rhodecode-enterprise-ce Commit - r4428:61666194

permissions: flush all when running remap and rescan.

marcink -

r4428:61666194 default

parent child

rhodecode/apps/admin/views/settings.py

0 +4 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import collections
             import datetime
             import formencode
             import formencode.htmlfill
             import rhodecode
             from pyramid.view import view_config
             from pyramid.httpexceptions import HTTPFound, HTTPNotFound
             from pyramid.renderers import render
             from pyramid.response import Response
             from rhodecode.apps._base import BaseAppView
             from rhodecode.apps._base.navigation import navigation_list
             from rhodecode.apps.svn_support.config_keys import generate_config
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib.celerylib import tasks, run_task
             from rhodecode.lib.utils import repo2db_mapper
             from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict
             from rhodecode.lib.index import searcher_from_config
             from rhodecode.model.db import RhodeCodeUi, Repository
             from rhodecode.model.forms import (ApplicationSettingsForm,
                 ApplicationUiSettingsForm, ApplicationVisualisationForm,
                 LabsSettingsForm, IssueTrackerPatternsForm)
+            from rhodecode.model.permission import PermissionModel
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.model.notification import EmailNotificationModel
             from rhodecode.model.meta import Session
             from rhodecode.model.settings import (
                 IssueTrackerSettingsModel, VcsSettingsModel, SettingNotFound,
                 SettingsModel)
             log = logging.getLogger(__name__)
             class AdminSettingsView(BaseAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.labs_active = str2bool(
                         rhodecode.CONFIG.get('labs_settings_active', 'true'))
                     c.navlist = navigation_list(self.request)
                     return c
                 @classmethod
                 def _get_ui_settings(cls):
                     ret = RhodeCodeUi.query().all()
                     if not ret:
                         raise Exception('Could not get application ui settings !')
                     settings = {}
                     for each in ret:
                         k = each.ui_key
                         v = each.ui_value
                         if k == '/':
                             k = 'root_path'
                         if k in ['push_ssl', 'publish', 'enabled']:
                             v = str2bool(v)
                         if k.find('.') != -1:
                             k = k.replace('.', '_')
                         if each.ui_section in ['hooks', 'extensions']:
                             v = each.ui_active
                         settings[each.ui_section + '_' + k] = v
                     return settings
                 @classmethod
                 def _form_defaults(cls):
                     defaults = SettingsModel().get_all_settings()
                     defaults.update(cls._get_ui_settings())
                     defaults.update({
                         'new_svn_branch': '',
                         'new_svn_tag': '',
                     })
                     return defaults
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_vcs', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_vcs(self):
                     c = self.load_default_context()
                     c.active = 'vcs'
                     model = VcsSettingsModel()
                     c.svn_branch_patterns = model.get_global_svn_branch_patterns()
                     c.svn_tag_patterns = model.get_global_svn_tag_patterns()
                     settings = self.request.registry.settings
                     c.svn_proxy_generate_config = settings[generate_config]
                     defaults = self._form_defaults()
                     model.create_largeobjects_dirs_if_needed(defaults['paths_root_path'])
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_vcs_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_vcs_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'vcs'
                     model = VcsSettingsModel()
                     c.svn_branch_patterns = model.get_global_svn_branch_patterns()
                     c.svn_tag_patterns = model.get_global_svn_tag_patterns()
                     settings = self.request.registry.settings
                     c.svn_proxy_generate_config = settings[generate_config]
                     application_form = ApplicationUiSettingsForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     try:
                         if c.visual.allow_repo_location_change:
                             model.update_global_path_setting(form_result['paths_root_path'])
                         model.update_global_ssl_setting(form_result['web_push_ssl'])
                         model.update_global_hook_settings(form_result)
                         model.create_or_update_global_svn_settings(form_result)
                         model.create_or_update_global_hg_settings(form_result)
                         model.create_or_update_global_git_settings(form_result)
                         model.create_or_update_global_pr_settings(form_result)
                     except Exception:
                         log.exception("Exception while updating settings")
                         h.flash(_('Error occurred during updating '
                                   'application settings'), category='error')
                     else:
                         Session().commit()
                         h.flash(_('Updated VCS settings'), category='success')
                         raise HTTPFound(h.route_path('admin_settings_vcs'))
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_vcs_svn_pattern_delete', request_method='POST',
                     renderer='json_ext', xhr=True)
                 def settings_vcs_delete_svn_pattern(self):
                     delete_pattern_id = self.request.POST.get('delete_svn_pattern')
                     model = VcsSettingsModel()
                     try:
                         model.delete_global_svn_pattern(delete_pattern_id)
                     except SettingNotFound:
                         log.exception(
                             'Failed to delete svn_pattern with id %s', delete_pattern_id)
                         raise HTTPNotFound()
                     Session().commit()
                     return True
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_mapping', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_mapping(self):
                     c = self.load_default_context()
                     c.active = 'mapping'
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_mapping_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_mapping_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'mapping'
                     rm_obsolete = self.request.POST.get('destroy', False)
                     invalidate_cache = self.request.POST.get('invalidate', False)
-                    log.debug(
+                    log.debug('rescanning repo location with destroy obsolete=%s', rm_obsolete)
-                        'rescanning repo location with destroy obsolete=%s', rm_obsolete)
                     if invalidate_cache:
                         log.debug('invalidating all repositories cache')
                         for repo in Repository.get_all():
                             ScmModel().mark_for_invalidation(repo.repo_name, delete=True)
                     filesystem_repos = ScmModel().repo_scan()
                     added, removed = repo2db_mapper(filesystem_repos, rm_obsolete)
+                    PermissionModel().trigger_permission_flush()
                     _repr = lambda l: ', '.join(map(safe_unicode, l)) or '-'
                     h.flash(_('Repositories successfully '
                               'rescanned added: %s ; removed: %s') %
                             (_repr(added), _repr(removed)),
                             category='success')
                     raise HTTPFound(h.route_path('admin_settings_mapping'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 @view_config(
                     route_name='admin_settings_global', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_global(self):
                     c = self.load_default_context()
                     c.active = 'global'
                     c.personal_repo_group_default_pattern = RepoGroupModel()\
                         .get_personal_group_name_pattern()
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 @view_config(
                     route_name='admin_settings_global_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_global_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'global'
                     c.personal_repo_group_default_pattern = RepoGroupModel()\
                         .get_personal_group_name_pattern()
                     application_form = ApplicationSettingsForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     settings = [
                         ('title', 'rhodecode_title', 'unicode'),
                         ('realm', 'rhodecode_realm', 'unicode'),
                         ('pre_code', 'rhodecode_pre_code', 'unicode'),
                         ('post_code', 'rhodecode_post_code', 'unicode'),
                         ('captcha_public_key', 'rhodecode_captcha_public_key', 'unicode'),
                         ('captcha_private_key', 'rhodecode_captcha_private_key', 'unicode'),
                         ('create_personal_repo_group', 'rhodecode_create_personal_repo_group', 'bool'),
                         ('personal_repo_group_pattern', 'rhodecode_personal_repo_group_pattern', 'unicode'),
                     ]
                     try:
                         for setting, form_key, type_ in settings:
                             sett = SettingsModel().create_or_update_setting(
                                 setting, form_result[form_key], type_)
                             Session().add(sett)
                         Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated application settings'), category='success')
                     except Exception:
                         log.exception("Exception while updating application settings")
                         h.flash(
                             _('Error occurred during updating application settings'),
                             category='error')
                     raise HTTPFound(h.route_path('admin_settings_global'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_visual', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_visual(self):
                     c = self.load_default_context()
                     c.active = 'visual'
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_visual_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_visual_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'visual'
                     application_form = ApplicationVisualisationForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     try:
                         settings = [
                             ('show_public_icon', 'rhodecode_show_public_icon', 'bool'),
                             ('show_private_icon', 'rhodecode_show_private_icon', 'bool'),
                             ('stylify_metatags', 'rhodecode_stylify_metatags', 'bool'),
                             ('repository_fields', 'rhodecode_repository_fields', 'bool'),
                             ('dashboard_items', 'rhodecode_dashboard_items', 'int'),
                             ('admin_grid_items', 'rhodecode_admin_grid_items', 'int'),
                             ('show_version', 'rhodecode_show_version', 'bool'),
                             ('use_gravatar', 'rhodecode_use_gravatar', 'bool'),
                             ('markup_renderer', 'rhodecode_markup_renderer', 'unicode'),
                             ('gravatar_url', 'rhodecode_gravatar_url', 'unicode'),
                             ('clone_uri_tmpl', 'rhodecode_clone_uri_tmpl', 'unicode'),
                             ('clone_uri_ssh_tmpl', 'rhodecode_clone_uri_ssh_tmpl', 'unicode'),
                             ('support_url', 'rhodecode_support_url', 'unicode'),
                             ('show_revision_number', 'rhodecode_show_revision_number', 'bool'),
                             ('show_sha_length', 'rhodecode_show_sha_length', 'int'),
                         ]
                         for setting, form_key, type_ in settings:
                             sett = SettingsModel().create_or_update_setting(
                                 setting, form_result[form_key], type_)
                             Session().add(sett)
                         Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated visualisation settings'), category='success')
                     except Exception:
                         log.exception("Exception updating visualization settings")
                         h.flash(_('Error occurred during updating '
                                   'visualisation settings'),
                                 category='error')
                     raise HTTPFound(h.route_path('admin_settings_visual'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_issuetracker', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_issuetracker(self):
                     c = self.load_default_context()
                     c.active = 'issuetracker'
                     defaults = c.rc_config
                     entry_key = 'rhodecode_issuetracker_pat_'
                     c.issuetracker_entries = {}
                     for k, v in defaults.items():
                         if k.startswith(entry_key):
                             uid = k[len(entry_key):]
                             c.issuetracker_entries[uid] = None
                     for uid in c.issuetracker_entries:
                         c.issuetracker_entries[uid] = AttributeDict({
                             'pat': defaults.get('rhodecode_issuetracker_pat_' + uid),
                             'url': defaults.get('rhodecode_issuetracker_url_' + uid),
                             'pref': defaults.get('rhodecode_issuetracker_pref_' + uid),
                             'desc': defaults.get('rhodecode_issuetracker_desc_' + uid),
                         })
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_issuetracker_test', request_method='POST',
                     renderer='string', xhr=True)
                 def settings_issuetracker_test(self):
                     return h.urlify_commit_message(
                         self.request.POST.get('test_text', ''),
                         'repo_group/test_repo1')
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_issuetracker_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_issuetracker_update(self):
                     _ = self.request.translate
                     self.load_default_context()
                     settings_model = IssueTrackerSettingsModel()
                     try:
                         form = IssueTrackerPatternsForm(self.request.translate)()
                         data = form.to_python(self.request.POST)
                     except formencode.Invalid as errors:
                         log.exception('Failed to add new pattern')
                         error = errors
                         h.flash(_('Invalid issue tracker pattern: {}'.format(error)),
                                 category='error')
                         raise HTTPFound(h.route_path('admin_settings_issuetracker'))
                     if data:
                         for uid in data.get('delete_patterns', []):
                             settings_model.delete_entries(uid)
                         for pattern in data.get('patterns', []):
                             for setting, value, type_ in pattern:
                                 sett = settings_model.create_or_update_setting(
                                     setting, value, type_)
                                 Session().add(sett)
                             Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated issue tracker entries'), category='success')
                     raise HTTPFound(h.route_path('admin_settings_issuetracker'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_issuetracker_delete', request_method='POST',
                     renderer='json_ext', xhr=True)
                 def settings_issuetracker_delete(self):
                     _ = self.request.translate
                     self.load_default_context()
                     uid = self.request.POST.get('uid')
                     try:
                         IssueTrackerSettingsModel().delete_entries(uid)
                     except Exception:
                         log.exception('Failed to delete issue tracker setting %s', uid)
                         raise HTTPNotFound()
                     SettingsModel().invalidate_settings_cache()
                     h.flash(_('Removed issue tracker entry.'), category='success')
                     return {'deleted': uid}
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_email', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_email(self):
                     c = self.load_default_context()
                     c.active = 'email'
                     c.rhodecode_ini = rhodecode.CONFIG
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_email_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_email_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'email'
                     test_email = self.request.POST.get('test_email')
                     if not test_email:
                         h.flash(_('Please enter email address'), category='error')
                         raise HTTPFound(h.route_path('admin_settings_email'))
                     email_kwargs = {
                         'date': datetime.datetime.now(),
                         'user': self._rhodecode_db_user
                     }
                     (subject, headers, email_body,
                      email_body_plaintext) = EmailNotificationModel().render_email(
                         EmailNotificationModel.TYPE_EMAIL_TEST, **email_kwargs)
                     recipients = [test_email] if test_email else None
                     run_task(tasks.send_email, recipients, subject,
                              email_body_plaintext, email_body)
                     h.flash(_('Send email task created'), category='success')
                     raise HTTPFound(h.route_path('admin_settings_email'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_hooks', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_hooks(self):
                     c = self.load_default_context()
                     c.active = 'hooks'
                     model = SettingsModel()
                     c.hooks = model.get_builtin_hooks()
                     c.custom_hooks = model.get_custom_hooks()
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_hooks_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 @view_config(
                     route_name='admin_settings_hooks_delete', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_hooks_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'hooks'
                     if c.visual.allow_custom_hooks_settings:
                         ui_key = self.request.POST.get('new_hook_ui_key')
                         ui_value = self.request.POST.get('new_hook_ui_value')
                         hook_id = self.request.POST.get('hook_id')
                         new_hook = False
                         model = SettingsModel()
                         try:
                             if ui_value and ui_key:
                                 model.create_or_update_hook(ui_key, ui_value)
                                 h.flash(_('Added new hook'), category='success')
                                 new_hook = True
                             elif hook_id:
                                 RhodeCodeUi.delete(hook_id)
                                 Session().commit()
                             # check for edits
                             update = False
                             _d = self.request.POST.dict_of_lists()
                             for k, v in zip(_d.get('hook_ui_key', []),
                                             _d.get('hook_ui_value_new', [])):
                                 model.create_or_update_hook(k, v)
                                 update = True
                             if update and not new_hook:
                                 h.flash(_('Updated hooks'), category='success')
                             Session().commit()
                         except Exception:
                             log.exception("Exception during hook creation")
                             h.flash(_('Error occurred during hook creation'),
                                     category='error')
                     raise HTTPFound(h.route_path('admin_settings_hooks'))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_search', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_search(self):
                     c = self.load_default_context()
                     c.active = 'search'
                     c.searcher = searcher_from_config(self.request.registry.settings)
                     c.statistics = c.searcher.statistics(self.request.translate)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_automation', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_automation(self):
                     c = self.load_default_context()
                     c.active = 'automation'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='admin_settings_labs', request_method='GET',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_labs(self):
                     c = self.load_default_context()
                     if not c.labs_active:
                         raise HTTPFound(h.route_path('admin_settings'))
                     c.active = 'labs'
                     c.lab_settings = _LAB_SETTINGS
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='admin_settings_labs_update', request_method='POST',
                     renderer='rhodecode:templates/admin/settings/settings.mako')
                 def settings_labs_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'labs'
                     application_form = LabsSettingsForm(self.request.translate)()
                     try:
                         form_result = application_form.to_python(dict(self.request.POST))
                     except formencode.Invalid as errors:
                         h.flash(
                             _("Some form inputs contain invalid data."),
                             category='error')
                         data = render('rhodecode:templates/admin/settings/settings.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     try:
                         session = Session()
                         for setting in _LAB_SETTINGS:
                             setting_name = setting.key[len('rhodecode_'):]
                             sett = SettingsModel().create_or_update_setting(
                                 setting_name, form_result[setting.key], setting.type)
                             session.add(sett)
                     except Exception:
                         log.exception('Exception while updating lab settings')
                         h.flash(_('Error occurred during updating labs settings'),
                                 category='error')
                     else:
                         Session().commit()
                         SettingsModel().invalidate_settings_cache()
                         h.flash(_('Updated Labs settings'), category='success')
                         raise HTTPFound(h.route_path('admin_settings_labs'))
                     data = render('rhodecode:templates/admin/settings/settings.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=self._form_defaults(),
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
             # :param key: name of the setting including the 'rhodecode_' prefix
             # :param type: the RhodeCodeSetting type to use.
             # :param group: the i18ned group in which we should dispaly this setting
             # :param label: the i18ned label we should display for this setting
             # :param help: the i18ned help we should dispaly for this setting
             LabSetting = collections.namedtuple(
                 'LabSetting', ('key', 'type', 'group', 'label', 'help'))
             # This list has to be kept in sync with the form
             # rhodecode.model.forms.LabsSettingsForm.
             _LAB_SETTINGS = [
             ]

rhodecode/model/permission.py

0 +2 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2020 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             permissions model for RhodeCode
             """
             import collections
             import logging
             import traceback
             from sqlalchemy.exc import DatabaseError
             from rhodecode import events
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
                 UserUserGroupToPerm, UserGroup, UserGroupToPerm, UserToRepoBranchPermission)
             from rhodecode.lib.utils2 import str2bool, safe_int
             log = logging.getLogger(__name__)
             class PermissionModel(BaseModel):
                 """
                 Permissions model for RhodeCode
                 """
                 cls = Permission
                 global_perms = {
                     'default_repo_create': None,
                     # special case for create repos on write access to group
                     'default_repo_create_on_write': None,
                     'default_repo_group_create': None,
                     'default_user_group_create': None,
                     'default_fork_create': None,
                     'default_inherit_default_permissions': None,
                     'default_register': None,
                     'default_password_reset': None,
                     'default_extern_activate': None,
                     # object permissions below
                     'default_repo_perm': None,
                     'default_group_perm': None,
                     'default_user_group_perm': None,
                     # branch
                     'default_branch_perm': None,
                 }
                 def set_global_permission_choices(self, c_obj, gettext_translator):
                     _ = gettext_translator
                     c_obj.repo_perms_choices = [
                         ('repository.none', _('None'),),
                         ('repository.read', _('Read'),),
                         ('repository.write', _('Write'),),
                         ('repository.admin', _('Admin'),)]
                     c_obj.group_perms_choices = [
                         ('group.none', _('None'),),
                         ('group.read', _('Read'),),
                         ('group.write', _('Write'),),
                         ('group.admin', _('Admin'),)]
                     c_obj.user_group_perms_choices = [
                         ('usergroup.none', _('None'),),
                         ('usergroup.read', _('Read'),),
                         ('usergroup.write', _('Write'),),
                         ('usergroup.admin', _('Admin'),)]
                     c_obj.branch_perms_choices = [
                         ('branch.none', _('Protected/No Access'),),
                         ('branch.merge', _('Web merge'),),
                         ('branch.push', _('Push'),),
                         ('branch.push_force', _('Force Push'),)]
                     c_obj.register_choices = [
                         ('hg.register.none', _('Disabled')),
                         ('hg.register.manual_activate', _('Allowed with manual account activation')),
                         ('hg.register.auto_activate', _('Allowed with automatic account activation')),]
                     c_obj.password_reset_choices = [
                         ('hg.password_reset.enabled', _('Allow password recovery')),
                         ('hg.password_reset.hidden', _('Hide password recovery link')),
                         ('hg.password_reset.disabled', _('Disable password recovery')),]
                     c_obj.extern_activate_choices = [
                         ('hg.extern_activate.manual', _('Manual activation of external account')),
                         ('hg.extern_activate.auto', _('Automatic activation of external account')),]
                     c_obj.repo_create_choices = [
                         ('hg.create.none', _('Disabled')),
                         ('hg.create.repository', _('Enabled'))]
                     c_obj.repo_create_on_write_choices = [
                         ('hg.create.write_on_repogroup.false', _('Disabled')),
                         ('hg.create.write_on_repogroup.true', _('Enabled'))]
                     c_obj.user_group_create_choices = [
                         ('hg.usergroup.create.false', _('Disabled')),
                         ('hg.usergroup.create.true', _('Enabled'))]
                     c_obj.repo_group_create_choices = [
                         ('hg.repogroup.create.false', _('Disabled')),
                         ('hg.repogroup.create.true', _('Enabled'))]
                     c_obj.fork_choices = [
                         ('hg.fork.none', _('Disabled')),
                         ('hg.fork.repository', _('Enabled'))]
                     c_obj.inherit_default_permission_choices = [
                         ('hg.inherit_default_perms.false', _('Disabled')),
                         ('hg.inherit_default_perms.true', _('Enabled'))]
                 def get_default_perms(self, object_perms, suffix):
                     defaults = {}
                     for perm in object_perms:
                         # perms
                         if perm.permission.permission_name.startswith('repository.'):
                             defaults['default_repo_perm' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('group.'):
                             defaults['default_group_perm' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('usergroup.'):
                             defaults['default_user_group_perm' + suffix] = perm.permission.permission_name
                         # branch
                         if perm.permission.permission_name.startswith('branch.'):
                             defaults['default_branch_perm' + suffix] = perm.permission.permission_name
                         # creation of objects
                         if perm.permission.permission_name.startswith('hg.create.write_on_repogroup'):
                             defaults['default_repo_create_on_write' + suffix] = perm.permission.permission_name
                         elif perm.permission.permission_name.startswith('hg.create.'):
                             defaults['default_repo_create' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.fork.'):
                             defaults['default_fork_create' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.inherit_default_perms.'):
                             defaults['default_inherit_default_permissions' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.repogroup.'):
                             defaults['default_repo_group_create' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.usergroup.'):
                             defaults['default_user_group_create' + suffix] = perm.permission.permission_name
                         # registration and external account activation
                         if perm.permission.permission_name.startswith('hg.register.'):
                             defaults['default_register' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.password_reset.'):
                             defaults['default_password_reset' + suffix] = perm.permission.permission_name
                         if perm.permission.permission_name.startswith('hg.extern_activate.'):
                             defaults['default_extern_activate' + suffix] = perm.permission.permission_name
                     return defaults
                 def _make_new_user_perm(self, user, perm_name):
                     log.debug('Creating new user permission:%s', perm_name)
                     new = UserToPerm()
                     new.user = user
                     new.permission = Permission.get_by_key(perm_name)
                     return new
                 def _make_new_user_group_perm(self, user_group, perm_name):
                     log.debug('Creating new user group permission:%s', perm_name)
                     new = UserGroupToPerm()
                     new.users_group = user_group
                     new.permission = Permission.get_by_key(perm_name)
                     return new
                 def _keep_perm(self, perm_name, keep_fields):
                     def get_pat(field_name):
                         return {
                             # global perms
                             'default_repo_create': 'hg.create.',
                             # special case for create repos on write access to group
                             'default_repo_create_on_write': 'hg.create.write_on_repogroup.',
                             'default_repo_group_create': 'hg.repogroup.create.',
                             'default_user_group_create': 'hg.usergroup.create.',
                             'default_fork_create': 'hg.fork.',
                             'default_inherit_default_permissions': 'hg.inherit_default_perms.',
                             # application perms
                             'default_register': 'hg.register.',
                             'default_password_reset': 'hg.password_reset.',
                             'default_extern_activate': 'hg.extern_activate.',
                             # object permissions below
                             'default_repo_perm': 'repository.',
                             'default_group_perm': 'group.',
                             'default_user_group_perm': 'usergroup.',
                             # branch
                             'default_branch_perm': 'branch.',
                         }[field_name]
                     for field in keep_fields:
                         pat = get_pat(field)
                         if perm_name.startswith(pat):
                             return True
                     return False
                 def _clear_object_perm(self, object_perms, preserve=None):
                     preserve = preserve or []
                     _deleted = []
                     for perm in object_perms:
                         perm_name = perm.permission.permission_name
                         if not self._keep_perm(perm_name, keep_fields=preserve):
                             _deleted.append(perm_name)
                             self.sa.delete(perm)
                     return _deleted
                 def _clear_user_perms(self, user_id, preserve=None):
                     perms = self.sa.query(UserToPerm)\
                         .filter(UserToPerm.user_id == user_id)\
                         .all()
                     return self._clear_object_perm(perms, preserve=preserve)
                 def _clear_user_group_perms(self, user_group_id, preserve=None):
                     perms = self.sa.query(UserGroupToPerm)\
                         .filter(UserGroupToPerm.users_group_id == user_group_id)\
                         .all()
                     return self._clear_object_perm(perms, preserve=preserve)
                 def _set_new_object_perms(self, obj_type, object, form_result, preserve=None):
                     # clear current entries, to make this function idempotent
                     # it will fix even if we define more permissions or permissions
                     # are somehow missing
                     preserve = preserve or []
                     _global_perms = self.global_perms.copy()
                     if obj_type not in ['user', 'user_group']:
                         raise ValueError("obj_type must be on of 'user' or 'user_group'")
                     global_perms = len(_global_perms)
                     default_user_perms = len(Permission.DEFAULT_USER_PERMISSIONS)
                     if global_perms != default_user_perms:
                         raise Exception(
                             'Inconsistent permissions definition. Got {} vs {}'.format(
                                 global_perms, default_user_perms))
                     if obj_type == 'user':
                         self._clear_user_perms(object.user_id, preserve)
                     if obj_type == 'user_group':
                         self._clear_user_group_perms(object.users_group_id, preserve)
                     # now kill the keys that we want to preserve from the form.
                     for key in preserve:
                         del _global_perms[key]
                     for k in _global_perms.copy():
                         _global_perms[k] = form_result[k]
                     # at that stage we validate all are passed inside form_result
                     for _perm_key, perm_value in _global_perms.items():
                         if perm_value is None:
                             raise ValueError('Missing permission for %s' % (_perm_key,))
                         if obj_type == 'user':
                             p = self._make_new_user_perm(object, perm_value)
                             self.sa.add(p)
                         if obj_type == 'user_group':
                             p = self._make_new_user_group_perm(object, perm_value)
                             self.sa.add(p)
                 def _set_new_user_perms(self, user, form_result, preserve=None):
                     return self._set_new_object_perms(
                         'user', user, form_result, preserve)
                 def _set_new_user_group_perms(self, user_group, form_result, preserve=None):
                     return self._set_new_object_perms(
                         'user_group', user_group, form_result, preserve)
                 def set_new_user_perms(self, user, form_result):
                     # calculate what to preserve from what is given in form_result
                     preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
                     return self._set_new_user_perms(user, form_result, preserve)
                 def set_new_user_group_perms(self, user_group, form_result):
                     # calculate what to preserve from what is given in form_result
                     preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
                     return self._set_new_user_group_perms(user_group, form_result, preserve)
                 def create_permissions(self):
                     """
                     Create permissions for whole system
                     """
                     for p in Permission.PERMS:
                         if not Permission.get_by_key(p[0]):
                             new_perm = Permission()
                             new_perm.permission_name = p[0]
                             new_perm.permission_longname = p[0]  # translation err with p[1]
                             self.sa.add(new_perm)
                 def _create_default_object_permission(self, obj_type, obj, obj_perms,
                                                       force=False):
                     if obj_type not in ['user', 'user_group']:
                         raise ValueError("obj_type must be on of 'user' or 'user_group'")
                     def _get_group(perm_name):
                         return '.'.join(perm_name.split('.')[:1])
                     defined_perms_groups = map(
                         _get_group, (x.permission.permission_name for x in obj_perms))
                     log.debug('GOT ALREADY DEFINED:%s', obj_perms)
                     if force:
                         self._clear_object_perm(obj_perms)
                         self.sa.commit()
                         defined_perms_groups = []
                     # for every default permission that needs to be created, we check if
                     # it's group is already defined, if it's not we create default perm
                     for perm_name in Permission.DEFAULT_USER_PERMISSIONS:
                         gr = _get_group(perm_name)
                         if gr not in defined_perms_groups:
                             log.debug('GR:%s not found, creating permission %s',
                                       gr, perm_name)
                             if obj_type == 'user':
                                 new_perm = self._make_new_user_perm(obj, perm_name)
                                 self.sa.add(new_perm)
                             if obj_type == 'user_group':
                                 new_perm = self._make_new_user_group_perm(obj, perm_name)
                                 self.sa.add(new_perm)
                 def create_default_user_permissions(self, user, force=False):
                     """
                     Creates only missing default permissions for user, if force is set it
                     resets the default permissions for that user
                     :param user:
                     :param force:
                     """
                     user = self._get_user(user)
                     obj_perms = UserToPerm.query().filter(UserToPerm.user == user).all()
                     return self._create_default_object_permission(
                         'user', user, obj_perms, force)
                 def create_default_user_group_permissions(self, user_group, force=False):
                     """
                     Creates only missing default permissions for user group, if force is
                     set it resets the default permissions for that user group
                     :param user_group:
                     :param force:
                     """
                     user_group = self._get_user_group(user_group)
                     obj_perms = UserToPerm.query().filter(UserGroupToPerm.users_group == user_group).all()
                     return self._create_default_object_permission(
                         'user_group', user_group, obj_perms, force)
                 def update_application_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 1 set anonymous access
                         if perm_user.username == User.DEFAULT_USER:
                             perm_user.active = str2bool(form_result['anonymous'])
                             self.sa.add(perm_user)
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_branch_perm',
                             'default_repo_group_create',
                             'default_user_group_create',
                             'default_repo_create_on_write',
                             'default_repo_create',
                             'default_fork_create',
                             'default_inherit_default_permissions',])
                         self.sa.commit()
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update_user_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_branch_perm',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         self.sa.commit()
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update_user_group_permissions(self, form_result):
                     if 'perm_user_group_id' in form_result:
                         perm_user_group = UserGroup.get(safe_int(form_result['perm_user_group_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user_group = UserGroup.get_by_group_name(form_result['perm_user_group_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_group_perms(perm_user_group, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_branch_perm',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         self.sa.commit()
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         self.sa.rollback()
                         raise
                 def update_object_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_group_create',
                             'default_user_group_create',
                             'default_repo_create_on_write',
                             'default_repo_create',
                             'default_fork_create',
                             'default_inherit_default_permissions',
                             'default_branch_perm',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         # overwrite default repo permissions
                         if form_result['overwrite_default_repo']:
                             _def_name = form_result['default_repo_perm'].split('repository.')[-1]
                             _def = Permission.get_by_key('repository.' + _def_name)
                             for r2p in self.sa.query(UserRepoToPerm)\
                                            .filter(UserRepoToPerm.user == perm_user)\
                                            .all():
                                 # don't reset PRIVATE repositories
                                 if not r2p.repository.private:
                                     r2p.permission = _def
                                     self.sa.add(r2p)
                         # overwrite default repo group permissions
                         if form_result['overwrite_default_group']:
                             _def_name = form_result['default_group_perm'].split('group.')[-1]
                             _def = Permission.get_by_key('group.' + _def_name)
                             for g2p in self.sa.query(UserRepoGroupToPerm)\
                                            .filter(UserRepoGroupToPerm.user == perm_user)\
                                            .all():
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         # overwrite default user group permissions
                         if form_result['overwrite_default_user_group']:
                             _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
                             # user groups
                             _def = Permission.get_by_key('usergroup.' + _def_name)
                             for g2p in self.sa.query(UserUserGroupToPerm)\
                                            .filter(UserUserGroupToPerm.user == perm_user)\
                                            .all():
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         # COMMIT
                         self.sa.commit()
                     except (DatabaseError,):
                         log.exception('Failed to set default object permissions')
                         self.sa.rollback()
                         raise
                 def update_branch_permissions(self, form_result):
                     if 'perm_user_id' in form_result:
                         perm_user = User.get(safe_int(form_result['perm_user_id']))
                     else:
                         # used mostly to do lookup for default user
                         perm_user = User.get_by_username(form_result['perm_user_name'])
                     try:
                         # stage 2 reset defaults and set them from form data
                         self._set_new_user_perms(perm_user, form_result, preserve=[
                             'default_repo_perm',
                             'default_group_perm',
                             'default_user_group_perm',
                             'default_repo_group_create',
                             'default_user_group_create',
                             'default_repo_create_on_write',
                             'default_repo_create',
                             'default_fork_create',
                             'default_inherit_default_permissions',
                             'default_register',
                             'default_password_reset',
                             'default_extern_activate'])
                         # overwrite default branch permissions
                         if form_result['overwrite_default_branch']:
                             _def_name = \
                                 form_result['default_branch_perm'].split('branch.')[-1]
                             _def = Permission.get_by_key('branch.' + _def_name)
                             user_perms = UserToRepoBranchPermission.query()\
                                 .join(UserToRepoBranchPermission.user_repo_to_perm)\
                                 .filter(UserRepoToPerm.user == perm_user).all()
                             for g2p in user_perms:
                                 g2p.permission = _def
                                 self.sa.add(g2p)
                         # COMMIT
                         self.sa.commit()
                     except (DatabaseError,):
                         log.exception('Failed to set default branch permissions')
                         self.sa.rollback()
                         raise
                 def get_users_with_repo_write(self, db_repo):
                     write_plus = ['repository.write', 'repository.admin']
                     default_user_id = User.get_default_user_id()
                     user_write_permissions = collections.OrderedDict()
                     # write+ and DEFAULT user for inheritance
                     for perm in db_repo.permissions():
                         if perm.permission in write_plus or perm.user_id == default_user_id:
                             user_write_permissions[perm.user_id] = perm
                     return user_write_permissions
                 def get_user_groups_with_repo_write(self, db_repo):
                     write_plus = ['repository.write', 'repository.admin']
                     user_group_write_permissions = collections.OrderedDict()
                     # write+ and DEFAULT user for inheritance
                     for p in db_repo.permission_user_groups():
                         if p.permission in write_plus:
                             user_group_write_permissions[p.users_group_id] = p
                     return user_group_write_permissions
-                def trigger_permission_flush(self, affected_user_ids):
+                def trigger_permission_flush(self, affected_user_ids=None):
+                    affected_user_ids or User.get_all_user_ids()
                     events.trigger(events.UserPermissionsChange(affected_user_ids))
                 def flush_user_permission_caches(self, changes, affected_user_ids=None):
                     affected_user_ids = affected_user_ids or []
                     for change in changes['added'] + changes['updated'] + changes['deleted']:
                         if change['type'] == 'user':
                             affected_user_ids.append(change['id'])
                         if change['type'] == 'user_group':
                             user_group = UserGroup.get(safe_int(change['id']))
                             if user_group:
                                 group_members_ids = [x.user_id for x in user_group.members]
                                 affected_user_ids.extend(group_members_ids)
                     self.trigger_permission_flush(affected_user_ids)
                     return affected_user_ids

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages