rhodecode-enterprise-ce Commit - r1559:6a97fe2f

admin-users: add audit page to allow showing user actions in RhodeCode....

marcink -

r1559:6a97fe2f default

parent child

rhodecode/lib/user_log_filter.py

0 created 644 +112 0

@@ -0,0 +1,112 b''
	1	# -- coding: utf-8 --
	2
	3	# Copyright (C) 2010-2017 RhodeCode GmbH
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU Affero General Public License, version 3
	7	# (only), as published by the Free Software Foundation.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16	#
	17	# This program is dual-licensed. If you wish to learn more about the
	18	# RhodeCode Enterprise Edition, including its added features, Support services,
	19	# and proprietary license terms, please see https://rhodecode.com/licenses/
	20
	21	import logging
	22
	23	from whoosh.qparser.default import QueryParser, query
	24	from whoosh.qparser.dateparse import DateParserPlugin
	25	from whoosh.fields import (TEXT, Schema, DATETIME)
	26	from sqlalchemy.sql.expression import or_, and_, func
	27
	28	from rhodecode.model.db import UserLog
	29	from rhodecode.lib.utils2 import remove_prefix, remove_suffix
	30
	31	# JOURNAL SCHEMA used only to generate queries in journal. We use whoosh
	32	# querylang to build sql queries and filter journals
	33	JOURNAL_SCHEMA = Schema(
	34	username=TEXT(),
	35	date=DATETIME(),
	36	action=TEXT(),
	37	repository=TEXT(),
	38	ip=TEXT(),
	39	)
	40
	41	log = logging.getLogger(__name__)
	42
	43
	44	def user_log_filter(user_log, search_term):
	45	"""
	46	Filters sqlalchemy user_log based on search_term with whoosh Query language
	47	http://packages.python.org/Whoosh/querylang.html
	48
	49	:param user_log:
	50	:param search_term:
	51	"""
	52	log.debug('Initial search term: %r' % search_term)
	53	qry = None
	54	if search_term:
	55	qp = QueryParser('repository', schema=JOURNAL_SCHEMA)
	56	qp.add_plugin(DateParserPlugin())
	57	qry = qp.parse(unicode(search_term))
	58	log.debug('Filtering using parsed query %r' % qry)
	59
	60	def wildcard_handler(col, wc_term):
	61	if wc_term.startswith('') and not wc_term.endswith(''):
	62	# postfix == endswith
	63	wc_term = remove_prefix(wc_term, prefix='*')
	64	return func.lower(col).endswith(wc_term)
	65	elif wc_term.startswith('') and wc_term.endswith(''):
	66	# wildcard == ilike
	67	wc_term = remove_prefix(wc_term, prefix='*')
	68	wc_term = remove_suffix(wc_term, suffix='*')
	69	return func.lower(col).contains(wc_term)
	70
	71	def get_filterion(field, val, term):
	72
	73	if field == 'repository':
	74	field = getattr(UserLog, 'repository_name')
	75	elif field == 'ip':
	76	field = getattr(UserLog, 'user_ip')
	77	elif field == 'date':
	78	field = getattr(UserLog, 'action_date')
	79	elif field == 'username':
	80	field = getattr(UserLog, 'username')
	81	else:
	82	field = getattr(UserLog, field)
	83	log.debug('filter field: %s val=>%s' % (field, val))
	84
	85	# sql filtering
	86	if isinstance(term, query.Wildcard):
	87	return wildcard_handler(field, val)
	88	elif isinstance(term, query.Prefix):
	89	return func.lower(field).startswith(func.lower(val))
	90	elif isinstance(term, query.DateRange):
	91	return and_(field >= val[0], field <= val[1])
	92	return func.lower(field) == func.lower(val)
	93
	94	if isinstance(qry, (query.And, query.Term, query.Prefix, query.Wildcard,
	95	query.DateRange)):
	96	if not isinstance(qry, query.And):
	97	qry = [qry]
	98	for term in qry:
	99	field = term.fieldname
	100	val = (term.text if not isinstance(term, query.DateRange)
	101	else [term.startdate, term.enddate])
	102	user_log = user_log.filter(get_filterion(field, val, term))
	103	elif isinstance(qry, query.Or):
	104	filters = []
	105	for term in qry:
	106	field = term.fieldname
	107	val = (term.text if not isinstance(term, query.DateRange)
	108	else [term.startdate, term.enddate])
	109	filters.append(get_filterion(field, val, term))
	110	user_log = user_log.filter(or_(*filters))
	111
	112	return user_log

rhodecode/templates/admin/users/user_edit_audit.mako

0 created 644 +65 0

@@ -0,0 +1,65 b''
	1	## -- coding: utf-8 --
	2	<%namespace name="base" file="/base/base.mako"/>
	3
	4
	5	<div class="panel panel-default">
	6	<div class="panel-heading">
	7	<h3 class="panel-title">${_('User Audit Logs')} -
	8	${_ungettext('%s entry', '%s entries', c.user_log.item_count) % (c.user_log.item_count)}
	9	</h3>
	10	</div>
	11	<div class="panel-body">
	12
	13	${h.form(None, id_="filter_form", method="get")}
	14	<input class="q_filter_box ${'' if c.filter_term else 'initial'}" id="j_filter" size="15" type="text" name="filter" value="${c.filter_term or ''}" placeholder="${_('audit filter...')}"/>
	15	<input type='submit' value="${_('filter')}" class="btn" />
	16	${h.end_form()}
	17	<p class="tooltip filterexample" style="position: inherit" title="${h.tooltip(h.journal_filter_help())}">${_('Example Queries')}</p>
	18
	19	% if c.user_log:
	20	<table class="rctable admin_log">
	21	<tr>
	22	<th>${_('Username')}</th>
	23	<th>${_('Action')}</th>
	24	<th>${_('Repository')}</th>
	25	<th>${_('Date')}</th>
	26	<th>${_('From IP')}</th>
	27	</tr>
	28
	29	%for cnt,l in enumerate(c.user_log):
	30	<tr class="parity${cnt%2}">
	31	<td class="td-user">
	32	%if l.user is not None:
	33	${base.gravatar_with_user(l.user.email)}
	34	%else:
	35	${l.username}
	36	%endif
	37	</td>
	38	<td class="td-journalaction">${h.action_parser(l)[0]()}
	39	<div class="journal_action_params">
	40	${h.literal(h.action_parser(l)[1]())}
	41	</div>
	42	</td>
	43	<td class="td-componentname">
	44	%if l.repository is not None:
	45	${h.link_to(l.repository.repo_name,h.url('summary_home',repo_name=l.repository.repo_name))}
	46	%else:
	47	${l.repository_name}
	48	%endif
	49	</td>
	50
	51	<td class="td-time">${h.format_date(l.action_date)}</td>
	52	<td class="td-ip">${l.user_ip}</td>
	53	</tr>
	54	%endfor
	55	</table>
	56
	57	<div class="pagination-wh pagination-left">
	58	${c.user_log.pager('$link_previous ~2~ $link_next')}
	59	</div>
	60	% else:
	61	${_('No actions yet')}
	62	% endif
	63
	64	</div>
	65	</div>

rhodecode/apps/admin/__init__.py

0 +5 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             from rhodecode.apps.admin.navigation import NavigationRegistry
             from rhodecode.config.routing import ADMIN_PREFIX
             from rhodecode.lib.utils2 import str2bool
             def admin_routes(config):
                 """
                 Admin prefixed routes
                 """
                 config.add_route(
                     name='admin_settings_open_source',
                     pattern='/settings/open_source')
                 config.add_route(
                     name='admin_settings_vcs_svn_generate_cfg',
                     pattern='/settings/vcs/svn_generate_cfg')
                 config.add_route(
                     name='admin_settings_system',
                     pattern='/settings/system')
                 config.add_route(
                     name='admin_settings_system_update',
                     pattern='/settings/system/updates')
                 config.add_route(
                     name='admin_settings_sessions',
                     pattern='/settings/sessions')
                 config.add_route(
                     name='admin_settings_sessions_cleanup',
                     pattern='/settings/sessions/cleanup')
                 # users admin
                 config.add_route(
                     name='users',
                     pattern='/users')
                 config.add_route(
                     name='users_data',
                     pattern='/users_data')
                 # user auth tokens
                 config.add_route(
                     name='edit_user_auth_tokens',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens')
                 config.add_route(
                     name='edit_user_auth_tokens_add',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/new')
                 config.add_route(
                     name='edit_user_auth_tokens_delete',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/delete')
                 # user groups management
                 config.add_route(
                     name='edit_user_groups_management',
                     pattern='/users/{user_id:\d+}/edit/groups_management')
                 config.add_route(
                     name='edit_user_groups_management_updates',
                     pattern='/users/{user_id:\d+}/edit/edit_user_groups_management/updates')
+                # user audit logs
+                config.add_route(
+                    name='edit_user_audit_logs',
+                    pattern='/users/{user_id:\d+}/edit/audit')
             def includeme(config):
                 settings = config.get_settings()
                 # Create admin navigation registry and add it to the pyramid registry.
                 labs_active = str2bool(settings.get('labs_settings_active', False))
                 navigation_registry = NavigationRegistry(labs_active=labs_active)
                 config.registry.registerUtility(navigation_registry)
                 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
                 # Scan module for configuration decorators.
                 config.scan()

rhodecode/apps/admin/views/users.py

0 +35 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
+            from rhodecode.lib.helpers import Page
             from rhodecode_tools.lib.ext_json import json
             from rhodecode.apps._base import BaseAppView
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils import PartialRenderer
             from rhodecode.lib.utils2 import safe_int, safe_unicode
             from rhodecode.model.auth_token import AuthTokenModel
+            from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import User, or_
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class AdminUsersView(BaseAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     self._register_global_c(c)
                     return c
                 def _redirect_for_default_user(self, username):
                     _ = self.request.translate
                     if username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         # TODO(marcink): redirect to 'users' admin panel once this
                         # is a pyramid view
                         raise HTTPFound('/')
                 def _extract_ordering(self, request):
                     column_index = safe_int(request.GET.get('order[0][column]'))
                     order_dir = request.GET.get(
                         'order[0][dir]', 'desc')
                     order_by = request.GET.get(
                         'columns[%s][data][sort]' % column_index, 'name_raw')
                     # translate datatable to DB columns
                     order_by = {
                         'first_name': 'name',
                         'last_name': 'lastname',
                     }.get(order_by) or order_by
                     search_q = request.GET.get('search[value]')
                     return search_q, order_by, order_dir
                 def _extract_chunk(self, request):
                     start = safe_int(request.GET.get('start'), 0)
                     length = safe_int(request.GET.get('length'), 25)
                     draw = safe_int(request.GET.get('draw'))
                     return draw, start, length
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users', request_method='GET',
                     renderer='rhodecode:templates/admin/users/users.mako')
                 def users_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     # renderer defined below
                     route_name='users_data', request_method='GET', renderer='json',
                     xhr=True)
                 def users_list_data(self):
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(self.request)
                     _render = PartialRenderer('data_table/_dt_elements.mako')
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     users_data_total_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .count()
                     # json generate
                     base_q = User.query().filter(User.username != User.DEFAULT_USER)
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             User.username.ilike(like_expression),
                             User._email.ilike(like_expression),
                             User.name.ilike(like_expression),
                             User.lastname.ilike(like_expression),
                         ))
                     users_data_total_filtered_count = base_q.count()
                     sort_col = getattr(User, order_by, None)
                     if sort_col and order_dir == 'asc':
                         base_q = base_q.order_by(sort_col.asc().nullslast())
                     elif sort_col:
                         base_q = base_q.order_by(sort_col.desc().nullslast())
                     base_q = base_q.offset(start).limit(limit)
                     users_list = base_q.all()
                     users_data = []
                     for user in users_list:
                         users_data.append({
                             "username": h.gravatar_with_user(user.username),
                             "email": user.email,
                             "first_name": h.escape(user.name),
                             "last_name": h.escape(user.lastname),
                             "last_login": h.format_date(user.last_login),
                             "last_activity": h.format_date(user.last_activity),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     data = ({
                         'draw': draw,
                         'data': users_data,
                         'recordsTotal': users_data_total_count,
                         'recordsFiltered': users_data_total_filtered_count,
                     })
                     return data
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'auth_tokens'
                     c.lifetime_values = [
                         (str(-1), _('forever')),
                         (str(5), _('5 minutes')),
                         (str(60), _('1 hour')),
                         (str(60 * 24), _('1 day')),
                         (str(60 * 24 * 30), _('1 month')),
                     ]
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     return self._get_template_context(c)
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_add', request_method='POST')
                 def auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     self._redirect_for_default_user(c.user.username)
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = AuthTokenModel().create(
                         c.user.user_id, description, lifetime, role)
                     self.maybe_attach_token_scope(token)
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_delete', request_method='POST')
                 def auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     self._redirect_for_default_user(c.user.username)
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_groups_management', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def groups_management(self):
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     c.data = c.user.group_member
                     self._redirect_for_default_user(c.user.username)
                     groups = [UserGroupModel.get_user_groups_as_dict(group.users_group) for group in c.user.group_member]
                     c.groups = json.dumps(groups)
                     c.active = 'groups'
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_groups_management_updates', request_method='POST')
                 def groups_management_updates(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     self._redirect_for_default_user(c.user.username)
                     users_groups = set(self.request.POST.getall('users_group_id'))
                     users_groups_model = []
                     for ugid in users_groups:
                         users_groups_model.append(UserGroupModel().get_group(safe_int(ugid)))
                     user_group_model = UserGroupModel()
                     user_group_model.change_groups(c.user, users_groups_model)
                     Session().commit()
                     c.active = 'user_groups_management'
                     h.flash(_("Groups successfully changed"), category='success')
-                    return HTTPFound(h.route_path('edit_user_groups_management', user_id=user_id))
+                    return HTTPFound(h.route_path(
+                        'edit_user_groups_management', user_id=user_id))
+                @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
+                @view_config(
+                    route_name='edit_user_audit_logs', request_method='GET',
+                    renderer='rhodecode:templates/admin/users/user_edit.mako')
+                def user_audit_logs(self):
+                    _ = self.request.translate
+                    c = self.load_default_context()
+                    user_id = self.request.matchdict.get('user_id')
+                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    self._redirect_for_default_user(c.user.username)
+                    c.active = 'audit'
+                    p = safe_int(self.request.GET.get('page', 1), 1)
+                    filter_term = self.request.GET.get('filter')
+                    c.user_log = UserModel().get_user_log(c.user, filter_term)
+                    def url_generator(**kw):
+                        if filter_term:
+                            kw['filter'] = filter_term
+                        return self.request.current_route_path(_query=kw)
+                    c.user_log = Page(c.user_log, page=p, items_per_page=10,
+                                      url=url_generator)
+                    c.filter_term = filter_term
+                    return self._get_template_context(c)

rhodecode/controllers/admin/admin.py

0 +3 -87

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Controller for Admin panel of RhodeCode Enterprise
             """
             import logging
             from pylons import request, tmpl_context as c, url
             from pylons.controllers.util import redirect
             from sqlalchemy.orm import joinedload
-            from whoosh.qparser.default import QueryParser, query
-            from whoosh.qparser.dateparse import DateParserPlugin
-            from whoosh.fields import (TEXT, Schema, DATETIME)
-            from sqlalchemy.sql.expression import or_, and_, func
             from rhodecode.model.db import UserLog, PullRequest
+            from rhodecode.lib.user_log_filter import user_log_filter
             from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
             from rhodecode.lib.base import BaseController, render
-            from rhodecode.lib.utils2 import safe_int, remove_prefix, remove_suffix
+            from rhodecode.lib.utils2 import safe_int
             from rhodecode.lib.helpers import Page
             log = logging.getLogger(__name__)
-            # JOURNAL SCHEMA used only to generate queries in journal. We use whoosh
-            # querylang to build sql queries and filter journals
-            JOURNAL_SCHEMA = Schema(
-                username=TEXT(),
-                date=DATETIME(),
-                action=TEXT(),
-                repository=TEXT(),
-                ip=TEXT(),
-            def _journal_filter(user_log, search_term):
-                """
-                Filters sqlalchemy user_log based on search_term with whoosh Query language
-                http://packages.python.org/Whoosh/querylang.html
-                :param user_log:
-                :param search_term:
-                """
-                log.debug('Initial search term: %r' % search_term)
-                qry = None
-                if search_term:
-                    qp = QueryParser('repository', schema=JOURNAL_SCHEMA)
-                    qp.add_plugin(DateParserPlugin())
-                    qry = qp.parse(unicode(search_term))
-                    log.debug('Filtering using parsed query %r' % qry)
-                def wildcard_handler(col, wc_term):
-                    if wc_term.startswith('*') and not wc_term.endswith('*'):
-                        # postfix == endswith
-                        wc_term = remove_prefix(wc_term, prefix='*')
-                        return func.lower(col).endswith(wc_term)
-                    elif wc_term.startswith('*') and wc_term.endswith('*'):
-                        # wildcard == ilike
-                        wc_term = remove_prefix(wc_term, prefix='*')
-                        wc_term = remove_suffix(wc_term, suffix='*')
-                        return func.lower(col).contains(wc_term)
-                def get_filterion(field, val, term):
-                    if field == 'repository':
-                        field = getattr(UserLog, 'repository_name')
-                    elif field == 'ip':
-                        field = getattr(UserLog, 'user_ip')
-                    elif field == 'date':
-                        field = getattr(UserLog, 'action_date')
-                    elif field == 'username':
-                        field = getattr(UserLog, 'username')
-                    else:
-                        field = getattr(UserLog, field)
-                    log.debug('filter field: %s val=>%s' % (field, val))
-                    # sql filtering
-                    if isinstance(term, query.Wildcard):
-                        return wildcard_handler(field, val)
-                    elif isinstance(term, query.Prefix):
-                        return func.lower(field).startswith(func.lower(val))
-                    elif isinstance(term, query.DateRange):
-                        return and_(field >= val[0], field <= val[1])
-                    return func.lower(field) == func.lower(val)
-                if isinstance(qry, (query.And, query.Term, query.Prefix, query.Wildcard,
-                                    query.DateRange)):
-                    if not isinstance(qry, query.And):
-                        qry = [qry]
-                    for term in qry:
-                        field = term.fieldname
-                        val = (term.text if not isinstance(term, query.DateRange)
-                               else [term.startdate, term.enddate])
-                        user_log = user_log.filter(get_filterion(field, val, term))
-                elif isinstance(qry, query.Or):
-                    filters = []
-                    for term in qry:
-                        field = term.fieldname
-                        val = (term.text if not isinstance(term, query.DateRange)
-                               else [term.startdate, term.enddate])
-                        filters.append(get_filterion(field, val, term))
-                    user_log = user_log.filter(or_(*filters))
-                return user_log
             class AdminController(BaseController):
                 @LoginRequired()
                 def __before__(self):
                     super(AdminController, self).__before__()
                 @HasPermissionAllDecorator('hg.admin')
                 def index(self):
                     users_log = UserLog.query()\
                         .options(joinedload(UserLog.user))\
                         .options(joinedload(UserLog.repository))
                     # FILTERING
                     c.search_term = request.GET.get('filter')
                     try:
-                        users_log = _journal_filter(users_log, c.search_term)
+                        users_log = user_log_filter(users_log, c.search_term)
                     except Exception:
                         # we want this to crash for now
                         raise
                     users_log = users_log.order_by(UserLog.action_date.desc())
                     p = safe_int(request.GET.get('page', 1), 1)
                     def url_generator(**kw):
                         return url.current(filter=c.search_term, **kw)
                     c.users_log = Page(users_log, page=p, items_per_page=10,
                                        url=url_generator)
                     c.log_data = render('admin/admin_log.mako')
                     if request.is_xhr:
                         return c.log_data
                     return render('admin/admin.mako')
                 # global redirect doesn't need permissions
                 def pull_requests(self, pull_request_id):
                     """
                     Global redirect for Pull Requests
                     :param pull_request_id: id of pull requests in the system
                     """
                     pull_request = PullRequest.get_or_404(pull_request_id)
                     repo_name = pull_request.target_repo.repo_name
                     return redirect(url(
                         'pullrequest_show', repo_name=repo_name,
                         pull_request_id=pull_request_id))

rhodecode/controllers/journal.py

0 +2 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Journal / user event log controller for rhodecode
             """
             import logging
             from itertools import groupby
             from sqlalchemy import or_
             from sqlalchemy.orm import joinedload
             from webhelpers.feedgenerator import Atom1Feed, Rss201rev2Feed
             from webob.exc import HTTPBadRequest
             from pylons import request, tmpl_context as c, response, url
             from pylons.i18n.translation import _
-            from rhodecode.controllers.admin.admin import _journal_filter
+            from rhodecode.controllers.admin.admin import user_log_filter
             from rhodecode.model.db import UserLog, UserFollowing, User, UserApiKeys
             from rhodecode.model.meta import Session
             import rhodecode.lib.helpers as h
             from rhodecode.lib.helpers import Page
             from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
             from rhodecode.lib.base import BaseController, render
             from rhodecode.lib.utils2 import safe_int, AttributeDict
             log = logging.getLogger(__name__)
             class JournalController(BaseController):
                 def __before__(self):
                     super(JournalController, self).__before__()
                     self.language = 'en-us'
                     self.ttl = "5"
                     self.feed_nr = 20
                     c.search_term = request.GET.get('filter')
                 def _get_daily_aggregate(self, journal):
                     groups = []
                     for k, g in groupby(journal, lambda x: x.action_as_day):
                         user_group = []
                         #groupby username if it's a present value, else fallback to journal username
                         for _, g2 in groupby(list(g), lambda x: x.user.username if x.user else x.username):
                             l = list(g2)
                             user_group.append((l[0].user, l))
                         groups.append((k, user_group,))
                     return groups
                 def _get_journal_data(self, following_repos):
                     repo_ids = [x.follows_repository.repo_id for x in following_repos
                                 if x.follows_repository is not None]
                     user_ids = [x.follows_user.user_id for x in following_repos
                                 if x.follows_user is not None]
                     filtering_criterion = None
                     if repo_ids and user_ids:
                         filtering_criterion = or_(UserLog.repository_id.in_(repo_ids),
                                     UserLog.user_id.in_(user_ids))
                     if repo_ids and not user_ids:
                         filtering_criterion = UserLog.repository_id.in_(repo_ids)
                     if not repo_ids and user_ids:
                         filtering_criterion = UserLog.user_id.in_(user_ids)
                     if filtering_criterion is not None:
                         journal = self.sa.query(UserLog)\
                             .options(joinedload(UserLog.user))\
                             .options(joinedload(UserLog.repository))
                         #filter
                         try:
-                            journal = _journal_filter(journal, c.search_term)
+                            journal = user_log_filter(journal, c.search_term)
                         except Exception:
                             # we want this to crash for now
                             raise
                         journal = journal.filter(filtering_criterion)\
                                     .order_by(UserLog.action_date.desc())
                     else:
                         journal = []
                     return journal
                 def _atom_feed(self, repos, public=True):
                     journal = self._get_journal_data(repos)
                     if public:
                         _link = url('public_journal_atom', qualified=True)
                         _desc = '%s %s %s' % (c.rhodecode_name, _('public journal'),
                                               'atom feed')
                     else:
                         _link = url('journal_atom', qualified=True)
                         _desc = '%s %s %s' % (c.rhodecode_name, _('journal'), 'atom feed')
                     feed = Atom1Feed(title=_desc,
                                      link=_link,
                                      description=_desc,
                                      language=self.language,
                                      ttl=self.ttl)
                     for entry in journal[:self.feed_nr]:
                         user = entry.user
                         if user is None:
                             #fix deleted users
                             user = AttributeDict({'short_contact': entry.username,
                                                   'email': '',
                                                   'full_contact': ''})
                         action, action_extra, ico = h.action_parser(entry, feed=True)
                         title = "%s - %s %s" % (user.short_contact, action(),
                                                 entry.repository.repo_name)
                         desc = action_extra()
                         _url = None
                         if entry.repository is not None:
                             _url = url('changelog_home',
                                        repo_name=entry.repository.repo_name,
                                        qualified=True)
                         feed.add_item(title=title,
                                       pubdate=entry.action_date,
                                       link=_url or url('', qualified=True),
                                       author_email=user.email,
                                       author_name=user.full_contact,
                                       description=desc)
                     response.content_type = feed.mime_type
                     return feed.writeString('utf-8')
                 def _rss_feed(self, repos, public=True):
                     journal = self._get_journal_data(repos)
                     if public:
                         _link = url('public_journal_atom', qualified=True)
                         _desc = '%s %s %s' % (c.rhodecode_name, _('public journal'),
                                               'rss feed')
                     else:
                         _link = url('journal_atom', qualified=True)
                         _desc = '%s %s %s' % (c.rhodecode_name, _('journal'), 'rss feed')
                     feed = Rss201rev2Feed(title=_desc,
                                      link=_link,
                                      description=_desc,
                                      language=self.language,
                                      ttl=self.ttl)
                     for entry in journal[:self.feed_nr]:
                         user = entry.user
                         if user is None:
                             #fix deleted users
                             user = AttributeDict({'short_contact': entry.username,
                                                   'email': '',
                                                   'full_contact': ''})
                         action, action_extra, ico = h.action_parser(entry, feed=True)
                         title = "%s - %s %s" % (user.short_contact, action(),
                                                 entry.repository.repo_name)
                         desc = action_extra()
                         _url = None
                         if entry.repository is not None:
                             _url = url('changelog_home',
                                        repo_name=entry.repository.repo_name,
                                        qualified=True)
                         feed.add_item(title=title,
                                       pubdate=entry.action_date,
                                       link=_url or url('', qualified=True),
                                       author_email=user.email,
                                       author_name=user.full_contact,
                                       description=desc)
                     response.content_type = feed.mime_type
                     return feed.writeString('utf-8')
                 @LoginRequired()
                 @NotAnonymous()
                 def index(self):
                     # Return a rendered template
                     p = safe_int(request.GET.get('page', 1), 1)
                     c.user = User.get(c.rhodecode_user.user_id)
                     following = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.user_id == c.rhodecode_user.user_id)\
                         .options(joinedload(UserFollowing.follows_repository))\
                         .all()
                     journal = self._get_journal_data(following)
                     def url_generator(**kw):
                         return url.current(filter=c.search_term, **kw)
                     c.journal_pager = Page(journal, page=p, items_per_page=20, url=url_generator)
                     c.journal_day_aggreagate = self._get_daily_aggregate(c.journal_pager)
                     c.journal_data = render('journal/journal_data.mako')
                     if request.is_xhr:
                         return c.journal_data
                     return render('journal/journal.mako')
                 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_FEED])
                 @NotAnonymous()
                 def journal_atom(self):
                     """
                     Produce an atom-1.0 feed via feedgenerator module
                     """
                     following = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.user_id == c.rhodecode_user.user_id)\
                         .options(joinedload(UserFollowing.follows_repository))\
                         .all()
                     return self._atom_feed(following, public=False)
                 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_FEED])
                 @NotAnonymous()
                 def journal_rss(self):
                     """
                     Produce an rss feed via feedgenerator module
                     """
                     following = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.user_id == c.rhodecode_user.user_id)\
                         .options(joinedload(UserFollowing.follows_repository))\
                         .all()
                     return self._rss_feed(following, public=False)
                 @CSRFRequired()
                 @LoginRequired()
                 @NotAnonymous()
                 def toggle_following(self):
                     user_id = request.POST.get('follows_user_id')
                     if user_id:
                         try:
                             self.scm_model.toggle_following_user(
                                 user_id, c.rhodecode_user.user_id)
                             Session().commit()
                             return 'ok'
                         except Exception:
                             raise HTTPBadRequest()
                     repo_id = request.POST.get('follows_repo_id')
                     if repo_id:
                         try:
                             self.scm_model.toggle_following_repo(
                                 repo_id, c.rhodecode_user.user_id)
                             Session().commit()
                             return 'ok'
                         except Exception:
                             raise HTTPBadRequest()
                 @LoginRequired()
                 def public_journal(self):
                     # Return a rendered template
                     p = safe_int(request.GET.get('page', 1), 1)
                     c.following = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.user_id == c.rhodecode_user.user_id)\
                         .options(joinedload(UserFollowing.follows_repository))\
                         .all()
                     journal = self._get_journal_data(c.following)
                     c.journal_pager = Page(journal, page=p, items_per_page=20)
                     c.journal_day_aggreagate = self._get_daily_aggregate(c.journal_pager)
                     c.journal_data = render('journal/journal_data.mako')
                     if request.is_xhr:
                         return c.journal_data
                     return render('journal/public_journal.mako')
                 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_FEED])
                 def public_journal_atom(self):
                     """
                     Produce an atom-1.0 feed via feedgenerator module
                     """
                     c.following = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.user_id == c.rhodecode_user.user_id)\
                         .options(joinedload(UserFollowing.follows_repository))\
                         .all()
                     return self._atom_feed(c.following)
                 @LoginRequired(auth_token_access=[UserApiKeys.ROLE_FEED])
                 def public_journal_rss(self):
                     """
                     Produce an rss2 feed via feedgenerator module
                     """
                     c.following = self.sa.query(UserFollowing)\
                         .filter(UserFollowing.user_id == c.rhodecode_user.user_id)\
                         .options(joinedload(UserFollowing.follows_repository))\
                         .all()
                     return self._rss_feed(c.following)

rhodecode/model/user.py

0 +13 -1

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             users model for RhodeCode
             """
             import logging
             import traceback
             import datetime
             from pylons.i18n.translation import _
             import ipaddress
             from sqlalchemy.exc import DatabaseError
             from sqlalchemy.sql.expression import true, false
             from rhodecode import events
+            from rhodecode.lib.user_log_filter import user_log_filter
             from rhodecode.lib.utils2 import (
                 safe_unicode, get_current_rhodecode_user, action_logger_generic,
                 AttributeDict, str2bool)
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import BaseModel
             from rhodecode.model.auth_token import AuthTokenModel
             from rhodecode.model.db import (
-                User, UserToPerm, UserEmailMap, UserIpMap)
+                or_, joinedload, User, UserToPerm, UserEmailMap, UserIpMap, UserLog)
             from rhodecode.lib.exceptions import (
                 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
                 UserOwnsUserGroupsException, NotAllowedToCreateUserError)
             from rhodecode.model.meta import Session
             from rhodecode.model.repo_group import RepoGroupModel
             log = logging.getLogger(__name__)
             class UserModel(BaseModel):
                 cls = User
                 def get(self, user_id, cache=False):
                     user = self.sa.query(User)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % user_id))
                     return user.get(user_id)
                 def get_user(self, user):
                     return self._get_user(user)
                 def get_by_username(self, username, cache=False, case_insensitive=False):
                     if case_insensitive:
                         user = self.sa.query(User).filter(User.username.ilike(username))
                     else:
                         user = self.sa.query(User)\
                             .filter(User.username == username)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % username))
                     return user.scalar()
                 def get_by_email(self, email, cache=False, case_insensitive=False):
                     return User.get_by_email(email, case_insensitive, cache)
                 def get_by_auth_token(self, auth_token, cache=False):
                     return User.get_by_auth_token(auth_token, cache)
                 def get_active_user_count(self, cache=False):
                     return User.query().filter(
                         User.active == True).filter(
                             User.username != User.DEFAULT_USER).count()
                 def create(self, form_data, cur_user=None):
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     user_data = {
                         'username': form_data['username'],
                         'password': form_data['password'],
                         'email': form_data['email'],
                         'firstname': form_data['firstname'],
                         'lastname': form_data['lastname'],
                         'active': form_data['active'],
                         'extern_type': form_data['extern_type'],
                         'extern_name': form_data['extern_name'],
                         'admin': False,
                         'cur_user': cur_user
                     }
                     if 'create_repo_group' in form_data:
                         user_data['create_repo_group'] = str2bool(
                             form_data.get('create_repo_group'))
                     try:
                         if form_data.get('password_change'):
                             user_data['force_password_change'] = True
                         return UserModel().create_or_update(**user_data)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def update_user(self, user, skip_attrs=None, **kwargs):
                     from rhodecode.lib.auth import get_crypt_password
                     user = self._get_user(user)
                     if user.username == User.DEFAULT_USER:
                         raise DefaultUserException(
                             _("You can't Edit this user since it's"
                               " crucial for entire application"))
                     # first store only defaults
                     user_attrs = {
                         'updating_user_id': user.user_id,
                         'username': user.username,
                         'password': user.password,
                         'email': user.email,
                         'firstname': user.name,
                         'lastname': user.lastname,
                         'active': user.active,
                         'admin': user.admin,
                         'extern_name': user.extern_name,
                         'extern_type': user.extern_type,
                         'language': user.user_data.get('language')
                     }
                     # in case there's new_password, that comes from form, use it to
                     # store password
                     if kwargs.get('new_password'):
                         kwargs['password'] = kwargs['new_password']
                     # cleanups, my_account password change form
                     kwargs.pop('current_password', None)
                     kwargs.pop('new_password', None)
                     # cleanups, user edit password change form
                     kwargs.pop('password_confirmation', None)
                     kwargs.pop('password_change', None)
                     # create repo group on user creation
                     kwargs.pop('create_repo_group', None)
                     # legacy forms send name, which is the firstname
                     firstname = kwargs.pop('name', None)
                     if firstname:
                         kwargs['firstname'] = firstname
                     for k, v in kwargs.items():
                         # skip if we don't want to update this
                         if skip_attrs and k in skip_attrs:
                             continue
                         user_attrs[k] = v
                     try:
                         return self.create_or_update(**user_attrs)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def create_or_update(
                         self, username, password, email, firstname='', lastname='',
                         active=True, admin=False, extern_type=None, extern_name=None,
                         cur_user=None, plugin=None, force_password_change=False,
                         allow_to_create_user=True, create_repo_group=None,
                         updating_user_id=None, language=None, strict_creation_check=True):
                     """
                     Creates a new instance if not found, or updates current one
                     :param username:
                     :param password:
                     :param email:
                     :param firstname:
                     :param lastname:
                     :param active:
                     :param admin:
                     :param extern_type:
                     :param extern_name:
                     :param cur_user:
                     :param plugin: optional plugin this method was called from
                     :param force_password_change: toggles new or existing user flag
                         for password change
                     :param allow_to_create_user: Defines if the method can actually create
                         new users
                     :param create_repo_group: Defines if the method should also
                         create an repo group with user name, and owner
                     :param updating_user_id: if we set it up this is the user we want to
                         update this allows to editing username.
                     :param language: language of user from interface.
                     :returns: new User object with injected `is_new_user` attribute.
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     from rhodecode.lib.auth import (
                         get_crypt_password, check_password, generate_auth_token)
                     from rhodecode.lib.hooks_base import (
                         log_create_user, check_allowed_create_user)
                     def _password_change(new_user, password):
                         # empty password
                         if not new_user.password:
                             return False
                         # password check is only needed for RhodeCode internal auth calls
                         # in case it's a plugin we don't care
                         if not plugin:
                             # first check if we gave crypted password back, and if it
                             # matches it's not password change
                             if new_user.password == password:
                                 return False
                             password_match = check_password(password, new_user.password)
                             if not password_match:
                                 return True
                         return False
                     # read settings on default personal repo group creation
                     if create_repo_group is None:
                         default_create_repo_group = RepoGroupModel()\
                             .get_default_create_personal_repo_group()
                         create_repo_group = default_create_repo_group
                     user_data = {
                         'username': username,
                         'password': password,
                         'email': email,
                         'firstname': firstname,
                         'lastname': lastname,
                         'active': active,
                         'admin': admin
                     }
                     if updating_user_id:
                         log.debug('Checking for existing account in RhodeCode '
                                   'database with user_id `%s` ' % (updating_user_id,))
                         user = User.get(updating_user_id)
                     else:
                         log.debug('Checking for existing account in RhodeCode '
                                   'database with username `%s` ' % (username,))
                         user = User.get_by_username(username, case_insensitive=True)
                     if user is None:
                         # we check internal flag if this method is actually allowed to
                         # create new user
                         if not allow_to_create_user:
                             msg = ('Method wants to create new user, but it is not '
                                    'allowed to do so')
                             log.warning(msg)
                             raise NotAllowedToCreateUserError(msg)
                         log.debug('Creating new user %s', username)
                         # only if we create user that is active
                         new_active_user = active
                         if new_active_user and strict_creation_check:
                             # raises UserCreationError if it's not allowed for any reason to
                             # create new active user, this also executes pre-create hooks
                             check_allowed_create_user(user_data, cur_user, strict_check=True)
                         events.trigger(events.UserPreCreate(user_data))
                         new_user = User()
                         edit = False
                     else:
                         log.debug('updating user %s', username)
                         events.trigger(events.UserPreUpdate(user, user_data))
                         new_user = user
                         edit = True
                         # we're not allowed to edit default user
                         if user.username == User.DEFAULT_USER:
                             raise DefaultUserException(
                                 _("You can't edit this user (`%(username)s`) since it's "
                                   "crucial for entire application") % {'username': user.username})
                     # inject special attribute that will tell us if User is new or old
                     new_user.is_new_user = not edit
                     # for users that didn's specify auth type, we use RhodeCode built in
                     from rhodecode.authentication.plugins import auth_rhodecode
                     extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
                     extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
                     try:
                         new_user.username = username
                         new_user.admin = admin
                         new_user.email = email
                         new_user.active = active
                         new_user.extern_name = safe_unicode(extern_name)
                         new_user.extern_type = safe_unicode(extern_type)
                         new_user.name = firstname
                         new_user.lastname = lastname
                         # set password only if creating an user or password is changed
                         if not edit or _password_change(new_user, password):
                             reason = 'new password' if edit else 'new user'
                             log.debug('Updating password reason=>%s', reason)
                             new_user.password = get_crypt_password(password) if password else None
                         if force_password_change:
                             new_user.update_userdata(force_password_change=True)
                         if language:
                             new_user.update_userdata(language=language)
                         new_user.update_userdata(notification_status=True)
                         self.sa.add(new_user)
                         if not edit and create_repo_group:
                             RepoGroupModel().create_personal_repo_group(
                                 new_user, commit_early=False)
                         if not edit:
                             # add the RSS token
                             AuthTokenModel().create(username,
                                                     description='Generated feed token',
                                                     role=AuthTokenModel.cls.ROLE_FEED)
                             log_create_user(created_by=cur_user, **new_user.get_dict())
                             events.trigger(events.UserPostCreate(user_data))
                         return new_user
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         raise
                 def create_registration(self, form_data):
                     from rhodecode.model.notification import NotificationModel
                     from rhodecode.model.notification import EmailNotificationModel
                     try:
                         form_data['admin'] = False
                         form_data['extern_name'] = 'rhodecode'
                         form_data['extern_type'] = 'rhodecode'
                         new_user = self.create(form_data)
                         self.sa.add(new_user)
                         self.sa.flush()
                         user_data = new_user.get_dict()
                         kwargs = {
                             # use SQLALCHEMY safe dump of user data
                             'user': AttributeDict(user_data),
                             'date': datetime.datetime.now()
                         }
                         notification_type = EmailNotificationModel.TYPE_REGISTRATION
                         # pre-generate the subject for notification itself
                         (subject,
                          _h, _e,  # we don't care about those
                          body_plaintext) = EmailNotificationModel().render_email(
                             notification_type, **kwargs)
                         # create notification objects, and emails
                         NotificationModel().create(
                             created_by=new_user,
                             notification_subject=subject,
                             notification_body=body_plaintext,
                             notification_type=notification_type,
                             recipients=None,  # all admins
                             email_kwargs=kwargs,
                         )
                         return new_user
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _handle_user_repos(self, username, repositories, handle_mode=None):
                     _superadmin = self.cls.get_first_super_admin()
                     left_overs = True
                     from rhodecode.model.repo import RepoModel
                     if handle_mode == 'detach':
                         for obj in repositories:
                             obj.user = _superadmin
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             obj.description += '  \n::detached repository from deleted user: %s' % (username,)
                             self.sa.add(obj)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for obj in repositories:
                             RepoModel().delete(obj, forks='detach')
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def _handle_user_repo_groups(self, username, repository_groups,
                                              handle_mode=None):
                     _superadmin = self.cls.get_first_super_admin()
                     left_overs = True
                     from rhodecode.model.repo_group import RepoGroupModel
                     if handle_mode == 'detach':
                         for r in repository_groups:
                             r.user = _superadmin
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             r.group_description += '  \n::detached repository group from deleted user: %s' % (username,)
                             self.sa.add(r)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for r in repository_groups:
                             RepoGroupModel().delete(r)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
                     _superadmin = self.cls.get_first_super_admin()
                     left_overs = True
                     from rhodecode.model.user_group import UserGroupModel
                     if handle_mode == 'detach':
                         for r in user_groups:
                             for user_user_group_to_perm in r.user_user_group_to_perm:
                                 if user_user_group_to_perm.user.username == username:
                                     user_user_group_to_perm.user = _superadmin
                             r.user = _superadmin
                             # set description we know why we super admin now owns
                             # additional repositories that were orphaned !
                             r.user_group_description += '  \n::detached user group from deleted user: %s' % (username,)
                             self.sa.add(r)
                         left_overs = False
                     elif handle_mode == 'delete':
                         for r in user_groups:
                             UserGroupModel().delete(r)
                         left_overs = False
                     # if nothing is done we have left overs left
                     return left_overs
                 def delete(self, user, cur_user=None, handle_repos=None,
                            handle_repo_groups=None, handle_user_groups=None):
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     user = self._get_user(user)
                     try:
                         if user.username == User.DEFAULT_USER:
                             raise DefaultUserException(
                                 _(u"You can't remove this user since it's"
                                   u" crucial for entire application"))
                         left_overs = self._handle_user_repos(
                             user.username, user.repositories, handle_repos)
                         if left_overs and user.repositories:
                             repos = [x.repo_name for x in user.repositories]
                             raise UserOwnsReposException(
                                 _(u'user "%s" still owns %s repositories and cannot be '
                                   u'removed. Switch owners or remove those repositories:%s')
                                 % (user.username, len(repos), ', '.join(repos)))
                         left_overs = self._handle_user_repo_groups(
                             user.username, user.repository_groups, handle_repo_groups)
                         if left_overs and user.repository_groups:
                             repo_groups = [x.group_name for x in user.repository_groups]
                             raise UserOwnsRepoGroupsException(
                                 _(u'user "%s" still owns %s repository groups and cannot be '
                                   u'removed. Switch owners or remove those repository groups:%s')
                                 % (user.username, len(repo_groups), ', '.join(repo_groups)))
                         left_overs = self._handle_user_user_groups(
                             user.username, user.user_groups, handle_user_groups)
                         if left_overs and user.user_groups:
                             user_groups = [x.users_group_name for x in user.user_groups]
                             raise UserOwnsUserGroupsException(
                                 _(u'user "%s" still owns %s user groups and cannot be '
                                   u'removed. Switch owners or remove those user groups:%s')
                                 % (user.username, len(user_groups), ', '.join(user_groups)))
                         # we might change the user data with detach/delete, make sure
                         # the object is marked as expired before actually deleting !
                         self.sa.expire(user)
                         self.sa.delete(user)
                         from rhodecode.lib.hooks_base import log_delete_user
                         log_delete_user(deleted_by=cur_user, **user.get_dict())
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def reset_password_link(self, data, pwd_reset_url):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.model.notification import EmailNotificationModel
                     user_email = data['email']
                     try:
                         user = User.get_by_email(user_email)
                         if user:
                             log.debug('password reset user found %s', user)
                             email_kwargs = {
                                 'password_reset_url': pwd_reset_url,
                                 'user': user,
                                 'email': user_email,
                                 'date': datetime.datetime.now()
                             }
                             (subject, headers, email_body,
                              email_body_plaintext) = EmailNotificationModel().render_email(
                                 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
                             recipients = [user_email]
                             action_logger_generic(
                                 'sending password reset email to user: {}'.format(
                                     user), namespace='security.password_reset')
                             run_task(tasks.send_email, recipients, subject,
                                      email_body_plaintext, email_body)
                         else:
                             log.debug("password reset email %s not found", user_email)
                     except Exception:
                         log.error(traceback.format_exc())
                         return False
                     return True
                 def reset_password(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     from rhodecode.model.notification import EmailNotificationModel
                     from rhodecode.lib import auth
                     user_email = data['email']
                     pre_db = True
                     try:
                         user = User.get_by_email(user_email)
                         new_passwd = auth.PasswordGenerator().gen_password(
 , auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
                         if user:
                             user.password = auth.get_crypt_password(new_passwd)
                             # also force this user to reset his password !
                             user.update_userdata(force_password_change=True)
                             Session().add(user)
                             # now delete the token in question
                             UserApiKeys = AuthTokenModel.cls
                             UserApiKeys().query().filter(
                                 UserApiKeys.api_key == data['token']).delete()
                             Session().commit()
                             log.info('successfully reset password for `%s`', user_email)
                         if new_passwd is None:
                             raise Exception('unable to generate new password')
                         pre_db = False
                         email_kwargs = {
                             'new_password': new_passwd,
                             'user': user,
                             'email': user_email,
                             'date': datetime.datetime.now()
                         }
                         (subject, headers, email_body,
                          email_body_plaintext) = EmailNotificationModel().render_email(
                             EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION,
                             **email_kwargs)
                         recipients = [user_email]
                         action_logger_generic(
                             'sent new password to user: {} with email: {}'.format(
                                 user, user_email), namespace='security.password_reset')
                         run_task(tasks.send_email, recipients, subject,
                                  email_body_plaintext, email_body)
                     except Exception:
                         log.error('Failed to update user password')
                         log.error(traceback.format_exc())
                         if pre_db:
                             # we rollback only if local db stuff fails. If it goes into
                             # run_task, we're pass rollback state this wouldn't work then
                             Session().rollback()
                     return True
                 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
                     """
                     Fetches auth_user by user_id,or api_key if present.
                     Fills auth_user attributes with those taken from database.
                     Additionally set's is_authenitated if lookup fails
                     present in database
                     :param auth_user: instance of user to set attributes
                     :param user_id: user id to fetch by
                     :param api_key: api key to fetch by
                     :param username: username to fetch by
                     """
                     if user_id is None and api_key is None and username is None:
                         raise Exception('You need to pass user_id, api_key or username')
                     log.debug(
                         'doing fill data based on: user_id:%s api_key:%s username:%s',
                         user_id, api_key, username)
                     try:
                         dbuser = None
                         if user_id:
                             dbuser = self.get(user_id)
                         elif api_key:
                             dbuser = self.get_by_auth_token(api_key)
                         elif username:
                             dbuser = self.get_by_username(username)
                         if not dbuser:
                             log.warning(
                                 'Unable to lookup user by id:%s api_key:%s username:%s',
                                 user_id, api_key, username)
                             return False
                         if not dbuser.active:
                             log.debug('User `%s` is inactive, skipping fill data', username)
                             return False
                         log.debug('filling user:%s data', dbuser)
                         # TODO: johbo: Think about this and find a clean solution
                         user_data = dbuser.get_dict()
                         user_data.update(dbuser.get_api_data(include_secrets=True))
                         for k, v in user_data.iteritems():
                             # properties of auth user we dont update
                             if k not in ['auth_tokens', 'permissions']:
                                 setattr(auth_user, k, v)
                         # few extras
                         setattr(auth_user, 'feed_token', dbuser.feed_token)
                     except Exception:
                         log.error(traceback.format_exc())
                         auth_user.is_authenticated = False
                         return False
                     return True
                 def has_perm(self, user, perm):
                     perm = self._get_perm(perm)
                     user = self._get_user(user)
                     return UserToPerm.query().filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user, perm):
                     """
                     Grant user global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserToPerm.query()\
                         .filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserToPerm()
                     new.user = user
                     new.permission = perm
                     self.sa.add(new)
                     return new
                 def revoke_perm(self, user, perm):
                     """
                     Revoke users global permissions
                     :param user:
                     :param perm:
                     """
                     user = self._get_user(user)
                     perm = self._get_perm(perm)
                     obj = UserToPerm.query()\
                             .filter(UserToPerm.user == user)\
                             .filter(UserToPerm.permission == perm)\
                             .scalar()
                     if obj:
                         self.sa.delete(obj)
                 def add_extra_email(self, user, email):
                     """
                     Adds email address to UserEmailMap
                     :param user:
                     :param email:
                     """
                     from rhodecode.model import forms
                     form = forms.UserExtraEmailForm()()
                     data = form.to_python({'email': email})
                     user = self._get_user(user)
                     obj = UserEmailMap()
                     obj.user = user
                     obj.email = data['email']
                     self.sa.add(obj)
                     return obj
                 def delete_extra_email(self, user, email_id):
                     """
                     Removes email address from UserEmailMap
                     :param user:
                     :param email_id:
                     """
                     user = self._get_user(user)
                     obj = UserEmailMap.query().get(email_id)
                     if obj:
                         self.sa.delete(obj)
                 def parse_ip_range(self, ip_range):
                     ip_list = []
                     def make_unique(value):
                         seen = []
                         return [c for c in value if not (c in seen or seen.append(c))]
                     # firsts split by commas
                     for ip_range in ip_range.split(','):
                         if not ip_range:
                             continue
                         ip_range = ip_range.strip()
                         if '-' in ip_range:
                             start_ip, end_ip = ip_range.split('-', 1)
                             start_ip = ipaddress.ip_address(start_ip.strip())
                             end_ip = ipaddress.ip_address(end_ip.strip())
                             parsed_ip_range = []
                             for index in xrange(int(start_ip), int(end_ip) + 1):
                                 new_ip = ipaddress.ip_address(index)
                                 parsed_ip_range.append(str(new_ip))
                             ip_list.extend(parsed_ip_range)
                         else:
                             ip_list.append(ip_range)
                     return make_unique(ip_list)
                 def add_extra_ip(self, user, ip, description=None):
                     """
                     Adds ip address to UserIpMap
                     :param user:
                     :param ip:
                     """
                     from rhodecode.model import forms
                     form = forms.UserExtraIpForm()()
                     data = form.to_python({'ip': ip})
                     user = self._get_user(user)
                     obj = UserIpMap()
                     obj.user = user
                     obj.ip_addr = data['ip']
                     obj.description = description
                     self.sa.add(obj)
                     return obj
                 def delete_extra_ip(self, user, ip_id):
                     """
                     Removes ip address from UserIpMap
                     :param user:
                     :param ip_id:
                     """
                     user = self._get_user(user)
                     obj = UserIpMap.query().get(ip_id)
                     if obj:
                         self.sa.delete(obj)
                 def get_accounts_in_creation_order(self, current_user=None):
                     """
                     Get accounts in order of creation for deactivation for license limits
                     pick currently logged in user, and append to the list in position 0
                     pick all super-admins in order of creation date and add it to the list
                     pick all other accounts in order of creation and add it to the list.
                     Based on that list, the last accounts can be disabled as they are
                     created at the end and don't include any of the super admins as well
                     as the current user.
                     :param current_user: optionally current user running this operation
                     """
                     if not current_user:
                         current_user = get_current_rhodecode_user()
                     active_super_admins = [
                         x.user_id for x in User.query()
                         .filter(User.user_id != current_user.user_id)
                         .filter(User.active == true())
                         .filter(User.admin == true())
                         .order_by(User.created_on.asc())]
                     active_regular_users = [
                         x.user_id for x in User.query()
                         .filter(User.user_id != current_user.user_id)
                         .filter(User.active == true())
                         .filter(User.admin == false())
                         .order_by(User.created_on.asc())]
                     list_of_accounts = [current_user.user_id]
                     list_of_accounts += active_super_admins
                     list_of_accounts += active_regular_users
                     return list_of_accounts
                 def deactivate_last_users(self, expected_users):
                     """
                     Deactivate accounts that are over the license limits.
                     Algorithm of which accounts to disabled is based on the formula:
                     Get current user, then super admins in creation order, then regular
                     active users in creation order.
                     Using that list we mark all accounts from the end of it as inactive.
                     This way we block only latest created accounts.
                     :param expected_users: list of users in special order, we deactivate
                         the end N ammoun of users from that list
                     """
                     list_of_accounts = self.get_accounts_in_creation_order()
                     for acc_id in list_of_accounts[expected_users + 1:]:
                         user = User.get(acc_id)
                         log.info('Deactivating account %s for license unlock', user)
                         user.active = False
                         Session().add(user)
                         Session().commit()
                     return
+                def get_user_log(self, user, filter_term):
+                    user_log = UserLog.query()\
+                        .filter(or_(UserLog.user_id == user.user_id,
+                                    UserLog.username == user.username))\
+                        .options(joinedload(UserLog.user))\
+                        .options(joinedload(UserLog.repository))\
+                        .order_by(UserLog.action_date.desc())
+                    user_log = user_log_filter(user_log, filter_term)
+                    return user_log

rhodecode/templates/admin/users/user_edit.mako

0 +2 -5

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.mako"/>
             <%def name="title()">
                 ${_('%s user settings') % c.user.username}
                 %if c.rhodecode_name:
                     &middot; ${h.branding(c.rhodecode_name)}
                 %endif
             </%def>
             <%def name="breadcrumbs_links()">
                 ${h.link_to(_('Admin'),h.url('admin_home'))}
                 &raquo;
                 ${h.link_to(_('Users'),h.route_path('users'))}
                 &raquo;
                 ${c.user.username}
             </%def>
             <%def name="menu_bar_nav()">
                 ${self.menu_items(active='admin')}
             </%def>
             <%def name="main()">
             <div class="box user_settings">
                 <div class="title">
                     ${self.breadcrumbs()}
                 </div>
                 ##main
               <div class="sidebar-col-wrapper">
                 <div class="sidebar">
                     <ul class="nav nav-pills nav-stacked">
                       <li class="${'active' if c.active=='profile' else ''}"><a href="${h.url('edit_user', user_id=c.user.user_id)}">${_('User Profile')}</a></li>
                       <li class="${'active' if c.active=='auth_tokens' else ''}"><a href="${h.route_path('edit_user_auth_tokens', user_id=c.user.user_id)}">${_('Auth tokens')}</a></li>
                       <li class="${'active' if c.active=='advanced' else ''}"><a href="${h.url('edit_user_advanced', user_id=c.user.user_id)}">${_('Advanced')}</a></li>
                       <li class="${'active' if c.active=='global_perms' else ''}"><a href="${h.url('edit_user_global_perms', user_id=c.user.user_id)}">${_('Global permissions')}</a></li>
                       <li class="${'active' if c.active=='perms_summary' else ''}"><a href="${h.url('edit_user_perms_summary', user_id=c.user.user_id)}">${_('Permissions summary')}</a></li>
                       <li class="${'active' if c.active=='emails' else ''}"><a href="${h.url('edit_user_emails', user_id=c.user.user_id)}">${_('Emails')}</a></li>
                       <li class="${'active' if c.active=='ips' else ''}"><a href="${h.url('edit_user_ips', user_id=c.user.user_id)}">${_('Ip Whitelist')}</a></li>
+                      <li class="${'active' if c.active=='groups' else ''}"><a href="${h.route_path('edit_user_groups_management', user_id=c.user.user_id)}">${_('User Groups Management')}</a></li>
-                        <li class="${'active' if c.active=='groups' else ''}">
+                      <li class="${'active' if c.active=='audit' else ''}"><a href="${h.route_path('edit_user_audit_logs', user_id=c.user.user_id)}">${_('User audit')}</a></li>
-                            <a href="${h.route_path('edit_user_groups_management', user_id=c.user.user_id)}">${_('User Groups Management')}</a>
-                        </li>
                     </ul>
                 </div>
                 <div class="main-content-full-width">
                     <%include file="/admin/users/user_edit_${c.active}.mako"/>
                 </div>
               </div>
             </div>
             </%def>

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages