:
253 253 return default
254 254
255 255 def create_or_update_setting(self, name, value):
256 256 """
257 257 Create or update a setting for this plugin in the persistent storage.
258 258 """
259 259 full_name = self._get_setting_full_name(name)
260 260 type_ = self._get_setting_type(name)
261 261 db_setting = SettingsModel().create_or_update_setting(
262 262 full_name, value, type_)
263 263 return db_setting.app_settings_value
264 264
265 265 def log_safe_settings(self, settings):
266 266 """
267 267 returns a log safe representation of settings, without any secrets
268 268 """
269 269 settings_copy = copy.deepcopy(settings)
270 270 for k in self._settings_unsafe_keys:
271 271 if k in settings_copy:
272 272 del settings_copy[k]
273 273 return settings_copy
274 274
275 275 @hybrid_property
276 276 def name(self):
277 277 """
278 278 Returns the name of this authentication plugin.
279 279
280 280 :returns: string
281 281 """
282 282 raise NotImplementedError("Not implemented in base class")
283 283
284 284 def get_url_slug(self):
285 285 """
286 286 Returns a slug which should be used when constructing URLs which refer
287 287 to this plugin. By default it returns the plugin name. If the name is
288 288 not suitable for using it in an URL the plugin should override this
289 289 method.
290 290 """
291 291 return self.name
292 292
293 293 @property
294 294 def is_headers_auth(self):
295 295 """
296 296 Returns True if this authentication plugin uses HTTP headers as
297 297 authentication method.
298 298 """
299 299 return False
300 300
301 301 @hybrid_property
302 302 def is_container_auth(self):
303 303 """
304 304 Deprecated method that indicates if this authentication plugin uses
305 305 HTTP headers as authentication method.
306 306 """
307 307 warnings.warn(
308 308 'Use is_headers_auth instead.', category=DeprecationWarning)
309 309 return self.is_headers_auth
310 310
311 311 @hybrid_property
312 312 def allows_creating_users(self):
313 313 """
314 314 Defines if Plugin allows users to be created on-the-fly when
315 315 authentication is called. Controls how external plugins should behave
316 316 in terms if they are allowed to create new users, or not. Base plugins
317 317 should not be allowed to, but External ones should be !
318 318
319 319 :return: bool
320 320 """
321 321 return False
322 322
323 323 def set_auth_type(self, auth_type):
324 324 self.auth_type = auth_type
325 325
326 326 def set_calling_scope_repo(self, acl_repo_name):
327 327 self.acl_repo_name = acl_repo_name
328 328
329 329 def allows_authentication_from(
330 330 self, user, allows_non_existing_user=True,
331 331 allowed_auth_plugins=None, allowed_auth_sources=None):
332 332 """
333 333 Checks if this authentication module should accept a request for
334 334 the current user.
335 335
336 336 :param user: user object fetched using plugin's get_user() method.
337 337 :param allows_non_existing_user: if True, don't allow the
338 338 user to be empty, meaning not existing in our database
339 339 :param allowed_auth_plugins: if provided, users extern_type will be
340 340 checked against a list of provided extern types, which are plugin
341 341 auth_names in the end
342 342 :param allowed_auth_sources: authentication type allowed,
343 343 `http` or `vcs` default is both.
344 344 defines if plugin will accept only http authentication vcs
345 345 authentication(git/hg) or both
346 346 :returns: boolean
347 347 """
348 348 if not user and not allows_non_existing_user:
349 349 log.debug('User is empty but plugin does not allow empty users,'
350 350 'not allowed to authenticate')
351 351 return False
352 352
353 353 expected_auth_plugins = allowed_auth_plugins or [self.name]
354 354 if user and (user.extern_type and
355 355 user.extern_type not in expected_auth_plugins):
356 356 log.debug(
357 357 'User `%s` is bound to `%s` auth type. Plugin allows only '
358 358 '%s, skipping', user, user.extern_type, expected_auth_plugins)
359 359
360 360 return False
361 361
362 362 # by default accept both
363 363 expected_auth_from = allowed_auth_sources or [HTTP_TYPE, VCS_TYPE]
364 364 if self.auth_type not in expected_auth_from:
365 365 log.debug('Current auth source is %s but plugin only allows %s',
366 366 self.auth_type, expected_auth_from)
367 367 return False
368 368
369 369 return True
370 370
371 371 def get_user(self, username=None, **kwargs):
372 372 """
373 373 Helper method for user fetching in plugins, by default it's using
374 374 simple fetch by username, but this method can be custimized in plugins
375 375 eg. headers auth plugin to fetch user by environ params
376 376
377 377 :param username: username if given to fetch from database
378 378 :param kwargs: extra arguments needed for user fetching.
379 379 """
380 380 user = None
381 381 log.debug(
382 382 'Trying to fetch user `%s` from RhodeCode database', username)
383 383 if username:
384 384 user = User.get_by_username(username)
385 385 if not user:
386 386 log.debug('User not found, fallback to fetch user in '
387 387 'case insensitive mode')
388 388 user = User.get_by_username(username, case_insensitive=True)
389 389 else:
390 390 log.debug('provided username:`%s` is empty skipping...', username)
391 391 if not user:
392 392 log.debug('User `%s` not found in database', username)
393 393 else:
394 394 log.debug('Got DB user:%s', user)
395 395 return user
396 396
397 397 def user_activation_state(self):
398 398 """
399 399 Defines user activation state when creating new users
400 400
401 401 :returns: boolean
402 402 """
403 403 raise NotImplementedError("Not implemented in base class")
404 404
405 405 def auth(self, userobj, username, passwd, settings, **kwargs):
406 406 """
407 407 Given a user object (which may be null), username, a plaintext
408 408 password, and a settings object (containing all the keys needed as
409 409 listed in settings()), authenticate this user's login attempt.
410 410
411 411 Return None on failure. On success, return a dictionary of the form:
412 412
413 413 see: RhodeCodeAuthPluginBase.auth_func_attrs
414 414 This is later validated for correctness
415 415 """
416 416 raise NotImplementedError("not implemented in base class")
417 417
418 418 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
419 419 """
420 420 Wrapper to call self.auth() that validates call on it
421 421
422 422 :param userobj: userobj
423 423 :param username: username
424 424 :param passwd: plaintext password
425 425 :param settings: plugin settings
426 426 """
427 427 auth = self.auth(userobj, username, passwd, settings, **kwargs)
428 428 if auth:
429 429 auth['_plugin'] = self.name
430 430 auth['_ttl_cache'] = self.get_ttl_cache(settings)
431 431 # check if hash should be migrated ?
432 432 new_hash = auth.get('_hash_migrate')
433 433 if new_hash:
434 434 self._migrate_hash_to_bcrypt(username, passwd, new_hash)
435 435 if 'user_group_sync' not in auth:
436 436 auth['user_group_sync'] = False
437 437 return self._validate_auth_return(auth)
438 438 return auth
439 439
440 440 def _migrate_hash_to_bcrypt(self, username, password, new_hash):
441 441 new_hash_cypher = _RhodeCodeCryptoBCrypt()
442 442 # extra checks, so make sure new hash is correct.
443 443 password_encoded = safe_str(password)
444 444 if new_hash and new_hash_cypher.hash_check(
445 445 password_encoded, new_hash):
446 446 cur_user = User.get_by_username(username)
447 447 cur_user.password = new_hash
448 448 Session().add(cur_user)
449 449 Session().flush()
450 450 log.info('Migrated user %s hash to bcrypt', cur_user)
451 451
452 452 def _validate_auth_return(self, ret):
453 453 if not isinstance(ret, dict):
454 454 raise Exception('returned value from auth must be a dict')
455 455 for k in self.auth_func_attrs:
456 456 if k not in ret:
457 457 raise Exception('Missing %s attribute from returned data' % k)
458 458 return ret
459 459
460 460 def get_ttl_cache(self, settings=None):
461 461 plugin_settings = settings or self.get_settings()
462 462 # we set default to 30, we make a compromise here,
463 463 # performance > security, mostly due to LDAP/SVN, majority
464 464 # of users pick cache_ttl to be enabled
465 465 from rhodecode.authentication import plugin_default_auth_ttl
466 466 cache_ttl = plugin_default_auth_ttl
467 467
468 468 if isinstance(self.AUTH_CACHE_TTL, (int, long)):
469 469 # plugin cache set inside is more important than the settings value
470 470 cache_ttl = self.AUTH_CACHE_TTL
471 471 elif plugin_settings.get('cache_ttl'):
472 472 cache_ttl = safe_int(plugin_settings.get('cache_ttl'), 0)
473 473
474 474 plugin_cache_active = bool(cache_ttl and cache_ttl > 0)
475 475 return plugin_cache_active, cache_ttl
476 476
477 477
478 478 class RhodeCodeExternalAuthPlugin(RhodeCodeAuthPluginBase):
479 479
480 480 @hybrid_property
481 481 def allows_creating_users(self):
482 482 return True
483 483
484 484 def use_fake_password(self):
485 485 """
486 486 Return a boolean that indicates whether or not we should set the user's
487 487 password to a random value when it is authenticated by this plugin.
488 488 If your plugin provides authentication, then you will generally
489 489 want this.
490 490
491 491 :returns: boolean
492 492 """
493 493 raise NotImplementedError("Not implemented in base class")
494 494
495 495 def _authenticate(self, userobj, username, passwd, settings, **kwargs):
496 496 # at this point _authenticate calls plugin's `auth()` function
497 497 auth = super(RhodeCodeExternalAuthPlugin, self)._authenticate(
498 498 userobj, username, passwd, settings, **kwargs)
499 499
500 500 if auth:
501 501 # maybe plugin will clean the username ?
502 502 # we should use the return value
503 503 username = auth['username']
504 504
505 505 # if external source tells us that user is not active, we should
506 506 # skip rest of the process. This can prevent from creating users in
507 507 # RhodeCode when using external authentication, but if it's
508 508 # inactive user we shouldn't create that user anyway
509 509 if auth['active_from_extern'] is False:
510 510 log.warning(
511 511 "User %s authenticated against %s, but is inactive",
512 512 username, self.__module__)
513 513 return None
514 514
515 515 cur_user = User.get_by_username(username, case_insensitive=True)
516 516 is_user_existing = cur_user is not None
517 517
518 518 if is_user_existing:
519 519 log.debug('Syncing user `%s` from '
520 520 '`%s` plugin', username, self.name)
521 521 else:
522 522 log.debug('Creating non existing user `%s` from '
523 523 '`%s` plugin', username, self.name)
524 524
525 525 if self.allows_creating_users:
526 526 log.debug('Plugin `%s` allows to '
527 527 'create new users', self.name)
528 528 else:
529 529 log.debug('Plugin `%s` does not allow to '
530 530 'create new users', self.name)
531 531
532 532 user_parameters = {
533 533 'username': username,
534 534 'email': auth["email"],
535 535 'firstname': auth["firstname"],
536 536 'lastname': auth["lastname"],
537 537 'active': auth["active"],
538 538 'admin': auth["admin"],
539 539 'extern_name': auth["extern_name"],
540 540 'extern_type': self.name,
541 541 'plugin': self,
542 542 'allow_to_create_user': self.allows_creating_users,
543 543 }
544 544
545 545 if not is_user_existing:
546 546 if self.use_fake_password():
547 547 # Randomize the PW because we don't need it, but don't want
548 548 # them blank either
549 549 passwd = PasswordGenerator().gen_password(length=16)
550 550 user_parameters['password'] = passwd
551 551 else:
552 552 # Since the password is required by create_or_update method of
553 553 # UserModel, we need to set it explicitly.
554 554 # The create_or_update method is smart and recognises the
555 555 # password hashes as well.
556 556 user_parameters['password'] = cur_user.password
557 557
558 558 # we either create or update users, we also pass the flag
559 559 # that controls if this method can actually do that.
560 560 # raises NotAllowedToCreateUserError if it cannot, and we try to.
561 561 user = UserModel().create_or_update(**user_parameters)
562 562 Session().flush()
563 563 # enforce user is just in given groups, all of them has to be ones
564 564 # created from plugins. We store this info in _group_data JSON
565 565 # field
566 566
567 567 if auth['user_group_sync']:
568 568 try:
569 569 groups = auth['groups'] or []
570 570 log.debug(
571 571 'Performing user_group sync based on set `%s` '
572 572 'returned by `%s` plugin', groups, self.name)
573 573 UserGroupModel().enforce_groups(user, groups, self.name)
574 574 except Exception:
575 575 # for any reason group syncing fails, we should
576 576 # proceed with login
577 577 log.error(traceback.format_exc())
578 578
579 579 Session().commit()
580 580 return auth
581 581
582 582
583 583 class AuthLdapBase(object):
584 584
585 585 @classmethod
586 586 def _build_servers(cls, ldap_server_type, ldap_server, port, use_resolver=True):
587 587
588 588 def host_resolver(host, port, full_resolve=True):
589 589 """
590 590 Main work for this function is to prevent ldap connection issues,
591 591 and detect them early using a "greenified" sockets
592 592 """
593 593 host = host.strip()
594 594 if not full_resolve:
595 595 return '{}:{}'.format(host, port)
596 596
597 597 log.debug('LDAP: Resolving IP for LDAP host %s', host)
598 598 try:
599 599 ip = socket.gethostbyname(host)
600 600 log.debug('Got LDAP server %s ip %s', host, ip)
601 601 except Exception:
602 602 raise LdapConnectionError(
603 603 'Failed to resolve host: `{}`'.format(host))
604 604
605 605 log.debug('LDAP: Checking if IP %s is accessible', ip)
606 606 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
607 607 try:
608 608 s.connect((ip, int(port)))
609 609 s.shutdown(socket.SHUT_RD)
610 610 except Exception:
611 611 raise LdapConnectionError(
612 612 'Failed to connect to host: `{}:{}`'.format(host, port))
613 613
614 614 return '{}:{}'.format(host, port)
615 615
616 616 if len(ldap_server) == 1:
617 617 # in case of single server use resolver to detect potential
618 618 # connection issues
619 619 full_resolve = True
620 620 else:
621 621 full_resolve = False
622 622
623 623 return ', '.join(
624 624 ["{}://{}".format(
625 625 ldap_server_type,
626 626 host_resolver(host, port, full_resolve=use_resolver and full_resolve))
627 627 for host in ldap_server])
628 628
629 629 @classmethod
630 630 def _get_server_list(cls, servers):
631 631 return map(string.strip, servers.split(','))
632 632
633 633 @classmethod
634 634 def get_uid(cls, username, server_addresses):
635 635 uid = username
636 636 for server_addr in server_addresses:
637 637 uid = chop_at(username, "@%s" % server_addr)
638 638 return uid
639 639
640 640 @classmethod
641 641 def validate_username(cls, username):
642 642 if "," in username:
643 643 raise LdapUsernameError(
644 644 "invalid character `,` in username: `{}`".format(username))
645 645
646 646 @classmethod
647 647 def validate_password(cls, username, password):
648 648 if not password:
649 649 msg = "Authenticating user %s with blank password not allowed"
650 650 log.warning(msg, username)
651 651 raise LdapPasswordError(msg)
652 652
653 653
654 654 def loadplugin(plugin_id):
655 655 """
656 656 Loads and returns an instantiated authentication plugin.
657 657 Returns the RhodeCodeAuthPluginBase subclass on success,
658 658 or None on failure.
659 659 """
660 660 # TODO: Disusing pyramids thread locals to retrieve the registry.
661 661 authn_registry = get_authn_registry()
662 662 plugin = authn_registry.get_plugin(plugin_id)
663 663 if plugin is None:
664 664 log.error('Authentication plugin not found: "%s"', plugin_id)
665 665 return plugin
666 666
667 667
668 668 def get_authn_registry(registry=None):
669 669 registry = registry or get_current_registry()
670 670 authn_registry = registry.getUtility(IAuthnPluginRegistry)
671 671 return authn_registry
672 672
673 673
674 674 def authenticate(username, password, environ=None, auth_type=None,
675 675 skip_missing=False, registry=None, acl_repo_name=None):
676 676 """
677 677 Authentication function used for access control,
678 678 It tries to authenticate based on enabled authentication modules.
679 679
680 680 :param username: username can be empty for headers auth
681 681 :param password: password can be empty for headers auth
682 682 :param environ: environ headers passed for headers auth
683 683 :param auth_type: type of authentication, either `HTTP_TYPE` or `VCS_TYPE`
684 684 :param skip_missing: ignores plugins that are in db but not in environment
685 685 :returns: None if auth failed, plugin_user dict if auth is correct
686 686 """
687 687 if not auth_type or auth_type not in [HTTP_TYPE, VCS_TYPE]:
688 688 raise ValueError('auth type must be on of http, vcs got "%s" instead'
689 689 % auth_type)
690 690 headers_only = environ and not (username and password)
691 691
692 692 authn_registry = get_authn_registry(registry)
693 693 plugins_to_check = authn_registry.get_plugins_for_authentication()
694 694 log.debug('Starting ordered authentication chain using %s plugins',
695 695 [x.name for x in plugins_to_check])
696 696 for plugin in plugins_to_check:
697 697 plugin.set_auth_type(auth_type)
698 698 plugin.set_calling_scope_repo(acl_repo_name)
699 699
700 700 if headers_only and not plugin.is_headers_auth:
701 701 log.debug('Auth type is for headers only and plugin `%s` is not '
702 702 'headers plugin, skipping...', plugin.get_id())
703 703 continue
704 704
705 705 log.debug('Trying authentication using ** %s **', plugin.get_id())
706 706
707 707 # load plugin settings from RhodeCode database
708 708 plugin_settings = plugin.get_settings()
709 709 plugin_sanitized_settings = plugin.log_safe_settings(plugin_settings)
710 710 log.debug('Plugin `%s` settings:%s', plugin.get_id(), plugin_sanitized_settings)
711 711
712 712 # use plugin's method of user extraction.
713 713 user = plugin.get_user(username, environ=environ,
714 714 settings=plugin_settings)
715 715 display_user = user.username if user else username
716 716 log.debug(
717 717 'Plugin %s extracted user is `%s`', plugin.get_id(), display_user)
718 718
719 719 if not plugin.allows_authentication_from(user):
720 720 log.debug('Plugin %s does not accept user `%s` for authentication',
721 721 plugin.get_id(), display_user)
722 722 continue
723 723 else:
724 724 log.debug('Plugin %s accepted user `%s` for authentication',
725 725 plugin.get_id(), display_user)
726 726
727 727 log.info('Authenticating user `%s` using %s plugin',
728 728 display_user, plugin.get_id())
729 729
730 730 plugin_cache_active, cache_ttl = plugin.get_ttl_cache(plugin_settings)
731 731
732 732 log.debug('AUTH_CACHE_TTL for plugin `%s` active: %s (TTL: %s)',
733 733 plugin.get_id(), plugin_cache_active, cache_ttl)
734 734
735 735 user_id = user.user_id if user else None
736 736 # don't cache for empty users
737 737 plugin_cache_active = plugin_cache_active and user_id
738 738 cache_namespace_uid = 'cache_user_auth.{}'.format(user_id)
739 739 region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
740 740
741 741 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
742 742 expiration_time=cache_ttl,
743 743 condition=plugin_cache_active)
744 744 def compute_auth(
745 745 cache_name, plugin_name, username, password):
746 746
747 747 # _authenticate is a wrapper for .auth() method of plugin.
748 748 # it checks if .auth() sends proper data.
749 749 # For RhodeCodeExternalAuthPlugin it also maps users to
750 750 # Database and maps the attributes returned from .auth()
751 751 # to RhodeCode database. If this function returns data
752 752 # then auth is correct.
753 753 log.debug('Running plugin `%s` _authenticate method '
754 754 'using username and password', plugin.get_id())
755 755 return plugin._authenticate(
756 756 user, username, password, plugin_settings,
757 757 environ=environ or {})
758 758
759 759 start = time.time()
760 760 # for environ based auth, password can be empty, but then the validation is
761 761 # on the server that fills in the env data needed for authentication
762 762 plugin_user = compute_auth('auth', plugin.name, username, (password or ''))
763 763
764 764 auth_time = time.time() - start
765 log.debug('Authentication for plugin `%s` completed in %.3fs, '
765 log.debug('Authentication for plugin `%s` completed in %.4fs, '
766 766 'expiration time of fetched cache %.1fs.',
767 767 plugin.get_id(), auth_time, cache_ttl)
768 768
769 769 log.debug('PLUGIN USER DATA: %s', plugin_user)
770 770
771 771 if plugin_user:
772 772 log.debug('Plugin returned proper authentication data')
773 773 return plugin_user
774 774 # we failed to Auth because .auth() method didn't return proper user
775 775 log.debug("User `%s` failed to authenticate against %s",
776 776 display_user, plugin.get_id())
777 777
778 778 # case when we failed to authenticate against all defined plugins
779 779 return None
780 780
781 781
782 782 def chop_at(s, sub, inclusive=False):
783 783 """Truncate string ``s`` at the first occurrence of ``sub``.
784 784
785 785 If ``inclusive`` is true, truncate just after ``sub`` rather than at it.
786 786
787 787 >>> chop_at("plutocratic brats", "rat")
788 788 'plutoc'
789 789 >>> chop_at("plutocratic brats", "rat", True)
790 790 'plutocrat'
791 791 """
792 792 pos = s.find(sub)
793 793 if pos == -1:
794 794 return s
795 795 if inclusive:
796 796 return s[:pos+len(sub)]
797 797 return s[:pos]
Show file before | Show file after | Hide comments
@@ -1,2352 +1,2352 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 authentication and permission libraries
23 23 """
24 24
25 25 import os
26 26 import time
27 27 import inspect
28 28 import collections
29 29 import fnmatch
30 30 import hashlib
31 31 import itertools
32 32 import logging
33 33 import random
34 34 import traceback
35 35 from functools import wraps
36 36
37 37 import ipaddress
38 38
39 39 from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
40 40 from sqlalchemy.orm.exc import ObjectDeletedError
41 41 from sqlalchemy.orm import joinedload
42 42 from zope.cachedescriptors.property import Lazy as LazyProperty
43 43
44 44 import rhodecode
45 45 from rhodecode.model import meta
46 46 from rhodecode.model.meta import Session
47 47 from rhodecode.model.user import UserModel
48 48 from rhodecode.model.db import (
49 49 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
50 50 UserIpMap, UserApiKeys, RepoGroup, UserGroup)
51 51 from rhodecode.lib import rc_cache
52 52 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5, safe_int, sha1
53 53 from rhodecode.lib.utils import (
54 54 get_repo_slug, get_repo_group_slug, get_user_group_slug)
55 55 from rhodecode.lib.caching_query import FromCache
56 56
57 57
58 58 if rhodecode.is_unix:
59 59 import bcrypt
60 60
61 61 log = logging.getLogger(__name__)
62 62
63 63 csrf_token_key = "csrf_token"
64 64
65 65
66 66 class PasswordGenerator(object):
67 67 """
68 68 This is a simple class for generating password from different sets of
69 69 characters
70 70 usage::
71 71 passwd_gen = PasswordGenerator()
72 72 #print 8-letter password containing only big and small letters
73 73 of alphabet
74 74 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
75 75 """
76 76 ALPHABETS_NUM = r'''1234567890'''
77 77 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
78 78 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
79 79 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
80 80 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
81 81 + ALPHABETS_NUM + ALPHABETS_SPECIAL
82 82 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
83 83 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
84 84 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
85 85 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
86 86
87 87 def __init__(self, passwd=''):
88 88 self.passwd = passwd
89 89
90 90 def gen_password(self, length, type_=None):
91 91 if type_ is None:
92 92 type_ = self.ALPHABETS_FULL
93 93 self.passwd = ''.join([random.choice(type_) for _ in range(length)])
94 94 return self.passwd
95 95
96 96
97 97 class _RhodeCodeCryptoBase(object):
98 98 ENC_PREF = None
99 99
100 100 def hash_create(self, str_):
101 101 """
102 102 hash the string using
103 103
104 104 :param str_: password to hash
105 105 """
106 106 raise NotImplementedError
107 107
108 108 def hash_check_with_upgrade(self, password, hashed):
109 109 """
110 110 Returns tuple in which first element is boolean that states that
111 111 given password matches it's hashed version, and the second is new hash
112 112 of the password, in case this password should be migrated to new
113 113 cipher.
114 114 """
115 115 checked_hash = self.hash_check(password, hashed)
116 116 return checked_hash, None
117 117
118 118 def hash_check(self, password, hashed):
119 119 """
120 120 Checks matching password with it's hashed value.
121 121
122 122 :param password: password
123 123 :param hashed: password in hashed form
124 124 """
125 125 raise NotImplementedError
126 126
127 127 def _assert_bytes(self, value):
128 128 """
129 129 Passing in an `unicode` object can lead to hard to detect issues
130 130 if passwords contain non-ascii characters. Doing a type check
131 131 during runtime, so that such mistakes are detected early on.
132 132 """
133 133 if not isinstance(value, str):
134 134 raise TypeError(
135 135 "Bytestring required as input, got %r." % (value, ))
136 136
137 137
138 138 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
139 139 ENC_PREF = ('$2a$10', '$2b$10')
140 140
141 141 def hash_create(self, str_):
142 142 self._assert_bytes(str_)
143 143 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
144 144
145 145 def hash_check_with_upgrade(self, password, hashed):
146 146 """
147 147 Returns tuple in which first element is boolean that states that
148 148 given password matches it's hashed version, and the second is new hash
149 149 of the password, in case this password should be migrated to new
150 150 cipher.
151 151
152 152 This implements special upgrade logic which works like that:
153 153 - check if the given password == bcrypted hash, if yes then we
154 154 properly used password and it was already in bcrypt. Proceed
155 155 without any changes
156 156 - if bcrypt hash check is not working try with sha256. If hash compare
157 157 is ok, it means we using correct but old hashed password. indicate
158 158 hash change and proceed
159 159 """
160 160
161 161 new_hash = None
162 162
163 163 # regular pw check
164 164 password_match_bcrypt = self.hash_check(password, hashed)
165 165
166 166 # now we want to know if the password was maybe from sha256
167 167 # basically calling _RhodeCodeCryptoSha256().hash_check()
168 168 if not password_match_bcrypt:
169 169 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
170 170 new_hash = self.hash_create(password) # make new bcrypt hash
171 171 password_match_bcrypt = True
172 172
173 173 return password_match_bcrypt, new_hash
174 174
175 175 def hash_check(self, password, hashed):
176 176 """
177 177 Checks matching password with it's hashed value.
178 178
179 179 :param password: password
180 180 :param hashed: password in hashed form
181 181 """
182 182 self._assert_bytes(password)
183 183 try:
184 184 return bcrypt.hashpw(password, hashed) == hashed
185 185 except ValueError as e:
186 186 # we're having a invalid salt here probably, we should not crash
187 187 # just return with False as it would be a wrong password.
188 188 log.debug('Failed to check password hash using bcrypt %s',
189 189 safe_str(e))
190 190
191 191 return False
192 192
193 193
194 194 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
195 195 ENC_PREF = '_'
196 196
197 197 def hash_create(self, str_):
198 198 self._assert_bytes(str_)
199 199 return hashlib.sha256(str_).hexdigest()
200 200
201 201 def hash_check(self, password, hashed):
202 202 """
203 203 Checks matching password with it's hashed value.
204 204
205 205 :param password: password
206 206 :param hashed: password in hashed form
207 207 """
208 208 self._assert_bytes(password)
209 209 return hashlib.sha256(password).hexdigest() == hashed
210 210
211 211
212 212 class _RhodeCodeCryptoTest(_RhodeCodeCryptoBase):
213 213 ENC_PREF = '_'
214 214
215 215 def hash_create(self, str_):
216 216 self._assert_bytes(str_)
217 217 return sha1(str_)
218 218
219 219 def hash_check(self, password, hashed):
220 220 """
221 221 Checks matching password with it's hashed value.
222 222
223 223 :param password: password
224 224 :param hashed: password in hashed form
225 225 """
226 226 self._assert_bytes(password)
227 227 return sha1(password) == hashed
228 228
229 229
230 230 def crypto_backend():
231 231 """
232 232 Return the matching crypto backend.
233 233
234 234 Selection is based on if we run tests or not, we pick sha1-test backend to run
235 235 tests faster since BCRYPT is expensive to calculate
236 236 """
237 237 if rhodecode.is_test:
238 238 RhodeCodeCrypto = _RhodeCodeCryptoTest()
239 239 else:
240 240 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
241 241
242 242 return RhodeCodeCrypto
243 243
244 244
245 245 def get_crypt_password(password):
246 246 """
247 247 Create the hash of `password` with the active crypto backend.
248 248
249 249 :param password: The cleartext password.
250 250 :type password: unicode
251 251 """
252 252 password = safe_str(password)
253 253 return crypto_backend().hash_create(password)
254 254
255 255
256 256 def check_password(password, hashed):
257 257 """
258 258 Check if the value in `password` matches the hash in `hashed`.
259 259
260 260 :param password: The cleartext password.
261 261 :type password: unicode
262 262
263 263 :param hashed: The expected hashed version of the password.
264 264 :type hashed: The hash has to be passed in in text representation.
265 265 """
266 266 password = safe_str(password)
267 267 return crypto_backend().hash_check(password, hashed)
268 268
269 269
270 270 def generate_auth_token(data, salt=None):
271 271 """
272 272 Generates API KEY from given string
273 273 """
274 274
275 275 if salt is None:
276 276 salt = os.urandom(16)
277 277 return hashlib.sha1(safe_str(data) + salt).hexdigest()
278 278
279 279
280 280 def get_came_from(request):
281 281 """
282 282 get query_string+path from request sanitized after removing auth_token
283 283 """
284 284 _req = request
285 285
286 286 path = _req.path
287 287 if 'auth_token' in _req.GET:
288 288 # sanitize the request and remove auth_token for redirection
289 289 _req.GET.pop('auth_token')
290 290 qs = _req.query_string
291 291 if qs:
292 292 path += '?' + qs
293 293
294 294 return path
295 295
296 296
297 297 class CookieStoreWrapper(object):
298 298
299 299 def __init__(self, cookie_store):
300 300 self.cookie_store = cookie_store
301 301
302 302 def __repr__(self):
303 303 return 'CookieStore<%s>' % (self.cookie_store)
304 304
305 305 def get(self, key, other=None):
306 306 if isinstance(self.cookie_store, dict):
307 307 return self.cookie_store.get(key, other)
308 308 elif isinstance(self.cookie_store, AuthUser):
309 309 return self.cookie_store.__dict__.get(key, other)
310 310
311 311
312 312 def _cached_perms_data(user_id, scope, user_is_admin,
313 313 user_inherit_default_permissions, explicit, algo,
314 314 calculate_super_admin):
315 315
316 316 permissions = PermissionCalculator(
317 317 user_id, scope, user_is_admin, user_inherit_default_permissions,
318 318 explicit, algo, calculate_super_admin)
319 319 return permissions.calculate()
320 320
321 321
322 322 class PermOrigin(object):
323 323 SUPER_ADMIN = 'superadmin'
324 324 ARCHIVED = 'archived'
325 325
326 326 REPO_USER = 'user:%s'
327 327 REPO_USERGROUP = 'usergroup:%s'
328 328 REPO_OWNER = 'repo.owner'
329 329 REPO_DEFAULT = 'repo.default'
330 330 REPO_DEFAULT_NO_INHERIT = 'repo.default.no.inherit'
331 331 REPO_PRIVATE = 'repo.private'
332 332
333 333 REPOGROUP_USER = 'user:%s'
334 334 REPOGROUP_USERGROUP = 'usergroup:%s'
335 335 REPOGROUP_OWNER = 'group.owner'
336 336 REPOGROUP_DEFAULT = 'group.default'
337 337 REPOGROUP_DEFAULT_NO_INHERIT = 'group.default.no.inherit'
338 338
339 339 USERGROUP_USER = 'user:%s'
340 340 USERGROUP_USERGROUP = 'usergroup:%s'
341 341 USERGROUP_OWNER = 'usergroup.owner'
342 342 USERGROUP_DEFAULT = 'usergroup.default'
343 343 USERGROUP_DEFAULT_NO_INHERIT = 'usergroup.default.no.inherit'
344 344
345 345
346 346 class PermOriginDict(dict):
347 347 """
348 348 A special dict used for tracking permissions along with their origins.
349 349
350 350 `__setitem__` has been overridden to expect a tuple(perm, origin)
351 351 `__getitem__` will return only the perm
352 352 `.perm_origin_stack` will return the stack of (perm, origin) set per key
353 353
354 354 >>> perms = PermOriginDict()
355 355 >>> perms['resource'] = 'read', 'default'
356 356 >>> perms['resource']
357 357 'read'
358 358 >>> perms['resource'] = 'write', 'admin'
359 359 >>> perms['resource']
360 360 'write'
361 361 >>> perms.perm_origin_stack
362 362 {'resource': [('read', 'default'), ('write', 'admin')]}
363 363 """
364 364
365 365 def __init__(self, *args, **kw):
366 366 dict.__init__(self, *args, **kw)
367 367 self.perm_origin_stack = collections.OrderedDict()
368 368
369 369 def __setitem__(self, key, (perm, origin)):
370 370 self.perm_origin_stack.setdefault(key, []).append(
371 371 (perm, origin))
372 372 dict.__setitem__(self, key, perm)
373 373
374 374
375 375 class BranchPermOriginDict(PermOriginDict):
376 376 """
377 377 Dedicated branch permissions dict, with tracking of patterns and origins.
378 378
379 379 >>> perms = BranchPermOriginDict()
380 380 >>> perms['resource'] = '*pattern', 'read', 'default'
381 381 >>> perms['resource']
382 382 {'*pattern': 'read'}
383 383 >>> perms['resource'] = '*pattern', 'write', 'admin'
384 384 >>> perms['resource']
385 385 {'*pattern': 'write'}
386 386 >>> perms.perm_origin_stack
387 387 {'resource': {'*pattern': [('read', 'default'), ('write', 'admin')]}}
388 388 """
389 389 def __setitem__(self, key, (pattern, perm, origin)):
390 390
391 391 self.perm_origin_stack.setdefault(key, {}) \
392 392 .setdefault(pattern, []).append((perm, origin))
393 393
394 394 if key in self:
395 395 self[key].__setitem__(pattern, perm)
396 396 else:
397 397 patterns = collections.OrderedDict()
398 398 patterns[pattern] = perm
399 399 dict.__setitem__(self, key, patterns)
400 400
401 401
402 402 class PermissionCalculator(object):
403 403
404 404 def __init__(
405 405 self, user_id, scope, user_is_admin,
406 406 user_inherit_default_permissions, explicit, algo,
407 407 calculate_super_admin_as_user=False):
408 408
409 409 self.user_id = user_id
410 410 self.user_is_admin = user_is_admin
411 411 self.inherit_default_permissions = user_inherit_default_permissions
412 412 self.explicit = explicit
413 413 self.algo = algo
414 414 self.calculate_super_admin_as_user = calculate_super_admin_as_user
415 415
416 416 scope = scope or {}
417 417 self.scope_repo_id = scope.get('repo_id')
418 418 self.scope_repo_group_id = scope.get('repo_group_id')
419 419 self.scope_user_group_id = scope.get('user_group_id')
420 420
421 421 self.default_user_id = User.get_default_user(cache=True).user_id
422 422
423 423 self.permissions_repositories = PermOriginDict()
424 424 self.permissions_repository_groups = PermOriginDict()
425 425 self.permissions_user_groups = PermOriginDict()
426 426 self.permissions_repository_branches = BranchPermOriginDict()
427 427 self.permissions_global = set()
428 428
429 429 self.default_repo_perms = Permission.get_default_repo_perms(
430 430 self.default_user_id, self.scope_repo_id)
431 431 self.default_repo_groups_perms = Permission.get_default_group_perms(
432 432 self.default_user_id, self.scope_repo_group_id)
433 433 self.default_user_group_perms = \
434 434 Permission.get_default_user_group_perms(
435 435 self.default_user_id, self.scope_user_group_id)
436 436
437 437 # default branch perms
438 438 self.default_branch_repo_perms = \
439 439 Permission.get_default_repo_branch_perms(
440 440 self.default_user_id, self.scope_repo_id)
441 441
442 442 def calculate(self):
443 443 if self.user_is_admin and not self.calculate_super_admin_as_user:
444 444 return self._calculate_admin_permissions()
445 445
446 446 self._calculate_global_default_permissions()
447 447 self._calculate_global_permissions()
448 448 self._calculate_default_permissions()
449 449 self._calculate_repository_permissions()
450 450 self._calculate_repository_branch_permissions()
451 451 self._calculate_repository_group_permissions()
452 452 self._calculate_user_group_permissions()
453 453 return self._permission_structure()
454 454
455 455 def _calculate_admin_permissions(self):
456 456 """
457 457 admin user have all default rights for repositories
458 458 and groups set to admin
459 459 """
460 460 self.permissions_global.add('hg.admin')
461 461 self.permissions_global.add('hg.create.write_on_repogroup.true')
462 462
463 463 # repositories
464 464 for perm in self.default_repo_perms:
465 465 r_k = perm.UserRepoToPerm.repository.repo_name
466 466 archived = perm.UserRepoToPerm.repository.archived
467 467 p = 'repository.admin'
468 468 self.permissions_repositories[r_k] = p, PermOrigin.SUPER_ADMIN
469 469 # special case for archived repositories, which we block still even for
470 470 # super admins
471 471 if archived:
472 472 p = 'repository.read'
473 473 self.permissions_repositories[r_k] = p, PermOrigin.ARCHIVED
474 474
475 475 # repository groups
476 476 for perm in self.default_repo_groups_perms:
477 477 rg_k = perm.UserRepoGroupToPerm.group.group_name
478 478 p = 'group.admin'
479 479 self.permissions_repository_groups[rg_k] = p, PermOrigin.SUPER_ADMIN
480 480
481 481 # user groups
482 482 for perm in self.default_user_group_perms:
483 483 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
484 484 p = 'usergroup.admin'
485 485 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN
486 486
487 487 # branch permissions
488 488 # since super-admin also can have custom rule permissions
489 489 # we *always* need to calculate those inherited from default, and also explicit
490 490 self._calculate_default_permissions_repository_branches(
491 491 user_inherit_object_permissions=False)
492 492 self._calculate_repository_branch_permissions()
493 493
494 494 return self._permission_structure()
495 495
496 496 def _calculate_global_default_permissions(self):
497 497 """
498 498 global permissions taken from the default user
499 499 """
500 500 default_global_perms = UserToPerm.query()\
501 501 .filter(UserToPerm.user_id == self.default_user_id)\
502 502 .options(joinedload(UserToPerm.permission))
503 503
504 504 for perm in default_global_perms:
505 505 self.permissions_global.add(perm.permission.permission_name)
506 506
507 507 if self.user_is_admin:
508 508 self.permissions_global.add('hg.admin')
509 509 self.permissions_global.add('hg.create.write_on_repogroup.true')
510 510
511 511 def _calculate_global_permissions(self):
512 512 """
513 513 Set global system permissions with user permissions or permissions
514 514 taken from the user groups of the current user.
515 515
516 516 The permissions include repo creating, repo group creating, forking
517 517 etc.
518 518 """
519 519
520 520 # now we read the defined permissions and overwrite what we have set
521 521 # before those can be configured from groups or users explicitly.
522 522
523 523 # In case we want to extend this list we should make sure
524 524 # this is in sync with User.DEFAULT_USER_PERMISSIONS definitions
525 525 _configurable = frozenset([
526 526 'hg.fork.none', 'hg.fork.repository',
527 527 'hg.create.none', 'hg.create.repository',
528 528 'hg.usergroup.create.false', 'hg.usergroup.create.true',
529 529 'hg.repogroup.create.false', 'hg.repogroup.create.true',
530 530 'hg.create.write_on_repogroup.false', 'hg.create.write_on_repogroup.true',
531 531 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
532 532 ])
533 533
534 534 # USER GROUPS comes first user group global permissions
535 535 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
536 536 .options(joinedload(UserGroupToPerm.permission))\
537 537 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
538 538 UserGroupMember.users_group_id))\
539 539 .filter(UserGroupMember.user_id == self.user_id)\
540 540 .order_by(UserGroupToPerm.users_group_id)\
541 541 .all()
542 542
543 543 # need to group here by groups since user can be in more than
544 544 # one group, so we get all groups
545 545 _explicit_grouped_perms = [
546 546 [x, list(y)] for x, y in
547 547 itertools.groupby(user_perms_from_users_groups,
548 548 lambda _x: _x.users_group)]
549 549
550 550 for gr, perms in _explicit_grouped_perms:
551 551 # since user can be in multiple groups iterate over them and
552 552 # select the lowest permissions first (more explicit)
553 553 # TODO(marcink): do this^^
554 554
555 555 # group doesn't inherit default permissions so we actually set them
556 556 if not gr.inherit_default_permissions:
557 557 # NEED TO IGNORE all previously set configurable permissions
558 558 # and replace them with explicitly set from this user
559 559 # group permissions
560 560 self.permissions_global = self.permissions_global.difference(
561 561 _configurable)
562 562 for perm in perms:
563 563 self.permissions_global.add(perm.permission.permission_name)
564 564
565 565 # user explicit global permissions
566 566 user_perms = Session().query(UserToPerm)\
567 567 .options(joinedload(UserToPerm.permission))\
568 568 .filter(UserToPerm.user_id == self.user_id).all()
569 569
570 570 if not self.inherit_default_permissions:
571 571 # NEED TO IGNORE all configurable permissions and
572 572 # replace them with explicitly set from this user permissions
573 573 self.permissions_global = self.permissions_global.difference(
574 574 _configurable)
575 575 for perm in user_perms:
576 576 self.permissions_global.add(perm.permission.permission_name)
577 577
578 578 def _calculate_default_permissions_repositories(self, user_inherit_object_permissions):
579 579 for perm in self.default_repo_perms:
580 580 r_k = perm.UserRepoToPerm.repository.repo_name
581 581 archived = perm.UserRepoToPerm.repository.archived
582 582 p = perm.Permission.permission_name
583 583 o = PermOrigin.REPO_DEFAULT
584 584 self.permissions_repositories[r_k] = p, o
585 585
586 586 # if we decide this user isn't inheriting permissions from
587 587 # default user we set him to .none so only explicit
588 588 # permissions work
589 589 if not user_inherit_object_permissions:
590 590 p = 'repository.none'
591 591 o = PermOrigin.REPO_DEFAULT_NO_INHERIT
592 592 self.permissions_repositories[r_k] = p, o
593 593
594 594 if perm.Repository.private and not (
595 595 perm.Repository.user_id == self.user_id):
596 596 # disable defaults for private repos,
597 597 p = 'repository.none'
598 598 o = PermOrigin.REPO_PRIVATE
599 599 self.permissions_repositories[r_k] = p, o
600 600
601 601 elif perm.Repository.user_id == self.user_id:
602 602 # set admin if owner
603 603 p = 'repository.admin'
604 604 o = PermOrigin.REPO_OWNER
605 605 self.permissions_repositories[r_k] = p, o
606 606
607 607 if self.user_is_admin:
608 608 p = 'repository.admin'
609 609 o = PermOrigin.SUPER_ADMIN
610 610 self.permissions_repositories[r_k] = p, o
611 611
612 612 # finally in case of archived repositories, we downgrade higher
613 613 # permissions to read
614 614 if archived:
615 615 current_perm = self.permissions_repositories[r_k]
616 616 if current_perm in ['repository.write', 'repository.admin']:
617 617 p = 'repository.read'
618 618 o = PermOrigin.ARCHIVED
619 619 self.permissions_repositories[r_k] = p, o
620 620
621 621 def _calculate_default_permissions_repository_branches(self, user_inherit_object_permissions):
622 622 for perm in self.default_branch_repo_perms:
623 623
624 624 r_k = perm.UserRepoToPerm.repository.repo_name
625 625 p = perm.Permission.permission_name
626 626 pattern = perm.UserToRepoBranchPermission.branch_pattern
627 627 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
628 628
629 629 if not self.explicit:
630 630 cur_perm = self.permissions_repository_branches.get(r_k)
631 631 if cur_perm:
632 632 cur_perm = cur_perm[pattern]
633 633 cur_perm = cur_perm or 'branch.none'
634 634
635 635 p = self._choose_permission(p, cur_perm)
636 636
637 637 # NOTE(marcink): register all pattern/perm instances in this
638 638 # special dict that aggregates entries
639 639 self.permissions_repository_branches[r_k] = pattern, p, o
640 640
641 641 def _calculate_default_permissions_repository_groups(self, user_inherit_object_permissions):
642 642 for perm in self.default_repo_groups_perms:
643 643 rg_k = perm.UserRepoGroupToPerm.group.group_name
644 644 p = perm.Permission.permission_name
645 645 o = PermOrigin.REPOGROUP_DEFAULT
646 646 self.permissions_repository_groups[rg_k] = p, o
647 647
648 648 # if we decide this user isn't inheriting permissions from default
649 649 # user we set him to .none so only explicit permissions work
650 650 if not user_inherit_object_permissions:
651 651 p = 'group.none'
652 652 o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
653 653 self.permissions_repository_groups[rg_k] = p, o
654 654
655 655 if perm.RepoGroup.user_id == self.user_id:
656 656 # set admin if owner
657 657 p = 'group.admin'
658 658 o = PermOrigin.REPOGROUP_OWNER
659 659 self.permissions_repository_groups[rg_k] = p, o
660 660
661 661 if self.user_is_admin:
662 662 p = 'group.admin'
663 663 o = PermOrigin.SUPER_ADMIN
664 664 self.permissions_repository_groups[rg_k] = p, o
665 665
666 666 def _calculate_default_permissions_user_groups(self, user_inherit_object_permissions):
667 667 for perm in self.default_user_group_perms:
668 668 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
669 669 p = perm.Permission.permission_name
670 670 o = PermOrigin.USERGROUP_DEFAULT
671 671 self.permissions_user_groups[u_k] = p, o
672 672
673 673 # if we decide this user isn't inheriting permissions from default
674 674 # user we set him to .none so only explicit permissions work
675 675 if not user_inherit_object_permissions:
676 676 p = 'usergroup.none'
677 677 o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
678 678 self.permissions_user_groups[u_k] = p, o
679 679
680 680 if perm.UserGroup.user_id == self.user_id:
681 681 # set admin if owner
682 682 p = 'usergroup.admin'
683 683 o = PermOrigin.USERGROUP_OWNER
684 684 self.permissions_user_groups[u_k] = p, o
685 685
686 686 if self.user_is_admin:
687 687 p = 'usergroup.admin'
688 688 o = PermOrigin.SUPER_ADMIN
689 689 self.permissions_user_groups[u_k] = p, o
690 690
691 691 def _calculate_default_permissions(self):
692 692 """
693 693 Set default user permissions for repositories, repository branches,
694 694 repository groups, user groups taken from the default user.
695 695
696 696 Calculate inheritance of object permissions based on what we have now
697 697 in GLOBAL permissions. We check if .false is in GLOBAL since this is
698 698 explicitly set. Inherit is the opposite of .false being there.
699 699
700 700 .. note::
701 701
702 702 the syntax is little bit odd but what we need to check here is
703 703 the opposite of .false permission being in the list so even for
704 704 inconsistent state when both .true/.false is there
705 705 .false is more important
706 706
707 707 """
708 708 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
709 709 in self.permissions_global)
710 710
711 711 # default permissions inherited from `default` user permissions
712 712 self._calculate_default_permissions_repositories(
713 713 user_inherit_object_permissions)
714 714
715 715 self._calculate_default_permissions_repository_branches(
716 716 user_inherit_object_permissions)
717 717
718 718 self._calculate_default_permissions_repository_groups(
719 719 user_inherit_object_permissions)
720 720
721 721 self._calculate_default_permissions_user_groups(
722 722 user_inherit_object_permissions)
723 723
724 724 def _calculate_repository_permissions(self):
725 725 """
726 726 Repository permissions for the current user.
727 727
728 728 Check if the user is part of user groups for this repository and
729 729 fill in the permission from it. `_choose_permission` decides of which
730 730 permission should be selected based on selected method.
731 731 """
732 732
733 733 # user group for repositories permissions
734 734 user_repo_perms_from_user_group = Permission\
735 735 .get_default_repo_perms_from_user_group(
736 736 self.user_id, self.scope_repo_id)
737 737
738 738 multiple_counter = collections.defaultdict(int)
739 739 for perm in user_repo_perms_from_user_group:
740 740 r_k = perm.UserGroupRepoToPerm.repository.repo_name
741 741 multiple_counter[r_k] += 1
742 742 p = perm.Permission.permission_name
743 743 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
744 744 .users_group.users_group_name
745 745
746 746 if multiple_counter[r_k] > 1:
747 747 cur_perm = self.permissions_repositories[r_k]
748 748 p = self._choose_permission(p, cur_perm)
749 749
750 750 self.permissions_repositories[r_k] = p, o
751 751
752 752 if perm.Repository.user_id == self.user_id:
753 753 # set admin if owner
754 754 p = 'repository.admin'
755 755 o = PermOrigin.REPO_OWNER
756 756 self.permissions_repositories[r_k] = p, o
757 757
758 758 if self.user_is_admin:
759 759 p = 'repository.admin'
760 760 o = PermOrigin.SUPER_ADMIN
761 761 self.permissions_repositories[r_k] = p, o
762 762
763 763 # user explicit permissions for repositories, overrides any specified
764 764 # by the group permission
765 765 user_repo_perms = Permission.get_default_repo_perms(
766 766 self.user_id, self.scope_repo_id)
767 767 for perm in user_repo_perms:
768 768 r_k = perm.UserRepoToPerm.repository.repo_name
769 769 p = perm.Permission.permission_name
770 770 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
771 771
772 772 if not self.explicit:
773 773 cur_perm = self.permissions_repositories.get(
774 774 r_k, 'repository.none')
775 775 p = self._choose_permission(p, cur_perm)
776 776
777 777 self.permissions_repositories[r_k] = p, o
778 778
779 779 if perm.Repository.user_id == self.user_id:
780 780 # set admin if owner
781 781 p = 'repository.admin'
782 782 o = PermOrigin.REPO_OWNER
783 783 self.permissions_repositories[r_k] = p, o
784 784
785 785 if self.user_is_admin:
786 786 p = 'repository.admin'
787 787 o = PermOrigin.SUPER_ADMIN
788 788 self.permissions_repositories[r_k] = p, o
789 789
790 790 def _calculate_repository_branch_permissions(self):
791 791 # user group for repositories permissions
792 792 user_repo_branch_perms_from_user_group = Permission\
793 793 .get_default_repo_branch_perms_from_user_group(
794 794 self.user_id, self.scope_repo_id)
795 795
796 796 multiple_counter = collections.defaultdict(int)
797 797 for perm in user_repo_branch_perms_from_user_group:
798 798 r_k = perm.UserGroupRepoToPerm.repository.repo_name
799 799 p = perm.Permission.permission_name
800 800 pattern = perm.UserGroupToRepoBranchPermission.branch_pattern
801 801 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
802 802 .users_group.users_group_name
803 803
804 804 multiple_counter[r_k] += 1
805 805 if multiple_counter[r_k] > 1:
806 806 cur_perm = self.permissions_repository_branches[r_k][pattern]
807 807 p = self._choose_permission(p, cur_perm)
808 808
809 809 self.permissions_repository_branches[r_k] = pattern, p, o
810 810
811 811 # user explicit branch permissions for repositories, overrides
812 812 # any specified by the group permission
813 813 user_repo_branch_perms = Permission.get_default_repo_branch_perms(
814 814 self.user_id, self.scope_repo_id)
815 815
816 816 for perm in user_repo_branch_perms:
817 817
818 818 r_k = perm.UserRepoToPerm.repository.repo_name
819 819 p = perm.Permission.permission_name
820 820 pattern = perm.UserToRepoBranchPermission.branch_pattern
821 821 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
822 822
823 823 if not self.explicit:
824 824 cur_perm = self.permissions_repository_branches.get(r_k)
825 825 if cur_perm:
826 826 cur_perm = cur_perm[pattern]
827 827 cur_perm = cur_perm or 'branch.none'
828 828 p = self._choose_permission(p, cur_perm)
829 829
830 830 # NOTE(marcink): register all pattern/perm instances in this
831 831 # special dict that aggregates entries
832 832 self.permissions_repository_branches[r_k] = pattern, p, o
833 833
834 834 def _calculate_repository_group_permissions(self):
835 835 """
836 836 Repository group permissions for the current user.
837 837
838 838 Check if the user is part of user groups for repository groups and
839 839 fill in the permissions from it. `_choose_permission` decides of which
840 840 permission should be selected based on selected method.
841 841 """
842 842 # user group for repo groups permissions
843 843 user_repo_group_perms_from_user_group = Permission\
844 844 .get_default_group_perms_from_user_group(
845 845 self.user_id, self.scope_repo_group_id)
846 846
847 847 multiple_counter = collections.defaultdict(int)
848 848 for perm in user_repo_group_perms_from_user_group:
849 849 rg_k = perm.UserGroupRepoGroupToPerm.group.group_name
850 850 multiple_counter[rg_k] += 1
851 851 o = PermOrigin.REPOGROUP_USERGROUP % perm.UserGroupRepoGroupToPerm\
852 852 .users_group.users_group_name
853 853 p = perm.Permission.permission_name
854 854
855 855 if multiple_counter[rg_k] > 1:
856 856 cur_perm = self.permissions_repository_groups[rg_k]
857 857 p = self._choose_permission(p, cur_perm)
858 858 self.permissions_repository_groups[rg_k] = p, o
859 859
860 860 if perm.RepoGroup.user_id == self.user_id:
861 861 # set admin if owner, even for member of other user group
862 862 p = 'group.admin'
863 863 o = PermOrigin.REPOGROUP_OWNER
864 864 self.permissions_repository_groups[rg_k] = p, o
865 865
866 866 if self.user_is_admin:
867 867 p = 'group.admin'
868 868 o = PermOrigin.SUPER_ADMIN
869 869 self.permissions_repository_groups[rg_k] = p, o
870 870
871 871 # user explicit permissions for repository groups
872 872 user_repo_groups_perms = Permission.get_default_group_perms(
873 873 self.user_id, self.scope_repo_group_id)
874 874 for perm in user_repo_groups_perms:
875 875 rg_k = perm.UserRepoGroupToPerm.group.group_name
876 876 o = PermOrigin.REPOGROUP_USER % perm.UserRepoGroupToPerm\
877 877 .user.username
878 878 p = perm.Permission.permission_name
879 879
880 880 if not self.explicit:
881 881 cur_perm = self.permissions_repository_groups.get(rg_k, 'group.none')
882 882 p = self._choose_permission(p, cur_perm)
883 883
884 884 self.permissions_repository_groups[rg_k] = p, o
885 885
886 886 if perm.RepoGroup.user_id == self.user_id:
887 887 # set admin if owner
888 888 p = 'group.admin'
889 889 o = PermOrigin.REPOGROUP_OWNER
890 890 self.permissions_repository_groups[rg_k] = p, o
891 891
892 892 if self.user_is_admin:
893 893 p = 'group.admin'
894 894 o = PermOrigin.SUPER_ADMIN
895 895 self.permissions_repository_groups[rg_k] = p, o
896 896
897 897 def _calculate_user_group_permissions(self):
898 898 """
899 899 User group permissions for the current user.
900 900 """
901 901 # user group for user group permissions
902 902 user_group_from_user_group = Permission\
903 903 .get_default_user_group_perms_from_user_group(
904 904 self.user_id, self.scope_user_group_id)
905 905
906 906 multiple_counter = collections.defaultdict(int)
907 907 for perm in user_group_from_user_group:
908 908 ug_k = perm.UserGroupUserGroupToPerm\
909 909 .target_user_group.users_group_name
910 910 multiple_counter[ug_k] += 1
911 911 o = PermOrigin.USERGROUP_USERGROUP % perm.UserGroupUserGroupToPerm\
912 912 .user_group.users_group_name
913 913 p = perm.Permission.permission_name
914 914
915 915 if multiple_counter[ug_k] > 1:
916 916 cur_perm = self.permissions_user_groups[ug_k]
917 917 p = self._choose_permission(p, cur_perm)
918 918
919 919 self.permissions_user_groups[ug_k] = p, o
920 920
921 921 if perm.UserGroup.user_id == self.user_id:
922 922 # set admin if owner, even for member of other user group
923 923 p = 'usergroup.admin'
924 924 o = PermOrigin.USERGROUP_OWNER
925 925 self.permissions_user_groups[ug_k] = p, o
926 926
927 927 if self.user_is_admin:
928 928 p = 'usergroup.admin'
929 929 o = PermOrigin.SUPER_ADMIN
930 930 self.permissions_user_groups[ug_k] = p, o
931 931
932 932 # user explicit permission for user groups
933 933 user_user_groups_perms = Permission.get_default_user_group_perms(
934 934 self.user_id, self.scope_user_group_id)
935 935 for perm in user_user_groups_perms:
936 936 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
937 937 o = PermOrigin.USERGROUP_USER % perm.UserUserGroupToPerm\
938 938 .user.username
939 939 p = perm.Permission.permission_name
940 940
941 941 if not self.explicit:
942 942 cur_perm = self.permissions_user_groups.get(ug_k, 'usergroup.none')
943 943 p = self._choose_permission(p, cur_perm)
944 944
945 945 self.permissions_user_groups[ug_k] = p, o
946 946
947 947 if perm.UserGroup.user_id == self.user_id:
948 948 # set admin if owner
949 949 p = 'usergroup.admin'
950 950 o = PermOrigin.USERGROUP_OWNER
951 951 self.permissions_user_groups[ug_k] = p, o
952 952
953 953 if self.user_is_admin:
954 954 p = 'usergroup.admin'
955 955 o = PermOrigin.SUPER_ADMIN
956 956 self.permissions_user_groups[ug_k] = p, o
957 957
958 958 def _choose_permission(self, new_perm, cur_perm):
959 959 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
960 960 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
961 961 if self.algo == 'higherwin':
962 962 if new_perm_val > cur_perm_val:
963 963 return new_perm
964 964 return cur_perm
965 965 elif self.algo == 'lowerwin':
966 966 if new_perm_val < cur_perm_val:
967 967 return new_perm
968 968 return cur_perm
969 969
970 970 def _permission_structure(self):
971 971 return {
972 972 'global': self.permissions_global,
973 973 'repositories': self.permissions_repositories,
974 974 'repository_branches': self.permissions_repository_branches,
975 975 'repositories_groups': self.permissions_repository_groups,
976 976 'user_groups': self.permissions_user_groups,
977 977 }
978 978
979 979
980 980 def allowed_auth_token_access(view_name, auth_token, whitelist=None):
981 981 """
982 982 Check if given controller_name is in whitelist of auth token access
983 983 """
984 984 if not whitelist:
985 985 from rhodecode import CONFIG
986 986 whitelist = aslist(
987 987 CONFIG.get('api_access_controllers_whitelist'), sep=',')
988 988 # backward compat translation
989 989 compat = {
990 990 # old controller, new VIEW
991 991 'ChangesetController:*': 'RepoCommitsView:*',
992 992 'ChangesetController:changeset_patch': 'RepoCommitsView:repo_commit_patch',
993 993 'ChangesetController:changeset_raw': 'RepoCommitsView:repo_commit_raw',
994 994 'FilesController:raw': 'RepoCommitsView:repo_commit_raw',
995 995 'FilesController:archivefile': 'RepoFilesView:repo_archivefile',
996 996 'GistsController:*': 'GistView:*',
997 997 }
998 998
999 999 log.debug(
1000 1000 'Allowed views for AUTH TOKEN access: %s', whitelist)
1001 1001 auth_token_access_valid = False
1002 1002
1003 1003 for entry in whitelist:
1004 1004 token_match = True
1005 1005 if entry in compat:
1006 1006 # translate from old Controllers to Pyramid Views
1007 1007 entry = compat[entry]
1008 1008
1009 1009 if '@' in entry:
1010 1010 # specific AuthToken
1011 1011 entry, allowed_token = entry.split('@', 1)
1012 1012 token_match = auth_token == allowed_token
1013 1013
1014 1014 if fnmatch.fnmatch(view_name, entry) and token_match:
1015 1015 auth_token_access_valid = True
1016 1016 break
1017 1017
1018 1018 if auth_token_access_valid:
1019 1019 log.debug('view: `%s` matches entry in whitelist: %s',
1020 1020 view_name, whitelist)
1021 1021
1022 1022 else:
1023 1023 msg = ('view: `%s` does *NOT* match any entry in whitelist: %s'
1024 1024 % (view_name, whitelist))
1025 1025 if auth_token:
1026 1026 # if we use auth token key and don't have access it's a warning
1027 1027 log.warning(msg)
1028 1028 else:
1029 1029 log.debug(msg)
1030 1030
1031 1031 return auth_token_access_valid
1032 1032
1033 1033
1034 1034 class AuthUser(object):
1035 1035 """
1036 1036 A simple object that handles all attributes of user in RhodeCode
1037 1037
1038 1038 It does lookup based on API key,given user, or user present in session
1039 1039 Then it fills all required information for such user. It also checks if
1040 1040 anonymous access is enabled and if so, it returns default user as logged in
1041 1041 """
1042 1042 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
1043 1043
1044 1044 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
1045 1045
1046 1046 self.user_id = user_id
1047 1047 self._api_key = api_key
1048 1048
1049 1049 self.api_key = None
1050 1050 self.username = username
1051 1051 self.ip_addr = ip_addr
1052 1052 self.name = ''
1053 1053 self.lastname = ''
1054 1054 self.first_name = ''
1055 1055 self.last_name = ''
1056 1056 self.email = ''
1057 1057 self.is_authenticated = False
1058 1058 self.admin = False
1059 1059 self.inherit_default_permissions = False
1060 1060 self.password = ''
1061 1061
1062 1062 self.anonymous_user = None # propagated on propagate_data
1063 1063 self.propagate_data()
1064 1064 self._instance = None
1065 1065 self._permissions_scoped_cache = {} # used to bind scoped calculation
1066 1066
1067 1067 @LazyProperty
1068 1068 def permissions(self):
1069 1069 return self.get_perms(user=self, cache=None)
1070 1070
1071 1071 @LazyProperty
1072 1072 def permissions_safe(self):
1073 1073 """
1074 1074 Filtered permissions excluding not allowed repositories
1075 1075 """
1076 1076 perms = self.get_perms(user=self, cache=None)
1077 1077
1078 1078 perms['repositories'] = {
1079 1079 k: v for k, v in perms['repositories'].items()
1080 1080 if v != 'repository.none'}
1081 1081 perms['repositories_groups'] = {
1082 1082 k: v for k, v in perms['repositories_groups'].items()
1083 1083 if v != 'group.none'}
1084 1084 perms['user_groups'] = {
1085 1085 k: v for k, v in perms['user_groups'].items()
1086 1086 if v != 'usergroup.none'}
1087 1087 perms['repository_branches'] = {
1088 1088 k: v for k, v in perms['repository_branches'].iteritems()
1089 1089 if v != 'branch.none'}
1090 1090 return perms
1091 1091
1092 1092 @LazyProperty
1093 1093 def permissions_full_details(self):
1094 1094 return self.get_perms(
1095 1095 user=self, cache=None, calculate_super_admin=True)
1096 1096
1097 1097 def permissions_with_scope(self, scope):
1098 1098 """
1099 1099 Call the get_perms function with scoped data. The scope in that function
1100 1100 narrows the SQL calls to the given ID of objects resulting in fetching
1101 1101 Just particular permission we want to obtain. If scope is an empty dict
1102 1102 then it basically narrows the scope to GLOBAL permissions only.
1103 1103
1104 1104 :param scope: dict
1105 1105 """
1106 1106 if 'repo_name' in scope:
1107 1107 obj = Repository.get_by_repo_name(scope['repo_name'])
1108 1108 if obj:
1109 1109 scope['repo_id'] = obj.repo_id
1110 1110 _scope = collections.OrderedDict()
1111 1111 _scope['repo_id'] = -1
1112 1112 _scope['user_group_id'] = -1
1113 1113 _scope['repo_group_id'] = -1
1114 1114
1115 1115 for k in sorted(scope.keys()):
1116 1116 _scope[k] = scope[k]
1117 1117
1118 1118 # store in cache to mimic how the @LazyProperty works,
1119 1119 # the difference here is that we use the unique key calculated
1120 1120 # from params and values
1121 1121 return self.get_perms(user=self, cache=None, scope=_scope)
1122 1122
1123 1123 def get_instance(self):
1124 1124 return User.get(self.user_id)
1125 1125
1126 1126 def propagate_data(self):
1127 1127 """
1128 1128 Fills in user data and propagates values to this instance. Maps fetched
1129 1129 user attributes to this class instance attributes
1130 1130 """
1131 1131 log.debug('AuthUser: starting data propagation for new potential user')
1132 1132 user_model = UserModel()
1133 1133 anon_user = self.anonymous_user = User.get_default_user(cache=True)
1134 1134 is_user_loaded = False
1135 1135
1136 1136 # lookup by userid
1137 1137 if self.user_id is not None and self.user_id != anon_user.user_id:
1138 1138 log.debug('Trying Auth User lookup by USER ID: `%s`', self.user_id)
1139 1139 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
1140 1140
1141 1141 # try go get user by api key
1142 1142 elif self._api_key and self._api_key != anon_user.api_key:
1143 1143 log.debug('Trying Auth User lookup by API KEY: `%s`', self._api_key)
1144 1144 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
1145 1145
1146 1146 # lookup by username
1147 1147 elif self.username:
1148 1148 log.debug('Trying Auth User lookup by USER NAME: `%s`', self.username)
1149 1149 is_user_loaded = user_model.fill_data(self, username=self.username)
1150 1150 else:
1151 1151 log.debug('No data in %s that could been used to log in', self)
1152 1152
1153 1153 if not is_user_loaded:
1154 1154 log.debug(
1155 1155 'Failed to load user. Fallback to default user %s', anon_user)
1156 1156 # if we cannot authenticate user try anonymous
1157 1157 if anon_user.active:
1158 1158 log.debug('default user is active, using it as a session user')
1159 1159 user_model.fill_data(self, user_id=anon_user.user_id)
1160 1160 # then we set this user is logged in
1161 1161 self.is_authenticated = True
1162 1162 else:
1163 1163 log.debug('default user is NOT active')
1164 1164 # in case of disabled anonymous user we reset some of the
1165 1165 # parameters so such user is "corrupted", skipping the fill_data
1166 1166 for attr in ['user_id', 'username', 'admin', 'active']:
1167 1167 setattr(self, attr, None)
1168 1168 self.is_authenticated = False
1169 1169
1170 1170 if not self.username:
1171 1171 self.username = 'None'
1172 1172
1173 1173 log.debug('AuthUser: propagated user is now %s', self)
1174 1174
1175 1175 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
1176 1176 calculate_super_admin=False, cache=None):
1177 1177 """
1178 1178 Fills user permission attribute with permissions taken from database
1179 1179 works for permissions given for repositories, and for permissions that
1180 1180 are granted to groups
1181 1181
1182 1182 :param user: instance of User object from database
1183 1183 :param explicit: In case there are permissions both for user and a group
1184 1184 that user is part of, explicit flag will defiine if user will
1185 1185 explicitly override permissions from group, if it's False it will
1186 1186 make decision based on the algo
1187 1187 :param algo: algorithm to decide what permission should be choose if
1188 1188 it's multiple defined, eg user in two different groups. It also
1189 1189 decides if explicit flag is turned off how to specify the permission
1190 1190 for case when user is in a group + have defined separate permission
1191 1191 :param calculate_super_admin: calculate permissions for super-admin in the
1192 1192 same way as for regular user without speedups
1193 1193 :param cache: Use caching for calculation, None = let the cache backend decide
1194 1194 """
1195 1195 user_id = user.user_id
1196 1196 user_is_admin = user.is_admin
1197 1197
1198 1198 # inheritance of global permissions like create repo/fork repo etc
1199 1199 user_inherit_default_permissions = user.inherit_default_permissions
1200 1200
1201 1201 cache_seconds = safe_int(
1202 1202 rhodecode.CONFIG.get('rc_cache.cache_perms.expiration_time'))
1203 1203
1204 1204 if cache is None:
1205 1205 # let the backend cache decide
1206 1206 cache_on = cache_seconds > 0
1207 1207 else:
1208 1208 cache_on = cache
1209 1209
1210 1210 log.debug(
1211 1211 'Computing PERMISSION tree for user %s scope `%s` '
1212 1212 'with caching: %s[TTL: %ss]', user, scope, cache_on, cache_seconds or 0)
1213 1213
1214 1214 cache_namespace_uid = 'cache_user_auth.{}'.format(user_id)
1215 1215 region = rc_cache.get_or_create_region('cache_perms', cache_namespace_uid)
1216 1216
1217 1217 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid,
1218 1218 condition=cache_on)
1219 1219 def compute_perm_tree(cache_name,
1220 1220 user_id, scope, user_is_admin,user_inherit_default_permissions,
1221 1221 explicit, algo, calculate_super_admin):
1222 1222 return _cached_perms_data(
1223 1223 user_id, scope, user_is_admin, user_inherit_default_permissions,
1224 1224 explicit, algo, calculate_super_admin)
1225 1225
1226 1226 start = time.time()
1227 1227 result = compute_perm_tree(
1228 1228 'permissions', user_id, scope, user_is_admin,
1229 1229 user_inherit_default_permissions, explicit, algo,
1230 1230 calculate_super_admin)
1231 1231
1232 1232 result_repr = []
1233 1233 for k in result:
1234 1234 result_repr.append((k, len(result[k])))
1235 1235 total = time.time() - start
1236 log.debug('PERMISSION tree for user %s computed in %.3fs: %s',
1236 log.debug('PERMISSION tree for user %s computed in %.4fs: %s',
1237 1237 user, total, result_repr)
1238 1238
1239 1239 return result
1240 1240
1241 1241 @property
1242 1242 def is_default(self):
1243 1243 return self.username == User.DEFAULT_USER
1244 1244
1245 1245 @property
1246 1246 def is_admin(self):
1247 1247 return self.admin
1248 1248
1249 1249 @property
1250 1250 def is_user_object(self):
1251 1251 return self.user_id is not None
1252 1252
1253 1253 @property
1254 1254 def repositories_admin(self):
1255 1255 """
1256 1256 Returns list of repositories you're an admin of
1257 1257 """
1258 1258 return [
1259 1259 x[0] for x in self.permissions['repositories'].items()
1260 1260 if x[1] == 'repository.admin']
1261 1261
1262 1262 @property
1263 1263 def repository_groups_admin(self):
1264 1264 """
1265 1265 Returns list of repository groups you're an admin of
1266 1266 """
1267 1267 return [
1268 1268 x[0] for x in self.permissions['repositories_groups'].items()
1269 1269 if x[1] == 'group.admin']
1270 1270
1271 1271 @property
1272 1272 def user_groups_admin(self):
1273 1273 """
1274 1274 Returns list of user groups you're an admin of
1275 1275 """
1276 1276 return [
1277 1277 x[0] for x in self.permissions['user_groups'].items()
1278 1278 if x[1] == 'usergroup.admin']
1279 1279
1280 1280 def repo_acl_ids(self, perms=None, name_filter=None, cache=False):
1281 1281 """
1282 1282 Returns list of repository ids that user have access to based on given
1283 1283 perms. The cache flag should be only used in cases that are used for
1284 1284 display purposes, NOT IN ANY CASE for permission checks.
1285 1285 """
1286 1286 from rhodecode.model.scm import RepoList
1287 1287 if not perms:
1288 1288 perms = [
1289 1289 'repository.read', 'repository.write', 'repository.admin']
1290 1290
1291 1291 def _cached_repo_acl(user_id, perm_def, _name_filter):
1292 1292 qry = Repository.query()
1293 1293 if _name_filter:
1294 1294 ilike_expression = u'%{}%'.format(safe_unicode(_name_filter))
1295 1295 qry = qry.filter(
1296 1296 Repository.repo_name.ilike(ilike_expression))
1297 1297
1298 1298 return [x.repo_id for x in
1299 1299 RepoList(qry, perm_set=perm_def)]
1300 1300
1301 1301 return _cached_repo_acl(self.user_id, perms, name_filter)
1302 1302
1303 1303 def repo_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1304 1304 """
1305 1305 Returns list of repository group ids that user have access to based on given
1306 1306 perms. The cache flag should be only used in cases that are used for
1307 1307 display purposes, NOT IN ANY CASE for permission checks.
1308 1308 """
1309 1309 from rhodecode.model.scm import RepoGroupList
1310 1310 if not perms:
1311 1311 perms = [
1312 1312 'group.read', 'group.write', 'group.admin']
1313 1313
1314 1314 def _cached_repo_group_acl(user_id, perm_def, _name_filter):
1315 1315 qry = RepoGroup.query()
1316 1316 if _name_filter:
1317 1317 ilike_expression = u'%{}%'.format(safe_unicode(_name_filter))
1318 1318 qry = qry.filter(
1319 1319 RepoGroup.group_name.ilike(ilike_expression))
1320 1320
1321 1321 return [x.group_id for x in
1322 1322 RepoGroupList(qry, perm_set=perm_def)]
1323 1323
1324 1324 return _cached_repo_group_acl(self.user_id, perms, name_filter)
1325 1325
1326 1326 def user_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1327 1327 """
1328 1328 Returns list of user group ids that user have access to based on given
1329 1329 perms. The cache flag should be only used in cases that are used for
1330 1330 display purposes, NOT IN ANY CASE for permission checks.
1331 1331 """
1332 1332 from rhodecode.model.scm import UserGroupList
1333 1333 if not perms:
1334 1334 perms = [
1335 1335 'usergroup.read', 'usergroup.write', 'usergroup.admin']
1336 1336
1337 1337 def _cached_user_group_acl(user_id, perm_def, name_filter):
1338 1338 qry = UserGroup.query()
1339 1339 if name_filter:
1340 1340 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1341 1341 qry = qry.filter(
1342 1342 UserGroup.users_group_name.ilike(ilike_expression))
1343 1343
1344 1344 return [x.users_group_id for x in
1345 1345 UserGroupList(qry, perm_set=perm_def)]
1346 1346
1347 1347 return _cached_user_group_acl(self.user_id, perms, name_filter)
1348 1348
1349 1349 @property
1350 1350 def ip_allowed(self):
1351 1351 """
1352 1352 Checks if ip_addr used in constructor is allowed from defined list of
1353 1353 allowed ip_addresses for user
1354 1354
1355 1355 :returns: boolean, True if ip is in allowed ip range
1356 1356 """
1357 1357 # check IP
1358 1358 inherit = self.inherit_default_permissions
1359 1359 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
1360 1360 inherit_from_default=inherit)
1361 1361 @property
1362 1362 def personal_repo_group(self):
1363 1363 return RepoGroup.get_user_personal_repo_group(self.user_id)
1364 1364
1365 1365 @LazyProperty
1366 1366 def feed_token(self):
1367 1367 return self.get_instance().feed_token
1368 1368
1369 1369 @classmethod
1370 1370 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
1371 1371 allowed_ips = AuthUser.get_allowed_ips(
1372 1372 user_id, cache=True, inherit_from_default=inherit_from_default)
1373 1373 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
1374 1374 log.debug('IP:%s for user %s is in range of %s',
1375 1375 ip_addr, user_id, allowed_ips)
1376 1376 return True
1377 1377 else:
1378 1378 log.info('Access for IP:%s forbidden for user %s, '
1379 1379 'not in %s', ip_addr, user_id, allowed_ips)
1380 1380 return False
1381 1381
1382 1382 def get_branch_permissions(self, repo_name, perms=None):
1383 1383 perms = perms or self.permissions_with_scope({'repo_name': repo_name})
1384 1384 branch_perms = perms.get('repository_branches', {})
1385 1385 if not branch_perms:
1386 1386 return {}
1387 1387 repo_branch_perms = branch_perms.get(repo_name)
1388 1388 return repo_branch_perms or {}
1389 1389
1390 1390 def get_rule_and_branch_permission(self, repo_name, branch_name):
1391 1391 """
1392 1392 Check if this AuthUser has defined any permissions for branches. If any of
1393 1393 the rules match in order, we return the matching permissions
1394 1394 """
1395 1395
1396 1396 rule = default_perm = ''
1397 1397
1398 1398 repo_branch_perms = self.get_branch_permissions(repo_name=repo_name)
1399 1399 if not repo_branch_perms:
1400 1400 return rule, default_perm
1401 1401
1402 1402 # now calculate the permissions
1403 1403 for pattern, branch_perm in repo_branch_perms.items():
1404 1404 if fnmatch.fnmatch(branch_name, pattern):
1405 1405 rule = '`{}`=>{}'.format(pattern, branch_perm)
1406 1406 return rule, branch_perm
1407 1407
1408 1408 return rule, default_perm
1409 1409
1410 1410 def __repr__(self):
1411 1411 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1412 1412 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1413 1413
1414 1414 def set_authenticated(self, authenticated=True):
1415 1415 if self.user_id != self.anonymous_user.user_id:
1416 1416 self.is_authenticated = authenticated
1417 1417
1418 1418 def get_cookie_store(self):
1419 1419 return {
1420 1420 'username': self.username,
1421 1421 'password': md5(self.password or ''),
1422 1422 'user_id': self.user_id,
1423 1423 'is_authenticated': self.is_authenticated
1424 1424 }
1425 1425
1426 1426 @classmethod
1427 1427 def from_cookie_store(cls, cookie_store):
1428 1428 """
1429 1429 Creates AuthUser from a cookie store
1430 1430
1431 1431 :param cls:
1432 1432 :param cookie_store:
1433 1433 """
1434 1434 user_id = cookie_store.get('user_id')
1435 1435 username = cookie_store.get('username')
1436 1436 api_key = cookie_store.get('api_key')
1437 1437 return AuthUser(user_id, api_key, username)
1438 1438
1439 1439 @classmethod
1440 1440 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1441 1441 _set = set()
1442 1442
1443 1443 if inherit_from_default:
1444 1444 def_user_id = User.get_default_user(cache=True).user_id
1445 1445 default_ips = UserIpMap.query().filter(UserIpMap.user_id == def_user_id)
1446 1446 if cache:
1447 1447 default_ips = default_ips.options(
1448 1448 FromCache("sql_cache_short", "get_user_ips_default"))
1449 1449
1450 1450 # populate from default user
1451 1451 for ip in default_ips:
1452 1452 try:
1453 1453 _set.add(ip.ip_addr)
1454 1454 except ObjectDeletedError:
1455 1455 # since we use heavy caching sometimes it happens that
1456 1456 # we get deleted objects here, we just skip them
1457 1457 pass
1458 1458
1459 1459 # NOTE:(marcink) we don't want to load any rules for empty
1460 1460 # user_id which is the case of access of non logged users when anonymous
1461 1461 # access is disabled
1462 1462 user_ips = []
1463 1463 if user_id:
1464 1464 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1465 1465 if cache:
1466 1466 user_ips = user_ips.options(
1467 1467 FromCache("sql_cache_short", "get_user_ips_%s" % user_id))
1468 1468
1469 1469 for ip in user_ips:
1470 1470 try:
1471 1471 _set.add(ip.ip_addr)
1472 1472 except ObjectDeletedError:
1473 1473 # since we use heavy caching sometimes it happens that we get
1474 1474 # deleted objects here, we just skip them
1475 1475 pass
1476 1476 return _set or {ip for ip in ['0.0.0.0/0', '::/0']}
1477 1477
1478 1478
1479 1479 def set_available_permissions(settings):
1480 1480 """
1481 1481 This function will propagate pyramid settings with all available defined
1482 1482 permission given in db. We don't want to check each time from db for new
1483 1483 permissions since adding a new permission also requires application restart
1484 1484 ie. to decorate new views with the newly created permission
1485 1485
1486 1486 :param settings: current pyramid registry.settings
1487 1487
1488 1488 """
1489 1489 log.debug('auth: getting information about all available permissions')
1490 1490 try:
1491 1491 sa = meta.Session
1492 1492 all_perms = sa.query(Permission).all()
1493 1493 settings.setdefault('available_permissions',
1494 1494 [x.permission_name for x in all_perms])
1495 1495 log.debug('auth: set available permissions')
1496 1496 except Exception:
1497 1497 log.exception('Failed to fetch permissions from the database.')
1498 1498 raise
1499 1499
1500 1500
1501 1501 def get_csrf_token(session, force_new=False, save_if_missing=True):
1502 1502 """
1503 1503 Return the current authentication token, creating one if one doesn't
1504 1504 already exist and the save_if_missing flag is present.
1505 1505
1506 1506 :param session: pass in the pyramid session, else we use the global ones
1507 1507 :param force_new: force to re-generate the token and store it in session
1508 1508 :param save_if_missing: save the newly generated token if it's missing in
1509 1509 session
1510 1510 """
1511 1511 # NOTE(marcink): probably should be replaced with below one from pyramid 1.9
1512 1512 # from pyramid.csrf import get_csrf_token
1513 1513
1514 1514 if (csrf_token_key not in session and save_if_missing) or force_new:
1515 1515 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1516 1516 session[csrf_token_key] = token
1517 1517 if hasattr(session, 'save'):
1518 1518 session.save()
1519 1519 return session.get(csrf_token_key)
1520 1520
1521 1521
1522 1522 def get_request(perm_class_instance):
1523 1523 from pyramid.threadlocal import get_current_request
1524 1524 pyramid_request = get_current_request()
1525 1525 return pyramid_request
1526 1526
1527 1527
1528 1528 # CHECK DECORATORS
1529 1529 class CSRFRequired(object):
1530 1530 """
1531 1531 Decorator for authenticating a form
1532 1532
1533 1533 This decorator uses an authorization token stored in the client's
1534 1534 session for prevention of certain Cross-site request forgery (CSRF)
1535 1535 attacks (See
1536 1536 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1537 1537 information).
1538 1538
1539 1539 For use with the ``webhelpers.secure_form`` helper functions.
1540 1540
1541 1541 """
1542 1542 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1543 1543 except_methods=None):
1544 1544 self.token = token
1545 1545 self.header = header
1546 1546 self.except_methods = except_methods or []
1547 1547
1548 1548 def __call__(self, func):
1549 1549 return get_cython_compat_decorator(self.__wrapper, func)
1550 1550
1551 1551 def _get_csrf(self, _request):
1552 1552 return _request.POST.get(self.token, _request.headers.get(self.header))
1553 1553
1554 1554 def check_csrf(self, _request, cur_token):
1555 1555 supplied_token = self._get_csrf(_request)
1556 1556 return supplied_token and supplied_token == cur_token
1557 1557
1558 1558 def _get_request(self):
1559 1559 return get_request(self)
1560 1560
1561 1561 def __wrapper(self, func, *fargs, **fkwargs):
1562 1562 request = self._get_request()
1563 1563
1564 1564 if request.method in self.except_methods:
1565 1565 return func(*fargs, **fkwargs)
1566 1566
1567 1567 cur_token = get_csrf_token(request.session, save_if_missing=False)
1568 1568 if self.check_csrf(request, cur_token):
1569 1569 if request.POST.get(self.token):
1570 1570 del request.POST[self.token]
1571 1571 return func(*fargs, **fkwargs)
1572 1572 else:
1573 1573 reason = 'token-missing'
1574 1574 supplied_token = self._get_csrf(request)
1575 1575 if supplied_token and cur_token != supplied_token:
1576 1576 reason = 'token-mismatch [%s:%s]' % (
1577 1577 cur_token or ''[:6], supplied_token or ''[:6])
1578 1578
1579 1579 csrf_message = \
1580 1580 ("Cross-site request forgery detected, request denied. See "
1581 1581 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1582 1582 "more information.")
1583 1583 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1584 1584 'REMOTE_ADDR:%s, HEADERS:%s' % (
1585 1585 request, reason, request.remote_addr, request.headers))
1586 1586
1587 1587 raise HTTPForbidden(explanation=csrf_message)
1588 1588
1589 1589
1590 1590 class LoginRequired(object):
1591 1591 """
1592 1592 Must be logged in to execute this function else
1593 1593 redirect to login page
1594 1594
1595 1595 :param api_access: if enabled this checks only for valid auth token
1596 1596 and grants access based on valid token
1597 1597 """
1598 1598 def __init__(self, auth_token_access=None):
1599 1599 self.auth_token_access = auth_token_access
1600 1600
1601 1601 def __call__(self, func):
1602 1602 return get_cython_compat_decorator(self.__wrapper, func)
1603 1603
1604 1604 def _get_request(self):
1605 1605 return get_request(self)
1606 1606
1607 1607 def __wrapper(self, func, *fargs, **fkwargs):
1608 1608 from rhodecode.lib import helpers as h
1609 1609 cls = fargs[0]
1610 1610 user = cls._rhodecode_user
1611 1611 request = self._get_request()
1612 1612 _ = request.translate
1613 1613
1614 1614 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1615 1615 log.debug('Starting login restriction checks for user: %s', user)
1616 1616 # check if our IP is allowed
1617 1617 ip_access_valid = True
1618 1618 if not user.ip_allowed:
1619 1619 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1620 1620 category='warning')
1621 1621 ip_access_valid = False
1622 1622
1623 1623 # check if we used an APIKEY and it's a valid one
1624 1624 # defined white-list of controllers which API access will be enabled
1625 1625 _auth_token = request.GET.get(
1626 1626 'auth_token', '') or request.GET.get('api_key', '')
1627 1627 auth_token_access_valid = allowed_auth_token_access(
1628 1628 loc, auth_token=_auth_token)
1629 1629
1630 1630 # explicit controller is enabled or API is in our whitelist
1631 1631 if self.auth_token_access or auth_token_access_valid:
1632 1632 log.debug('Checking AUTH TOKEN access for %s', cls)
1633 1633 db_user = user.get_instance()
1634 1634
1635 1635 if db_user:
1636 1636 if self.auth_token_access:
1637 1637 roles = self.auth_token_access
1638 1638 else:
1639 1639 roles = [UserApiKeys.ROLE_HTTP]
1640 1640 token_match = db_user.authenticate_by_token(
1641 1641 _auth_token, roles=roles)
1642 1642 else:
1643 1643 log.debug('Unable to fetch db instance for auth user: %s', user)
1644 1644 token_match = False
1645 1645
1646 1646 if _auth_token and token_match:
1647 1647 auth_token_access_valid = True
1648 1648 log.debug('AUTH TOKEN ****%s is VALID', _auth_token[-4:])
1649 1649 else:
1650 1650 auth_token_access_valid = False
1651 1651 if not _auth_token:
1652 1652 log.debug("AUTH TOKEN *NOT* present in request")
1653 1653 else:
1654 1654 log.warning("AUTH TOKEN ****%s *NOT* valid", _auth_token[-4:])
1655 1655
1656 1656 log.debug('Checking if %s is authenticated @ %s', user.username, loc)
1657 1657 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1658 1658 else 'AUTH_TOKEN_AUTH'
1659 1659
1660 1660 if ip_access_valid and (
1661 1661 user.is_authenticated or auth_token_access_valid):
1662 1662 log.info('user %s authenticating with:%s IS authenticated on func %s',
1663 1663 user, reason, loc)
1664 1664
1665 1665 return func(*fargs, **fkwargs)
1666 1666 else:
1667 1667 log.warning(
1668 1668 'user %s authenticating with:%s NOT authenticated on '
1669 1669 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s',
1670 1670 user, reason, loc, ip_access_valid, auth_token_access_valid)
1671 1671 # we preserve the get PARAM
1672 1672 came_from = get_came_from(request)
1673 1673
1674 1674 log.debug('redirecting to login page with %s', came_from)
1675 1675 raise HTTPFound(
1676 1676 h.route_path('login', _query={'came_from': came_from}))
1677 1677
1678 1678
1679 1679 class NotAnonymous(object):
1680 1680 """
1681 1681 Must be logged in to execute this function else
1682 1682 redirect to login page
1683 1683 """
1684 1684
1685 1685 def __call__(self, func):
1686 1686 return get_cython_compat_decorator(self.__wrapper, func)
1687 1687
1688 1688 def _get_request(self):
1689 1689 return get_request(self)
1690 1690
1691 1691 def __wrapper(self, func, *fargs, **fkwargs):
1692 1692 import rhodecode.lib.helpers as h
1693 1693 cls = fargs[0]
1694 1694 self.user = cls._rhodecode_user
1695 1695 request = self._get_request()
1696 1696 _ = request.translate
1697 1697 log.debug('Checking if user is not anonymous @%s', cls)
1698 1698
1699 1699 anonymous = self.user.username == User.DEFAULT_USER
1700 1700
1701 1701 if anonymous:
1702 1702 came_from = get_came_from(request)
1703 1703 h.flash(_('You need to be a registered user to '
1704 1704 'perform this action'),
1705 1705 category='warning')
1706 1706 raise HTTPFound(
1707 1707 h.route_path('login', _query={'came_from': came_from}))
1708 1708 else:
1709 1709 return func(*fargs, **fkwargs)
1710 1710
1711 1711
1712 1712 class PermsDecorator(object):
1713 1713 """
1714 1714 Base class for controller decorators, we extract the current user from
1715 1715 the class itself, which has it stored in base controllers
1716 1716 """
1717 1717
1718 1718 def __init__(self, *required_perms):
1719 1719 self.required_perms = set(required_perms)
1720 1720
1721 1721 def __call__(self, func):
1722 1722 return get_cython_compat_decorator(self.__wrapper, func)
1723 1723
1724 1724 def _get_request(self):
1725 1725 return get_request(self)
1726 1726
1727 1727 def __wrapper(self, func, *fargs, **fkwargs):
1728 1728 import rhodecode.lib.helpers as h
1729 1729 cls = fargs[0]
1730 1730 _user = cls._rhodecode_user
1731 1731 request = self._get_request()
1732 1732 _ = request.translate
1733 1733
1734 1734 log.debug('checking %s permissions %s for %s %s',
1735 1735 self.__class__.__name__, self.required_perms, cls, _user)
1736 1736
1737 1737 if self.check_permissions(_user):
1738 1738 log.debug('Permission granted for %s %s', cls, _user)
1739 1739 return func(*fargs, **fkwargs)
1740 1740
1741 1741 else:
1742 1742 log.debug('Permission denied for %s %s', cls, _user)
1743 1743 anonymous = _user.username == User.DEFAULT_USER
1744 1744
1745 1745 if anonymous:
1746 1746 came_from = get_came_from(self._get_request())
1747 1747 h.flash(_('You need to be signed in to view this page'),
1748 1748 category='warning')
1749 1749 raise HTTPFound(
1750 1750 h.route_path('login', _query={'came_from': came_from}))
1751 1751
1752 1752 else:
1753 1753 # redirect with 404 to prevent resource discovery
1754 1754 raise HTTPNotFound()
1755 1755
1756 1756 def check_permissions(self, user):
1757 1757 """Dummy function for overriding"""
1758 1758 raise NotImplementedError(
1759 1759 'You have to write this function in child class')
1760 1760
1761 1761
1762 1762 class HasPermissionAllDecorator(PermsDecorator):
1763 1763 """
1764 1764 Checks for access permission for all given predicates. All of them
1765 1765 have to be meet in order to fulfill the request
1766 1766 """
1767 1767
1768 1768 def check_permissions(self, user):
1769 1769 perms = user.permissions_with_scope({})
1770 1770 if self.required_perms.issubset(perms['global']):
1771 1771 return True
1772 1772 return False
1773 1773
1774 1774
1775 1775 class HasPermissionAnyDecorator(PermsDecorator):
1776 1776 """
1777 1777 Checks for access permission for any of given predicates. In order to
1778 1778 fulfill the request any of predicates must be meet
1779 1779 """
1780 1780
1781 1781 def check_permissions(self, user):
1782 1782 perms = user.permissions_with_scope({})
1783 1783 if self.required_perms.intersection(perms['global']):
1784 1784 return True
1785 1785 return False
1786 1786
1787 1787
1788 1788 class HasRepoPermissionAllDecorator(PermsDecorator):
1789 1789 """
1790 1790 Checks for access permission for all given predicates for specific
1791 1791 repository. All of them have to be meet in order to fulfill the request
1792 1792 """
1793 1793 def _get_repo_name(self):
1794 1794 _request = self._get_request()
1795 1795 return get_repo_slug(_request)
1796 1796
1797 1797 def check_permissions(self, user):
1798 1798 perms = user.permissions
1799 1799 repo_name = self._get_repo_name()
1800 1800
1801 1801 try:
1802 1802 user_perms = {perms['repositories'][repo_name]}
1803 1803 except KeyError:
1804 1804 log.debug('cannot locate repo with name: `%s` in permissions defs',
1805 1805 repo_name)
1806 1806 return False
1807 1807
1808 1808 log.debug('checking `%s` permissions for repo `%s`',
1809 1809 user_perms, repo_name)
1810 1810 if self.required_perms.issubset(user_perms):
1811 1811 return True
1812 1812 return False
1813 1813
1814 1814
1815 1815 class HasRepoPermissionAnyDecorator(PermsDecorator):
1816 1816 """
1817 1817 Checks for access permission for any of given predicates for specific
1818 1818 repository. In order to fulfill the request any of predicates must be meet
1819 1819 """
1820 1820 def _get_repo_name(self):
1821 1821 _request = self._get_request()
1822 1822 return get_repo_slug(_request)
1823 1823
1824 1824 def check_permissions(self, user):
1825 1825 perms = user.permissions
1826 1826 repo_name = self._get_repo_name()
1827 1827
1828 1828 try:
1829 1829 user_perms = {perms['repositories'][repo_name]}
1830 1830 except KeyError:
1831 1831 log.debug(
1832 1832 'cannot locate repo with name: `%s` in permissions defs',
1833 1833 repo_name)
1834 1834 return False
1835 1835
1836 1836 log.debug('checking `%s` permissions for repo `%s`',
1837 1837 user_perms, repo_name)
1838 1838 if self.required_perms.intersection(user_perms):
1839 1839 return True
1840 1840 return False
1841 1841
1842 1842
1843 1843 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1844 1844 """
1845 1845 Checks for access permission for all given predicates for specific
1846 1846 repository group. All of them have to be meet in order to
1847 1847 fulfill the request
1848 1848 """
1849 1849 def _get_repo_group_name(self):
1850 1850 _request = self._get_request()
1851 1851 return get_repo_group_slug(_request)
1852 1852
1853 1853 def check_permissions(self, user):
1854 1854 perms = user.permissions
1855 1855 group_name = self._get_repo_group_name()
1856 1856 try:
1857 1857 user_perms = {perms['repositories_groups'][group_name]}
1858 1858 except KeyError:
1859 1859 log.debug(
1860 1860 'cannot locate repo group with name: `%s` in permissions defs',
1861 1861 group_name)
1862 1862 return False
1863 1863
1864 1864 log.debug('checking `%s` permissions for repo group `%s`',
1865 1865 user_perms, group_name)
1866 1866 if self.required_perms.issubset(user_perms):
1867 1867 return True
1868 1868 return False
1869 1869
1870 1870
1871 1871 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1872 1872 """
1873 1873 Checks for access permission for any of given predicates for specific
1874 1874 repository group. In order to fulfill the request any
1875 1875 of predicates must be met
1876 1876 """
1877 1877 def _get_repo_group_name(self):
1878 1878 _request = self._get_request()
1879 1879 return get_repo_group_slug(_request)
1880 1880
1881 1881 def check_permissions(self, user):
1882 1882 perms = user.permissions
1883 1883 group_name = self._get_repo_group_name()
1884 1884
1885 1885 try:
1886 1886 user_perms = {perms['repositories_groups'][group_name]}
1887 1887 except KeyError:
1888 1888 log.debug(
1889 1889 'cannot locate repo group with name: `%s` in permissions defs',
1890 1890 group_name)
1891 1891 return False
1892 1892
1893 1893 log.debug('checking `%s` permissions for repo group `%s`',
1894 1894 user_perms, group_name)
1895 1895 if self.required_perms.intersection(user_perms):
1896 1896 return True
1897 1897 return False
1898 1898
1899 1899
1900 1900 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1901 1901 """
1902 1902 Checks for access permission for all given predicates for specific
1903 1903 user group. All of them have to be meet in order to fulfill the request
1904 1904 """
1905 1905 def _get_user_group_name(self):
1906 1906 _request = self._get_request()
1907 1907 return get_user_group_slug(_request)
1908 1908
1909 1909 def check_permissions(self, user):
1910 1910 perms = user.permissions
1911 1911 group_name = self._get_user_group_name()
1912 1912 try:
1913 1913 user_perms = {perms['user_groups'][group_name]}
1914 1914 except KeyError:
1915 1915 return False
1916 1916
1917 1917 if self.required_perms.issubset(user_perms):
1918 1918 return True
1919 1919 return False
1920 1920
1921 1921
1922 1922 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1923 1923 """
1924 1924 Checks for access permission for any of given predicates for specific
1925 1925 user group. In order to fulfill the request any of predicates must be meet
1926 1926 """
1927 1927 def _get_user_group_name(self):
1928 1928 _request = self._get_request()
1929 1929 return get_user_group_slug(_request)
1930 1930
1931 1931 def check_permissions(self, user):
1932 1932 perms = user.permissions
1933 1933 group_name = self._get_user_group_name()
1934 1934 try:
1935 1935 user_perms = {perms['user_groups'][group_name]}
1936 1936 except KeyError:
1937 1937 return False
1938 1938
1939 1939 if self.required_perms.intersection(user_perms):
1940 1940 return True
1941 1941 return False
1942 1942
1943 1943
1944 1944 # CHECK FUNCTIONS
1945 1945 class PermsFunction(object):
1946 1946 """Base function for other check functions"""
1947 1947
1948 1948 def __init__(self, *perms):
1949 1949 self.required_perms = set(perms)
1950 1950 self.repo_name = None
1951 1951 self.repo_group_name = None
1952 1952 self.user_group_name = None
1953 1953
1954 1954 def __bool__(self):
1955 1955 frame = inspect.currentframe()
1956 1956 stack_trace = traceback.format_stack(frame)
1957 1957 log.error('Checking bool value on a class instance of perm '
1958 1958 'function is not allowed: %s', ''.join(stack_trace))
1959 1959 # rather than throwing errors, here we always return False so if by
1960 1960 # accident someone checks truth for just an instance it will always end
1961 1961 # up in returning False
1962 1962 return False
1963 1963 __nonzero__ = __bool__
1964 1964
1965 1965 def __call__(self, check_location='', user=None):
1966 1966 if not user:
1967 1967 log.debug('Using user attribute from global request')
1968 1968 request = self._get_request()
1969 1969 user = request.user
1970 1970
1971 1971 # init auth user if not already given
1972 1972 if not isinstance(user, AuthUser):
1973 1973 log.debug('Wrapping user %s into AuthUser', user)
1974 1974 user = AuthUser(user.user_id)
1975 1975
1976 1976 cls_name = self.__class__.__name__
1977 1977 check_scope = self._get_check_scope(cls_name)
1978 1978 check_location = check_location or 'unspecified location'
1979 1979
1980 1980 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1981 1981 self.required_perms, user, check_scope, check_location)
1982 1982 if not user:
1983 1983 log.warning('Empty user given for permission check')
1984 1984 return False
1985 1985
1986 1986 if self.check_permissions(user):
1987 1987 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1988 1988 check_scope, user, check_location)
1989 1989 return True
1990 1990
1991 1991 else:
1992 1992 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1993 1993 check_scope, user, check_location)
1994 1994 return False
1995 1995
1996 1996 def _get_request(self):
1997 1997 return get_request(self)
1998 1998
1999 1999 def _get_check_scope(self, cls_name):
2000 2000 return {
2001 2001 'HasPermissionAll': 'GLOBAL',
2002 2002 'HasPermissionAny': 'GLOBAL',
2003 2003 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
2004 2004 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
2005 2005 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
2006 2006 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
2007 2007 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
2008 2008 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
2009 2009 }.get(cls_name, '?:%s' % cls_name)
2010 2010
2011 2011 def check_permissions(self, user):
2012 2012 """Dummy function for overriding"""
2013 2013 raise Exception('You have to write this function in child class')
2014 2014
2015 2015
2016 2016 class HasPermissionAll(PermsFunction):
2017 2017 def check_permissions(self, user):
2018 2018 perms = user.permissions_with_scope({})
2019 2019 if self.required_perms.issubset(perms.get('global')):
2020 2020 return True
2021 2021 return False
2022 2022
2023 2023
2024 2024 class HasPermissionAny(PermsFunction):
2025 2025 def check_permissions(self, user):
2026 2026 perms = user.permissions_with_scope({})
2027 2027 if self.required_perms.intersection(perms.get('global')):
2028 2028 return True
2029 2029 return False
2030 2030
2031 2031
2032 2032 class HasRepoPermissionAll(PermsFunction):
2033 2033 def __call__(self, repo_name=None, check_location='', user=None):
2034 2034 self.repo_name = repo_name
2035 2035 return super(HasRepoPermissionAll, self).__call__(check_location, user)
2036 2036
2037 2037 def _get_repo_name(self):
2038 2038 if not self.repo_name:
2039 2039 _request = self._get_request()
2040 2040 self.repo_name = get_repo_slug(_request)
2041 2041 return self.repo_name
2042 2042
2043 2043 def check_permissions(self, user):
2044 2044 self.repo_name = self._get_repo_name()
2045 2045 perms = user.permissions
2046 2046 try:
2047 2047 user_perms = {perms['repositories'][self.repo_name]}
2048 2048 except KeyError:
2049 2049 return False
2050 2050 if self.required_perms.issubset(user_perms):
2051 2051 return True
2052 2052 return False
2053 2053
2054 2054
2055 2055 class HasRepoPermissionAny(PermsFunction):
2056 2056 def __call__(self, repo_name=None, check_location='', user=None):
2057 2057 self.repo_name = repo_name
2058 2058 return super(HasRepoPermissionAny, self).__call__(check_location, user)
2059 2059
2060 2060 def _get_repo_name(self):
2061 2061 if not self.repo_name:
2062 2062 _request = self._get_request()
2063 2063 self.repo_name = get_repo_slug(_request)
2064 2064 return self.repo_name
2065 2065
2066 2066 def check_permissions(self, user):
2067 2067 self.repo_name = self._get_repo_name()
2068 2068 perms = user.permissions
2069 2069 try:
2070 2070 user_perms = {perms['repositories'][self.repo_name]}
2071 2071 except KeyError:
2072 2072 return False
2073 2073 if self.required_perms.intersection(user_perms):
2074 2074 return True
2075 2075 return False
2076 2076
2077 2077
2078 2078 class HasRepoGroupPermissionAny(PermsFunction):
2079 2079 def __call__(self, group_name=None, check_location='', user=None):
2080 2080 self.repo_group_name = group_name
2081 2081 return super(HasRepoGroupPermissionAny, self).__call__(check_location, user)
2082 2082
2083 2083 def check_permissions(self, user):
2084 2084 perms = user.permissions
2085 2085 try:
2086 2086 user_perms = {perms['repositories_groups'][self.repo_group_name]}
2087 2087 except KeyError:
2088 2088 return False
2089 2089 if self.required_perms.intersection(user_perms):
2090 2090 return True
2091 2091 return False
2092 2092
2093 2093
2094 2094 class HasRepoGroupPermissionAll(PermsFunction):
2095 2095 def __call__(self, group_name=None, check_location='', user=None):
2096 2096 self.repo_group_name = group_name
2097 2097 return super(HasRepoGroupPermissionAll, self).__call__(check_location, user)
2098 2098
2099 2099 def check_permissions(self, user):
2100 2100 perms = user.permissions
2101 2101 try:
2102 2102 user_perms = {perms['repositories_groups'][self.repo_group_name]}
2103 2103 except KeyError:
2104 2104 return False
2105 2105 if self.required_perms.issubset(user_perms):
2106 2106 return True
2107 2107 return False
2108 2108
2109 2109
2110 2110 class HasUserGroupPermissionAny(PermsFunction):
2111 2111 def __call__(self, user_group_name=None, check_location='', user=None):
2112 2112 self.user_group_name = user_group_name
2113 2113 return super(HasUserGroupPermissionAny, self).__call__(check_location, user)
2114 2114
2115 2115 def check_permissions(self, user):
2116 2116 perms = user.permissions
2117 2117 try:
2118 2118 user_perms = {perms['user_groups'][self.user_group_name]}
2119 2119 except KeyError:
2120 2120 return False
2121 2121 if self.required_perms.intersection(user_perms):
2122 2122 return True
2123 2123 return False
2124 2124
2125 2125
2126 2126 class HasUserGroupPermissionAll(PermsFunction):
2127 2127 def __call__(self, user_group_name=None, check_location='', user=None):
2128 2128 self.user_group_name = user_group_name
2129 2129 return super(HasUserGroupPermissionAll, self).__call__(check_location, user)
2130 2130
2131 2131 def check_permissions(self, user):
2132 2132 perms = user.permissions
2133 2133 try:
2134 2134 user_perms = {perms['user_groups'][self.user_group_name]}
2135 2135 except KeyError:
2136 2136 return False
2137 2137 if self.required_perms.issubset(user_perms):
2138 2138 return True
2139 2139 return False
2140 2140
2141 2141
2142 2142 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
2143 2143 class HasPermissionAnyMiddleware(object):
2144 2144 def __init__(self, *perms):
2145 2145 self.required_perms = set(perms)
2146 2146
2147 2147 def __call__(self, auth_user, repo_name):
2148 2148 # repo_name MUST be unicode, since we handle keys in permission
2149 2149 # dict by unicode
2150 2150 repo_name = safe_unicode(repo_name)
2151 2151 log.debug(
2152 2152 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
2153 2153 self.required_perms, auth_user, repo_name)
2154 2154
2155 2155 if self.check_permissions(auth_user, repo_name):
2156 2156 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
2157 2157 repo_name, auth_user, 'PermissionMiddleware')
2158 2158 return True
2159 2159
2160 2160 else:
2161 2161 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
2162 2162 repo_name, auth_user, 'PermissionMiddleware')
2163 2163 return False
2164 2164
2165 2165 def check_permissions(self, user, repo_name):
2166 2166 perms = user.permissions_with_scope({'repo_name': repo_name})
2167 2167
2168 2168 try:
2169 2169 user_perms = {perms['repositories'][repo_name]}
2170 2170 except Exception:
2171 2171 log.exception('Error while accessing user permissions')
2172 2172 return False
2173 2173
2174 2174 if self.required_perms.intersection(user_perms):
2175 2175 return True
2176 2176 return False
2177 2177
2178 2178
2179 2179 # SPECIAL VERSION TO HANDLE API AUTH
2180 2180 class _BaseApiPerm(object):
2181 2181 def __init__(self, *perms):
2182 2182 self.required_perms = set(perms)
2183 2183
2184 2184 def __call__(self, check_location=None, user=None, repo_name=None,
2185 2185 group_name=None, user_group_name=None):
2186 2186 cls_name = self.__class__.__name__
2187 2187 check_scope = 'global:%s' % (self.required_perms,)
2188 2188 if repo_name:
2189 2189 check_scope += ', repo_name:%s' % (repo_name,)
2190 2190
2191 2191 if group_name:
2192 2192 check_scope += ', repo_group_name:%s' % (group_name,)
2193 2193
2194 2194 if user_group_name:
2195 2195 check_scope += ', user_group_name:%s' % (user_group_name,)
2196 2196
2197 2197 log.debug('checking cls:%s %s %s @ %s',
2198 2198 cls_name, self.required_perms, check_scope, check_location)
2199 2199 if not user:
2200 2200 log.debug('Empty User passed into arguments')
2201 2201 return False
2202 2202
2203 2203 # process user
2204 2204 if not isinstance(user, AuthUser):
2205 2205 user = AuthUser(user.user_id)
2206 2206 if not check_location:
2207 2207 check_location = 'unspecified'
2208 2208 if self.check_permissions(user.permissions, repo_name, group_name,
2209 2209 user_group_name):
2210 2210 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
2211 2211 check_scope, user, check_location)
2212 2212 return True
2213 2213
2214 2214 else:
2215 2215 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
2216 2216 check_scope, user, check_location)
2217 2217 return False
2218 2218
2219 2219 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2220 2220 user_group_name=None):
2221 2221 """
2222 2222 implement in child class should return True if permissions are ok,
2223 2223 False otherwise
2224 2224
2225 2225 :param perm_defs: dict with permission definitions
2226 2226 :param repo_name: repo name
2227 2227 """
2228 2228 raise NotImplementedError()
2229 2229
2230 2230
2231 2231 class HasPermissionAllApi(_BaseApiPerm):
2232 2232 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2233 2233 user_group_name=None):
2234 2234 if self.required_perms.issubset(perm_defs.get('global')):
2235 2235 return True
2236 2236 return False
2237 2237
2238 2238
2239 2239 class HasPermissionAnyApi(_BaseApiPerm):
2240 2240 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2241 2241 user_group_name=None):
2242 2242 if self.required_perms.intersection(perm_defs.get('global')):
2243 2243 return True
2244 2244 return False
2245 2245
2246 2246
2247 2247 class HasRepoPermissionAllApi(_BaseApiPerm):
2248 2248 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2249 2249 user_group_name=None):
2250 2250 try:
2251 2251 _user_perms = {perm_defs['repositories'][repo_name]}
2252 2252 except KeyError:
2253 2253 log.warning(traceback.format_exc())
2254 2254 return False
2255 2255 if self.required_perms.issubset(_user_perms):
2256 2256 return True
2257 2257 return False
2258 2258
2259 2259
2260 2260 class HasRepoPermissionAnyApi(_BaseApiPerm):
2261 2261 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2262 2262 user_group_name=None):
2263 2263 try:
2264 2264 _user_perms = {perm_defs['repositories'][repo_name]}
2265 2265 except KeyError:
2266 2266 log.warning(traceback.format_exc())
2267 2267 return False
2268 2268 if self.required_perms.intersection(_user_perms):
2269 2269 return True
2270 2270 return False
2271 2271
2272 2272
2273 2273 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
2274 2274 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2275 2275 user_group_name=None):
2276 2276 try:
2277 2277 _user_perms = {perm_defs['repositories_groups'][group_name]}
2278 2278 except KeyError:
2279 2279 log.warning(traceback.format_exc())
2280 2280 return False
2281 2281 if self.required_perms.intersection(_user_perms):
2282 2282 return True
2283 2283 return False
2284 2284
2285 2285
2286 2286 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
2287 2287 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2288 2288 user_group_name=None):
2289 2289 try:
2290 2290 _user_perms = {perm_defs['repositories_groups'][group_name]}
2291 2291 except KeyError:
2292 2292 log.warning(traceback.format_exc())
2293 2293 return False
2294 2294 if self.required_perms.issubset(_user_perms):
2295 2295 return True
2296 2296 return False
2297 2297
2298 2298
2299 2299 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
2300 2300 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2301 2301 user_group_name=None):
2302 2302 try:
2303 2303 _user_perms = {perm_defs['user_groups'][user_group_name]}
2304 2304 except KeyError:
2305 2305 log.warning(traceback.format_exc())
2306 2306 return False
2307 2307 if self.required_perms.intersection(_user_perms):
2308 2308 return True
2309 2309 return False
2310 2310
2311 2311
2312 2312 def check_ip_access(source_ip, allowed_ips=None):
2313 2313 """
2314 2314 Checks if source_ip is a subnet of any of allowed_ips.
2315 2315
2316 2316 :param source_ip:
2317 2317 :param allowed_ips: list of allowed ips together with mask
2318 2318 """
2319 2319 log.debug('checking if ip:%s is subnet of %s', source_ip, allowed_ips)
2320 2320 source_ip_address = ipaddress.ip_address(safe_unicode(source_ip))
2321 2321 if isinstance(allowed_ips, (tuple, list, set)):
2322 2322 for ip in allowed_ips:
2323 2323 ip = safe_unicode(ip)
2324 2324 try:
2325 2325 network_address = ipaddress.ip_network(ip, strict=False)
2326 2326 if source_ip_address in network_address:
2327 2327 log.debug('IP %s is network %s', source_ip_address, network_address)
2328 2328 return True
2329 2329 # for any case we cannot determine the IP, don't crash just
2330 2330 # skip it and log as error, we want to say forbidden still when
2331 2331 # sending bad IP
2332 2332 except Exception:
2333 2333 log.error(traceback.format_exc())
2334 2334 continue
2335 2335 return False
2336 2336
2337 2337
2338 2338 def get_cython_compat_decorator(wrapper, func):
2339 2339 """
2340 2340 Creates a cython compatible decorator. The previously used
2341 2341 decorator.decorator() function seems to be incompatible with cython.
2342 2342
2343 2343 :param wrapper: __wrapper method of the decorator class
2344 2344 :param func: decorated function
2345 2345 """
2346 2346 @wraps(func)
2347 2347 def local_wrapper(*args, **kwds):
2348 2348 return wrapper(func, *args, **kwds)
2349 2349 local_wrapper.__wrapped__ = func
2350 2350 return local_wrapper
2351 2351
2352 2352
Show file before | Show file after | Hide comments
@@ -1,4758 +1,4758 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 Database Models for RhodeCode Enterprise
23 23 """
24 24
25 25 import re
26 26 import os
27 27 import time
28 28 import hashlib
29 29 import logging
30 30 import datetime
31 31 import warnings
32 32 import ipaddress
33 33 import functools
34 34 import traceback
35 35 import collections
36 36
37 37 from sqlalchemy import (
38 38 or_, and_, not_, func, TypeDecorator, event,
39 39 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
40 40 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
41 41 Text, Float, PickleType)
42 42 from sqlalchemy.sql.expression import true, false
43 43 from sqlalchemy.sql.functions import coalesce, count # pragma: no cover
44 44 from sqlalchemy.orm import (
45 45 relationship, joinedload, class_mapper, validates, aliased)
46 46 from sqlalchemy.ext.declarative import declared_attr
47 47 from sqlalchemy.ext.hybrid import hybrid_property
48 48 from sqlalchemy.exc import IntegrityError # pragma: no cover
49 49 from sqlalchemy.dialects.mysql import LONGTEXT
50 50 from zope.cachedescriptors.property import Lazy as LazyProperty
51 51 from pyramid import compat
52 52 from pyramid.threadlocal import get_current_request
53 53
54 54 from rhodecode.translation import _
55 55 from rhodecode.lib.vcs import get_vcs_instance
56 56 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
57 57 from rhodecode.lib.utils2 import (
58 58 str2bool, safe_str, get_commit_safe, safe_unicode, sha1_safe,
59 59 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
60 60 glob2re, StrictAttributeDict, cleaned_uri)
61 61 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
62 62 JsonRaw
63 63 from rhodecode.lib.ext_json import json
64 64 from rhodecode.lib.caching_query import FromCache
65 65 from rhodecode.lib.encrypt import AESCipher
66 66
67 67 from rhodecode.model.meta import Base, Session
68 68
69 69 URL_SEP = '/'
70 70 log = logging.getLogger(__name__)
71 71
72 72 # =============================================================================
73 73 # BASE CLASSES
74 74 # =============================================================================
75 75
76 76 # this is propagated from .ini file rhodecode.encrypted_values.secret or
77 77 # beaker.session.secret if first is not set.
78 78 # and initialized at environment.py
79 79 ENCRYPTION_KEY = None
80 80
81 81 # used to sort permissions by types, '#' used here is not allowed to be in
82 82 # usernames, and it's very early in sorted string.printable table.
83 83 PERMISSION_TYPE_SORT = {
84 84 'admin': '####',
85 85 'write': '###',
86 86 'read': '##',
87 87 'none': '#',
88 88 }
89 89
90 90
91 91 def display_user_sort(obj):
92 92 """
93 93 Sort function used to sort permissions in .permissions() function of
94 94 Repository, RepoGroup, UserGroup. Also it put the default user in front
95 95 of all other resources
96 96 """
97 97
98 98 if obj.username == User.DEFAULT_USER:
99 99 return '#####'
100 100 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
101 101 return prefix + obj.username
102 102
103 103
104 104 def display_user_group_sort(obj):
105 105 """
106 106 Sort function used to sort permissions in .permissions() function of
107 107 Repository, RepoGroup, UserGroup. Also it put the default user in front
108 108 of all other resources
109 109 """
110 110
111 111 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
112 112 return prefix + obj.users_group_name
113 113
114 114
115 115 def _hash_key(k):
116 116 return sha1_safe(k)
117 117
118 118
119 119 def in_filter_generator(qry, items, limit=500):
120 120 """
121 121 Splits IN() into multiple with OR
122 122 e.g.::
123 123 cnt = Repository.query().filter(
124 124 or_(
125 125 *in_filter_generator(Repository.repo_id, range(100000))
126 126 )).count()
127 127 """
128 128 if not items:
129 129 # empty list will cause empty query which might cause security issues
130 130 # this can lead to hidden unpleasant results
131 131 items = [-1]
132 132
133 133 parts = []
134 134 for chunk in xrange(0, len(items), limit):
135 135 parts.append(
136 136 qry.in_(items[chunk: chunk + limit])
137 137 )
138 138
139 139 return parts
140 140
141 141
142 142 base_table_args = {
143 143 'extend_existing': True,
144 144 'mysql_engine': 'InnoDB',
145 145 'mysql_charset': 'utf8',
146 146 'sqlite_autoincrement': True
147 147 }
148 148
149 149
150 150 class EncryptedTextValue(TypeDecorator):
151 151 """
152 152 Special column for encrypted long text data, use like::
153 153
154 154 value = Column("encrypted_value", EncryptedValue(), nullable=False)
155 155
156 156 This column is intelligent so if value is in unencrypted form it return
157 157 unencrypted form, but on save it always encrypts
158 158 """
159 159 impl = Text
160 160
161 161 def process_bind_param(self, value, dialect):
162 162 if not value:
163 163 return value
164 164 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
165 165 # protect against double encrypting if someone manually starts
166 166 # doing
167 167 raise ValueError('value needs to be in unencrypted format, ie. '
168 168 'not starting with enc$aes')
169 169 return 'enc$aes_hmac$%s' % AESCipher(
170 170 ENCRYPTION_KEY, hmac=True).encrypt(value)
171 171
172 172 def process_result_value(self, value, dialect):
173 173 import rhodecode
174 174
175 175 if not value:
176 176 return value
177 177
178 178 parts = value.split('$', 3)
179 179 if not len(parts) == 3:
180 180 # probably not encrypted values
181 181 return value
182 182 else:
183 183 if parts[0] != 'enc':
184 184 # parts ok but without our header ?
185 185 return value
186 186 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
187 187 'rhodecode.encrypted_values.strict') or True)
188 188 # at that stage we know it's our encryption
189 189 if parts[1] == 'aes':
190 190 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
191 191 elif parts[1] == 'aes_hmac':
192 192 decrypted_data = AESCipher(
193 193 ENCRYPTION_KEY, hmac=True,
194 194 strict_verification=enc_strict_mode).decrypt(parts[2])
195 195 else:
196 196 raise ValueError(
197 197 'Encryption type part is wrong, must be `aes` '
198 198 'or `aes_hmac`, got `%s` instead' % (parts[1]))
199 199 return decrypted_data
200 200
201 201
202 202 class BaseModel(object):
203 203 """
204 204 Base Model for all classes
205 205 """
206 206
207 207 @classmethod
208 208 def _get_keys(cls):
209 209 """return column names for this model """
210 210 return class_mapper(cls).c.keys()
211 211
212 212 def get_dict(self):
213 213 """
214 214 return dict with keys and values corresponding
215 215 to this model data """
216 216
217 217 d = {}
218 218 for k in self._get_keys():
219 219 d[k] = getattr(self, k)
220 220
221 221 # also use __json__() if present to get additional fields
222 222 _json_attr = getattr(self, '__json__', None)
223 223 if _json_attr:
224 224 # update with attributes from __json__
225 225 if callable(_json_attr):
226 226 _json_attr = _json_attr()
227 227 for k, val in _json_attr.iteritems():
228 228 d[k] = val
229 229 return d
230 230
231 231 def get_appstruct(self):
232 232 """return list with keys and values tuples corresponding
233 233 to this model data """
234 234
235 235 lst = []
236 236 for k in self._get_keys():
237 237 lst.append((k, getattr(self, k),))
238 238 return lst
239 239
240 240 def populate_obj(self, populate_dict):
241 241 """populate model with data from given populate_dict"""
242 242
243 243 for k in self._get_keys():
244 244 if k in populate_dict:
245 245 setattr(self, k, populate_dict[k])
246 246
247 247 @classmethod
248 248 def query(cls):
249 249 return Session().query(cls)
250 250
251 251 @classmethod
252 252 def get(cls, id_):
253 253 if id_:
254 254 return cls.query().get(id_)
255 255
256 256 @classmethod
257 257 def get_or_404(cls, id_):
258 258 from pyramid.httpexceptions import HTTPNotFound
259 259
260 260 try:
261 261 id_ = int(id_)
262 262 except (TypeError, ValueError):
263 263 raise HTTPNotFound()
264 264
265 265 res = cls.query().get(id_)
266 266 if not res:
267 267 raise HTTPNotFound()
268 268 return res
269 269
270 270 @classmethod
271 271 def getAll(cls):
272 272 # deprecated and left for backward compatibility
273 273 return cls.get_all()
274 274
275 275 @classmethod
276 276 def get_all(cls):
277 277 return cls.query().all()
278 278
279 279 @classmethod
280 280 def delete(cls, id_):
281 281 obj = cls.query().get(id_)
282 282 Session().delete(obj)
283 283
284 284 @classmethod
285 285 def identity_cache(cls, session, attr_name, value):
286 286 exist_in_session = []
287 287 for (item_cls, pkey), instance in session.identity_map.items():
288 288 if cls == item_cls and getattr(instance, attr_name) == value:
289 289 exist_in_session.append(instance)
290 290 if exist_in_session:
291 291 if len(exist_in_session) == 1:
292 292 return exist_in_session[0]
293 293 log.exception(
294 294 'multiple objects with attr %s and '
295 295 'value %s found with same name: %r',
296 296 attr_name, value, exist_in_session)
297 297
298 298 def __repr__(self):
299 299 if hasattr(self, '__unicode__'):
300 300 # python repr needs to return str
301 301 try:
302 302 return safe_str(self.__unicode__())
303 303 except UnicodeDecodeError:
304 304 pass
305 305 return '<DB:%s>' % (self.__class__.__name__)
306 306
307 307
308 308 class RhodeCodeSetting(Base, BaseModel):
309 309 __tablename__ = 'rhodecode_settings'
310 310 __table_args__ = (
311 311 UniqueConstraint('app_settings_name'),
312 312 base_table_args
313 313 )
314 314
315 315 SETTINGS_TYPES = {
316 316 'str': safe_str,
317 317 'int': safe_int,
318 318 'unicode': safe_unicode,
319 319 'bool': str2bool,
320 320 'list': functools.partial(aslist, sep=',')
321 321 }
322 322 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
323 323 GLOBAL_CONF_KEY = 'app_settings'
324 324
325 325 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
326 326 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
327 327 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
328 328 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
329 329
330 330 def __init__(self, key='', val='', type='unicode'):
331 331 self.app_settings_name = key
332 332 self.app_settings_type = type
333 333 self.app_settings_value = val
334 334
335 335 @validates('_app_settings_value')
336 336 def validate_settings_value(self, key, val):
337 337 assert type(val) == unicode
338 338 return val
339 339
340 340 @hybrid_property
341 341 def app_settings_value(self):
342 342 v = self._app_settings_value
343 343 _type = self.app_settings_type
344 344 if _type:
345 345 _type = self.app_settings_type.split('.')[0]
346 346 # decode the encrypted value
347 347 if 'encrypted' in self.app_settings_type:
348 348 cipher = EncryptedTextValue()
349 349 v = safe_unicode(cipher.process_result_value(v, None))
350 350
351 351 converter = self.SETTINGS_TYPES.get(_type) or \
352 352 self.SETTINGS_TYPES['unicode']
353 353 return converter(v)
354 354
355 355 @app_settings_value.setter
356 356 def app_settings_value(self, val):
357 357 """
358 358 Setter that will always make sure we use unicode in app_settings_value
359 359
360 360 :param val:
361 361 """
362 362 val = safe_unicode(val)
363 363 # encode the encrypted value
364 364 if 'encrypted' in self.app_settings_type:
365 365 cipher = EncryptedTextValue()
366 366 val = safe_unicode(cipher.process_bind_param(val, None))
367 367 self._app_settings_value = val
368 368
369 369 @hybrid_property
370 370 def app_settings_type(self):
371 371 return self._app_settings_type
372 372
373 373 @app_settings_type.setter
374 374 def app_settings_type(self, val):
375 375 if val.split('.')[0] not in self.SETTINGS_TYPES:
376 376 raise Exception('type must be one of %s got %s'
377 377 % (self.SETTINGS_TYPES.keys(), val))
378 378 self._app_settings_type = val
379 379
380 380 @classmethod
381 381 def get_by_prefix(cls, prefix):
382 382 return RhodeCodeSetting.query()\
383 383 .filter(RhodeCodeSetting.app_settings_name.startswith(prefix))\
384 384 .all()
385 385
386 386 def __unicode__(self):
387 387 return u"<%s('%s:%s[%s]')>" % (
388 388 self.__class__.__name__,
389 389 self.app_settings_name, self.app_settings_value,
390 390 self.app_settings_type
391 391 )
392 392
393 393
394 394 class RhodeCodeUi(Base, BaseModel):
395 395 __tablename__ = 'rhodecode_ui'
396 396 __table_args__ = (
397 397 UniqueConstraint('ui_key'),
398 398 base_table_args
399 399 )
400 400
401 401 HOOK_REPO_SIZE = 'changegroup.repo_size'
402 402 # HG
403 403 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
404 404 HOOK_PULL = 'outgoing.pull_logger'
405 405 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
406 406 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
407 407 HOOK_PUSH = 'changegroup.push_logger'
408 408 HOOK_PUSH_KEY = 'pushkey.key_push'
409 409
410 410 # TODO: johbo: Unify way how hooks are configured for git and hg,
411 411 # git part is currently hardcoded.
412 412
413 413 # SVN PATTERNS
414 414 SVN_BRANCH_ID = 'vcs_svn_branch'
415 415 SVN_TAG_ID = 'vcs_svn_tag'
416 416
417 417 ui_id = Column(
418 418 "ui_id", Integer(), nullable=False, unique=True, default=None,
419 419 primary_key=True)
420 420 ui_section = Column(
421 421 "ui_section", String(255), nullable=True, unique=None, default=None)
422 422 ui_key = Column(
423 423 "ui_key", String(255), nullable=True, unique=None, default=None)
424 424 ui_value = Column(
425 425 "ui_value", String(255), nullable=True, unique=None, default=None)
426 426 ui_active = Column(
427 427 "ui_active", Boolean(), nullable=True, unique=None, default=True)
428 428
429 429 def __repr__(self):
430 430 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
431 431 self.ui_key, self.ui_value)
432 432
433 433
434 434 class RepoRhodeCodeSetting(Base, BaseModel):
435 435 __tablename__ = 'repo_rhodecode_settings'
436 436 __table_args__ = (
437 437 UniqueConstraint(
438 438 'app_settings_name', 'repository_id',
439 439 name='uq_repo_rhodecode_setting_name_repo_id'),
440 440 base_table_args
441 441 )
442 442
443 443 repository_id = Column(
444 444 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
445 445 nullable=False)
446 446 app_settings_id = Column(
447 447 "app_settings_id", Integer(), nullable=False, unique=True,
448 448 default=None, primary_key=True)
449 449 app_settings_name = Column(
450 450 "app_settings_name", String(255), nullable=True, unique=None,
451 451 default=None)
452 452 _app_settings_value = Column(
453 453 "app_settings_value", String(4096), nullable=True, unique=None,
454 454 default=None)
455 455 _app_settings_type = Column(
456 456 "app_settings_type", String(255), nullable=True, unique=None,
457 457 default=None)
458 458
459 459 repository = relationship('Repository')
460 460
461 461 def __init__(self, repository_id, key='', val='', type='unicode'):
462 462 self.repository_id = repository_id
463 463 self.app_settings_name = key
464 464 self.app_settings_type = type
465 465 self.app_settings_value = val
466 466
467 467 @validates('_app_settings_value')
468 468 def validate_settings_value(self, key, val):
469 469 assert type(val) == unicode
470 470 return val
471 471
472 472 @hybrid_property
473 473 def app_settings_value(self):
474 474 v = self._app_settings_value
475 475 type_ = self.app_settings_type
476 476 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
477 477 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
478 478 return converter(v)
479 479
480 480 @app_settings_value.setter
481 481 def app_settings_value(self, val):
482 482 """
483 483 Setter that will always make sure we use unicode in app_settings_value
484 484
485 485 :param val:
486 486 """
487 487 self._app_settings_value = safe_unicode(val)
488 488
489 489 @hybrid_property
490 490 def app_settings_type(self):
491 491 return self._app_settings_type
492 492
493 493 @app_settings_type.setter
494 494 def app_settings_type(self, val):
495 495 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
496 496 if val not in SETTINGS_TYPES:
497 497 raise Exception('type must be one of %s got %s'
498 498 % (SETTINGS_TYPES.keys(), val))
499 499 self._app_settings_type = val
500 500
501 501 def __unicode__(self):
502 502 return u"<%s('%s:%s:%s[%s]')>" % (
503 503 self.__class__.__name__, self.repository.repo_name,
504 504 self.app_settings_name, self.app_settings_value,
505 505 self.app_settings_type
506 506 )
507 507
508 508
509 509 class RepoRhodeCodeUi(Base, BaseModel):
510 510 __tablename__ = 'repo_rhodecode_ui'
511 511 __table_args__ = (
512 512 UniqueConstraint(
513 513 'repository_id', 'ui_section', 'ui_key',
514 514 name='uq_repo_rhodecode_ui_repository_id_section_key'),
515 515 base_table_args
516 516 )
517 517
518 518 repository_id = Column(
519 519 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
520 520 nullable=False)
521 521 ui_id = Column(
522 522 "ui_id", Integer(), nullable=False, unique=True, default=None,
523 523 primary_key=True)
524 524 ui_section = Column(
525 525 "ui_section", String(255), nullable=True, unique=None, default=None)
526 526 ui_key = Column(
527 527 "ui_key", String(255), nullable=True, unique=None, default=None)
528 528 ui_value = Column(
529 529 "ui_value", String(255), nullable=True, unique=None, default=None)
530 530 ui_active = Column(
531 531 "ui_active", Boolean(), nullable=True, unique=None, default=True)
532 532
533 533 repository = relationship('Repository')
534 534
535 535 def __repr__(self):
536 536 return '<%s[%s:%s]%s=>%s]>' % (
537 537 self.__class__.__name__, self.repository.repo_name,
538 538 self.ui_section, self.ui_key, self.ui_value)
539 539
540 540
541 541 class User(Base, BaseModel):
542 542 __tablename__ = 'users'
543 543 __table_args__ = (
544 544 UniqueConstraint('username'), UniqueConstraint('email'),
545 545 Index('u_username_idx', 'username'),
546 546 Index('u_email_idx', 'email'),
547 547 base_table_args
548 548 )
549 549
550 550 DEFAULT_USER = 'default'
551 551 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
552 552 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
553 553
554 554 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
555 555 username = Column("username", String(255), nullable=True, unique=None, default=None)
556 556 password = Column("password", String(255), nullable=True, unique=None, default=None)
557 557 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
558 558 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
559 559 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
560 560 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
561 561 _email = Column("email", String(255), nullable=True, unique=None, default=None)
562 562 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
563 563 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
564 564
565 565 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
566 566 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
567 567 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
568 568 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
569 569 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
570 570 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
571 571
572 572 user_log = relationship('UserLog')
573 573 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
574 574
575 575 repositories = relationship('Repository')
576 576 repository_groups = relationship('RepoGroup')
577 577 user_groups = relationship('UserGroup')
578 578
579 579 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
580 580 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
581 581
582 582 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
583 583 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
584 584 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
585 585
586 586 group_member = relationship('UserGroupMember', cascade='all')
587 587
588 588 notifications = relationship('UserNotification', cascade='all')
589 589 # notifications assigned to this user
590 590 user_created_notifications = relationship('Notification', cascade='all')
591 591 # comments created by this user
592 592 user_comments = relationship('ChangesetComment', cascade='all')
593 593 # user profile extra info
594 594 user_emails = relationship('UserEmailMap', cascade='all')
595 595 user_ip_map = relationship('UserIpMap', cascade='all')
596 596 user_auth_tokens = relationship('UserApiKeys', cascade='all')
597 597 user_ssh_keys = relationship('UserSshKeys', cascade='all')
598 598
599 599 # gists
600 600 user_gists = relationship('Gist', cascade='all')
601 601 # user pull requests
602 602 user_pull_requests = relationship('PullRequest', cascade='all')
603 603 # external identities
604 604 extenal_identities = relationship(
605 605 'ExternalIdentity',
606 606 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
607 607 cascade='all')
608 608 # review rules
609 609 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
610 610
611 611 def __unicode__(self):
612 612 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
613 613 self.user_id, self.username)
614 614
615 615 @hybrid_property
616 616 def email(self):
617 617 return self._email
618 618
619 619 @email.setter
620 620 def email(self, val):
621 621 self._email = val.lower() if val else None
622 622
623 623 @hybrid_property
624 624 def first_name(self):
625 625 from rhodecode.lib import helpers as h
626 626 if self.name:
627 627 return h.escape(self.name)
628 628 return self.name
629 629
630 630 @hybrid_property
631 631 def last_name(self):
632 632 from rhodecode.lib import helpers as h
633 633 if self.lastname:
634 634 return h.escape(self.lastname)
635 635 return self.lastname
636 636
637 637 @hybrid_property
638 638 def api_key(self):
639 639 """
640 640 Fetch if exist an auth-token with role ALL connected to this user
641 641 """
642 642 user_auth_token = UserApiKeys.query()\
643 643 .filter(UserApiKeys.user_id == self.user_id)\
644 644 .filter(or_(UserApiKeys.expires == -1,
645 645 UserApiKeys.expires >= time.time()))\
646 646 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
647 647 if user_auth_token:
648 648 user_auth_token = user_auth_token.api_key
649 649
650 650 return user_auth_token
651 651
652 652 @api_key.setter
653 653 def api_key(self, val):
654 654 # don't allow to set API key this is deprecated for now
655 655 self._api_key = None
656 656
657 657 @property
658 658 def reviewer_pull_requests(self):
659 659 return PullRequestReviewers.query() \
660 660 .options(joinedload(PullRequestReviewers.pull_request)) \
661 661 .filter(PullRequestReviewers.user_id == self.user_id) \
662 662 .all()
663 663
664 664 @property
665 665 def firstname(self):
666 666 # alias for future
667 667 return self.name
668 668
669 669 @property
670 670 def emails(self):
671 671 other = UserEmailMap.query()\
672 672 .filter(UserEmailMap.user == self) \
673 673 .order_by(UserEmailMap.email_id.asc()) \
674 674 .all()
675 675 return [self.email] + [x.email for x in other]
676 676
677 677 @property
678 678 def auth_tokens(self):
679 679 auth_tokens = self.get_auth_tokens()
680 680 return [x.api_key for x in auth_tokens]
681 681
682 682 def get_auth_tokens(self):
683 683 return UserApiKeys.query()\
684 684 .filter(UserApiKeys.user == self)\
685 685 .order_by(UserApiKeys.user_api_key_id.asc())\
686 686 .all()
687 687
688 688 @LazyProperty
689 689 def feed_token(self):
690 690 return self.get_feed_token()
691 691
692 692 def get_feed_token(self, cache=True):
693 693 feed_tokens = UserApiKeys.query()\
694 694 .filter(UserApiKeys.user == self)\
695 695 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)
696 696 if cache:
697 697 feed_tokens = feed_tokens.options(
698 698 FromCache("sql_cache_short", "get_user_feed_token_%s" % self.user_id))
699 699
700 700 feed_tokens = feed_tokens.all()
701 701 if feed_tokens:
702 702 return feed_tokens[0].api_key
703 703 return 'NO_FEED_TOKEN_AVAILABLE'
704 704
705 705 @classmethod
706 706 def get(cls, user_id, cache=False):
707 707 if not user_id:
708 708 return
709 709
710 710 user = cls.query()
711 711 if cache:
712 712 user = user.options(
713 713 FromCache("sql_cache_short", "get_users_%s" % user_id))
714 714 return user.get(user_id)
715 715
716 716 @classmethod
717 717 def extra_valid_auth_tokens(cls, user, role=None):
718 718 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
719 719 .filter(or_(UserApiKeys.expires == -1,
720 720 UserApiKeys.expires >= time.time()))
721 721 if role:
722 722 tokens = tokens.filter(or_(UserApiKeys.role == role,
723 723 UserApiKeys.role == UserApiKeys.ROLE_ALL))
724 724 return tokens.all()
725 725
726 726 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
727 727 from rhodecode.lib import auth
728 728
729 729 log.debug('Trying to authenticate user: %s via auth-token, '
730 730 'and roles: %s', self, roles)
731 731
732 732 if not auth_token:
733 733 return False
734 734
735 735 crypto_backend = auth.crypto_backend()
736 736
737 737 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
738 738 tokens_q = UserApiKeys.query()\
739 739 .filter(UserApiKeys.user_id == self.user_id)\
740 740 .filter(or_(UserApiKeys.expires == -1,
741 741 UserApiKeys.expires >= time.time()))
742 742
743 743 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
744 744
745 745 plain_tokens = []
746 746 hash_tokens = []
747 747
748 748 user_tokens = tokens_q.all()
749 749 log.debug('Found %s user tokens to check for authentication', len(user_tokens))
750 750 for token in user_tokens:
751 751 log.debug('AUTH_TOKEN: checking if user token with id `%s` matches',
752 752 token.user_api_key_id)
753 753 # verify scope first, since it's way faster than hash calculation of
754 754 # encrypted tokens
755 755 if token.repo_id:
756 756 # token has a scope, we need to verify it
757 757 if scope_repo_id != token.repo_id:
758 758 log.debug(
759 759 'AUTH_TOKEN: scope mismatch, token has a set repo scope: %s, '
760 760 'and calling scope is:%s, skipping further checks',
761 761 token.repo, scope_repo_id)
762 762 # token has a scope, and it doesn't match, skip token
763 763 continue
764 764
765 765 if token.api_key.startswith(crypto_backend.ENC_PREF):
766 766 hash_tokens.append(token.api_key)
767 767 else:
768 768 plain_tokens.append(token.api_key)
769 769
770 770 is_plain_match = auth_token in plain_tokens
771 771 if is_plain_match:
772 772 return True
773 773
774 774 for hashed in hash_tokens:
775 775 # NOTE(marcink): this is expensive to calculate, but most secure
776 776 match = crypto_backend.hash_check(auth_token, hashed)
777 777 if match:
778 778 return True
779 779
780 780 return False
781 781
782 782 @property
783 783 def ip_addresses(self):
784 784 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
785 785 return [x.ip_addr for x in ret]
786 786
787 787 @property
788 788 def username_and_name(self):
789 789 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
790 790
791 791 @property
792 792 def username_or_name_or_email(self):
793 793 full_name = self.full_name if self.full_name is not ' ' else None
794 794 return self.username or full_name or self.email
795 795
796 796 @property
797 797 def full_name(self):
798 798 return '%s %s' % (self.first_name, self.last_name)
799 799
800 800 @property
801 801 def full_name_or_username(self):
802 802 return ('%s %s' % (self.first_name, self.last_name)
803 803 if (self.first_name and self.last_name) else self.username)
804 804
805 805 @property
806 806 def full_contact(self):
807 807 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
808 808
809 809 @property
810 810 def short_contact(self):
811 811 return '%s %s' % (self.first_name, self.last_name)
812 812
813 813 @property
814 814 def is_admin(self):
815 815 return self.admin
816 816
817 817 def AuthUser(self, **kwargs):
818 818 """
819 819 Returns instance of AuthUser for this user
820 820 """
821 821 from rhodecode.lib.auth import AuthUser
822 822 return AuthUser(user_id=self.user_id, username=self.username, **kwargs)
823 823
824 824 @hybrid_property
825 825 def user_data(self):
826 826 if not self._user_data:
827 827 return {}
828 828
829 829 try:
830 830 return json.loads(self._user_data)
831 831 except TypeError:
832 832 return {}
833 833
834 834 @user_data.setter
835 835 def user_data(self, val):
836 836 if not isinstance(val, dict):
837 837 raise Exception('user_data must be dict, got %s' % type(val))
838 838 try:
839 839 self._user_data = json.dumps(val)
840 840 except Exception:
841 841 log.error(traceback.format_exc())
842 842
843 843 @classmethod
844 844 def get_by_username(cls, username, case_insensitive=False,
845 845 cache=False, identity_cache=False):
846 846 session = Session()
847 847
848 848 if case_insensitive:
849 849 q = cls.query().filter(
850 850 func.lower(cls.username) == func.lower(username))
851 851 else:
852 852 q = cls.query().filter(cls.username == username)
853 853
854 854 if cache:
855 855 if identity_cache:
856 856 val = cls.identity_cache(session, 'username', username)
857 857 if val:
858 858 return val
859 859 else:
860 860 cache_key = "get_user_by_name_%s" % _hash_key(username)
861 861 q = q.options(
862 862 FromCache("sql_cache_short", cache_key))
863 863
864 864 return q.scalar()
865 865
866 866 @classmethod
867 867 def get_by_auth_token(cls, auth_token, cache=False):
868 868 q = UserApiKeys.query()\
869 869 .filter(UserApiKeys.api_key == auth_token)\
870 870 .filter(or_(UserApiKeys.expires == -1,
871 871 UserApiKeys.expires >= time.time()))
872 872 if cache:
873 873 q = q.options(
874 874 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
875 875
876 876 match = q.first()
877 877 if match:
878 878 return match.user
879 879
880 880 @classmethod
881 881 def get_by_email(cls, email, case_insensitive=False, cache=False):
882 882
883 883 if case_insensitive:
884 884 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
885 885
886 886 else:
887 887 q = cls.query().filter(cls.email == email)
888 888
889 889 email_key = _hash_key(email)
890 890 if cache:
891 891 q = q.options(
892 892 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
893 893
894 894 ret = q.scalar()
895 895 if ret is None:
896 896 q = UserEmailMap.query()
897 897 # try fetching in alternate email map
898 898 if case_insensitive:
899 899 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
900 900 else:
901 901 q = q.filter(UserEmailMap.email == email)
902 902 q = q.options(joinedload(UserEmailMap.user))
903 903 if cache:
904 904 q = q.options(
905 905 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
906 906 ret = getattr(q.scalar(), 'user', None)
907 907
908 908 return ret
909 909
910 910 @classmethod
911 911 def get_from_cs_author(cls, author):
912 912 """
913 913 Tries to get User objects out of commit author string
914 914
915 915 :param author:
916 916 """
917 917 from rhodecode.lib.helpers import email, author_name
918 918 # Valid email in the attribute passed, see if they're in the system
919 919 _email = email(author)
920 920 if _email:
921 921 user = cls.get_by_email(_email, case_insensitive=True)
922 922 if user:
923 923 return user
924 924 # Maybe we can match by username?
925 925 _author = author_name(author)
926 926 user = cls.get_by_username(_author, case_insensitive=True)
927 927 if user:
928 928 return user
929 929
930 930 def update_userdata(self, **kwargs):
931 931 usr = self
932 932 old = usr.user_data
933 933 old.update(**kwargs)
934 934 usr.user_data = old
935 935 Session().add(usr)
936 936 log.debug('updated userdata with ', kwargs)
937 937
938 938 def update_lastlogin(self):
939 939 """Update user lastlogin"""
940 940 self.last_login = datetime.datetime.now()
941 941 Session().add(self)
942 942 log.debug('updated user %s lastlogin', self.username)
943 943
944 944 def update_password(self, new_password):
945 945 from rhodecode.lib.auth import get_crypt_password
946 946
947 947 self.password = get_crypt_password(new_password)
948 948 Session().add(self)
949 949
950 950 @classmethod
951 951 def get_first_super_admin(cls):
952 952 user = User.query()\
953 953 .filter(User.admin == true()) \
954 954 .order_by(User.user_id.asc()) \
955 955 .first()
956 956
957 957 if user is None:
958 958 raise Exception('FATAL: Missing administrative account!')
959 959 return user
960 960
961 961 @classmethod
962 962 def get_all_super_admins(cls):
963 963 """
964 964 Returns all admin accounts sorted by username
965 965 """
966 966 return User.query().filter(User.admin == true())\
967 967 .order_by(User.username.asc()).all()
968 968
969 969 @classmethod
970 970 def get_default_user(cls, cache=False, refresh=False):
971 971 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
972 972 if user is None:
973 973 raise Exception('FATAL: Missing default account!')
974 974 if refresh:
975 975 # The default user might be based on outdated state which
976 976 # has been loaded from the cache.
977 977 # A call to refresh() ensures that the
978 978 # latest state from the database is used.
979 979 Session().refresh(user)
980 980 return user
981 981
982 982 def _get_default_perms(self, user, suffix=''):
983 983 from rhodecode.model.permission import PermissionModel
984 984 return PermissionModel().get_default_perms(user.user_perms, suffix)
985 985
986 986 def get_default_perms(self, suffix=''):
987 987 return self._get_default_perms(self, suffix)
988 988
989 989 def get_api_data(self, include_secrets=False, details='full'):
990 990 """
991 991 Common function for generating user related data for API
992 992
993 993 :param include_secrets: By default secrets in the API data will be replaced
994 994 by a placeholder value to prevent exposing this data by accident. In case
995 995 this data shall be exposed, set this flag to ``True``.
996 996
997 997 :param details: details can be 'basic|full' basic gives only a subset of
998 998 the available user information that includes user_id, name and emails.
999 999 """
1000 1000 user = self
1001 1001 user_data = self.user_data
1002 1002 data = {
1003 1003 'user_id': user.user_id,
1004 1004 'username': user.username,
1005 1005 'firstname': user.name,
1006 1006 'lastname': user.lastname,
1007 1007 'email': user.email,
1008 1008 'emails': user.emails,
1009 1009 }
1010 1010 if details == 'basic':
1011 1011 return data
1012 1012
1013 1013 auth_token_length = 40
1014 1014 auth_token_replacement = '*' * auth_token_length
1015 1015
1016 1016 extras = {
1017 1017 'auth_tokens': [auth_token_replacement],
1018 1018 'active': user.active,
1019 1019 'admin': user.admin,
1020 1020 'extern_type': user.extern_type,
1021 1021 'extern_name': user.extern_name,
1022 1022 'last_login': user.last_login,
1023 1023 'last_activity': user.last_activity,
1024 1024 'ip_addresses': user.ip_addresses,
1025 1025 'language': user_data.get('language')
1026 1026 }
1027 1027 data.update(extras)
1028 1028
1029 1029 if include_secrets:
1030 1030 data['auth_tokens'] = user.auth_tokens
1031 1031 return data
1032 1032
1033 1033 def __json__(self):
1034 1034 data = {
1035 1035 'full_name': self.full_name,
1036 1036 'full_name_or_username': self.full_name_or_username,
1037 1037 'short_contact': self.short_contact,
1038 1038 'full_contact': self.full_contact,
1039 1039 }
1040 1040 data.update(self.get_api_data())
1041 1041 return data
1042 1042
1043 1043
1044 1044 class UserApiKeys(Base, BaseModel):
1045 1045 __tablename__ = 'user_api_keys'
1046 1046 __table_args__ = (
1047 1047 Index('uak_api_key_idx', 'api_key', unique=True),
1048 1048 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
1049 1049 base_table_args
1050 1050 )
1051 1051 __mapper_args__ = {}
1052 1052
1053 1053 # ApiKey role
1054 1054 ROLE_ALL = 'token_role_all'
1055 1055 ROLE_HTTP = 'token_role_http'
1056 1056 ROLE_VCS = 'token_role_vcs'
1057 1057 ROLE_API = 'token_role_api'
1058 1058 ROLE_FEED = 'token_role_feed'
1059 1059 ROLE_PASSWORD_RESET = 'token_password_reset'
1060 1060
1061 1061 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
1062 1062
1063 1063 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1064 1064 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1065 1065 api_key = Column("api_key", String(255), nullable=False, unique=True)
1066 1066 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1067 1067 expires = Column('expires', Float(53), nullable=False)
1068 1068 role = Column('role', String(255), nullable=True)
1069 1069 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1070 1070
1071 1071 # scope columns
1072 1072 repo_id = Column(
1073 1073 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1074 1074 nullable=True, unique=None, default=None)
1075 1075 repo = relationship('Repository', lazy='joined')
1076 1076
1077 1077 repo_group_id = Column(
1078 1078 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1079 1079 nullable=True, unique=None, default=None)
1080 1080 repo_group = relationship('RepoGroup', lazy='joined')
1081 1081
1082 1082 user = relationship('User', lazy='joined')
1083 1083
1084 1084 def __unicode__(self):
1085 1085 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1086 1086
1087 1087 def __json__(self):
1088 1088 data = {
1089 1089 'auth_token': self.api_key,
1090 1090 'role': self.role,
1091 1091 'scope': self.scope_humanized,
1092 1092 'expired': self.expired
1093 1093 }
1094 1094 return data
1095 1095
1096 1096 def get_api_data(self, include_secrets=False):
1097 1097 data = self.__json__()
1098 1098 if include_secrets:
1099 1099 return data
1100 1100 else:
1101 1101 data['auth_token'] = self.token_obfuscated
1102 1102 return data
1103 1103
1104 1104 @hybrid_property
1105 1105 def description_safe(self):
1106 1106 from rhodecode.lib import helpers as h
1107 1107 return h.escape(self.description)
1108 1108
1109 1109 @property
1110 1110 def expired(self):
1111 1111 if self.expires == -1:
1112 1112 return False
1113 1113 return time.time() > self.expires
1114 1114
1115 1115 @classmethod
1116 1116 def _get_role_name(cls, role):
1117 1117 return {
1118 1118 cls.ROLE_ALL: _('all'),
1119 1119 cls.ROLE_HTTP: _('http/web interface'),
1120 1120 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1121 1121 cls.ROLE_API: _('api calls'),
1122 1122 cls.ROLE_FEED: _('feed access'),
1123 1123 }.get(role, role)
1124 1124
1125 1125 @property
1126 1126 def role_humanized(self):
1127 1127 return self._get_role_name(self.role)
1128 1128
1129 1129 def _get_scope(self):
1130 1130 if self.repo:
1131 1131 return repr(self.repo)
1132 1132 if self.repo_group:
1133 1133 return repr(self.repo_group) + ' (recursive)'
1134 1134 return 'global'
1135 1135
1136 1136 @property
1137 1137 def scope_humanized(self):
1138 1138 return self._get_scope()
1139 1139
1140 1140 @property
1141 1141 def token_obfuscated(self):
1142 1142 if self.api_key:
1143 1143 return self.api_key[:4] + "****"
1144 1144
1145 1145
1146 1146 class UserEmailMap(Base, BaseModel):
1147 1147 __tablename__ = 'user_email_map'
1148 1148 __table_args__ = (
1149 1149 Index('uem_email_idx', 'email'),
1150 1150 UniqueConstraint('email'),
1151 1151 base_table_args
1152 1152 )
1153 1153 __mapper_args__ = {}
1154 1154
1155 1155 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1156 1156 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1157 1157 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1158 1158 user = relationship('User', lazy='joined')
1159 1159
1160 1160 @validates('_email')
1161 1161 def validate_email(self, key, email):
1162 1162 # check if this email is not main one
1163 1163 main_email = Session().query(User).filter(User.email == email).scalar()
1164 1164 if main_email is not None:
1165 1165 raise AttributeError('email %s is present is user table' % email)
1166 1166 return email
1167 1167
1168 1168 @hybrid_property
1169 1169 def email(self):
1170 1170 return self._email
1171 1171
1172 1172 @email.setter
1173 1173 def email(self, val):
1174 1174 self._email = val.lower() if val else None
1175 1175
1176 1176
1177 1177 class UserIpMap(Base, BaseModel):
1178 1178 __tablename__ = 'user_ip_map'
1179 1179 __table_args__ = (
1180 1180 UniqueConstraint('user_id', 'ip_addr'),
1181 1181 base_table_args
1182 1182 )
1183 1183 __mapper_args__ = {}
1184 1184
1185 1185 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1186 1186 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1187 1187 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1188 1188 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1189 1189 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1190 1190 user = relationship('User', lazy='joined')
1191 1191
1192 1192 @hybrid_property
1193 1193 def description_safe(self):
1194 1194 from rhodecode.lib import helpers as h
1195 1195 return h.escape(self.description)
1196 1196
1197 1197 @classmethod
1198 1198 def _get_ip_range(cls, ip_addr):
1199 1199 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1200 1200 return [str(net.network_address), str(net.broadcast_address)]
1201 1201
1202 1202 def __json__(self):
1203 1203 return {
1204 1204 'ip_addr': self.ip_addr,
1205 1205 'ip_range': self._get_ip_range(self.ip_addr),
1206 1206 }
1207 1207
1208 1208 def __unicode__(self):
1209 1209 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1210 1210 self.user_id, self.ip_addr)
1211 1211
1212 1212
1213 1213 class UserSshKeys(Base, BaseModel):
1214 1214 __tablename__ = 'user_ssh_keys'
1215 1215 __table_args__ = (
1216 1216 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1217 1217
1218 1218 UniqueConstraint('ssh_key_fingerprint'),
1219 1219
1220 1220 base_table_args
1221 1221 )
1222 1222 __mapper_args__ = {}
1223 1223
1224 1224 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1225 1225 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1226 1226 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(255), nullable=False, unique=None, default=None)
1227 1227
1228 1228 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1229 1229
1230 1230 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1231 1231 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1232 1232 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1233 1233
1234 1234 user = relationship('User', lazy='joined')
1235 1235
1236 1236 def __json__(self):
1237 1237 data = {
1238 1238 'ssh_fingerprint': self.ssh_key_fingerprint,
1239 1239 'description': self.description,
1240 1240 'created_on': self.created_on
1241 1241 }
1242 1242 return data
1243 1243
1244 1244 def get_api_data(self):
1245 1245 data = self.__json__()
1246 1246 return data
1247 1247
1248 1248
1249 1249 class UserLog(Base, BaseModel):
1250 1250 __tablename__ = 'user_logs'
1251 1251 __table_args__ = (
1252 1252 base_table_args,
1253 1253 )
1254 1254
1255 1255 VERSION_1 = 'v1'
1256 1256 VERSION_2 = 'v2'
1257 1257 VERSIONS = [VERSION_1, VERSION_2]
1258 1258
1259 1259 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1260 1260 user_id = Column("user_id", Integer(), ForeignKey('users.user_id',ondelete='SET NULL'), nullable=True, unique=None, default=None)
1261 1261 username = Column("username", String(255), nullable=True, unique=None, default=None)
1262 1262 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id', ondelete='SET NULL'), nullable=True, unique=None, default=None)
1263 1263 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1264 1264 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1265 1265 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1266 1266 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1267 1267
1268 1268 version = Column("version", String(255), nullable=True, default=VERSION_1)
1269 1269 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1270 1270 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1271 1271
1272 1272 def __unicode__(self):
1273 1273 return u"<%s('id:%s:%s')>" % (
1274 1274 self.__class__.__name__, self.repository_name, self.action)
1275 1275
1276 1276 def __json__(self):
1277 1277 return {
1278 1278 'user_id': self.user_id,
1279 1279 'username': self.username,
1280 1280 'repository_id': self.repository_id,
1281 1281 'repository_name': self.repository_name,
1282 1282 'user_ip': self.user_ip,
1283 1283 'action_date': self.action_date,
1284 1284 'action': self.action,
1285 1285 }
1286 1286
1287 1287 @hybrid_property
1288 1288 def entry_id(self):
1289 1289 return self.user_log_id
1290 1290
1291 1291 @property
1292 1292 def action_as_day(self):
1293 1293 return datetime.date(*self.action_date.timetuple()[:3])
1294 1294
1295 1295 user = relationship('User')
1296 1296 repository = relationship('Repository', cascade='')
1297 1297
1298 1298
1299 1299 class UserGroup(Base, BaseModel):
1300 1300 __tablename__ = 'users_groups'
1301 1301 __table_args__ = (
1302 1302 base_table_args,
1303 1303 )
1304 1304
1305 1305 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1306 1306 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1307 1307 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1308 1308 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1309 1309 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1310 1310 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1311 1311 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1312 1312 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1313 1313
1314 1314 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1315 1315 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1316 1316 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1317 1317 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1318 1318 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1319 1319 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1320 1320
1321 1321 user_group_review_rules = relationship('RepoReviewRuleUserGroup', cascade='all')
1322 1322 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1323 1323
1324 1324 @classmethod
1325 1325 def _load_group_data(cls, column):
1326 1326 if not column:
1327 1327 return {}
1328 1328
1329 1329 try:
1330 1330 return json.loads(column) or {}
1331 1331 except TypeError:
1332 1332 return {}
1333 1333
1334 1334 @hybrid_property
1335 1335 def description_safe(self):
1336 1336 from rhodecode.lib import helpers as h
1337 1337 return h.escape(self.user_group_description)
1338 1338
1339 1339 @hybrid_property
1340 1340 def group_data(self):
1341 1341 return self._load_group_data(self._group_data)
1342 1342
1343 1343 @group_data.expression
1344 1344 def group_data(self, **kwargs):
1345 1345 return self._group_data
1346 1346
1347 1347 @group_data.setter
1348 1348 def group_data(self, val):
1349 1349 try:
1350 1350 self._group_data = json.dumps(val)
1351 1351 except Exception:
1352 1352 log.error(traceback.format_exc())
1353 1353
1354 1354 @classmethod
1355 1355 def _load_sync(cls, group_data):
1356 1356 if group_data:
1357 1357 return group_data.get('extern_type')
1358 1358
1359 1359 @property
1360 1360 def sync(self):
1361 1361 return self._load_sync(self.group_data)
1362 1362
1363 1363 def __unicode__(self):
1364 1364 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1365 1365 self.users_group_id,
1366 1366 self.users_group_name)
1367 1367
1368 1368 @classmethod
1369 1369 def get_by_group_name(cls, group_name, cache=False,
1370 1370 case_insensitive=False):
1371 1371 if case_insensitive:
1372 1372 q = cls.query().filter(func.lower(cls.users_group_name) ==
1373 1373 func.lower(group_name))
1374 1374
1375 1375 else:
1376 1376 q = cls.query().filter(cls.users_group_name == group_name)
1377 1377 if cache:
1378 1378 q = q.options(
1379 1379 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1380 1380 return q.scalar()
1381 1381
1382 1382 @classmethod
1383 1383 def get(cls, user_group_id, cache=False):
1384 1384 if not user_group_id:
1385 1385 return
1386 1386
1387 1387 user_group = cls.query()
1388 1388 if cache:
1389 1389 user_group = user_group.options(
1390 1390 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1391 1391 return user_group.get(user_group_id)
1392 1392
1393 1393 def permissions(self, with_admins=True, with_owner=True):
1394 1394 """
1395 1395 Permissions for user groups
1396 1396 """
1397 1397 _admin_perm = 'usergroup.admin'
1398 1398
1399 1399 owner_row = []
1400 1400 if with_owner:
1401 1401 usr = AttributeDict(self.user.get_dict())
1402 1402 usr.owner_row = True
1403 1403 usr.permission = _admin_perm
1404 1404 owner_row.append(usr)
1405 1405
1406 1406 super_admin_ids = []
1407 1407 super_admin_rows = []
1408 1408 if with_admins:
1409 1409 for usr in User.get_all_super_admins():
1410 1410 super_admin_ids.append(usr.user_id)
1411 1411 # if this admin is also owner, don't double the record
1412 1412 if usr.user_id == owner_row[0].user_id:
1413 1413 owner_row[0].admin_row = True
1414 1414 else:
1415 1415 usr = AttributeDict(usr.get_dict())
1416 1416 usr.admin_row = True
1417 1417 usr.permission = _admin_perm
1418 1418 super_admin_rows.append(usr)
1419 1419
1420 1420 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1421 1421 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1422 1422 joinedload(UserUserGroupToPerm.user),
1423 1423 joinedload(UserUserGroupToPerm.permission),)
1424 1424
1425 1425 # get owners and admins and permissions. We do a trick of re-writing
1426 1426 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1427 1427 # has a global reference and changing one object propagates to all
1428 1428 # others. This means if admin is also an owner admin_row that change
1429 1429 # would propagate to both objects
1430 1430 perm_rows = []
1431 1431 for _usr in q.all():
1432 1432 usr = AttributeDict(_usr.user.get_dict())
1433 1433 # if this user is also owner/admin, mark as duplicate record
1434 1434 if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
1435 1435 usr.duplicate_perm = True
1436 1436 usr.permission = _usr.permission.permission_name
1437 1437 perm_rows.append(usr)
1438 1438
1439 1439 # filter the perm rows by 'default' first and then sort them by
1440 1440 # admin,write,read,none permissions sorted again alphabetically in
1441 1441 # each group
1442 1442 perm_rows = sorted(perm_rows, key=display_user_sort)
1443 1443
1444 1444 return super_admin_rows + owner_row + perm_rows
1445 1445
1446 1446 def permission_user_groups(self):
1447 1447 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1448 1448 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1449 1449 joinedload(UserGroupUserGroupToPerm.target_user_group),
1450 1450 joinedload(UserGroupUserGroupToPerm.permission),)
1451 1451
1452 1452 perm_rows = []
1453 1453 for _user_group in q.all():
1454 1454 usr = AttributeDict(_user_group.user_group.get_dict())
1455 1455 usr.permission = _user_group.permission.permission_name
1456 1456 perm_rows.append(usr)
1457 1457
1458 1458 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1459 1459 return perm_rows
1460 1460
1461 1461 def _get_default_perms(self, user_group, suffix=''):
1462 1462 from rhodecode.model.permission import PermissionModel
1463 1463 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1464 1464
1465 1465 def get_default_perms(self, suffix=''):
1466 1466 return self._get_default_perms(self, suffix)
1467 1467
1468 1468 def get_api_data(self, with_group_members=True, include_secrets=False):
1469 1469 """
1470 1470 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1471 1471 basically forwarded.
1472 1472
1473 1473 """
1474 1474 user_group = self
1475 1475 data = {
1476 1476 'users_group_id': user_group.users_group_id,
1477 1477 'group_name': user_group.users_group_name,
1478 1478 'group_description': user_group.user_group_description,
1479 1479 'active': user_group.users_group_active,
1480 1480 'owner': user_group.user.username,
1481 1481 'sync': user_group.sync,
1482 1482 'owner_email': user_group.user.email,
1483 1483 }
1484 1484
1485 1485 if with_group_members:
1486 1486 users = []
1487 1487 for user in user_group.members:
1488 1488 user = user.user
1489 1489 users.append(user.get_api_data(include_secrets=include_secrets))
1490 1490 data['users'] = users
1491 1491
1492 1492 return data
1493 1493
1494 1494
1495 1495 class UserGroupMember(Base, BaseModel):
1496 1496 __tablename__ = 'users_groups_members'
1497 1497 __table_args__ = (
1498 1498 base_table_args,
1499 1499 )
1500 1500
1501 1501 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1502 1502 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1503 1503 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1504 1504
1505 1505 user = relationship('User', lazy='joined')
1506 1506 users_group = relationship('UserGroup')
1507 1507
1508 1508 def __init__(self, gr_id='', u_id=''):
1509 1509 self.users_group_id = gr_id
1510 1510 self.user_id = u_id
1511 1511
1512 1512
1513 1513 class RepositoryField(Base, BaseModel):
1514 1514 __tablename__ = 'repositories_fields'
1515 1515 __table_args__ = (
1516 1516 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1517 1517 base_table_args,
1518 1518 )
1519 1519
1520 1520 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1521 1521
1522 1522 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1523 1523 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1524 1524 field_key = Column("field_key", String(250))
1525 1525 field_label = Column("field_label", String(1024), nullable=False)
1526 1526 field_value = Column("field_value", String(10000), nullable=False)
1527 1527 field_desc = Column("field_desc", String(1024), nullable=False)
1528 1528 field_type = Column("field_type", String(255), nullable=False, unique=None)
1529 1529 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1530 1530
1531 1531 repository = relationship('Repository')
1532 1532
1533 1533 @property
1534 1534 def field_key_prefixed(self):
1535 1535 return 'ex_%s' % self.field_key
1536 1536
1537 1537 @classmethod
1538 1538 def un_prefix_key(cls, key):
1539 1539 if key.startswith(cls.PREFIX):
1540 1540 return key[len(cls.PREFIX):]
1541 1541 return key
1542 1542
1543 1543 @classmethod
1544 1544 def get_by_key_name(cls, key, repo):
1545 1545 row = cls.query()\
1546 1546 .filter(cls.repository == repo)\
1547 1547 .filter(cls.field_key == key).scalar()
1548 1548 return row
1549 1549
1550 1550
1551 1551 class Repository(Base, BaseModel):
1552 1552 __tablename__ = 'repositories'
1553 1553 __table_args__ = (
1554 1554 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1555 1555 base_table_args,
1556 1556 )
1557 1557 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1558 1558 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1559 1559 DEFAULT_CLONE_URI_SSH = 'ssh://{sys_user}@{hostname}/{repo}'
1560 1560
1561 1561 STATE_CREATED = 'repo_state_created'
1562 1562 STATE_PENDING = 'repo_state_pending'
1563 1563 STATE_ERROR = 'repo_state_error'
1564 1564
1565 1565 LOCK_AUTOMATIC = 'lock_auto'
1566 1566 LOCK_API = 'lock_api'
1567 1567 LOCK_WEB = 'lock_web'
1568 1568 LOCK_PULL = 'lock_pull'
1569 1569
1570 1570 NAME_SEP = URL_SEP
1571 1571
1572 1572 repo_id = Column(
1573 1573 "repo_id", Integer(), nullable=False, unique=True, default=None,
1574 1574 primary_key=True)
1575 1575 _repo_name = Column(
1576 1576 "repo_name", Text(), nullable=False, default=None)
1577 1577 _repo_name_hash = Column(
1578 1578 "repo_name_hash", String(255), nullable=False, unique=True)
1579 1579 repo_state = Column("repo_state", String(255), nullable=True)
1580 1580
1581 1581 clone_uri = Column(
1582 1582 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1583 1583 default=None)
1584 1584 push_uri = Column(
1585 1585 "push_uri", EncryptedTextValue(), nullable=True, unique=False,
1586 1586 default=None)
1587 1587 repo_type = Column(
1588 1588 "repo_type", String(255), nullable=False, unique=False, default=None)
1589 1589 user_id = Column(
1590 1590 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1591 1591 unique=False, default=None)
1592 1592 private = Column(
1593 1593 "private", Boolean(), nullable=True, unique=None, default=None)
1594 1594 archived = Column(
1595 1595 "archived", Boolean(), nullable=True, unique=None, default=None)
1596 1596 enable_statistics = Column(
1597 1597 "statistics", Boolean(), nullable=True, unique=None, default=True)
1598 1598 enable_downloads = Column(
1599 1599 "downloads", Boolean(), nullable=True, unique=None, default=True)
1600 1600 description = Column(
1601 1601 "description", String(10000), nullable=True, unique=None, default=None)
1602 1602 created_on = Column(
1603 1603 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1604 1604 default=datetime.datetime.now)
1605 1605 updated_on = Column(
1606 1606 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1607 1607 default=datetime.datetime.now)
1608 1608 _landing_revision = Column(
1609 1609 "landing_revision", String(255), nullable=False, unique=False,
1610 1610 default=None)
1611 1611 enable_locking = Column(
1612 1612 "enable_locking", Boolean(), nullable=False, unique=None,
1613 1613 default=False)
1614 1614 _locked = Column(
1615 1615 "locked", String(255), nullable=True, unique=False, default=None)
1616 1616 _changeset_cache = Column(
1617 1617 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1618 1618
1619 1619 fork_id = Column(
1620 1620 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1621 1621 nullable=True, unique=False, default=None)
1622 1622 group_id = Column(
1623 1623 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1624 1624 unique=False, default=None)
1625 1625
1626 1626 user = relationship('User', lazy='joined')
1627 1627 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1628 1628 group = relationship('RepoGroup', lazy='joined')
1629 1629 repo_to_perm = relationship(
1630 1630 'UserRepoToPerm', cascade='all',
1631 1631 order_by='UserRepoToPerm.repo_to_perm_id')
1632 1632 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1633 1633 stats = relationship('Statistics', cascade='all', uselist=False)
1634 1634
1635 1635 followers = relationship(
1636 1636 'UserFollowing',
1637 1637 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1638 1638 cascade='all')
1639 1639 extra_fields = relationship(
1640 1640 'RepositoryField', cascade="all, delete, delete-orphan")
1641 1641 logs = relationship('UserLog')
1642 1642 comments = relationship(
1643 1643 'ChangesetComment', cascade="all, delete, delete-orphan")
1644 1644 pull_requests_source = relationship(
1645 1645 'PullRequest',
1646 1646 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1647 1647 cascade="all, delete, delete-orphan")
1648 1648 pull_requests_target = relationship(
1649 1649 'PullRequest',
1650 1650 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1651 1651 cascade="all, delete, delete-orphan")
1652 1652 ui = relationship('RepoRhodeCodeUi', cascade="all")
1653 1653 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1654 1654 integrations = relationship('Integration',
1655 1655 cascade="all, delete, delete-orphan")
1656 1656
1657 1657 scoped_tokens = relationship('UserApiKeys', cascade="all")
1658 1658
1659 1659 def __unicode__(self):
1660 1660 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1661 1661 safe_unicode(self.repo_name))
1662 1662
1663 1663 @hybrid_property
1664 1664 def description_safe(self):
1665 1665 from rhodecode.lib import helpers as h
1666 1666 return h.escape(self.description)
1667 1667
1668 1668 @hybrid_property
1669 1669 def landing_rev(self):
1670 1670 # always should return [rev_type, rev]
1671 1671 if self._landing_revision:
1672 1672 _rev_info = self._landing_revision.split(':')
1673 1673 if len(_rev_info) < 2:
1674 1674 _rev_info.insert(0, 'rev')
1675 1675 return [_rev_info[0], _rev_info[1]]
1676 1676 return [None, None]
1677 1677
1678 1678 @landing_rev.setter
1679 1679 def landing_rev(self, val):
1680 1680 if ':' not in val:
1681 1681 raise ValueError('value must be delimited with `:` and consist '
1682 1682 'of <rev_type>:<rev>, got %s instead' % val)
1683 1683 self._landing_revision = val
1684 1684
1685 1685 @hybrid_property
1686 1686 def locked(self):
1687 1687 if self._locked:
1688 1688 user_id, timelocked, reason = self._locked.split(':')
1689 1689 lock_values = int(user_id), timelocked, reason
1690 1690 else:
1691 1691 lock_values = [None, None, None]
1692 1692 return lock_values
1693 1693
1694 1694 @locked.setter
1695 1695 def locked(self, val):
1696 1696 if val and isinstance(val, (list, tuple)):
1697 1697 self._locked = ':'.join(map(str, val))
1698 1698 else:
1699 1699 self._locked = None
1700 1700
1701 1701 @hybrid_property
1702 1702 def changeset_cache(self):
1703 1703 from rhodecode.lib.vcs.backends.base import EmptyCommit
1704 1704 dummy = EmptyCommit().__json__()
1705 1705 if not self._changeset_cache:
1706 1706 return dummy
1707 1707 try:
1708 1708 return json.loads(self._changeset_cache)
1709 1709 except TypeError:
1710 1710 return dummy
1711 1711 except Exception:
1712 1712 log.error(traceback.format_exc())
1713 1713 return dummy
1714 1714
1715 1715 @changeset_cache.setter
1716 1716 def changeset_cache(self, val):
1717 1717 try:
1718 1718 self._changeset_cache = json.dumps(val)
1719 1719 except Exception:
1720 1720 log.error(traceback.format_exc())
1721 1721
1722 1722 @hybrid_property
1723 1723 def repo_name(self):
1724 1724 return self._repo_name
1725 1725
1726 1726 @repo_name.setter
1727 1727 def repo_name(self, value):
1728 1728 self._repo_name = value
1729 1729 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1730 1730
1731 1731 @classmethod
1732 1732 def normalize_repo_name(cls, repo_name):
1733 1733 """
1734 1734 Normalizes os specific repo_name to the format internally stored inside
1735 1735 database using URL_SEP
1736 1736
1737 1737 :param cls:
1738 1738 :param repo_name:
1739 1739 """
1740 1740 return cls.NAME_SEP.join(repo_name.split(os.sep))
1741 1741
1742 1742 @classmethod
1743 1743 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1744 1744 session = Session()
1745 1745 q = session.query(cls).filter(cls.repo_name == repo_name)
1746 1746
1747 1747 if cache:
1748 1748 if identity_cache:
1749 1749 val = cls.identity_cache(session, 'repo_name', repo_name)
1750 1750 if val:
1751 1751 return val
1752 1752 else:
1753 1753 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1754 1754 q = q.options(
1755 1755 FromCache("sql_cache_short", cache_key))
1756 1756
1757 1757 return q.scalar()
1758 1758
1759 1759 @classmethod
1760 1760 def get_by_id_or_repo_name(cls, repoid):
1761 1761 if isinstance(repoid, (int, long)):
1762 1762 try:
1763 1763 repo = cls.get(repoid)
1764 1764 except ValueError:
1765 1765 repo = None
1766 1766 else:
1767 1767 repo = cls.get_by_repo_name(repoid)
1768 1768 return repo
1769 1769
1770 1770 @classmethod
1771 1771 def get_by_full_path(cls, repo_full_path):
1772 1772 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1773 1773 repo_name = cls.normalize_repo_name(repo_name)
1774 1774 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1775 1775
1776 1776 @classmethod
1777 1777 def get_repo_forks(cls, repo_id):
1778 1778 return cls.query().filter(Repository.fork_id == repo_id)
1779 1779
1780 1780 @classmethod
1781 1781 def base_path(cls):
1782 1782 """
1783 1783 Returns base path when all repos are stored
1784 1784
1785 1785 :param cls:
1786 1786 """
1787 1787 q = Session().query(RhodeCodeUi)\
1788 1788 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1789 1789 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1790 1790 return q.one().ui_value
1791 1791
1792 1792 @classmethod
1793 1793 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1794 1794 case_insensitive=True, archived=False):
1795 1795 q = Repository.query()
1796 1796
1797 1797 if not archived:
1798 1798 q = q.filter(Repository.archived.isnot(true()))
1799 1799
1800 1800 if not isinstance(user_id, Optional):
1801 1801 q = q.filter(Repository.user_id == user_id)
1802 1802
1803 1803 if not isinstance(group_id, Optional):
1804 1804 q = q.filter(Repository.group_id == group_id)
1805 1805
1806 1806 if case_insensitive:
1807 1807 q = q.order_by(func.lower(Repository.repo_name))
1808 1808 else:
1809 1809 q = q.order_by(Repository.repo_name)
1810 1810
1811 1811 return q.all()
1812 1812
1813 1813 @property
1814 1814 def forks(self):
1815 1815 """
1816 1816 Return forks of this repo
1817 1817 """
1818 1818 return Repository.get_repo_forks(self.repo_id)
1819 1819
1820 1820 @property
1821 1821 def parent(self):
1822 1822 """
1823 1823 Returns fork parent
1824 1824 """
1825 1825 return self.fork
1826 1826
1827 1827 @property
1828 1828 def just_name(self):
1829 1829 return self.repo_name.split(self.NAME_SEP)[-1]
1830 1830
1831 1831 @property
1832 1832 def groups_with_parents(self):
1833 1833 groups = []
1834 1834 if self.group is None:
1835 1835 return groups
1836 1836
1837 1837 cur_gr = self.group
1838 1838 groups.insert(0, cur_gr)
1839 1839 while 1:
1840 1840 gr = getattr(cur_gr, 'parent_group', None)
1841 1841 cur_gr = cur_gr.parent_group
1842 1842 if gr is None:
1843 1843 break
1844 1844 groups.insert(0, gr)
1845 1845
1846 1846 return groups
1847 1847
1848 1848 @property
1849 1849 def groups_and_repo(self):
1850 1850 return self.groups_with_parents, self
1851 1851
1852 1852 @LazyProperty
1853 1853 def repo_path(self):
1854 1854 """
1855 1855 Returns base full path for that repository means where it actually
1856 1856 exists on a filesystem
1857 1857 """
1858 1858 q = Session().query(RhodeCodeUi).filter(
1859 1859 RhodeCodeUi.ui_key == self.NAME_SEP)
1860 1860 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1861 1861 return q.one().ui_value
1862 1862
1863 1863 @property
1864 1864 def repo_full_path(self):
1865 1865 p = [self.repo_path]
1866 1866 # we need to split the name by / since this is how we store the
1867 1867 # names in the database, but that eventually needs to be converted
1868 1868 # into a valid system path
1869 1869 p += self.repo_name.split(self.NAME_SEP)
1870 1870 return os.path.join(*map(safe_unicode, p))
1871 1871
1872 1872 @property
1873 1873 def cache_keys(self):
1874 1874 """
1875 1875 Returns associated cache keys for that repo
1876 1876 """
1877 1877 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
1878 1878 repo_id=self.repo_id)
1879 1879 return CacheKey.query()\
1880 1880 .filter(CacheKey.cache_args == invalidation_namespace)\
1881 1881 .order_by(CacheKey.cache_key)\
1882 1882 .all()
1883 1883
1884 1884 @property
1885 1885 def cached_diffs_relative_dir(self):
1886 1886 """
1887 1887 Return a relative to the repository store path of cached diffs
1888 1888 used for safe display for users, who shouldn't know the absolute store
1889 1889 path
1890 1890 """
1891 1891 return os.path.join(
1892 1892 os.path.dirname(self.repo_name),
1893 1893 self.cached_diffs_dir.split(os.path.sep)[-1])
1894 1894
1895 1895 @property
1896 1896 def cached_diffs_dir(self):
1897 1897 path = self.repo_full_path
1898 1898 return os.path.join(
1899 1899 os.path.dirname(path),
1900 1900 '.__shadow_diff_cache_repo_{}'.format(self.repo_id))
1901 1901
1902 1902 def cached_diffs(self):
1903 1903 diff_cache_dir = self.cached_diffs_dir
1904 1904 if os.path.isdir(diff_cache_dir):
1905 1905 return os.listdir(diff_cache_dir)
1906 1906 return []
1907 1907
1908 1908 def shadow_repos(self):
1909 1909 shadow_repos_pattern = '.__shadow_repo_{}'.format(self.repo_id)
1910 1910 return [
1911 1911 x for x in os.listdir(os.path.dirname(self.repo_full_path))
1912 1912 if x.startswith(shadow_repos_pattern)]
1913 1913
1914 1914 def get_new_name(self, repo_name):
1915 1915 """
1916 1916 returns new full repository name based on assigned group and new new
1917 1917
1918 1918 :param group_name:
1919 1919 """
1920 1920 path_prefix = self.group.full_path_splitted if self.group else []
1921 1921 return self.NAME_SEP.join(path_prefix + [repo_name])
1922 1922
1923 1923 @property
1924 1924 def _config(self):
1925 1925 """
1926 1926 Returns db based config object.
1927 1927 """
1928 1928 from rhodecode.lib.utils import make_db_config
1929 1929 return make_db_config(clear_session=False, repo=self)
1930 1930
1931 1931 def permissions(self, with_admins=True, with_owner=True):
1932 1932 """
1933 1933 Permissions for repositories
1934 1934 """
1935 1935 _admin_perm = 'repository.admin'
1936 1936
1937 1937 owner_row = []
1938 1938 if with_owner:
1939 1939 usr = AttributeDict(self.user.get_dict())
1940 1940 usr.owner_row = True
1941 1941 usr.permission = _admin_perm
1942 1942 usr.permission_id = None
1943 1943 owner_row.append(usr)
1944 1944
1945 1945 super_admin_ids = []
1946 1946 super_admin_rows = []
1947 1947 if with_admins:
1948 1948 for usr in User.get_all_super_admins():
1949 1949 super_admin_ids.append(usr.user_id)
1950 1950 # if this admin is also owner, don't double the record
1951 1951 if usr.user_id == owner_row[0].user_id:
1952 1952 owner_row[0].admin_row = True
1953 1953 else:
1954 1954 usr = AttributeDict(usr.get_dict())
1955 1955 usr.admin_row = True
1956 1956 usr.permission = _admin_perm
1957 1957 usr.permission_id = None
1958 1958 super_admin_rows.append(usr)
1959 1959
1960 1960 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1961 1961 q = q.options(joinedload(UserRepoToPerm.repository),
1962 1962 joinedload(UserRepoToPerm.user),
1963 1963 joinedload(UserRepoToPerm.permission),)
1964 1964
1965 1965 # get owners and admins and permissions. We do a trick of re-writing
1966 1966 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1967 1967 # has a global reference and changing one object propagates to all
1968 1968 # others. This means if admin is also an owner admin_row that change
1969 1969 # would propagate to both objects
1970 1970 perm_rows = []
1971 1971 for _usr in q.all():
1972 1972 usr = AttributeDict(_usr.user.get_dict())
1973 1973 # if this user is also owner/admin, mark as duplicate record
1974 1974 if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
1975 1975 usr.duplicate_perm = True
1976 1976 # also check if this permission is maybe used by branch_permissions
1977 1977 if _usr.branch_perm_entry:
1978 1978 usr.branch_rules = [x.branch_rule_id for x in _usr.branch_perm_entry]
1979 1979
1980 1980 usr.permission = _usr.permission.permission_name
1981 1981 usr.permission_id = _usr.repo_to_perm_id
1982 1982 perm_rows.append(usr)
1983 1983
1984 1984 # filter the perm rows by 'default' first and then sort them by
1985 1985 # admin,write,read,none permissions sorted again alphabetically in
1986 1986 # each group
1987 1987 perm_rows = sorted(perm_rows, key=display_user_sort)
1988 1988
1989 1989 return super_admin_rows + owner_row + perm_rows
1990 1990
1991 1991 def permission_user_groups(self):
1992 1992 q = UserGroupRepoToPerm.query().filter(
1993 1993 UserGroupRepoToPerm.repository == self)
1994 1994 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1995 1995 joinedload(UserGroupRepoToPerm.users_group),
1996 1996 joinedload(UserGroupRepoToPerm.permission),)
1997 1997
1998 1998 perm_rows = []
1999 1999 for _user_group in q.all():
2000 2000 usr = AttributeDict(_user_group.users_group.get_dict())
2001 2001 usr.permission = _user_group.permission.permission_name
2002 2002 perm_rows.append(usr)
2003 2003
2004 2004 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2005 2005 return perm_rows
2006 2006
2007 2007 def get_api_data(self, include_secrets=False):
2008 2008 """
2009 2009 Common function for generating repo api data
2010 2010
2011 2011 :param include_secrets: See :meth:`User.get_api_data`.
2012 2012
2013 2013 """
2014 2014 # TODO: mikhail: Here there is an anti-pattern, we probably need to
2015 2015 # move this methods on models level.
2016 2016 from rhodecode.model.settings import SettingsModel
2017 2017 from rhodecode.model.repo import RepoModel
2018 2018
2019 2019 repo = self
2020 2020 _user_id, _time, _reason = self.locked
2021 2021
2022 2022 data = {
2023 2023 'repo_id': repo.repo_id,
2024 2024 'repo_name': repo.repo_name,
2025 2025 'repo_type': repo.repo_type,
2026 2026 'clone_uri': repo.clone_uri or '',
2027 2027 'push_uri': repo.push_uri or '',
2028 2028 'url': RepoModel().get_url(self),
2029 2029 'private': repo.private,
2030 2030 'created_on': repo.created_on,
2031 2031 'description': repo.description_safe,
2032 2032 'landing_rev': repo.landing_rev,
2033 2033 'owner': repo.user.username,
2034 2034 'fork_of': repo.fork.repo_name if repo.fork else None,
2035 2035 'fork_of_id': repo.fork.repo_id if repo.fork else None,
2036 2036 'enable_statistics': repo.enable_statistics,
2037 2037 'enable_locking': repo.enable_locking,
2038 2038 'enable_downloads': repo.enable_downloads,
2039 2039 'last_changeset': repo.changeset_cache,
2040 2040 'locked_by': User.get(_user_id).get_api_data(
2041 2041 include_secrets=include_secrets) if _user_id else None,
2042 2042 'locked_date': time_to_datetime(_time) if _time else None,
2043 2043 'lock_reason': _reason if _reason else None,
2044 2044 }
2045 2045
2046 2046 # TODO: mikhail: should be per-repo settings here
2047 2047 rc_config = SettingsModel().get_all_settings()
2048 2048 repository_fields = str2bool(
2049 2049 rc_config.get('rhodecode_repository_fields'))
2050 2050 if repository_fields:
2051 2051 for f in self.extra_fields:
2052 2052 data[f.field_key_prefixed] = f.field_value
2053 2053
2054 2054 return data
2055 2055
2056 2056 @classmethod
2057 2057 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
2058 2058 if not lock_time:
2059 2059 lock_time = time.time()
2060 2060 if not lock_reason:
2061 2061 lock_reason = cls.LOCK_AUTOMATIC
2062 2062 repo.locked = [user_id, lock_time, lock_reason]
2063 2063 Session().add(repo)
2064 2064 Session().commit()
2065 2065
2066 2066 @classmethod
2067 2067 def unlock(cls, repo):
2068 2068 repo.locked = None
2069 2069 Session().add(repo)
2070 2070 Session().commit()
2071 2071
2072 2072 @classmethod
2073 2073 def getlock(cls, repo):
2074 2074 return repo.locked
2075 2075
2076 2076 def is_user_lock(self, user_id):
2077 2077 if self.lock[0]:
2078 2078 lock_user_id = safe_int(self.lock[0])
2079 2079 user_id = safe_int(user_id)
2080 2080 # both are ints, and they are equal
2081 2081 return all([lock_user_id, user_id]) and lock_user_id == user_id
2082 2082
2083 2083 return False
2084 2084
2085 2085 def get_locking_state(self, action, user_id, only_when_enabled=True):
2086 2086 """
2087 2087 Checks locking on this repository, if locking is enabled and lock is
2088 2088 present returns a tuple of make_lock, locked, locked_by.
2089 2089 make_lock can have 3 states None (do nothing) True, make lock
2090 2090 False release lock, This value is later propagated to hooks, which
2091 2091 do the locking. Think about this as signals passed to hooks what to do.
2092 2092
2093 2093 """
2094 2094 # TODO: johbo: This is part of the business logic and should be moved
2095 2095 # into the RepositoryModel.
2096 2096
2097 2097 if action not in ('push', 'pull'):
2098 2098 raise ValueError("Invalid action value: %s" % repr(action))
2099 2099
2100 2100 # defines if locked error should be thrown to user
2101 2101 currently_locked = False
2102 2102 # defines if new lock should be made, tri-state
2103 2103 make_lock = None
2104 2104 repo = self
2105 2105 user = User.get(user_id)
2106 2106
2107 2107 lock_info = repo.locked
2108 2108
2109 2109 if repo and (repo.enable_locking or not only_when_enabled):
2110 2110 if action == 'push':
2111 2111 # check if it's already locked !, if it is compare users
2112 2112 locked_by_user_id = lock_info[0]
2113 2113 if user.user_id == locked_by_user_id:
2114 2114 log.debug(
2115 2115 'Got `push` action from user %s, now unlocking', user)
2116 2116 # unlock if we have push from user who locked
2117 2117 make_lock = False
2118 2118 else:
2119 2119 # we're not the same user who locked, ban with
2120 2120 # code defined in settings (default is 423 HTTP Locked) !
2121 2121 log.debug('Repo %s is currently locked by %s', repo, user)
2122 2122 currently_locked = True
2123 2123 elif action == 'pull':
2124 2124 # [0] user [1] date
2125 2125 if lock_info[0] and lock_info[1]:
2126 2126 log.debug('Repo %s is currently locked by %s', repo, user)
2127 2127 currently_locked = True
2128 2128 else:
2129 2129 log.debug('Setting lock on repo %s by %s', repo, user)
2130 2130 make_lock = True
2131 2131
2132 2132 else:
2133 2133 log.debug('Repository %s do not have locking enabled', repo)
2134 2134
2135 2135 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
2136 2136 make_lock, currently_locked, lock_info)
2137 2137
2138 2138 from rhodecode.lib.auth import HasRepoPermissionAny
2139 2139 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
2140 2140 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
2141 2141 # if we don't have at least write permission we cannot make a lock
2142 2142 log.debug('lock state reset back to FALSE due to lack '
2143 2143 'of at least read permission')
2144 2144 make_lock = False
2145 2145
2146 2146 return make_lock, currently_locked, lock_info
2147 2147
2148 2148 @property
2149 2149 def last_db_change(self):
2150 2150 return self.updated_on
2151 2151
2152 2152 @property
2153 2153 def clone_uri_hidden(self):
2154 2154 clone_uri = self.clone_uri
2155 2155 if clone_uri:
2156 2156 import urlobject
2157 2157 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2158 2158 if url_obj.password:
2159 2159 clone_uri = url_obj.with_password('*****')
2160 2160 return clone_uri
2161 2161
2162 2162 @property
2163 2163 def push_uri_hidden(self):
2164 2164 push_uri = self.push_uri
2165 2165 if push_uri:
2166 2166 import urlobject
2167 2167 url_obj = urlobject.URLObject(cleaned_uri(push_uri))
2168 2168 if url_obj.password:
2169 2169 push_uri = url_obj.with_password('*****')
2170 2170 return push_uri
2171 2171
2172 2172 def clone_url(self, **override):
2173 2173 from rhodecode.model.settings import SettingsModel
2174 2174
2175 2175 uri_tmpl = None
2176 2176 if 'with_id' in override:
2177 2177 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2178 2178 del override['with_id']
2179 2179
2180 2180 if 'uri_tmpl' in override:
2181 2181 uri_tmpl = override['uri_tmpl']
2182 2182 del override['uri_tmpl']
2183 2183
2184 2184 ssh = False
2185 2185 if 'ssh' in override:
2186 2186 ssh = True
2187 2187 del override['ssh']
2188 2188
2189 2189 # we didn't override our tmpl from **overrides
2190 2190 if not uri_tmpl:
2191 2191 rc_config = SettingsModel().get_all_settings(cache=True)
2192 2192 if ssh:
2193 2193 uri_tmpl = rc_config.get(
2194 2194 'rhodecode_clone_uri_ssh_tmpl') or self.DEFAULT_CLONE_URI_SSH
2195 2195 else:
2196 2196 uri_tmpl = rc_config.get(
2197 2197 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2198 2198
2199 2199 request = get_current_request()
2200 2200 return get_clone_url(request=request,
2201 2201 uri_tmpl=uri_tmpl,
2202 2202 repo_name=self.repo_name,
2203 2203 repo_id=self.repo_id, **override)
2204 2204
2205 2205 def set_state(self, state):
2206 2206 self.repo_state = state
2207 2207 Session().add(self)
2208 2208 #==========================================================================
2209 2209 # SCM PROPERTIES
2210 2210 #==========================================================================
2211 2211
2212 2212 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2213 2213 return get_commit_safe(
2214 2214 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2215 2215
2216 2216 def get_changeset(self, rev=None, pre_load=None):
2217 2217 warnings.warn("Use get_commit", DeprecationWarning)
2218 2218 commit_id = None
2219 2219 commit_idx = None
2220 2220 if isinstance(rev, compat.string_types):
2221 2221 commit_id = rev
2222 2222 else:
2223 2223 commit_idx = rev
2224 2224 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2225 2225 pre_load=pre_load)
2226 2226
2227 2227 def get_landing_commit(self):
2228 2228 """
2229 2229 Returns landing commit, or if that doesn't exist returns the tip
2230 2230 """
2231 2231 _rev_type, _rev = self.landing_rev
2232 2232 commit = self.get_commit(_rev)
2233 2233 if isinstance(commit, EmptyCommit):
2234 2234 return self.get_commit()
2235 2235 return commit
2236 2236
2237 2237 def update_commit_cache(self, cs_cache=None, config=None):
2238 2238 """
2239 2239 Update cache of last changeset for repository, keys should be::
2240 2240
2241 2241 short_id
2242 2242 raw_id
2243 2243 revision
2244 2244 parents
2245 2245 message
2246 2246 date
2247 2247 author
2248 2248
2249 2249 :param cs_cache:
2250 2250 """
2251 2251 from rhodecode.lib.vcs.backends.base import BaseChangeset
2252 2252 if cs_cache is None:
2253 2253 # use no-cache version here
2254 2254 scm_repo = self.scm_instance(cache=False, config=config)
2255 2255
2256 2256 empty = scm_repo.is_empty()
2257 2257 if not empty:
2258 2258 cs_cache = scm_repo.get_commit(
2259 2259 pre_load=["author", "date", "message", "parents"])
2260 2260 else:
2261 2261 cs_cache = EmptyCommit()
2262 2262
2263 2263 if isinstance(cs_cache, BaseChangeset):
2264 2264 cs_cache = cs_cache.__json__()
2265 2265
2266 2266 def is_outdated(new_cs_cache):
2267 2267 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2268 2268 new_cs_cache['revision'] != self.changeset_cache['revision']):
2269 2269 return True
2270 2270 return False
2271 2271
2272 2272 # check if we have maybe already latest cached revision
2273 2273 if is_outdated(cs_cache) or not self.changeset_cache:
2274 2274 _default = datetime.datetime.utcnow()
2275 2275 last_change = cs_cache.get('date') or _default
2276 2276 if self.updated_on and self.updated_on > last_change:
2277 2277 # we check if last update is newer than the new value
2278 2278 # if yes, we use the current timestamp instead. Imagine you get
2279 2279 # old commit pushed 1y ago, we'd set last update 1y to ago.
2280 2280 last_change = _default
2281 2281 log.debug('updated repo %s with new commit cache %s',
2282 2282 self.repo_name, cs_cache)
2283 2283 self.updated_on = last_change
2284 2284 self.changeset_cache = cs_cache
2285 2285 Session().add(self)
2286 2286 Session().commit()
2287 2287 else:
2288 2288 log.debug('Skipping update_commit_cache for repo:`%s` '
2289 2289 'commit already with latest changes', self.repo_name)
2290 2290
2291 2291 @property
2292 2292 def tip(self):
2293 2293 return self.get_commit('tip')
2294 2294
2295 2295 @property
2296 2296 def author(self):
2297 2297 return self.tip.author
2298 2298
2299 2299 @property
2300 2300 def last_change(self):
2301 2301 return self.scm_instance().last_change
2302 2302
2303 2303 def get_comments(self, revisions=None):
2304 2304 """
2305 2305 Returns comments for this repository grouped by revisions
2306 2306
2307 2307 :param revisions: filter query by revisions only
2308 2308 """
2309 2309 cmts = ChangesetComment.query()\
2310 2310 .filter(ChangesetComment.repo == self)
2311 2311 if revisions:
2312 2312 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2313 2313 grouped = collections.defaultdict(list)
2314 2314 for cmt in cmts.all():
2315 2315 grouped[cmt.revision].append(cmt)
2316 2316 return grouped
2317 2317
2318 2318 def statuses(self, revisions=None):
2319 2319 """
2320 2320 Returns statuses for this repository
2321 2321
2322 2322 :param revisions: list of revisions to get statuses for
2323 2323 """
2324 2324 statuses = ChangesetStatus.query()\
2325 2325 .filter(ChangesetStatus.repo == self)\
2326 2326 .filter(ChangesetStatus.version == 0)
2327 2327
2328 2328 if revisions:
2329 2329 # Try doing the filtering in chunks to avoid hitting limits
2330 2330 size = 500
2331 2331 status_results = []
2332 2332 for chunk in xrange(0, len(revisions), size):
2333 2333 status_results += statuses.filter(
2334 2334 ChangesetStatus.revision.in_(
2335 2335 revisions[chunk: chunk+size])
2336 2336 ).all()
2337 2337 else:
2338 2338 status_results = statuses.all()
2339 2339
2340 2340 grouped = {}
2341 2341
2342 2342 # maybe we have open new pullrequest without a status?
2343 2343 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2344 2344 status_lbl = ChangesetStatus.get_status_lbl(stat)
2345 2345 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2346 2346 for rev in pr.revisions:
2347 2347 pr_id = pr.pull_request_id
2348 2348 pr_repo = pr.target_repo.repo_name
2349 2349 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2350 2350
2351 2351 for stat in status_results:
2352 2352 pr_id = pr_repo = None
2353 2353 if stat.pull_request:
2354 2354 pr_id = stat.pull_request.pull_request_id
2355 2355 pr_repo = stat.pull_request.target_repo.repo_name
2356 2356 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2357 2357 pr_id, pr_repo]
2358 2358 return grouped
2359 2359
2360 2360 # ==========================================================================
2361 2361 # SCM CACHE INSTANCE
2362 2362 # ==========================================================================
2363 2363
2364 2364 def scm_instance(self, **kwargs):
2365 2365 import rhodecode
2366 2366
2367 2367 # Passing a config will not hit the cache currently only used
2368 2368 # for repo2dbmapper
2369 2369 config = kwargs.pop('config', None)
2370 2370 cache = kwargs.pop('cache', None)
2371 2371 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2372 2372 # if cache is NOT defined use default global, else we have a full
2373 2373 # control over cache behaviour
2374 2374 if cache is None and full_cache and not config:
2375 2375 return self._get_instance_cached()
2376 2376 return self._get_instance(cache=bool(cache), config=config)
2377 2377
2378 2378 def _get_instance_cached(self):
2379 2379 from rhodecode.lib import rc_cache
2380 2380
2381 2381 cache_namespace_uid = 'cache_repo_instance.{}'.format(self.repo_id)
2382 2382 invalidation_namespace = CacheKey.REPO_INVALIDATION_NAMESPACE.format(
2383 2383 repo_id=self.repo_id)
2384 2384 region = rc_cache.get_or_create_region('cache_repo_longterm', cache_namespace_uid)
2385 2385
2386 2386 @region.conditional_cache_on_arguments(namespace=cache_namespace_uid)
2387 2387 def get_instance_cached(repo_id, context_id):
2388 2388 return self._get_instance()
2389 2389
2390 2390 # we must use thread scoped cache here,
2391 2391 # because each thread of gevent needs it's own not shared connection and cache
2392 2392 # we also alter `args` so the cache key is individual for every green thread.
2393 2393 inv_context_manager = rc_cache.InvalidationContext(
2394 2394 uid=cache_namespace_uid, invalidation_namespace=invalidation_namespace,
2395 2395 thread_scoped=True)
2396 2396 with inv_context_manager as invalidation_context:
2397 2397 args = (self.repo_id, inv_context_manager.cache_key)
2398 2398 # re-compute and store cache if we get invalidate signal
2399 2399 if invalidation_context.should_invalidate():
2400 2400 instance = get_instance_cached.refresh(*args)
2401 2401 else:
2402 2402 instance = get_instance_cached(*args)
2403 2403
2404 2404 log.debug(
2405 'Repo instance fetched in %.3fs', inv_context_manager.compute_time)
2405 'Repo instance fetched in %.4fs', inv_context_manager.compute_time)
2406 2406 return instance
2407 2407
2408 2408 def _get_instance(self, cache=True, config=None):
2409 2409 config = config or self._config
2410 2410 custom_wire = {
2411 2411 'cache': cache # controls the vcs.remote cache
2412 2412 }
2413 2413 repo = get_vcs_instance(
2414 2414 repo_path=safe_str(self.repo_full_path),
2415 2415 config=config,
2416 2416 with_wire=custom_wire,
2417 2417 create=False,
2418 2418 _vcs_alias=self.repo_type)
2419 2419
2420 2420 return repo
2421 2421
2422 2422 def __json__(self):
2423 2423 return {'landing_rev': self.landing_rev}
2424 2424
2425 2425 def get_dict(self):
2426 2426
2427 2427 # Since we transformed `repo_name` to a hybrid property, we need to
2428 2428 # keep compatibility with the code which uses `repo_name` field.
2429 2429
2430 2430 result = super(Repository, self).get_dict()
2431 2431 result['repo_name'] = result.pop('_repo_name', None)
2432 2432 return result
2433 2433
2434 2434
2435 2435 class RepoGroup(Base, BaseModel):
2436 2436 __tablename__ = 'groups'
2437 2437 __table_args__ = (
2438 2438 UniqueConstraint('group_name', 'group_parent_id'),
2439 2439 base_table_args,
2440 2440 )
2441 2441 __mapper_args__ = {'order_by': 'group_name'}
2442 2442
2443 2443 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2444 2444
2445 2445 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2446 2446 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2447 2447 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2448 2448 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2449 2449 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2450 2450 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2451 2451 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2452 2452 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2453 2453 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2454 2454
2455 2455 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2456 2456 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2457 2457 parent_group = relationship('RepoGroup', remote_side=group_id)
2458 2458 user = relationship('User')
2459 2459 integrations = relationship('Integration',
2460 2460 cascade="all, delete, delete-orphan")
2461 2461
2462 2462 def __init__(self, group_name='', parent_group=None):
2463 2463 self.group_name = group_name
2464 2464 self.parent_group = parent_group
2465 2465
2466 2466 def __unicode__(self):
2467 2467 return u"<%s('id:%s:%s')>" % (
2468 2468 self.__class__.__name__, self.group_id, self.group_name)
2469 2469
2470 2470 @hybrid_property
2471 2471 def description_safe(self):
2472 2472 from rhodecode.lib import helpers as h
2473 2473 return h.escape(self.group_description)
2474 2474
2475 2475 @classmethod
2476 2476 def _generate_choice(cls, repo_group):
2477 2477 from webhelpers.html import literal as _literal
2478 2478 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2479 2479 return repo_group.group_id, _name(repo_group.full_path_splitted)
2480 2480
2481 2481 @classmethod
2482 2482 def groups_choices(cls, groups=None, show_empty_group=True):
2483 2483 if not groups:
2484 2484 groups = cls.query().all()
2485 2485
2486 2486 repo_groups = []
2487 2487 if show_empty_group:
2488 2488 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2489 2489
2490 2490 repo_groups.extend([cls._generate_choice(x) for x in groups])
2491 2491
2492 2492 repo_groups = sorted(
2493 2493 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2494 2494 return repo_groups
2495 2495
2496 2496 @classmethod
2497 2497 def url_sep(cls):
2498 2498 return URL_SEP
2499 2499
2500 2500 @classmethod
2501 2501 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2502 2502 if case_insensitive:
2503 2503 gr = cls.query().filter(func.lower(cls.group_name)
2504 2504 == func.lower(group_name))
2505 2505 else:
2506 2506 gr = cls.query().filter(cls.group_name == group_name)
2507 2507 if cache:
2508 2508 name_key = _hash_key(group_name)
2509 2509 gr = gr.options(
2510 2510 FromCache("sql_cache_short", "get_group_%s" % name_key))
2511 2511 return gr.scalar()
2512 2512
2513 2513 @classmethod
2514 2514 def get_user_personal_repo_group(cls, user_id):
2515 2515 user = User.get(user_id)
2516 2516 if user.username == User.DEFAULT_USER:
2517 2517 return None
2518 2518
2519 2519 return cls.query()\
2520 2520 .filter(cls.personal == true()) \
2521 2521 .filter(cls.user == user) \
2522 2522 .order_by(cls.group_id.asc()) \
2523 2523 .first()
2524 2524
2525 2525 @classmethod
2526 2526 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2527 2527 case_insensitive=True):
2528 2528 q = RepoGroup.query()
2529 2529
2530 2530 if not isinstance(user_id, Optional):
2531 2531 q = q.filter(RepoGroup.user_id == user_id)
2532 2532
2533 2533 if not isinstance(group_id, Optional):
2534 2534 q = q.filter(RepoGroup.group_parent_id == group_id)
2535 2535
2536 2536 if case_insensitive:
2537 2537 q = q.order_by(func.lower(RepoGroup.group_name))
2538 2538 else:
2539 2539 q = q.order_by(RepoGroup.group_name)
2540 2540 return q.all()
2541 2541
2542 2542 @property
2543 2543 def parents(self):
2544 2544 parents_recursion_limit = 10
2545 2545 groups = []
2546 2546 if self.parent_group is None:
2547 2547 return groups
2548 2548 cur_gr = self.parent_group
2549 2549 groups.insert(0, cur_gr)
2550 2550 cnt = 0
2551 2551 while 1:
2552 2552 cnt += 1
2553 2553 gr = getattr(cur_gr, 'parent_group', None)
2554 2554 cur_gr = cur_gr.parent_group
2555 2555 if gr is None:
2556 2556 break
2557 2557 if cnt == parents_recursion_limit:
2558 2558 # this will prevent accidental infinit loops
2559 2559 log.error('more than %s parents found for group %s, stopping '
2560 2560 'recursive parent fetching', parents_recursion_limit, self)
2561 2561 break
2562 2562
2563 2563 groups.insert(0, gr)
2564 2564 return groups
2565 2565
2566 2566 @property
2567 2567 def last_db_change(self):
2568 2568 return self.updated_on
2569 2569
2570 2570 @property
2571 2571 def children(self):
2572 2572 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2573 2573
2574 2574 @property
2575 2575 def name(self):
2576 2576 return self.group_name.split(RepoGroup.url_sep())[-1]
2577 2577
2578 2578 @property
2579 2579 def full_path(self):
2580 2580 return self.group_name
2581 2581
2582 2582 @property
2583 2583 def full_path_splitted(self):
2584 2584 return self.group_name.split(RepoGroup.url_sep())
2585 2585
2586 2586 @property
2587 2587 def repositories(self):
2588 2588 return Repository.query()\
2589 2589 .filter(Repository.group == self)\
2590 2590 .order_by(Repository.repo_name)
2591 2591
2592 2592 @property
2593 2593 def repositories_recursive_count(self):
2594 2594 cnt = self.repositories.count()
2595 2595
2596 2596 def children_count(group):
2597 2597 cnt = 0
2598 2598 for child in group.children:
2599 2599 cnt += child.repositories.count()
2600 2600 cnt += children_count(child)
2601 2601 return cnt
2602 2602
2603 2603 return cnt + children_count(self)
2604 2604
2605 2605 def _recursive_objects(self, include_repos=True):
2606 2606 all_ = []
2607 2607
2608 2608 def _get_members(root_gr):
2609 2609 if include_repos:
2610 2610 for r in root_gr.repositories:
2611 2611 all_.append(r)
2612 2612 childs = root_gr.children.all()
2613 2613 if childs:
2614 2614 for gr in childs:
2615 2615 all_.append(gr)
2616 2616 _get_members(gr)
2617 2617
2618 2618 _get_members(self)
2619 2619 return [self] + all_
2620 2620
2621 2621 def recursive_groups_and_repos(self):
2622 2622 """
2623 2623 Recursive return all groups, with repositories in those groups
2624 2624 """
2625 2625 return self._recursive_objects()
2626 2626
2627 2627 def recursive_groups(self):
2628 2628 """
2629 2629 Returns all children groups for this group including children of children
2630 2630 """
2631 2631 return self._recursive_objects(include_repos=False)
2632 2632
2633 2633 def get_new_name(self, group_name):
2634 2634 """
2635 2635 returns new full group name based on parent and new name
2636 2636
2637 2637 :param group_name:
2638 2638 """
2639 2639 path_prefix = (self.parent_group.full_path_splitted if
2640 2640 self.parent_group else [])
2641 2641 return RepoGroup.url_sep().join(path_prefix + [group_name])
2642 2642
2643 2643 def permissions(self, with_admins=True, with_owner=True):
2644 2644 """
2645 2645 Permissions for repository groups
2646 2646 """
2647 2647 _admin_perm = 'group.admin'
2648 2648
2649 2649 owner_row = []
2650 2650 if with_owner:
2651 2651 usr = AttributeDict(self.user.get_dict())
2652 2652 usr.owner_row = True
2653 2653 usr.permission = _admin_perm
2654 2654 owner_row.append(usr)
2655 2655
2656 2656 super_admin_ids = []
2657 2657 super_admin_rows = []
2658 2658 if with_admins:
2659 2659 for usr in User.get_all_super_admins():
2660 2660 super_admin_ids.append(usr.user_id)
2661 2661 # if this admin is also owner, don't double the record
2662 2662 if usr.user_id == owner_row[0].user_id:
2663 2663 owner_row[0].admin_row = True
2664 2664 else:
2665 2665 usr = AttributeDict(usr.get_dict())
2666 2666 usr.admin_row = True
2667 2667 usr.permission = _admin_perm
2668 2668 super_admin_rows.append(usr)
2669 2669
2670 2670 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2671 2671 q = q.options(joinedload(UserRepoGroupToPerm.group),
2672 2672 joinedload(UserRepoGroupToPerm.user),
2673 2673 joinedload(UserRepoGroupToPerm.permission),)
2674 2674
2675 2675 # get owners and admins and permissions. We do a trick of re-writing
2676 2676 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2677 2677 # has a global reference and changing one object propagates to all
2678 2678 # others. This means if admin is also an owner admin_row that change
2679 2679 # would propagate to both objects
2680 2680 perm_rows = []
2681 2681 for _usr in q.all():
2682 2682 usr = AttributeDict(_usr.user.get_dict())
2683 2683 # if this user is also owner/admin, mark as duplicate record
2684 2684 if usr.user_id == owner_row[0].user_id or usr.user_id in super_admin_ids:
2685 2685 usr.duplicate_perm = True
2686 2686 usr.permission = _usr.permission.permission_name
2687 2687 perm_rows.append(usr)
2688 2688
2689 2689 # filter the perm rows by 'default' first and then sort them by
2690 2690 # admin,write,read,none permissions sorted again alphabetically in
2691 2691 # each group
2692 2692 perm_rows = sorted(perm_rows, key=display_user_sort)
2693 2693
2694 2694 return super_admin_rows + owner_row + perm_rows
2695 2695
2696 2696 def permission_user_groups(self):
2697 2697 q = UserGroupRepoGroupToPerm.query().filter(
2698 2698 UserGroupRepoGroupToPerm.group == self)
2699 2699 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2700 2700 joinedload(UserGroupRepoGroupToPerm.users_group),
2701 2701 joinedload(UserGroupRepoGroupToPerm.permission),)
2702 2702
2703 2703 perm_rows = []
2704 2704 for _user_group in q.all():
2705 2705 usr = AttributeDict(_user_group.users_group.get_dict())
2706 2706 usr.permission = _user_group.permission.permission_name
2707 2707 perm_rows.append(usr)
2708 2708
2709 2709 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2710 2710 return perm_rows
2711 2711
2712 2712 def get_api_data(self):
2713 2713 """
2714 2714 Common function for generating api data
2715 2715
2716 2716 """
2717 2717 group = self
2718 2718 data = {
2719 2719 'group_id': group.group_id,
2720 2720 'group_name': group.group_name,
2721 2721 'group_description': group.description_safe,
2722 2722 'parent_group': group.parent_group.group_name if group.parent_group else None,
2723 2723 'repositories': [x.repo_name for x in group.repositories],
2724 2724 'owner': group.user.username,
2725 2725 }
2726 2726 return data
2727 2727
2728 2728
2729 2729 class Permission(Base, BaseModel):
2730 2730 __tablename__ = 'permissions'
2731 2731 __table_args__ = (
2732 2732 Index('p_perm_name_idx', 'permission_name'),
2733 2733 base_table_args,
2734 2734 )
2735 2735
2736 2736 PERMS = [
2737 2737 ('hg.admin', _('RhodeCode Super Administrator')),
2738 2738
2739 2739 ('repository.none', _('Repository no access')),
2740 2740 ('repository.read', _('Repository read access')),
2741 2741 ('repository.write', _('Repository write access')),
2742 2742 ('repository.admin', _('Repository admin access')),
2743 2743
2744 2744 ('group.none', _('Repository group no access')),
2745 2745 ('group.read', _('Repository group read access')),
2746 2746 ('group.write', _('Repository group write access')),
2747 2747 ('group.admin', _('Repository group admin access')),
2748 2748
2749 2749 ('usergroup.none', _('User group no access')),
2750 2750 ('usergroup.read', _('User group read access')),
2751 2751 ('usergroup.write', _('User group write access')),
2752 2752 ('usergroup.admin', _('User group admin access')),
2753 2753
2754 2754 ('branch.none', _('Branch no permissions')),
2755 2755 ('branch.merge', _('Branch access by web merge')),
2756 2756 ('branch.push', _('Branch access by push')),
2757 2757 ('branch.push_force', _('Branch access by push with force')),
2758 2758
2759 2759 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2760 2760 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2761 2761
2762 2762 ('hg.usergroup.create.false', _('User Group creation disabled')),
2763 2763 ('hg.usergroup.create.true', _('User Group creation enabled')),
2764 2764
2765 2765 ('hg.create.none', _('Repository creation disabled')),
2766 2766 ('hg.create.repository', _('Repository creation enabled')),
2767 2767 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2768 2768 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2769 2769
2770 2770 ('hg.fork.none', _('Repository forking disabled')),
2771 2771 ('hg.fork.repository', _('Repository forking enabled')),
2772 2772
2773 2773 ('hg.register.none', _('Registration disabled')),
2774 2774 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2775 2775 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2776 2776
2777 2777 ('hg.password_reset.enabled', _('Password reset enabled')),
2778 2778 ('hg.password_reset.hidden', _('Password reset hidden')),
2779 2779 ('hg.password_reset.disabled', _('Password reset disabled')),
2780 2780
2781 2781 ('hg.extern_activate.manual', _('Manual activation of external account')),
2782 2782 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2783 2783
2784 2784 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2785 2785 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2786 2786 ]
2787 2787
2788 2788 # definition of system default permissions for DEFAULT user, created on
2789 2789 # system setup
2790 2790 DEFAULT_USER_PERMISSIONS = [
2791 2791 # object perms
2792 2792 'repository.read',
2793 2793 'group.read',
2794 2794 'usergroup.read',
2795 2795 # branch, for backward compat we need same value as before so forced pushed
2796 2796 'branch.push_force',
2797 2797 # global
2798 2798 'hg.create.repository',
2799 2799 'hg.repogroup.create.false',
2800 2800 'hg.usergroup.create.false',
2801 2801 'hg.create.write_on_repogroup.true',
2802 2802 'hg.fork.repository',
2803 2803 'hg.register.manual_activate',
2804 2804 'hg.password_reset.enabled',
2805 2805 'hg.extern_activate.auto',
2806 2806 'hg.inherit_default_perms.true',
2807 2807 ]
2808 2808
2809 2809 # defines which permissions are more important higher the more important
2810 2810 # Weight defines which permissions are more important.
2811 2811 # The higher number the more important.
2812 2812 PERM_WEIGHTS = {
2813 2813 'repository.none': 0,
2814 2814 'repository.read': 1,
2815 2815 'repository.write': 3,
2816 2816 'repository.admin': 4,
2817 2817
2818 2818 'group.none': 0,
2819 2819 'group.read': 1,
2820 2820 'group.write': 3,
2821 2821 'group.admin': 4,
2822 2822
2823 2823 'usergroup.none': 0,
2824 2824 'usergroup.read': 1,
2825 2825 'usergroup.write': 3,
2826 2826 'usergroup.admin': 4,
2827 2827
2828 2828 'branch.none': 0,
2829 2829 'branch.merge': 1,
2830 2830 'branch.push': 3,
2831 2831 'branch.push_force': 4,
2832 2832
2833 2833 'hg.repogroup.create.false': 0,
2834 2834 'hg.repogroup.create.true': 1,
2835 2835
2836 2836 'hg.usergroup.create.false': 0,
2837 2837 'hg.usergroup.create.true': 1,
2838 2838
2839 2839 'hg.fork.none': 0,
2840 2840 'hg.fork.repository': 1,
2841 2841 'hg.create.none': 0,
2842 2842 'hg.create.repository': 1
2843 2843 }
2844 2844
2845 2845 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2846 2846 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2847 2847 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2848 2848
2849 2849 def __unicode__(self):
2850 2850 return u"<%s('%s:%s')>" % (
2851 2851 self.__class__.__name__, self.permission_id, self.permission_name
2852 2852 )
2853 2853
2854 2854 @classmethod
2855 2855 def get_by_key(cls, key):
2856 2856 return cls.query().filter(cls.permission_name == key).scalar()
2857 2857
2858 2858 @classmethod
2859 2859 def get_default_repo_perms(cls, user_id, repo_id=None):
2860 2860 q = Session().query(UserRepoToPerm, Repository, Permission)\
2861 2861 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2862 2862 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2863 2863 .filter(UserRepoToPerm.user_id == user_id)
2864 2864 if repo_id:
2865 2865 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2866 2866 return q.all()
2867 2867
2868 2868 @classmethod
2869 2869 def get_default_repo_branch_perms(cls, user_id, repo_id=None):
2870 2870 q = Session().query(UserToRepoBranchPermission, UserRepoToPerm, Permission) \
2871 2871 .join(
2872 2872 Permission,
2873 2873 UserToRepoBranchPermission.permission_id == Permission.permission_id) \
2874 2874 .join(
2875 2875 UserRepoToPerm,
2876 2876 UserToRepoBranchPermission.rule_to_perm_id == UserRepoToPerm.repo_to_perm_id) \
2877 2877 .filter(UserRepoToPerm.user_id == user_id)
2878 2878
2879 2879 if repo_id:
2880 2880 q = q.filter(UserToRepoBranchPermission.repository_id == repo_id)
2881 2881 return q.order_by(UserToRepoBranchPermission.rule_order).all()
2882 2882
2883 2883 @classmethod
2884 2884 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2885 2885 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2886 2886 .join(
2887 2887 Permission,
2888 2888 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2889 2889 .join(
2890 2890 Repository,
2891 2891 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2892 2892 .join(
2893 2893 UserGroup,
2894 2894 UserGroupRepoToPerm.users_group_id ==
2895 2895 UserGroup.users_group_id)\
2896 2896 .join(
2897 2897 UserGroupMember,
2898 2898 UserGroupRepoToPerm.users_group_id ==
2899 2899 UserGroupMember.users_group_id)\
2900 2900 .filter(
2901 2901 UserGroupMember.user_id == user_id,
2902 2902 UserGroup.users_group_active == true())
2903 2903 if repo_id:
2904 2904 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2905 2905 return q.all()
2906 2906
2907 2907 @classmethod
2908 2908 def get_default_repo_branch_perms_from_user_group(cls, user_id, repo_id=None):
2909 2909 q = Session().query(UserGroupToRepoBranchPermission, UserGroupRepoToPerm, Permission) \
2910 2910 .join(
2911 2911 Permission,
2912 2912 UserGroupToRepoBranchPermission.permission_id == Permission.permission_id) \
2913 2913 .join(
2914 2914 UserGroupRepoToPerm,
2915 2915 UserGroupToRepoBranchPermission.rule_to_perm_id == UserGroupRepoToPerm.users_group_to_perm_id) \
2916 2916 .join(
2917 2917 UserGroup,
2918 2918 UserGroupRepoToPerm.users_group_id == UserGroup.users_group_id) \
2919 2919 .join(
2920 2920 UserGroupMember,
2921 2921 UserGroupRepoToPerm.users_group_id == UserGroupMember.users_group_id) \
2922 2922 .filter(
2923 2923 UserGroupMember.user_id == user_id,
2924 2924 UserGroup.users_group_active == true())
2925 2925
2926 2926 if repo_id:
2927 2927 q = q.filter(UserGroupToRepoBranchPermission.repository_id == repo_id)
2928 2928 return q.order_by(UserGroupToRepoBranchPermission.rule_order).all()
2929 2929
2930 2930 @classmethod
2931 2931 def get_default_group_perms(cls, user_id, repo_group_id=None):
2932 2932 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2933 2933 .join(
2934 2934 Permission,
2935 2935 UserRepoGroupToPerm.permission_id == Permission.permission_id)\
2936 2936 .join(
2937 2937 RepoGroup,
2938 2938 UserRepoGroupToPerm.group_id == RepoGroup.group_id)\
2939 2939 .filter(UserRepoGroupToPerm.user_id == user_id)
2940 2940 if repo_group_id:
2941 2941 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2942 2942 return q.all()
2943 2943
2944 2944 @classmethod
2945 2945 def get_default_group_perms_from_user_group(
2946 2946 cls, user_id, repo_group_id=None):
2947 2947 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2948 2948 .join(
2949 2949 Permission,
2950 2950 UserGroupRepoGroupToPerm.permission_id ==
2951 2951 Permission.permission_id)\
2952 2952 .join(
2953 2953 RepoGroup,
2954 2954 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2955 2955 .join(
2956 2956 UserGroup,
2957 2957 UserGroupRepoGroupToPerm.users_group_id ==
2958 2958 UserGroup.users_group_id)\
2959 2959 .join(
2960 2960 UserGroupMember,
2961 2961 UserGroupRepoGroupToPerm.users_group_id ==
2962 2962 UserGroupMember.users_group_id)\
2963 2963 .filter(
2964 2964 UserGroupMember.user_id == user_id,
2965 2965 UserGroup.users_group_active == true())
2966 2966 if repo_group_id:
2967 2967 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2968 2968 return q.all()
2969 2969
2970 2970 @classmethod
2971 2971 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2972 2972 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2973 2973 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2974 2974 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2975 2975 .filter(UserUserGroupToPerm.user_id == user_id)
2976 2976 if user_group_id:
2977 2977 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2978 2978 return q.all()
2979 2979
2980 2980 @classmethod
2981 2981 def get_default_user_group_perms_from_user_group(
2982 2982 cls, user_id, user_group_id=None):
2983 2983 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2984 2984 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2985 2985 .join(
2986 2986 Permission,
2987 2987 UserGroupUserGroupToPerm.permission_id ==
2988 2988 Permission.permission_id)\
2989 2989 .join(
2990 2990 TargetUserGroup,
2991 2991 UserGroupUserGroupToPerm.target_user_group_id ==
2992 2992 TargetUserGroup.users_group_id)\
2993 2993 .join(
2994 2994 UserGroup,
2995 2995 UserGroupUserGroupToPerm.user_group_id ==
2996 2996 UserGroup.users_group_id)\
2997 2997 .join(
2998 2998 UserGroupMember,
2999 2999 UserGroupUserGroupToPerm.user_group_id ==
3000 3000 UserGroupMember.users_group_id)\
3001 3001 .filter(
3002 3002 UserGroupMember.user_id == user_id,
3003 3003 UserGroup.users_group_active == true())
3004 3004 if user_group_id:
3005 3005 q = q.filter(
3006 3006 UserGroupUserGroupToPerm.user_group_id == user_group_id)
3007 3007
3008 3008 return q.all()
3009 3009
3010 3010
3011 3011 class UserRepoToPerm(Base, BaseModel):
3012 3012 __tablename__ = 'repo_to_perm'
3013 3013 __table_args__ = (
3014 3014 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
3015 3015 base_table_args
3016 3016 )
3017 3017
3018 3018 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3019 3019 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3020 3020 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3021 3021 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
3022 3022
3023 3023 user = relationship('User')
3024 3024 repository = relationship('Repository')
3025 3025 permission = relationship('Permission')
3026 3026
3027 3027 branch_perm_entry = relationship('UserToRepoBranchPermission', cascade="all, delete, delete-orphan", lazy='joined')
3028 3028
3029 3029 @classmethod
3030 3030 def create(cls, user, repository, permission):
3031 3031 n = cls()
3032 3032 n.user = user
3033 3033 n.repository = repository
3034 3034 n.permission = permission
3035 3035 Session().add(n)
3036 3036 return n
3037 3037
3038 3038 def __unicode__(self):
3039 3039 return u'<%s => %s >' % (self.user, self.repository)
3040 3040
3041 3041
3042 3042 class UserUserGroupToPerm(Base, BaseModel):
3043 3043 __tablename__ = 'user_user_group_to_perm'
3044 3044 __table_args__ = (
3045 3045 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
3046 3046 base_table_args
3047 3047 )
3048 3048
3049 3049 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3050 3050 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3051 3051 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3052 3052 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3053 3053
3054 3054 user = relationship('User')
3055 3055 user_group = relationship('UserGroup')
3056 3056 permission = relationship('Permission')
3057 3057
3058 3058 @classmethod
3059 3059 def create(cls, user, user_group, permission):
3060 3060 n = cls()
3061 3061 n.user = user
3062 3062 n.user_group = user_group
3063 3063 n.permission = permission
3064 3064 Session().add(n)
3065 3065 return n
3066 3066
3067 3067 def __unicode__(self):
3068 3068 return u'<%s => %s >' % (self.user, self.user_group)
3069 3069
3070 3070
3071 3071 class UserToPerm(Base, BaseModel):
3072 3072 __tablename__ = 'user_to_perm'
3073 3073 __table_args__ = (
3074 3074 UniqueConstraint('user_id', 'permission_id'),
3075 3075 base_table_args
3076 3076 )
3077 3077
3078 3078 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3079 3079 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3080 3080 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3081 3081
3082 3082 user = relationship('User')
3083 3083 permission = relationship('Permission', lazy='joined')
3084 3084
3085 3085 def __unicode__(self):
3086 3086 return u'<%s => %s >' % (self.user, self.permission)
3087 3087
3088 3088
3089 3089 class UserGroupRepoToPerm(Base, BaseModel):
3090 3090 __tablename__ = 'users_group_repo_to_perm'
3091 3091 __table_args__ = (
3092 3092 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
3093 3093 base_table_args
3094 3094 )
3095 3095
3096 3096 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3097 3097 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3098 3098 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3099 3099 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
3100 3100
3101 3101 users_group = relationship('UserGroup')
3102 3102 permission = relationship('Permission')
3103 3103 repository = relationship('Repository')
3104 3104 user_group_branch_perms = relationship('UserGroupToRepoBranchPermission', cascade='all')
3105 3105
3106 3106 @classmethod
3107 3107 def create(cls, users_group, repository, permission):
3108 3108 n = cls()
3109 3109 n.users_group = users_group
3110 3110 n.repository = repository
3111 3111 n.permission = permission
3112 3112 Session().add(n)
3113 3113 return n
3114 3114
3115 3115 def __unicode__(self):
3116 3116 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
3117 3117
3118 3118
3119 3119 class UserGroupUserGroupToPerm(Base, BaseModel):
3120 3120 __tablename__ = 'user_group_user_group_to_perm'
3121 3121 __table_args__ = (
3122 3122 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
3123 3123 CheckConstraint('target_user_group_id != user_group_id'),
3124 3124 base_table_args
3125 3125 )
3126 3126
3127 3127 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3128 3128 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3129 3129 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3130 3130 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3131 3131
3132 3132 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
3133 3133 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
3134 3134 permission = relationship('Permission')
3135 3135
3136 3136 @classmethod
3137 3137 def create(cls, target_user_group, user_group, permission):
3138 3138 n = cls()
3139 3139 n.target_user_group = target_user_group
3140 3140 n.user_group = user_group
3141 3141 n.permission = permission
3142 3142 Session().add(n)
3143 3143 return n
3144 3144
3145 3145 def __unicode__(self):
3146 3146 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
3147 3147
3148 3148
3149 3149 class UserGroupToPerm(Base, BaseModel):
3150 3150 __tablename__ = 'users_group_to_perm'
3151 3151 __table_args__ = (
3152 3152 UniqueConstraint('users_group_id', 'permission_id',),
3153 3153 base_table_args
3154 3154 )
3155 3155
3156 3156 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3157 3157 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3158 3158 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3159 3159
3160 3160 users_group = relationship('UserGroup')
3161 3161 permission = relationship('Permission')
3162 3162
3163 3163
3164 3164 class UserRepoGroupToPerm(Base, BaseModel):
3165 3165 __tablename__ = 'user_repo_group_to_perm'
3166 3166 __table_args__ = (
3167 3167 UniqueConstraint('user_id', 'group_id', 'permission_id'),
3168 3168 base_table_args
3169 3169 )
3170 3170
3171 3171 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3172 3172 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3173 3173 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3174 3174 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3175 3175
3176 3176 user = relationship('User')
3177 3177 group = relationship('RepoGroup')
3178 3178 permission = relationship('Permission')
3179 3179
3180 3180 @classmethod
3181 3181 def create(cls, user, repository_group, permission):
3182 3182 n = cls()
3183 3183 n.user = user
3184 3184 n.group = repository_group
3185 3185 n.permission = permission
3186 3186 Session().add(n)
3187 3187 return n
3188 3188
3189 3189
3190 3190 class UserGroupRepoGroupToPerm(Base, BaseModel):
3191 3191 __tablename__ = 'users_group_repo_group_to_perm'
3192 3192 __table_args__ = (
3193 3193 UniqueConstraint('users_group_id', 'group_id'),
3194 3194 base_table_args
3195 3195 )
3196 3196
3197 3197 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3198 3198 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3199 3199 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3200 3200 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3201 3201
3202 3202 users_group = relationship('UserGroup')
3203 3203 permission = relationship('Permission')
3204 3204 group = relationship('RepoGroup')
3205 3205
3206 3206 @classmethod
3207 3207 def create(cls, user_group, repository_group, permission):
3208 3208 n = cls()
3209 3209 n.users_group = user_group
3210 3210 n.group = repository_group
3211 3211 n.permission = permission
3212 3212 Session().add(n)
3213 3213 return n
3214 3214
3215 3215 def __unicode__(self):
3216 3216 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
3217 3217
3218 3218
3219 3219 class Statistics(Base, BaseModel):
3220 3220 __tablename__ = 'statistics'
3221 3221 __table_args__ = (
3222 3222 base_table_args
3223 3223 )
3224 3224
3225 3225 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3226 3226 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
3227 3227 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
3228 3228 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
3229 3229 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
3230 3230 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
3231 3231
3232 3232 repository = relationship('Repository', single_parent=True)
3233 3233
3234 3234
3235 3235 class UserFollowing(Base, BaseModel):
3236 3236 __tablename__ = 'user_followings'
3237 3237 __table_args__ = (
3238 3238 UniqueConstraint('user_id', 'follows_repository_id'),
3239 3239 UniqueConstraint('user_id', 'follows_user_id'),
3240 3240 base_table_args
3241 3241 )
3242 3242
3243 3243 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3244 3244 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3245 3245 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
3246 3246 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
3247 3247 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
3248 3248
3249 3249 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
3250 3250
3251 3251 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
3252 3252 follows_repository = relationship('Repository', order_by='Repository.repo_name')
3253 3253
3254 3254 @classmethod
3255 3255 def get_repo_followers(cls, repo_id):
3256 3256 return cls.query().filter(cls.follows_repo_id == repo_id)
3257 3257
3258 3258
3259 3259 class CacheKey(Base, BaseModel):
3260 3260 __tablename__ = 'cache_invalidation'
3261 3261 __table_args__ = (
3262 3262 UniqueConstraint('cache_key'),
3263 3263 Index('key_idx', 'cache_key'),
3264 3264 base_table_args,
3265 3265 )
3266 3266
3267 3267 CACHE_TYPE_FEED = 'FEED'
3268 3268 CACHE_TYPE_README = 'README'
3269 3269 # namespaces used to register process/thread aware caches
3270 3270 REPO_INVALIDATION_NAMESPACE = 'repo_cache:{repo_id}'
3271 3271 SETTINGS_INVALIDATION_NAMESPACE = 'system_settings'
3272 3272
3273 3273 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3274 3274 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3275 3275 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3276 3276 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3277 3277
3278 3278 def __init__(self, cache_key, cache_args=''):
3279 3279 self.cache_key = cache_key
3280 3280 self.cache_args = cache_args
3281 3281 self.cache_active = False
3282 3282
3283 3283 def __unicode__(self):
3284 3284 return u"<%s('%s:%s[%s]')>" % (
3285 3285 self.__class__.__name__,
3286 3286 self.cache_id, self.cache_key, self.cache_active)
3287 3287
3288 3288 def _cache_key_partition(self):
3289 3289 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3290 3290 return prefix, repo_name, suffix
3291 3291
3292 3292 def get_prefix(self):
3293 3293 """
3294 3294 Try to extract prefix from existing cache key. The key could consist
3295 3295 of prefix, repo_name, suffix
3296 3296 """
3297 3297 # this returns prefix, repo_name, suffix
3298 3298 return self._cache_key_partition()[0]
3299 3299
3300 3300 def get_suffix(self):
3301 3301 """
3302 3302 get suffix that might have been used in _get_cache_key to
3303 3303 generate self.cache_key. Only used for informational purposes
3304 3304 in repo_edit.mako.
3305 3305 """
3306 3306 # prefix, repo_name, suffix
3307 3307 return self._cache_key_partition()[2]
3308 3308
3309 3309 @classmethod
3310 3310 def delete_all_cache(cls):
3311 3311 """
3312 3312 Delete all cache keys from database.
3313 3313 Should only be run when all instances are down and all entries
3314 3314 thus stale.
3315 3315 """
3316 3316 cls.query().delete()
3317 3317 Session().commit()
3318 3318
3319 3319 @classmethod
3320 3320 def set_invalidate(cls, cache_uid, delete=False):
3321 3321 """
3322 3322 Mark all caches of a repo as invalid in the database.
3323 3323 """
3324 3324
3325 3325 try:
3326 3326 qry = Session().query(cls).filter(cls.cache_args == cache_uid)
3327 3327 if delete:
3328 3328 qry.delete()
3329 3329 log.debug('cache objects deleted for cache args %s',
3330 3330 safe_str(cache_uid))
3331 3331 else:
3332 3332 qry.update({"cache_active": False})
3333 3333 log.debug('cache objects marked as invalid for cache args %s',
3334 3334 safe_str(cache_uid))
3335 3335
3336 3336 Session().commit()
3337 3337 except Exception:
3338 3338 log.exception(
3339 3339 'Cache key invalidation failed for cache args %s',
3340 3340 safe_str(cache_uid))
3341 3341 Session().rollback()
3342 3342
3343 3343 @classmethod
3344 3344 def get_active_cache(cls, cache_key):
3345 3345 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3346 3346 if inv_obj:
3347 3347 return inv_obj
3348 3348 return None
3349 3349
3350 3350
3351 3351 class ChangesetComment(Base, BaseModel):
3352 3352 __tablename__ = 'changeset_comments'
3353 3353 __table_args__ = (
3354 3354 Index('cc_revision_idx', 'revision'),
3355 3355 base_table_args,
3356 3356 )
3357 3357
3358 3358 COMMENT_OUTDATED = u'comment_outdated'
3359 3359 COMMENT_TYPE_NOTE = u'note'
3360 3360 COMMENT_TYPE_TODO = u'todo'
3361 3361 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3362 3362
3363 3363 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3364 3364 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3365 3365 revision = Column('revision', String(40), nullable=True)
3366 3366 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3367 3367 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3368 3368 line_no = Column('line_no', Unicode(10), nullable=True)
3369 3369 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3370 3370 f_path = Column('f_path', Unicode(1000), nullable=True)
3371 3371 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3372 3372 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3373 3373 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3374 3374 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3375 3375 renderer = Column('renderer', Unicode(64), nullable=True)
3376 3376 display_state = Column('display_state', Unicode(128), nullable=True)
3377 3377
3378 3378 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3379 3379 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3380 3380
3381 3381 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, back_populates='resolved_by')
3382 3382 resolved_by = relationship('ChangesetComment', back_populates='resolved_comment')
3383 3383
3384 3384 author = relationship('User', lazy='joined')
3385 3385 repo = relationship('Repository')
3386 3386 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3387 3387 pull_request = relationship('PullRequest', lazy='joined')
3388 3388 pull_request_version = relationship('PullRequestVersion')
3389 3389
3390 3390 @classmethod
3391 3391 def get_users(cls, revision=None, pull_request_id=None):
3392 3392 """
3393 3393 Returns user associated with this ChangesetComment. ie those
3394 3394 who actually commented
3395 3395
3396 3396 :param cls:
3397 3397 :param revision:
3398 3398 """
3399 3399 q = Session().query(User)\
3400 3400 .join(ChangesetComment.author)
3401 3401 if revision:
3402 3402 q = q.filter(cls.revision == revision)
3403 3403 elif pull_request_id:
3404 3404 q = q.filter(cls.pull_request_id == pull_request_id)
3405 3405 return q.all()
3406 3406
3407 3407 @classmethod
3408 3408 def get_index_from_version(cls, pr_version, versions):
3409 3409 num_versions = [x.pull_request_version_id for x in versions]
3410 3410 try:
3411 3411 return num_versions.index(pr_version) +1
3412 3412 except (IndexError, ValueError):
3413 3413 return
3414 3414
3415 3415 @property
3416 3416 def outdated(self):
3417 3417 return self.display_state == self.COMMENT_OUTDATED
3418 3418
3419 3419 def outdated_at_version(self, version):
3420 3420 """
3421 3421 Checks if comment is outdated for given pull request version
3422 3422 """
3423 3423 return self.outdated and self.pull_request_version_id != version
3424 3424
3425 3425 def older_than_version(self, version):
3426 3426 """
3427 3427 Checks if comment is made from previous version than given
3428 3428 """
3429 3429 if version is None:
3430 3430 return self.pull_request_version_id is not None
3431 3431
3432 3432 return self.pull_request_version_id < version
3433 3433
3434 3434 @property
3435 3435 def resolved(self):
3436 3436 return self.resolved_by[0] if self.resolved_by else None
3437 3437
3438 3438 @property
3439 3439 def is_todo(self):
3440 3440 return self.comment_type == self.COMMENT_TYPE_TODO
3441 3441
3442 3442 @property
3443 3443 def is_inline(self):
3444 3444 return self.line_no and self.f_path
3445 3445
3446 3446 def get_index_version(self, versions):
3447 3447 return self.get_index_from_version(
3448 3448 self.pull_request_version_id, versions)
3449 3449
3450 3450 def __repr__(self):
3451 3451 if self.comment_id:
3452 3452 return '<DB:Comment #%s>' % self.comment_id
3453 3453 else:
3454 3454 return '<DB:Comment at %#x>' % id(self)
3455 3455
3456 3456 def get_api_data(self):
3457 3457 comment = self
3458 3458 data = {
3459 3459 'comment_id': comment.comment_id,
3460 3460 'comment_type': comment.comment_type,
3461 3461 'comment_text': comment.text,
3462 3462 'comment_status': comment.status_change,
3463 3463 'comment_f_path': comment.f_path,
3464 3464 'comment_lineno': comment.line_no,
3465 3465 'comment_author': comment.author,
3466 3466 'comment_created_on': comment.created_on
3467 3467 }
3468 3468 return data
3469 3469
3470 3470 def __json__(self):
3471 3471 data = dict()
3472 3472 data.update(self.get_api_data())
3473 3473 return data
3474 3474
3475 3475
3476 3476 class ChangesetStatus(Base, BaseModel):
3477 3477 __tablename__ = 'changeset_statuses'
3478 3478 __table_args__ = (
3479 3479 Index('cs_revision_idx', 'revision'),
3480 3480 Index('cs_version_idx', 'version'),
3481 3481 UniqueConstraint('repo_id', 'revision', 'version'),
3482 3482 base_table_args
3483 3483 )
3484 3484
3485 3485 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3486 3486 STATUS_APPROVED = 'approved'
3487 3487 STATUS_REJECTED = 'rejected'
3488 3488 STATUS_UNDER_REVIEW = 'under_review'
3489 3489
3490 3490 STATUSES = [
3491 3491 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3492 3492 (STATUS_APPROVED, _("Approved")),
3493 3493 (STATUS_REJECTED, _("Rejected")),
3494 3494 (STATUS_UNDER_REVIEW, _("Under Review")),
3495 3495 ]
3496 3496
3497 3497 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3498 3498 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3499 3499 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3500 3500 revision = Column('revision', String(40), nullable=False)
3501 3501 status = Column('status', String(128), nullable=False, default=DEFAULT)
3502 3502 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3503 3503 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3504 3504 version = Column('version', Integer(), nullable=False, default=0)
3505 3505 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3506 3506
3507 3507 author = relationship('User', lazy='joined')
3508 3508 repo = relationship('Repository')
3509 3509 comment = relationship('ChangesetComment', lazy='joined')
3510 3510 pull_request = relationship('PullRequest', lazy='joined')
3511 3511
3512 3512 def __unicode__(self):
3513 3513 return u"<%s('%s[v%s]:%s')>" % (
3514 3514 self.__class__.__name__,
3515 3515 self.status, self.version, self.author
3516 3516 )
3517 3517
3518 3518 @classmethod
3519 3519 def get_status_lbl(cls, value):
3520 3520 return dict(cls.STATUSES).get(value)
3521 3521
3522 3522 @property
3523 3523 def status_lbl(self):
3524 3524 return ChangesetStatus.get_status_lbl(self.status)
3525 3525
3526 3526 def get_api_data(self):
3527 3527 status = self
3528 3528 data = {
3529 3529 'status_id': status.changeset_status_id,
3530 3530 'status': status.status,
3531 3531 }
3532 3532 return data
3533 3533
3534 3534 def __json__(self):
3535 3535 data = dict()
3536 3536 data.update(self.get_api_data())
3537 3537 return data
3538 3538
3539 3539
3540 3540 class _PullRequestBase(BaseModel):
3541 3541 """
3542 3542 Common attributes of pull request and version entries.
3543 3543 """
3544 3544
3545 3545 # .status values
3546 3546 STATUS_NEW = u'new'
3547 3547 STATUS_OPEN = u'open'
3548 3548 STATUS_CLOSED = u'closed'
3549 3549
3550 3550 # available states
3551 3551 STATE_CREATING = u'creating'
3552 3552 STATE_UPDATING = u'updating'
3553 3553 STATE_MERGING = u'merging'
3554 3554 STATE_CREATED = u'created'
3555 3555
3556 3556 title = Column('title', Unicode(255), nullable=True)
3557 3557 description = Column(
3558 3558 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3559 3559 nullable=True)
3560 3560 description_renderer = Column('description_renderer', Unicode(64), nullable=True)
3561 3561
3562 3562 # new/open/closed status of pull request (not approve/reject/etc)
3563 3563 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3564 3564 created_on = Column(
3565 3565 'created_on', DateTime(timezone=False), nullable=False,
3566 3566 default=datetime.datetime.now)
3567 3567 updated_on = Column(
3568 3568 'updated_on', DateTime(timezone=False), nullable=False,
3569 3569 default=datetime.datetime.now)
3570 3570
3571 3571 pull_request_state = Column("pull_request_state", String(255), nullable=True)
3572 3572
3573 3573 @declared_attr
3574 3574 def user_id(cls):
3575 3575 return Column(
3576 3576 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3577 3577 unique=None)
3578 3578
3579 3579 # 500 revisions max
3580 3580 _revisions = Column(
3581 3581 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3582 3582
3583 3583 @declared_attr
3584 3584 def source_repo_id(cls):
3585 3585 # TODO: dan: rename column to source_repo_id
3586 3586 return Column(
3587 3587 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3588 3588 nullable=False)
3589 3589
3590 3590 _source_ref = Column('org_ref', Unicode(255), nullable=False)
3591 3591
3592 3592 @hybrid_property
3593 3593 def source_ref(self):
3594 3594 return self._source_ref
3595 3595
3596 3596 @source_ref.setter
3597 3597 def source_ref(self, val):
3598 3598 parts = (val or '').split(':')
3599 3599 if len(parts) != 3:
3600 3600 raise ValueError(
3601 3601 'Invalid reference format given: {}, expected X:Y:Z'.format(val))
3602 3602 self._source_ref = safe_unicode(val)
3603 3603
3604 3604 _target_ref = Column('other_ref', Unicode(255), nullable=False)
3605 3605
3606 3606 @hybrid_property
3607 3607 def target_ref(self):
3608 3608 return self._target_ref
3609 3609
3610 3610 @target_ref.setter
3611 3611 def target_ref(self, val):
3612 3612 parts = (val or '').split(':')
3613 3613 if len(parts) != 3:
3614 3614 raise ValueError(
3615 3615 'Invalid reference format given: {}, expected X:Y:Z'.format(val))
3616 3616 self._target_ref = safe_unicode(val)
3617 3617
3618 3618 @declared_attr
3619 3619 def target_repo_id(cls):
3620 3620 # TODO: dan: rename column to target_repo_id
3621 3621 return Column(
3622 3622 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3623 3623 nullable=False)
3624 3624
3625 3625 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3626 3626
3627 3627 # TODO: dan: rename column to last_merge_source_rev
3628 3628 _last_merge_source_rev = Column(
3629 3629 'last_merge_org_rev', String(40), nullable=True)
3630 3630 # TODO: dan: rename column to last_merge_target_rev
3631 3631 _last_merge_target_rev = Column(
3632 3632 'last_merge_other_rev', String(40), nullable=True)
3633 3633 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3634 3634 merge_rev = Column('merge_rev', String(40), nullable=True)
3635 3635
3636 3636 reviewer_data = Column(
3637 3637 'reviewer_data_json', MutationObj.as_mutable(
3638 3638 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3639 3639
3640 3640 @property
3641 3641 def reviewer_data_json(self):
3642 3642 return json.dumps(self.reviewer_data)
3643 3643
3644 3644 @hybrid_property
3645 3645 def description_safe(self):
3646 3646 from rhodecode.lib import helpers as h
3647 3647 return h.escape(self.description)
3648 3648
3649 3649 @hybrid_property
3650 3650 def revisions(self):
3651 3651 return self._revisions.split(':') if self._revisions else []
3652 3652
3653 3653 @revisions.setter
3654 3654 def revisions(self, val):
3655 3655 self._revisions = ':'.join(val)
3656 3656
3657 3657 @hybrid_property
3658 3658 def last_merge_status(self):
3659 3659 return safe_int(self._last_merge_status)
3660 3660
3661 3661 @last_merge_status.setter
3662 3662 def last_merge_status(self, val):
3663 3663 self._last_merge_status = val
3664 3664
3665 3665 @declared_attr
3666 3666 def author(cls):
3667 3667 return relationship('User', lazy='joined')
3668 3668
3669 3669 @declared_attr
3670 3670 def source_repo(cls):
3671 3671 return relationship(
3672 3672 'Repository',
3673 3673 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3674 3674
3675 3675 @property
3676 3676 def source_ref_parts(self):
3677 3677 return self.unicode_to_reference(self.source_ref)
3678 3678
3679 3679 @declared_attr
3680 3680 def target_repo(cls):
3681 3681 return relationship(
3682 3682 'Repository',
3683 3683 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3684 3684
3685 3685 @property
3686 3686 def target_ref_parts(self):
3687 3687 return self.unicode_to_reference(self.target_ref)
3688 3688
3689 3689 @property
3690 3690 def shadow_merge_ref(self):
3691 3691 return self.unicode_to_reference(self._shadow_merge_ref)
3692 3692
3693 3693 @shadow_merge_ref.setter
3694 3694 def shadow_merge_ref(self, ref):
3695 3695 self._shadow_merge_ref = self.reference_to_unicode(ref)
3696 3696
3697 3697 @staticmethod
3698 3698 def unicode_to_reference(raw):
3699 3699 """
3700 3700 Convert a unicode (or string) to a reference object.
3701 3701 If unicode evaluates to False it returns None.
3702 3702 """
3703 3703 if raw:
3704 3704 refs = raw.split(':')
3705 3705 return Reference(*refs)
3706 3706 else:
3707 3707 return None
3708 3708
3709 3709 @staticmethod
3710 3710 def reference_to_unicode(ref):
3711 3711 """
3712 3712 Convert a reference object to unicode.
3713 3713 If reference is None it returns None.
3714 3714 """
3715 3715 if ref:
3716 3716 return u':'.join(ref)
3717 3717 else:
3718 3718 return None
3719 3719
3720 3720 def get_api_data(self, with_merge_state=True):
3721 3721 from rhodecode.model.pull_request import PullRequestModel
3722 3722
3723 3723 pull_request = self
3724 3724 if with_merge_state:
3725 3725 merge_status = PullRequestModel().merge_status(pull_request)
3726 3726 merge_state = {
3727 3727 'status': merge_status[0],
3728 3728 'message': safe_unicode(merge_status[1]),
3729 3729 }
3730 3730 else:
3731 3731 merge_state = {'status': 'not_available',
3732 3732 'message': 'not_available'}
3733 3733
3734 3734 merge_data = {
3735 3735 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3736 3736 'reference': (
3737 3737 pull_request.shadow_merge_ref._asdict()
3738 3738 if pull_request.shadow_merge_ref else None),
3739 3739 }
3740 3740
3741 3741 data = {
3742 3742 'pull_request_id': pull_request.pull_request_id,
3743 3743 'url': PullRequestModel().get_url(pull_request),
3744 3744 'title': pull_request.title,
3745 3745 'description': pull_request.description,
3746 3746 'status': pull_request.status,
3747 3747 'created_on': pull_request.created_on,
3748 3748 'updated_on': pull_request.updated_on,
3749 3749 'commit_ids': pull_request.revisions,
3750 3750 'review_status': pull_request.calculated_review_status(),
3751 3751 'mergeable': merge_state,
3752 3752 'source': {
3753 3753 'clone_url': pull_request.source_repo.clone_url(),
3754 3754 'repository': pull_request.source_repo.repo_name,
3755 3755 'reference': {
3756 3756 'name': pull_request.source_ref_parts.name,
3757 3757 'type': pull_request.source_ref_parts.type,
3758 3758 'commit_id': pull_request.source_ref_parts.commit_id,
3759 3759 },
3760 3760 },
3761 3761 'target': {
3762 3762 'clone_url': pull_request.target_repo.clone_url(),
3763 3763 'repository': pull_request.target_repo.repo_name,
3764 3764 'reference': {
3765 3765 'name': pull_request.target_ref_parts.name,
3766 3766 'type': pull_request.target_ref_parts.type,
3767 3767 'commit_id': pull_request.target_ref_parts.commit_id,
3768 3768 },
3769 3769 },
3770 3770 'merge': merge_data,
3771 3771 'author': pull_request.author.get_api_data(include_secrets=False,
3772 3772 details='basic'),
3773 3773 'reviewers': [
3774 3774 {
3775 3775 'user': reviewer.get_api_data(include_secrets=False,
3776 3776 details='basic'),
3777 3777 'reasons': reasons,
3778 3778 'review_status': st[0][1].status if st else 'not_reviewed',
3779 3779 }
3780 3780 for obj, reviewer, reasons, mandatory, st in
3781 3781 pull_request.reviewers_statuses()
3782 3782 ]
3783 3783 }
3784 3784
3785 3785 return data
3786 3786
3787 3787
3788 3788 class PullRequest(Base, _PullRequestBase):
3789 3789 __tablename__ = 'pull_requests'
3790 3790 __table_args__ = (
3791 3791 base_table_args,
3792 3792 )
3793 3793
3794 3794 pull_request_id = Column(
3795 3795 'pull_request_id', Integer(), nullable=False, primary_key=True)
3796 3796
3797 3797 def __repr__(self):
3798 3798 if self.pull_request_id:
3799 3799 return '<DB:PullRequest #%s>' % self.pull_request_id
3800 3800 else:
3801 3801 return '<DB:PullRequest at %#x>' % id(self)
3802 3802
3803 3803 reviewers = relationship('PullRequestReviewers',
3804 3804 cascade="all, delete, delete-orphan")
3805 3805 statuses = relationship('ChangesetStatus',
3806 3806 cascade="all, delete, delete-orphan")
3807 3807 comments = relationship('ChangesetComment',
3808 3808 cascade="all, delete, delete-orphan")
3809 3809 versions = relationship('PullRequestVersion',
3810 3810 cascade="all, delete, delete-orphan",
3811 3811 lazy='dynamic')
3812 3812
3813 3813 @classmethod
3814 3814 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3815 3815 internal_methods=None):
3816 3816
3817 3817 class PullRequestDisplay(object):
3818 3818 """
3819 3819 Special object wrapper for showing PullRequest data via Versions
3820 3820 It mimics PR object as close as possible. This is read only object
3821 3821 just for display
3822 3822 """
3823 3823
3824 3824 def __init__(self, attrs, internal=None):
3825 3825 self.attrs = attrs
3826 3826 # internal have priority over the given ones via attrs
3827 3827 self.internal = internal or ['versions']
3828 3828
3829 3829 def __getattr__(self, item):
3830 3830 if item in self.internal:
3831 3831 return getattr(self, item)
3832 3832 try:
3833 3833 return self.attrs[item]
3834 3834 except KeyError:
3835 3835 raise AttributeError(
3836 3836 '%s object has no attribute %s' % (self, item))
3837 3837
3838 3838 def __repr__(self):
3839 3839 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3840 3840
3841 3841 def versions(self):
3842 3842 return pull_request_obj.versions.order_by(
3843 3843 PullRequestVersion.pull_request_version_id).all()
3844 3844
3845 3845 def is_closed(self):
3846 3846 return pull_request_obj.is_closed()
3847 3847
3848 3848 @property
3849 3849 def pull_request_version_id(self):
3850 3850 return getattr(pull_request_obj, 'pull_request_version_id', None)
3851 3851
3852 3852 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3853 3853
3854 3854 attrs.author = StrictAttributeDict(
3855 3855 pull_request_obj.author.get_api_data())
3856 3856 if pull_request_obj.target_repo:
3857 3857 attrs.target_repo = StrictAttributeDict(
3858 3858 pull_request_obj.target_repo.get_api_data())
3859 3859 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3860 3860
3861 3861 if pull_request_obj.source_repo:
3862 3862 attrs.source_repo = StrictAttributeDict(
3863 3863 pull_request_obj.source_repo.get_api_data())
3864 3864 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3865 3865
3866 3866 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3867 3867 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3868 3868 attrs.revisions = pull_request_obj.revisions
3869 3869
3870 3870 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3871 3871 attrs.reviewer_data = org_pull_request_obj.reviewer_data
3872 3872 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
3873 3873
3874 3874 return PullRequestDisplay(attrs, internal=internal_methods)
3875 3875
3876 3876 def is_closed(self):
3877 3877 return self.status == self.STATUS_CLOSED
3878 3878
3879 3879 def __json__(self):
3880 3880 return {
3881 3881 'revisions': self.revisions,
3882 3882 }
3883 3883
3884 3884 def calculated_review_status(self):
3885 3885 from rhodecode.model.changeset_status import ChangesetStatusModel
3886 3886 return ChangesetStatusModel().calculated_review_status(self)
3887 3887
3888 3888 def reviewers_statuses(self):
3889 3889 from rhodecode.model.changeset_status import ChangesetStatusModel
3890 3890 return ChangesetStatusModel().reviewers_statuses(self)
3891 3891
3892 3892 @property
3893 3893 def workspace_id(self):
3894 3894 from rhodecode.model.pull_request import PullRequestModel
3895 3895 return PullRequestModel()._workspace_id(self)
3896 3896
3897 3897 def get_shadow_repo(self):
3898 3898 workspace_id = self.workspace_id
3899 3899 vcs_obj = self.target_repo.scm_instance()
3900 3900 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3901 3901 self.target_repo.repo_id, workspace_id)
3902 3902 if os.path.isdir(shadow_repository_path):
3903 3903 return vcs_obj.get_shadow_instance(shadow_repository_path)
3904 3904
3905 3905
3906 3906 class PullRequestVersion(Base, _PullRequestBase):
3907 3907 __tablename__ = 'pull_request_versions'
3908 3908 __table_args__ = (
3909 3909 base_table_args,
3910 3910 )
3911 3911
3912 3912 pull_request_version_id = Column(
3913 3913 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3914 3914 pull_request_id = Column(
3915 3915 'pull_request_id', Integer(),
3916 3916 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3917 3917 pull_request = relationship('PullRequest')
3918 3918
3919 3919 def __repr__(self):
3920 3920 if self.pull_request_version_id:
3921 3921 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3922 3922 else:
3923 3923 return '<DB:PullRequestVersion at %#x>' % id(self)
3924 3924
3925 3925 @property
3926 3926 def reviewers(self):
3927 3927 return self.pull_request.reviewers
3928 3928
3929 3929 @property
3930 3930 def versions(self):
3931 3931 return self.pull_request.versions
3932 3932
3933 3933 def is_closed(self):
3934 3934 # calculate from original
3935 3935 return self.pull_request.status == self.STATUS_CLOSED
3936 3936
3937 3937 def calculated_review_status(self):
3938 3938 return self.pull_request.calculated_review_status()
3939 3939
3940 3940 def reviewers_statuses(self):
3941 3941 return self.pull_request.reviewers_statuses()
3942 3942
3943 3943
3944 3944 class PullRequestReviewers(Base, BaseModel):
3945 3945 __tablename__ = 'pull_request_reviewers'
3946 3946 __table_args__ = (
3947 3947 base_table_args,
3948 3948 )
3949 3949
3950 3950 @hybrid_property
3951 3951 def reasons(self):
3952 3952 if not self._reasons:
3953 3953 return []
3954 3954 return self._reasons
3955 3955
3956 3956 @reasons.setter
3957 3957 def reasons(self, val):
3958 3958 val = val or []
3959 3959 if any(not isinstance(x, compat.string_types) for x in val):
3960 3960 raise Exception('invalid reasons type, must be list of strings')
3961 3961 self._reasons = val
3962 3962
3963 3963 pull_requests_reviewers_id = Column(
3964 3964 'pull_requests_reviewers_id', Integer(), nullable=False,
3965 3965 primary_key=True)
3966 3966 pull_request_id = Column(
3967 3967 "pull_request_id", Integer(),
3968 3968 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3969 3969 user_id = Column(
3970 3970 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3971 3971 _reasons = Column(
3972 3972 'reason', MutationList.as_mutable(
3973 3973 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3974 3974
3975 3975 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
3976 3976 user = relationship('User')
3977 3977 pull_request = relationship('PullRequest')
3978 3978
3979 3979 rule_data = Column(
3980 3980 'rule_data_json',
3981 3981 JsonType(dialect_map=dict(mysql=UnicodeText(16384))))
3982 3982
3983 3983 def rule_user_group_data(self):
3984 3984 """
3985 3985 Returns the voting user group rule data for this reviewer
3986 3986 """
3987 3987
3988 3988 if self.rule_data and 'vote_rule' in self.rule_data:
3989 3989 user_group_data = {}
3990 3990 if 'rule_user_group_entry_id' in self.rule_data:
3991 3991 # means a group with voting rules !
3992 3992 user_group_data['id'] = self.rule_data['rule_user_group_entry_id']
3993 3993 user_group_data['name'] = self.rule_data['rule_name']
3994 3994 user_group_data['vote_rule'] = self.rule_data['vote_rule']
3995 3995
3996 3996 return user_group_data
3997 3997
3998 3998 def __unicode__(self):
3999 3999 return u"<%s('id:%s')>" % (self.__class__.__name__,
4000 4000 self.pull_requests_reviewers_id)
4001 4001
4002 4002
4003 4003 class Notification(Base, BaseModel):
4004 4004 __tablename__ = 'notifications'
4005 4005 __table_args__ = (
4006 4006 Index('notification_type_idx', 'type'),
4007 4007 base_table_args,
4008 4008 )
4009 4009
4010 4010 TYPE_CHANGESET_COMMENT = u'cs_comment'
4011 4011 TYPE_MESSAGE = u'message'
4012 4012 TYPE_MENTION = u'mention'
4013 4013 TYPE_REGISTRATION = u'registration'
4014 4014 TYPE_PULL_REQUEST = u'pull_request'
4015 4015 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
4016 4016
4017 4017 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
4018 4018 subject = Column('subject', Unicode(512), nullable=True)
4019 4019 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
4020 4020 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
4021 4021 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4022 4022 type_ = Column('type', Unicode(255))
4023 4023
4024 4024 created_by_user = relationship('User')
4025 4025 notifications_to_users = relationship('UserNotification', lazy='joined',
4026 4026 cascade="all, delete, delete-orphan")
4027 4027
4028 4028 @property
4029 4029 def recipients(self):
4030 4030 return [x.user for x in UserNotification.query()\
4031 4031 .filter(UserNotification.notification == self)\
4032 4032 .order_by(UserNotification.user_id.asc()).all()]
4033 4033
4034 4034 @classmethod
4035 4035 def create(cls, created_by, subject, body, recipients, type_=None):
4036 4036 if type_ is None:
4037 4037 type_ = Notification.TYPE_MESSAGE
4038 4038
4039 4039 notification = cls()
4040 4040 notification.created_by_user = created_by
4041 4041 notification.subject = subject
4042 4042 notification.body = body
4043 4043 notification.type_ = type_
4044 4044 notification.created_on = datetime.datetime.now()
4045 4045
4046 4046 # For each recipient link the created notification to his account
4047 4047 for u in recipients:
4048 4048 assoc = UserNotification()
4049 4049 assoc.user_id = u.user_id
4050 4050 assoc.notification = notification
4051 4051
4052 4052 # if created_by is inside recipients mark his notification
4053 4053 # as read
4054 4054 if u.user_id == created_by.user_id:
4055 4055 assoc.read = True
4056 4056 Session().add(assoc)
4057 4057
4058 4058 Session().add(notification)
4059 4059
4060 4060 return notification
4061 4061
4062 4062
4063 4063 class UserNotification(Base, BaseModel):
4064 4064 __tablename__ = 'user_to_notification'
4065 4065 __table_args__ = (
4066 4066 UniqueConstraint('user_id', 'notification_id'),
4067 4067 base_table_args
4068 4068 )
4069 4069
4070 4070 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
4071 4071 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
4072 4072 read = Column('read', Boolean, default=False)
4073 4073 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
4074 4074
4075 4075 user = relationship('User', lazy="joined")
4076 4076 notification = relationship('Notification', lazy="joined",
4077 4077 order_by=lambda: Notification.created_on.desc(),)
4078 4078
4079 4079 def mark_as_read(self):
4080 4080 self.read = True
4081 4081 Session().add(self)
4082 4082
4083 4083
4084 4084 class Gist(Base, BaseModel):
4085 4085 __tablename__ = 'gists'
4086 4086 __table_args__ = (
4087 4087 Index('g_gist_access_id_idx', 'gist_access_id'),
4088 4088 Index('g_created_on_idx', 'created_on'),
4089 4089 base_table_args
4090 4090 )
4091 4091
4092 4092 GIST_PUBLIC = u'public'
4093 4093 GIST_PRIVATE = u'private'
4094 4094 DEFAULT_FILENAME = u'gistfile1.txt'
4095 4095
4096 4096 ACL_LEVEL_PUBLIC = u'acl_public'
4097 4097 ACL_LEVEL_PRIVATE = u'acl_private'
4098 4098
4099 4099 gist_id = Column('gist_id', Integer(), primary_key=True)
4100 4100 gist_access_id = Column('gist_access_id', Unicode(250))
4101 4101 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
4102 4102 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
4103 4103 gist_expires = Column('gist_expires', Float(53), nullable=False)
4104 4104 gist_type = Column('gist_type', Unicode(128), nullable=False)
4105 4105 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4106 4106 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4107 4107 acl_level = Column('acl_level', Unicode(128), nullable=True)
4108 4108
4109 4109 owner = relationship('User')
4110 4110
4111 4111 def __repr__(self):
4112 4112 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
4113 4113
4114 4114 @hybrid_property
4115 4115 def description_safe(self):
4116 4116 from rhodecode.lib import helpers as h
4117 4117 return h.escape(self.gist_description)
4118 4118
4119 4119 @classmethod
4120 4120 def get_or_404(cls, id_):
4121 4121 from pyramid.httpexceptions import HTTPNotFound
4122 4122
4123 4123 res = cls.query().filter(cls.gist_access_id == id_).scalar()
4124 4124 if not res:
4125 4125 raise HTTPNotFound()
4126 4126 return res
4127 4127
4128 4128 @classmethod
4129 4129 def get_by_access_id(cls, gist_access_id):
4130 4130 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
4131 4131
4132 4132 def gist_url(self):
4133 4133 from rhodecode.model.gist import GistModel
4134 4134 return GistModel().get_url(self)
4135 4135
4136 4136 @classmethod
4137 4137 def base_path(cls):
4138 4138 """
4139 4139 Returns base path when all gists are stored
4140 4140
4141 4141 :param cls:
4142 4142 """
4143 4143 from rhodecode.model.gist import GIST_STORE_LOC
4144 4144 q = Session().query(RhodeCodeUi)\
4145 4145 .filter(RhodeCodeUi.ui_key == URL_SEP)
4146 4146 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
4147 4147 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
4148 4148
4149 4149 def get_api_data(self):
4150 4150 """
4151 4151 Common function for generating gist related data for API
4152 4152 """
4153 4153 gist = self
4154 4154 data = {
4155 4155 'gist_id': gist.gist_id,
4156 4156 'type': gist.gist_type,
4157 4157 'access_id': gist.gist_access_id,
4158 4158 'description': gist.gist_description,
4159 4159 'url': gist.gist_url(),
4160 4160 'expires': gist.gist_expires,
4161 4161 'created_on': gist.created_on,
4162 4162 'modified_at': gist.modified_at,
4163 4163 'content': None,
4164 4164 'acl_level': gist.acl_level,
4165 4165 }
4166 4166 return data
4167 4167
4168 4168 def __json__(self):
4169 4169 data = dict(
4170 4170 )
4171 4171 data.update(self.get_api_data())
4172 4172 return data
4173 4173 # SCM functions
4174 4174
4175 4175 def scm_instance(self, **kwargs):
4176 4176 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
4177 4177 return get_vcs_instance(
4178 4178 repo_path=safe_str(full_repo_path), create=False)
4179 4179
4180 4180
4181 4181 class ExternalIdentity(Base, BaseModel):
4182 4182 __tablename__ = 'external_identities'
4183 4183 __table_args__ = (
4184 4184 Index('local_user_id_idx', 'local_user_id'),
4185 4185 Index('external_id_idx', 'external_id'),
4186 4186 base_table_args
4187 4187 )
4188 4188
4189 4189 external_id = Column('external_id', Unicode(255), default=u'', primary_key=True)
4190 4190 external_username = Column('external_username', Unicode(1024), default=u'')
4191 4191 local_user_id = Column('local_user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
4192 4192 provider_name = Column('provider_name', Unicode(255), default=u'', primary_key=True)
4193 4193 access_token = Column('access_token', String(1024), default=u'')
4194 4194 alt_token = Column('alt_token', String(1024), default=u'')
4195 4195 token_secret = Column('token_secret', String(1024), default=u'')
4196 4196
4197 4197 @classmethod
4198 4198 def by_external_id_and_provider(cls, external_id, provider_name, local_user_id=None):
4199 4199 """
4200 4200 Returns ExternalIdentity instance based on search params
4201 4201
4202 4202 :param external_id:
4203 4203 :param provider_name:
4204 4204 :return: ExternalIdentity
4205 4205 """
4206 4206 query = cls.query()
4207 4207 query = query.filter(cls.external_id == external_id)
4208 4208 query = query.filter(cls.provider_name == provider_name)
4209 4209 if local_user_id:
4210 4210 query = query.filter(cls.local_user_id == local_user_id)
4211 4211 return query.first()
4212 4212
4213 4213 @classmethod
4214 4214 def user_by_external_id_and_provider(cls, external_id, provider_name):
4215 4215 """
4216 4216 Returns User instance based on search params
4217 4217
4218 4218 :param external_id:
4219 4219 :param provider_name:
4220 4220 :return: User
4221 4221 """
4222 4222 query = User.query()
4223 4223 query = query.filter(cls.external_id == external_id)
4224 4224 query = query.filter(cls.provider_name == provider_name)
4225 4225 query = query.filter(User.user_id == cls.local_user_id)
4226 4226 return query.first()
4227 4227
4228 4228 @classmethod
4229 4229 def by_local_user_id(cls, local_user_id):
4230 4230 """
4231 4231 Returns all tokens for user
4232 4232
4233 4233 :param local_user_id:
4234 4234 :return: ExternalIdentity
4235 4235 """
4236 4236 query = cls.query()
4237 4237 query = query.filter(cls.local_user_id == local_user_id)
4238 4238 return query
4239 4239
4240 4240 @classmethod
4241 4241 def load_provider_plugin(cls, plugin_id):
4242 4242 from rhodecode.authentication.base import loadplugin
4243 4243 _plugin_id = 'egg:rhodecode-enterprise-ee#{}'.format(plugin_id)
4244 4244 auth_plugin = loadplugin(_plugin_id)
4245 4245 return auth_plugin
4246 4246
4247 4247
4248 4248 class Integration(Base, BaseModel):
4249 4249 __tablename__ = 'integrations'
4250 4250 __table_args__ = (
4251 4251 base_table_args
4252 4252 )
4253 4253
4254 4254 integration_id = Column('integration_id', Integer(), primary_key=True)
4255 4255 integration_type = Column('integration_type', String(255))
4256 4256 enabled = Column('enabled', Boolean(), nullable=False)
4257 4257 name = Column('name', String(255), nullable=False)
4258 4258 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
4259 4259 default=False)
4260 4260
4261 4261 settings = Column(
4262 4262 'settings_json', MutationObj.as_mutable(
4263 4263 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
4264 4264 repo_id = Column(
4265 4265 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
4266 4266 nullable=True, unique=None, default=None)
4267 4267 repo = relationship('Repository', lazy='joined')
4268 4268
4269 4269 repo_group_id = Column(
4270 4270 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
4271 4271 nullable=True, unique=None, default=None)
4272 4272 repo_group = relationship('RepoGroup', lazy='joined')
4273 4273
4274 4274 @property
4275 4275 def scope(self):
4276 4276 if self.repo:
4277 4277 return repr(self.repo)
4278 4278 if self.repo_group:
4279 4279 if self.child_repos_only:
4280 4280 return repr(self.repo_group) + ' (child repos only)'
4281 4281 else:
4282 4282 return repr(self.repo_group) + ' (recursive)'
4283 4283 if self.child_repos_only:
4284 4284 return 'root_repos'
4285 4285 return 'global'
4286 4286
4287 4287 def __repr__(self):
4288 4288 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4289 4289
4290 4290
4291 4291 class RepoReviewRuleUser(Base, BaseModel):
4292 4292 __tablename__ = 'repo_review_rules_users'
4293 4293 __table_args__ = (
4294 4294 base_table_args
4295 4295 )
4296 4296
4297 4297 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4298 4298 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4299 4299 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4300 4300 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4301 4301 user = relationship('User')
4302 4302
4303 4303 def rule_data(self):
4304 4304 return {
4305 4305 'mandatory': self.mandatory
4306 4306 }
4307 4307
4308 4308
4309 4309 class RepoReviewRuleUserGroup(Base, BaseModel):
4310 4310 __tablename__ = 'repo_review_rules_users_groups'
4311 4311 __table_args__ = (
4312 4312 base_table_args
4313 4313 )
4314 4314
4315 4315 VOTE_RULE_ALL = -1
4316 4316
4317 4317 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4318 4318 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4319 4319 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4320 4320 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4321 4321 vote_rule = Column("vote_rule", Integer(), nullable=True, default=VOTE_RULE_ALL)
4322 4322 users_group = relationship('UserGroup')
4323 4323
4324 4324 def rule_data(self):
4325 4325 return {
4326 4326 'mandatory': self.mandatory,
4327 4327 'vote_rule': self.vote_rule
4328 4328 }
4329 4329
4330 4330 @property
4331 4331 def vote_rule_label(self):
4332 4332 if not self.vote_rule or self.vote_rule == self.VOTE_RULE_ALL:
4333 4333 return 'all must vote'
4334 4334 else:
4335 4335 return 'min. vote {}'.format(self.vote_rule)
4336 4336
4337 4337
4338 4338 class RepoReviewRule(Base, BaseModel):
4339 4339 __tablename__ = 'repo_review_rules'
4340 4340 __table_args__ = (
4341 4341 base_table_args
4342 4342 )
4343 4343
4344 4344 repo_review_rule_id = Column(
4345 4345 'repo_review_rule_id', Integer(), primary_key=True)
4346 4346 repo_id = Column(
4347 4347 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4348 4348 repo = relationship('Repository', backref='review_rules')
4349 4349
4350 4350 review_rule_name = Column('review_rule_name', String(255))
4351 4351 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4352 4352 _target_branch_pattern = Column("target_branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4353 4353 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4354 4354
4355 4355 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4356 4356 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4357 4357 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4358 4358 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4359 4359
4360 4360 rule_users = relationship('RepoReviewRuleUser')
4361 4361 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4362 4362
4363 4363 def _validate_pattern(self, value):
4364 4364 re.compile('^' + glob2re(value) + '$')
4365 4365
4366 4366 @hybrid_property
4367 4367 def source_branch_pattern(self):
4368 4368 return self._branch_pattern or '*'
4369 4369
4370 4370 @source_branch_pattern.setter
4371 4371 def source_branch_pattern(self, value):
4372 4372 self._validate_pattern(value)
4373 4373 self._branch_pattern = value or '*'
4374 4374
4375 4375 @hybrid_property
4376 4376 def target_branch_pattern(self):
4377 4377 return self._target_branch_pattern or '*'
4378 4378
4379 4379 @target_branch_pattern.setter
4380 4380 def target_branch_pattern(self, value):
4381 4381 self._validate_pattern(value)
4382 4382 self._target_branch_pattern = value or '*'
4383 4383
4384 4384 @hybrid_property
4385 4385 def file_pattern(self):
4386 4386 return self._file_pattern or '*'
4387 4387
4388 4388 @file_pattern.setter
4389 4389 def file_pattern(self, value):
4390 4390 self._validate_pattern(value)
4391 4391 self._file_pattern = value or '*'
4392 4392
4393 4393 def matches(self, source_branch, target_branch, files_changed):
4394 4394 """
4395 4395 Check if this review rule matches a branch/files in a pull request
4396 4396
4397 4397 :param source_branch: source branch name for the commit
4398 4398 :param target_branch: target branch name for the commit
4399 4399 :param files_changed: list of file paths changed in the pull request
4400 4400 """
4401 4401
4402 4402 source_branch = source_branch or ''
4403 4403 target_branch = target_branch or ''
4404 4404 files_changed = files_changed or []
4405 4405
4406 4406 branch_matches = True
4407 4407 if source_branch or target_branch:
4408 4408 if self.source_branch_pattern == '*':
4409 4409 source_branch_match = True
4410 4410 else:
4411 4411 if self.source_branch_pattern.startswith('re:'):
4412 4412 source_pattern = self.source_branch_pattern[3:]
4413 4413 else:
4414 4414 source_pattern = '^' + glob2re(self.source_branch_pattern) + '$'
4415 4415 source_branch_regex = re.compile(source_pattern)
4416 4416 source_branch_match = bool(source_branch_regex.search(source_branch))
4417 4417 if self.target_branch_pattern == '*':
4418 4418 target_branch_match = True
4419 4419 else:
4420 4420 if self.target_branch_pattern.startswith('re:'):
4421 4421 target_pattern = self.target_branch_pattern[3:]
4422 4422 else:
4423 4423 target_pattern = '^' + glob2re(self.target_branch_pattern) + '$'
4424 4424 target_branch_regex = re.compile(target_pattern)
4425 4425 target_branch_match = bool(target_branch_regex.search(target_branch))
4426 4426
4427 4427 branch_matches = source_branch_match and target_branch_match
4428 4428
4429 4429 files_matches = True
4430 4430 if self.file_pattern != '*':
4431 4431 files_matches = False
4432 4432 if self.file_pattern.startswith('re:'):
4433 4433 file_pattern = self.file_pattern[3:]
4434 4434 else:
4435 4435 file_pattern = glob2re(self.file_pattern)
4436 4436 file_regex = re.compile(file_pattern)
4437 4437 for filename in files_changed:
4438 4438 if file_regex.search(filename):
4439 4439 files_matches = True
4440 4440 break
4441 4441
4442 4442 return branch_matches and files_matches
4443 4443
4444 4444 @property
4445 4445 def review_users(self):
4446 4446 """ Returns the users which this rule applies to """
4447 4447
4448 4448 users = collections.OrderedDict()
4449 4449
4450 4450 for rule_user in self.rule_users:
4451 4451 if rule_user.user.active:
4452 4452 if rule_user.user not in users:
4453 4453 users[rule_user.user.username] = {
4454 4454 'user': rule_user.user,
4455 4455 'source': 'user',
4456 4456 'source_data': {},
4457 4457 'data': rule_user.rule_data()
4458 4458 }
4459 4459
4460 4460 for rule_user_group in self.rule_user_groups:
4461 4461 source_data = {
4462 4462 'user_group_id': rule_user_group.users_group.users_group_id,
4463 4463 'name': rule_user_group.users_group.users_group_name,
4464 4464 'members': len(rule_user_group.users_group.members)
4465 4465 }
4466 4466 for member in rule_user_group.users_group.members:
4467 4467 if member.user.active:
4468 4468 key = member.user.username
4469 4469 if key in users:
4470 4470 # skip this member as we have him already
4471 4471 # this prevents from override the "first" matched
4472 4472 # users with duplicates in multiple groups
4473 4473 continue
4474 4474
4475 4475 users[key] = {
4476 4476 'user': member.user,
4477 4477 'source': 'user_group',
4478 4478 'source_data': source_data,
4479 4479 'data': rule_user_group.rule_data()
4480 4480 }
4481 4481
4482 4482 return users
4483 4483
4484 4484 def user_group_vote_rule(self, user_id):
4485 4485
4486 4486 rules = []
4487 4487 if not self.rule_user_groups:
4488 4488 return rules
4489 4489
4490 4490 for user_group in self.rule_user_groups:
4491 4491 user_group_members = [x.user_id for x in user_group.users_group.members]
4492 4492 if user_id in user_group_members:
4493 4493 rules.append(user_group)
4494 4494 return rules
4495 4495
4496 4496 def __repr__(self):
4497 4497 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4498 4498 self.repo_review_rule_id, self.repo)
4499 4499
4500 4500
4501 4501 class ScheduleEntry(Base, BaseModel):
4502 4502 __tablename__ = 'schedule_entries'
4503 4503 __table_args__ = (
4504 4504 UniqueConstraint('schedule_name', name='s_schedule_name_idx'),
4505 4505 UniqueConstraint('task_uid', name='s_task_uid_idx'),
4506 4506 base_table_args,
4507 4507 )
4508 4508
4509 4509 schedule_types = ['crontab', 'timedelta', 'integer']
4510 4510 schedule_entry_id = Column('schedule_entry_id', Integer(), primary_key=True)
4511 4511
4512 4512 schedule_name = Column("schedule_name", String(255), nullable=False, unique=None, default=None)
4513 4513 schedule_description = Column("schedule_description", String(10000), nullable=True, unique=None, default=None)
4514 4514 schedule_enabled = Column("schedule_enabled", Boolean(), nullable=False, unique=None, default=True)
4515 4515
4516 4516 _schedule_type = Column("schedule_type", String(255), nullable=False, unique=None, default=None)
4517 4517 schedule_definition = Column('schedule_definition_json', MutationObj.as_mutable(JsonType(default=lambda: "", dialect_map=dict(mysql=LONGTEXT()))))
4518 4518
4519 4519 schedule_last_run = Column('schedule_last_run', DateTime(timezone=False), nullable=True, unique=None, default=None)
4520 4520 schedule_total_run_count = Column('schedule_total_run_count', Integer(), nullable=True, unique=None, default=0)
4521 4521
4522 4522 # task
4523 4523 task_uid = Column("task_uid", String(255), nullable=False, unique=None, default=None)
4524 4524 task_dot_notation = Column("task_dot_notation", String(4096), nullable=False, unique=None, default=None)
4525 4525 task_args = Column('task_args_json', MutationObj.as_mutable(JsonType(default=list, dialect_map=dict(mysql=LONGTEXT()))))
4526 4526 task_kwargs = Column('task_kwargs_json', MutationObj.as_mutable(JsonType(default=dict, dialect_map=dict(mysql=LONGTEXT()))))
4527 4527
4528 4528 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4529 4529 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=None)
4530 4530
4531 4531 @hybrid_property
4532 4532 def schedule_type(self):
4533 4533 return self._schedule_type
4534 4534
4535 4535 @schedule_type.setter
4536 4536 def schedule_type(self, val):
4537 4537 if val not in self.schedule_types:
4538 4538 raise ValueError('Value must be on of `{}` and got `{}`'.format(
4539 4539 val, self.schedule_type))
4540 4540
4541 4541 self._schedule_type = val
4542 4542
4543 4543 @classmethod
4544 4544 def get_uid(cls, obj):
4545 4545 args = obj.task_args
4546 4546 kwargs = obj.task_kwargs
4547 4547 if isinstance(args, JsonRaw):
4548 4548 try:
4549 4549 args = json.loads(args)
4550 4550 except ValueError:
4551 4551 args = tuple()
4552 4552
4553 4553 if isinstance(kwargs, JsonRaw):
4554 4554 try:
4555 4555 kwargs = json.loads(kwargs)
4556 4556 except ValueError:
4557 4557 kwargs = dict()
4558 4558
4559 4559 dot_notation = obj.task_dot_notation
4560 4560 val = '.'.join(map(safe_str, [
4561 4561 sorted(dot_notation), args, sorted(kwargs.items())]))
4562 4562 return hashlib.sha1(val).hexdigest()
4563 4563
4564 4564 @classmethod
4565 4565 def get_by_schedule_name(cls, schedule_name):
4566 4566 return cls.query().filter(cls.schedule_name == schedule_name).scalar()
4567 4567
4568 4568 @classmethod
4569 4569 def get_by_schedule_id(cls, schedule_id):
4570 4570 return cls.query().filter(cls.schedule_entry_id == schedule_id).scalar()
4571 4571
4572 4572 @property
4573 4573 def task(self):
4574 4574 return self.task_dot_notation
4575 4575
4576 4576 @property
4577 4577 def schedule(self):
4578 4578 from rhodecode.lib.celerylib.utils import raw_2_schedule
4579 4579 schedule = raw_2_schedule(self.schedule_definition, self.schedule_type)
4580 4580 return schedule
4581 4581
4582 4582 @property
4583 4583 def args(self):
4584 4584 try:
4585 4585 return list(self.task_args or [])
4586 4586 except ValueError:
4587 4587 return list()
4588 4588
4589 4589 @property
4590 4590 def kwargs(self):
4591 4591 try:
4592 4592 return dict(self.task_kwargs or {})
4593 4593 except ValueError:
4594 4594 return dict()
4595 4595
4596 4596 def _as_raw(self, val):
4597 4597 if hasattr(val, 'de_coerce'):
4598 4598 val = val.de_coerce()
4599 4599 if val:
4600 4600 val = json.dumps(val)
4601 4601
4602 4602 return val
4603 4603
4604 4604 @property
4605 4605 def schedule_definition_raw(self):
4606 4606 return self._as_raw(self.schedule_definition)
4607 4607
4608 4608 @property
4609 4609 def args_raw(self):
4610 4610 return self._as_raw(self.task_args)
4611 4611
4612 4612 @property
4613 4613 def kwargs_raw(self):
4614 4614 return self._as_raw(self.task_kwargs)
4615 4615
4616 4616 def __repr__(self):
4617 4617 return '<DB:ScheduleEntry({}:{})>'.format(
4618 4618 self.schedule_entry_id, self.schedule_name)
4619 4619
4620 4620
4621 4621 @event.listens_for(ScheduleEntry, 'before_update')
4622 4622 def update_task_uid(mapper, connection, target):
4623 4623 target.task_uid = ScheduleEntry.get_uid(target)
4624 4624
4625 4625
4626 4626 @event.listens_for(ScheduleEntry, 'before_insert')
4627 4627 def set_task_uid(mapper, connection, target):
4628 4628 target.task_uid = ScheduleEntry.get_uid(target)
4629 4629
4630 4630
4631 4631 class _BaseBranchPerms(BaseModel):
4632 4632 @classmethod
4633 4633 def compute_hash(cls, value):
4634 4634 return sha1_safe(value)
4635 4635
4636 4636 @hybrid_property
4637 4637 def branch_pattern(self):
4638 4638 return self._branch_pattern or '*'
4639 4639
4640 4640 @hybrid_property
4641 4641 def branch_hash(self):
4642 4642 return self._branch_hash
4643 4643
4644 4644 def _validate_glob(self, value):
4645 4645 re.compile('^' + glob2re(value) + '$')
4646 4646
4647 4647 @branch_pattern.setter
4648 4648 def branch_pattern(self, value):
4649 4649 self._validate_glob(value)
4650 4650 self._branch_pattern = value or '*'
4651 4651 # set the Hash when setting the branch pattern
4652 4652 self._branch_hash = self.compute_hash(self._branch_pattern)
4653 4653
4654 4654 def matches(self, branch):
4655 4655 """
4656 4656 Check if this the branch matches entry
4657 4657
4658 4658 :param branch: branch name for the commit
4659 4659 """
4660 4660
4661 4661 branch = branch or ''
4662 4662
4663 4663 branch_matches = True
4664 4664 if branch:
4665 4665 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4666 4666 branch_matches = bool(branch_regex.search(branch))
4667 4667
4668 4668 return branch_matches
4669 4669
4670 4670
4671 4671 class UserToRepoBranchPermission(Base, _BaseBranchPerms):
4672 4672 __tablename__ = 'user_to_repo_branch_permissions'
4673 4673 __table_args__ = (
4674 4674 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4675 4675 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4676 4676 )
4677 4677
4678 4678 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4679 4679
4680 4680 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4681 4681 repo = relationship('Repository', backref='user_branch_perms')
4682 4682
4683 4683 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4684 4684 permission = relationship('Permission')
4685 4685
4686 4686 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('repo_to_perm.repo_to_perm_id'), nullable=False, unique=None, default=None)
4687 4687 user_repo_to_perm = relationship('UserRepoToPerm')
4688 4688
4689 4689 rule_order = Column('rule_order', Integer(), nullable=False)
4690 4690 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4691 4691 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4692 4692
4693 4693 def __unicode__(self):
4694 4694 return u'<UserBranchPermission(%s => %r)>' % (
4695 4695 self.user_repo_to_perm, self.branch_pattern)
4696 4696
4697 4697
4698 4698 class UserGroupToRepoBranchPermission(Base, _BaseBranchPerms):
4699 4699 __tablename__ = 'user_group_to_repo_branch_permissions'
4700 4700 __table_args__ = (
4701 4701 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4702 4702 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4703 4703 )
4704 4704
4705 4705 branch_rule_id = Column('branch_rule_id', Integer(), primary_key=True)
4706 4706
4707 4707 repository_id = Column('repository_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
4708 4708 repo = relationship('Repository', backref='user_group_branch_perms')
4709 4709
4710 4710 permission_id = Column('permission_id', Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
4711 4711 permission = relationship('Permission')
4712 4712
4713 4713 rule_to_perm_id = Column('rule_to_perm_id', Integer(), ForeignKey('users_group_repo_to_perm.users_group_to_perm_id'), nullable=False, unique=None, default=None)
4714 4714 user_group_repo_to_perm = relationship('UserGroupRepoToPerm')
4715 4715
4716 4716 rule_order = Column('rule_order', Integer(), nullable=False)
4717 4717 _branch_pattern = Column('branch_pattern', UnicodeText().with_variant(UnicodeText(2048), 'mysql'), default=u'*') # glob
4718 4718 _branch_hash = Column('branch_hash', UnicodeText().with_variant(UnicodeText(2048), 'mysql'))
4719 4719
4720 4720 def __unicode__(self):
4721 4721 return u'<UserBranchPermission(%s => %r)>' % (
4722 4722 self.user_group_repo_to_perm, self.branch_pattern)
4723 4723
4724 4724
4725 4725 class DbMigrateVersion(Base, BaseModel):
4726 4726 __tablename__ = 'db_migrate_version'
4727 4727 __table_args__ = (
4728 4728 base_table_args,
4729 4729 )
4730 4730
4731 4731 repository_id = Column('repository_id', String(250), primary_key=True)
4732 4732 repository_path = Column('repository_path', Text)
4733 4733 version = Column('version', Integer)
4734 4734
4735 4735 @classmethod
4736 4736 def set_version(cls, version):
4737 4737 """
4738 4738 Helper for forcing a different version, usually for debugging purposes via ishell.
4739 4739 """
4740 4740 ver = DbMigrateVersion.query().first()
4741 4741 ver.version = version
4742 4742 Session().commit()
4743 4743
4744 4744
4745 4745 class DbSession(Base, BaseModel):
4746 4746 __tablename__ = 'db_session'
4747 4747 __table_args__ = (
4748 4748 base_table_args,
4749 4749 )
4750 4750
4751 4751 def __repr__(self):
4752 4752 return '<DB:DbSession({})>'.format(self.id)
4753 4753
4754 4754 id = Column('id', Integer())
4755 4755 namespace = Column('namespace', String(255), primary_key=True)
4756 4756 accessed = Column('accessed', DateTime, nullable=False)
4757 4757 created = Column('created', DateTime, nullable=False)
4758 4758 data = Column('data', PickleType, nullable=False)
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
General Comments 0
You need to be logged in to leave comments. Login now