##// END OF EJS Templates
repo-groups: implemented default personal repo groups logic....
marcink -
r1094:6b71b2c4 default
parent child Browse files
Show More

The requested changes are too big and content was truncated. Show full diff

@@ -0,0 +1,27 b''
1 import logging
2
3 from sqlalchemy import Column, MetaData, Boolean
4
5 from rhodecode.lib.dbmigrate.versions import _reset_base
6
7 log = logging.getLogger(__name__)
8
9
10 def upgrade(migrate_engine):
11 """
12 Upgrade operations go here.
13 Don't create your own engine; bind migrate_engine to your metadata
14 """
15 _reset_base(migrate_engine)
16 from rhodecode.lib.dbmigrate.schema import db_4_5_0_0 as db
17
18 # Add personal column to RepoGroup table.
19 rg_table = db.RepoGroup.__table__
20 rg_col = Column(
21 'personal', Boolean(), nullable=True, unique=None, default=None)
22 rg_col.create(table=rg_table)
23
24
25 def downgrade(migrate_engine):
26 meta = MetaData()
27 meta.bind = migrate_engine
@@ -1,63 +1,63 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22
22
23 RhodeCode, a web based repository management software
23 RhodeCode, a web based repository management software
24 versioning implementation: http://www.python.org/dev/peps/pep-0386/
24 versioning implementation: http://www.python.org/dev/peps/pep-0386/
25 """
25 """
26
26
27 import os
27 import os
28 import sys
28 import sys
29 import platform
29 import platform
30
30
31 VERSION = tuple(open(os.path.join(
31 VERSION = tuple(open(os.path.join(
32 os.path.dirname(__file__), 'VERSION')).read().split('.'))
32 os.path.dirname(__file__), 'VERSION')).read().split('.'))
33
33
34 BACKENDS = {
34 BACKENDS = {
35 'hg': 'Mercurial repository',
35 'hg': 'Mercurial repository',
36 'git': 'Git repository',
36 'git': 'Git repository',
37 'svn': 'Subversion repository',
37 'svn': 'Subversion repository',
38 }
38 }
39
39
40 CELERY_ENABLED = False
40 CELERY_ENABLED = False
41 CELERY_EAGER = False
41 CELERY_EAGER = False
42
42
43 # link to config for pylons
43 # link to config for pylons
44 CONFIG = {}
44 CONFIG = {}
45
45
46 # Populated with the settings dictionary from application init in
46 # Populated with the settings dictionary from application init in
47 # rhodecode.conf.environment.load_pyramid_environment
47 # rhodecode.conf.environment.load_pyramid_environment
48 PYRAMID_SETTINGS = {}
48 PYRAMID_SETTINGS = {}
49
49
50 # Linked module for extensions
50 # Linked module for extensions
51 EXTENSIONS = {}
51 EXTENSIONS = {}
52
52
53 __version__ = ('.'.join((str(each) for each in VERSION[:3])))
53 __version__ = ('.'.join((str(each) for each in VERSION[:3])))
54 __dbversion__ = 62 # defines current db version for migrations
54 __dbversion__ = 63 # defines current db version for migrations
55 __platform__ = platform.system()
55 __platform__ = platform.system()
56 __license__ = 'AGPLv3, and Commercial License'
56 __license__ = 'AGPLv3, and Commercial License'
57 __author__ = 'RhodeCode GmbH'
57 __author__ = 'RhodeCode GmbH'
58 __url__ = 'http://rhodecode.com'
58 __url__ = 'http://rhodecode.com'
59
59
60 is_windows = __platform__ in ['Windows']
60 is_windows = __platform__ in ['Windows']
61 is_unix = not is_windows
61 is_unix = not is_windows
62 is_test = False
62 is_test = False
63 disable_error_handler = False
63 disable_error_handler = False
@@ -1,466 +1,472 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2016 RhodeCode GmbH
3 # Copyright (C) 2011-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCForbidden
23 from rhodecode.api import jsonrpc_method, JSONRPCError, JSONRPCForbidden
24 from rhodecode.api.utils import (
24 from rhodecode.api.utils import (
25 Optional, OAttr, has_superadmin_permission, get_user_or_error, store_update)
25 Optional, OAttr, has_superadmin_permission, get_user_or_error, store_update)
26 from rhodecode.lib.auth import AuthUser, PasswordGenerator
26 from rhodecode.lib.auth import AuthUser, PasswordGenerator
27 from rhodecode.lib.exceptions import DefaultUserException
27 from rhodecode.lib.exceptions import DefaultUserException
28 from rhodecode.lib.utils2 import safe_int
28 from rhodecode.lib.utils2 import safe_int, str2bool
29 from rhodecode.model.db import Session, User, Repository
29 from rhodecode.model.db import Session, User, Repository
30 from rhodecode.model.user import UserModel
30 from rhodecode.model.user import UserModel
31
31
32
32
33 log = logging.getLogger(__name__)
33 log = logging.getLogger(__name__)
34
34
35
35
36 @jsonrpc_method()
36 @jsonrpc_method()
37 def get_user(request, apiuser, userid=Optional(OAttr('apiuser'))):
37 def get_user(request, apiuser, userid=Optional(OAttr('apiuser'))):
38 """
38 """
39 Returns the information associated with a username or userid.
39 Returns the information associated with a username or userid.
40
40
41 * If the ``userid`` is not set, this command returns the information
41 * If the ``userid`` is not set, this command returns the information
42 for the ``userid`` calling the method.
42 for the ``userid`` calling the method.
43
43
44 .. note::
44 .. note::
45
45
46 Normal users may only run this command against their ``userid``. For
46 Normal users may only run this command against their ``userid``. For
47 full privileges you must run this command using an |authtoken| with
47 full privileges you must run this command using an |authtoken| with
48 admin rights.
48 admin rights.
49
49
50 :param apiuser: This is filled automatically from the |authtoken|.
50 :param apiuser: This is filled automatically from the |authtoken|.
51 :type apiuser: AuthUser
51 :type apiuser: AuthUser
52 :param userid: Sets the userid for which data will be returned.
52 :param userid: Sets the userid for which data will be returned.
53 :type userid: Optional(str or int)
53 :type userid: Optional(str or int)
54
54
55 Example output:
55 Example output:
56
56
57 .. code-block:: bash
57 .. code-block:: bash
58
58
59 {
59 {
60 "error": null,
60 "error": null,
61 "id": <id>,
61 "id": <id>,
62 "result": {
62 "result": {
63 "active": true,
63 "active": true,
64 "admin": false,
64 "admin": false,
65 "api_key": "api-key",
65 "api_key": "api-key",
66 "api_keys": [ list of keys ],
66 "api_keys": [ list of keys ],
67 "email": "user@example.com",
67 "email": "user@example.com",
68 "emails": [
68 "emails": [
69 "user@example.com"
69 "user@example.com"
70 ],
70 ],
71 "extern_name": "rhodecode",
71 "extern_name": "rhodecode",
72 "extern_type": "rhodecode",
72 "extern_type": "rhodecode",
73 "firstname": "username",
73 "firstname": "username",
74 "ip_addresses": [],
74 "ip_addresses": [],
75 "language": null,
75 "language": null,
76 "last_login": "Timestamp",
76 "last_login": "Timestamp",
77 "lastname": "surnae",
77 "lastname": "surnae",
78 "permissions": {
78 "permissions": {
79 "global": [
79 "global": [
80 "hg.inherit_default_perms.true",
80 "hg.inherit_default_perms.true",
81 "usergroup.read",
81 "usergroup.read",
82 "hg.repogroup.create.false",
82 "hg.repogroup.create.false",
83 "hg.create.none",
83 "hg.create.none",
84 "hg.password_reset.enabled",
84 "hg.password_reset.enabled",
85 "hg.extern_activate.manual",
85 "hg.extern_activate.manual",
86 "hg.create.write_on_repogroup.false",
86 "hg.create.write_on_repogroup.false",
87 "hg.usergroup.create.false",
87 "hg.usergroup.create.false",
88 "group.none",
88 "group.none",
89 "repository.none",
89 "repository.none",
90 "hg.register.none",
90 "hg.register.none",
91 "hg.fork.repository"
91 "hg.fork.repository"
92 ],
92 ],
93 "repositories": { "username/example": "repository.write"},
93 "repositories": { "username/example": "repository.write"},
94 "repositories_groups": { "user-group/repo": "group.none" },
94 "repositories_groups": { "user-group/repo": "group.none" },
95 "user_groups": { "user_group_name": "usergroup.read" }
95 "user_groups": { "user_group_name": "usergroup.read" }
96 },
96 },
97 "user_id": 32,
97 "user_id": 32,
98 "username": "username"
98 "username": "username"
99 }
99 }
100 }
100 }
101 """
101 """
102
102
103 if not has_superadmin_permission(apiuser):
103 if not has_superadmin_permission(apiuser):
104 # make sure normal user does not pass someone else userid,
104 # make sure normal user does not pass someone else userid,
105 # he is not allowed to do that
105 # he is not allowed to do that
106 if not isinstance(userid, Optional) and userid != apiuser.user_id:
106 if not isinstance(userid, Optional) and userid != apiuser.user_id:
107 raise JSONRPCError('userid is not the same as your user')
107 raise JSONRPCError('userid is not the same as your user')
108
108
109 userid = Optional.extract(userid, evaluate_locals=locals())
109 userid = Optional.extract(userid, evaluate_locals=locals())
110 userid = getattr(userid, 'user_id', userid)
110 userid = getattr(userid, 'user_id', userid)
111
111
112 user = get_user_or_error(userid)
112 user = get_user_or_error(userid)
113 data = user.get_api_data(include_secrets=True)
113 data = user.get_api_data(include_secrets=True)
114 data['permissions'] = AuthUser(user_id=user.user_id).permissions
114 data['permissions'] = AuthUser(user_id=user.user_id).permissions
115 return data
115 return data
116
116
117
117
118 @jsonrpc_method()
118 @jsonrpc_method()
119 def get_users(request, apiuser):
119 def get_users(request, apiuser):
120 """
120 """
121 Lists all users in the |RCE| user database.
121 Lists all users in the |RCE| user database.
122
122
123 This command can only be run using an |authtoken| with admin rights to
123 This command can only be run using an |authtoken| with admin rights to
124 the specified repository.
124 the specified repository.
125
125
126 This command takes the following options:
126 This command takes the following options:
127
127
128 :param apiuser: This is filled automatically from the |authtoken|.
128 :param apiuser: This is filled automatically from the |authtoken|.
129 :type apiuser: AuthUser
129 :type apiuser: AuthUser
130
130
131 Example output:
131 Example output:
132
132
133 .. code-block:: bash
133 .. code-block:: bash
134
134
135 id : <id_given_in_input>
135 id : <id_given_in_input>
136 result: [<user_object>, ...]
136 result: [<user_object>, ...]
137 error: null
137 error: null
138 """
138 """
139
139
140 if not has_superadmin_permission(apiuser):
140 if not has_superadmin_permission(apiuser):
141 raise JSONRPCForbidden()
141 raise JSONRPCForbidden()
142
142
143 result = []
143 result = []
144 users_list = User.query().order_by(User.username) \
144 users_list = User.query().order_by(User.username) \
145 .filter(User.username != User.DEFAULT_USER) \
145 .filter(User.username != User.DEFAULT_USER) \
146 .all()
146 .all()
147 for user in users_list:
147 for user in users_list:
148 result.append(user.get_api_data(include_secrets=True))
148 result.append(user.get_api_data(include_secrets=True))
149 return result
149 return result
150
150
151
151
152 @jsonrpc_method()
152 @jsonrpc_method()
153 def create_user(request, apiuser, username, email, password=Optional(''),
153 def create_user(request, apiuser, username, email, password=Optional(''),
154 firstname=Optional(''), lastname=Optional(''),
154 firstname=Optional(''), lastname=Optional(''),
155 active=Optional(True), admin=Optional(False),
155 active=Optional(True), admin=Optional(False),
156 extern_name=Optional('rhodecode'),
156 extern_name=Optional('rhodecode'),
157 extern_type=Optional('rhodecode'),
157 extern_type=Optional('rhodecode'),
158 force_password_change=Optional(False)):
158 force_password_change=Optional(False),
159 create_personal_repo_group=Optional(None)):
159 """
160 """
160 Creates a new user and returns the new user object.
161 Creates a new user and returns the new user object.
161
162
162 This command can only be run using an |authtoken| with admin rights to
163 This command can only be run using an |authtoken| with admin rights to
163 the specified repository.
164 the specified repository.
164
165
165 This command takes the following options:
166 This command takes the following options:
166
167
167 :param apiuser: This is filled automatically from the |authtoken|.
168 :param apiuser: This is filled automatically from the |authtoken|.
168 :type apiuser: AuthUser
169 :type apiuser: AuthUser
169 :param username: Set the new username.
170 :param username: Set the new username.
170 :type username: str or int
171 :type username: str or int
171 :param email: Set the user email address.
172 :param email: Set the user email address.
172 :type email: str
173 :type email: str
173 :param password: Set the new user password.
174 :param password: Set the new user password.
174 :type password: Optional(str)
175 :type password: Optional(str)
175 :param firstname: Set the new user firstname.
176 :param firstname: Set the new user firstname.
176 :type firstname: Optional(str)
177 :type firstname: Optional(str)
177 :param lastname: Set the new user surname.
178 :param lastname: Set the new user surname.
178 :type lastname: Optional(str)
179 :type lastname: Optional(str)
179 :param active: Set the user as active.
180 :param active: Set the user as active.
180 :type active: Optional(``True`` | ``False``)
181 :type active: Optional(``True`` | ``False``)
181 :param admin: Give the new user admin rights.
182 :param admin: Give the new user admin rights.
182 :type admin: Optional(``True`` | ``False``)
183 :type admin: Optional(``True`` | ``False``)
183 :param extern_name: Set the authentication plugin name.
184 :param extern_name: Set the authentication plugin name.
184 Using LDAP this is filled with LDAP UID.
185 Using LDAP this is filled with LDAP UID.
185 :type extern_name: Optional(str)
186 :type extern_name: Optional(str)
186 :param extern_type: Set the new user authentication plugin.
187 :param extern_type: Set the new user authentication plugin.
187 :type extern_type: Optional(str)
188 :type extern_type: Optional(str)
188 :param force_password_change: Force the new user to change password
189 :param force_password_change: Force the new user to change password
189 on next login.
190 on next login.
190 :type force_password_change: Optional(``True`` | ``False``)
191 :type force_password_change: Optional(``True`` | ``False``)
191
192 :param create_personal_repo_group: Create personal repo group for this user
193 :type create_personal_repo_group: Optional(``True`` | ``False``)
192 Example output:
194 Example output:
193
195
194 .. code-block:: bash
196 .. code-block:: bash
195
197
196 id : <id_given_in_input>
198 id : <id_given_in_input>
197 result: {
199 result: {
198 "msg" : "created new user `<username>`",
200 "msg" : "created new user `<username>`",
199 "user": <user_obj>
201 "user": <user_obj>
200 }
202 }
201 error: null
203 error: null
202
204
203 Example error output:
205 Example error output:
204
206
205 .. code-block:: bash
207 .. code-block:: bash
206
208
207 id : <id_given_in_input>
209 id : <id_given_in_input>
208 result : null
210 result : null
209 error : {
211 error : {
210 "user `<username>` already exist"
212 "user `<username>` already exist"
211 or
213 or
212 "email `<email>` already exist"
214 "email `<email>` already exist"
213 or
215 or
214 "failed to create user `<username>`"
216 "failed to create user `<username>`"
215 }
217 }
216
218
217 """
219 """
218 if not has_superadmin_permission(apiuser):
220 if not has_superadmin_permission(apiuser):
219 raise JSONRPCForbidden()
221 raise JSONRPCForbidden()
220
222
221 if UserModel().get_by_username(username):
223 if UserModel().get_by_username(username):
222 raise JSONRPCError("user `%s` already exist" % (username,))
224 raise JSONRPCError("user `%s` already exist" % (username,))
223
225
224 if UserModel().get_by_email(email, case_insensitive=True):
226 if UserModel().get_by_email(email, case_insensitive=True):
225 raise JSONRPCError("email `%s` already exist" % (email,))
227 raise JSONRPCError("email `%s` already exist" % (email,))
226
228
227 # generate random password if we actually given the
229 # generate random password if we actually given the
228 # extern_name and it's not rhodecode
230 # extern_name and it's not rhodecode
229 if (not isinstance(extern_name, Optional) and
231 if (not isinstance(extern_name, Optional) and
230 Optional.extract(extern_name) != 'rhodecode'):
232 Optional.extract(extern_name) != 'rhodecode'):
231 # generate temporary password if user is external
233 # generate temporary password if user is external
232 password = PasswordGenerator().gen_password(length=16)
234 password = PasswordGenerator().gen_password(length=16)
235 create_repo_group = Optional.extract(create_personal_repo_group)
236 if isinstance(create_repo_group, basestring):
237 create_repo_group = str2bool(create_repo_group)
233
238
234 try:
239 try:
235 user = UserModel().create_or_update(
240 user = UserModel().create_or_update(
236 username=Optional.extract(username),
241 username=Optional.extract(username),
237 password=Optional.extract(password),
242 password=Optional.extract(password),
238 email=Optional.extract(email),
243 email=Optional.extract(email),
239 firstname=Optional.extract(firstname),
244 firstname=Optional.extract(firstname),
240 lastname=Optional.extract(lastname),
245 lastname=Optional.extract(lastname),
241 active=Optional.extract(active),
246 active=Optional.extract(active),
242 admin=Optional.extract(admin),
247 admin=Optional.extract(admin),
243 extern_type=Optional.extract(extern_type),
248 extern_type=Optional.extract(extern_type),
244 extern_name=Optional.extract(extern_name),
249 extern_name=Optional.extract(extern_name),
245 force_password_change=Optional.extract(force_password_change),
250 force_password_change=Optional.extract(force_password_change),
251 create_repo_group=create_repo_group
246 )
252 )
247 Session().commit()
253 Session().commit()
248 return {
254 return {
249 'msg': 'created new user `%s`' % username,
255 'msg': 'created new user `%s`' % username,
250 'user': user.get_api_data(include_secrets=True)
256 'user': user.get_api_data(include_secrets=True)
251 }
257 }
252 except Exception:
258 except Exception:
253 log.exception('Error occurred during creation of user')
259 log.exception('Error occurred during creation of user')
254 raise JSONRPCError('failed to create user `%s`' % (username,))
260 raise JSONRPCError('failed to create user `%s`' % (username,))
255
261
256
262
257 @jsonrpc_method()
263 @jsonrpc_method()
258 def update_user(request, apiuser, userid, username=Optional(None),
264 def update_user(request, apiuser, userid, username=Optional(None),
259 email=Optional(None), password=Optional(None),
265 email=Optional(None), password=Optional(None),
260 firstname=Optional(None), lastname=Optional(None),
266 firstname=Optional(None), lastname=Optional(None),
261 active=Optional(None), admin=Optional(None),
267 active=Optional(None), admin=Optional(None),
262 extern_type=Optional(None), extern_name=Optional(None), ):
268 extern_type=Optional(None), extern_name=Optional(None), ):
263 """
269 """
264 Updates the details for the specified user, if that user exists.
270 Updates the details for the specified user, if that user exists.
265
271
266 This command can only be run using an |authtoken| with admin rights to
272 This command can only be run using an |authtoken| with admin rights to
267 the specified repository.
273 the specified repository.
268
274
269 This command takes the following options:
275 This command takes the following options:
270
276
271 :param apiuser: This is filled automatically from |authtoken|.
277 :param apiuser: This is filled automatically from |authtoken|.
272 :type apiuser: AuthUser
278 :type apiuser: AuthUser
273 :param userid: Set the ``userid`` to update.
279 :param userid: Set the ``userid`` to update.
274 :type userid: str or int
280 :type userid: str or int
275 :param username: Set the new username.
281 :param username: Set the new username.
276 :type username: str or int
282 :type username: str or int
277 :param email: Set the new email.
283 :param email: Set the new email.
278 :type email: str
284 :type email: str
279 :param password: Set the new password.
285 :param password: Set the new password.
280 :type password: Optional(str)
286 :type password: Optional(str)
281 :param firstname: Set the new first name.
287 :param firstname: Set the new first name.
282 :type firstname: Optional(str)
288 :type firstname: Optional(str)
283 :param lastname: Set the new surname.
289 :param lastname: Set the new surname.
284 :type lastname: Optional(str)
290 :type lastname: Optional(str)
285 :param active: Set the new user as active.
291 :param active: Set the new user as active.
286 :type active: Optional(``True`` | ``False``)
292 :type active: Optional(``True`` | ``False``)
287 :param admin: Give the user admin rights.
293 :param admin: Give the user admin rights.
288 :type admin: Optional(``True`` | ``False``)
294 :type admin: Optional(``True`` | ``False``)
289 :param extern_name: Set the authentication plugin user name.
295 :param extern_name: Set the authentication plugin user name.
290 Using LDAP this is filled with LDAP UID.
296 Using LDAP this is filled with LDAP UID.
291 :type extern_name: Optional(str)
297 :type extern_name: Optional(str)
292 :param extern_type: Set the authentication plugin type.
298 :param extern_type: Set the authentication plugin type.
293 :type extern_type: Optional(str)
299 :type extern_type: Optional(str)
294
300
295
301
296 Example output:
302 Example output:
297
303
298 .. code-block:: bash
304 .. code-block:: bash
299
305
300 id : <id_given_in_input>
306 id : <id_given_in_input>
301 result: {
307 result: {
302 "msg" : "updated user ID:<userid> <username>",
308 "msg" : "updated user ID:<userid> <username>",
303 "user": <user_object>,
309 "user": <user_object>,
304 }
310 }
305 error: null
311 error: null
306
312
307 Example error output:
313 Example error output:
308
314
309 .. code-block:: bash
315 .. code-block:: bash
310
316
311 id : <id_given_in_input>
317 id : <id_given_in_input>
312 result : null
318 result : null
313 error : {
319 error : {
314 "failed to update user `<username>`"
320 "failed to update user `<username>`"
315 }
321 }
316
322
317 """
323 """
318 if not has_superadmin_permission(apiuser):
324 if not has_superadmin_permission(apiuser):
319 raise JSONRPCForbidden()
325 raise JSONRPCForbidden()
320
326
321 user = get_user_or_error(userid)
327 user = get_user_or_error(userid)
322
328
323 # only non optional arguments will be stored in updates
329 # only non optional arguments will be stored in updates
324 updates = {}
330 updates = {}
325
331
326 try:
332 try:
327
333
328 store_update(updates, username, 'username')
334 store_update(updates, username, 'username')
329 store_update(updates, password, 'password')
335 store_update(updates, password, 'password')
330 store_update(updates, email, 'email')
336 store_update(updates, email, 'email')
331 store_update(updates, firstname, 'name')
337 store_update(updates, firstname, 'name')
332 store_update(updates, lastname, 'lastname')
338 store_update(updates, lastname, 'lastname')
333 store_update(updates, active, 'active')
339 store_update(updates, active, 'active')
334 store_update(updates, admin, 'admin')
340 store_update(updates, admin, 'admin')
335 store_update(updates, extern_name, 'extern_name')
341 store_update(updates, extern_name, 'extern_name')
336 store_update(updates, extern_type, 'extern_type')
342 store_update(updates, extern_type, 'extern_type')
337
343
338 user = UserModel().update_user(user, **updates)
344 user = UserModel().update_user(user, **updates)
339 Session().commit()
345 Session().commit()
340 return {
346 return {
341 'msg': 'updated user ID:%s %s' % (user.user_id, user.username),
347 'msg': 'updated user ID:%s %s' % (user.user_id, user.username),
342 'user': user.get_api_data(include_secrets=True)
348 'user': user.get_api_data(include_secrets=True)
343 }
349 }
344 except DefaultUserException:
350 except DefaultUserException:
345 log.exception("Default user edit exception")
351 log.exception("Default user edit exception")
346 raise JSONRPCError('editing default user is forbidden')
352 raise JSONRPCError('editing default user is forbidden')
347 except Exception:
353 except Exception:
348 log.exception("Error occurred during update of user")
354 log.exception("Error occurred during update of user")
349 raise JSONRPCError('failed to update user `%s`' % (userid,))
355 raise JSONRPCError('failed to update user `%s`' % (userid,))
350
356
351
357
352 @jsonrpc_method()
358 @jsonrpc_method()
353 def delete_user(request, apiuser, userid):
359 def delete_user(request, apiuser, userid):
354 """
360 """
355 Deletes the specified user from the |RCE| user database.
361 Deletes the specified user from the |RCE| user database.
356
362
357 This command can only be run using an |authtoken| with admin rights to
363 This command can only be run using an |authtoken| with admin rights to
358 the specified repository.
364 the specified repository.
359
365
360 .. important::
366 .. important::
361
367
362 Ensure all open pull requests and open code review
368 Ensure all open pull requests and open code review
363 requests to this user are close.
369 requests to this user are close.
364
370
365 Also ensure all repositories, or repository groups owned by this
371 Also ensure all repositories, or repository groups owned by this
366 user are reassigned before deletion.
372 user are reassigned before deletion.
367
373
368 This command takes the following options:
374 This command takes the following options:
369
375
370 :param apiuser: This is filled automatically from the |authtoken|.
376 :param apiuser: This is filled automatically from the |authtoken|.
371 :type apiuser: AuthUser
377 :type apiuser: AuthUser
372 :param userid: Set the user to delete.
378 :param userid: Set the user to delete.
373 :type userid: str or int
379 :type userid: str or int
374
380
375 Example output:
381 Example output:
376
382
377 .. code-block:: bash
383 .. code-block:: bash
378
384
379 id : <id_given_in_input>
385 id : <id_given_in_input>
380 result: {
386 result: {
381 "msg" : "deleted user ID:<userid> <username>",
387 "msg" : "deleted user ID:<userid> <username>",
382 "user": null
388 "user": null
383 }
389 }
384 error: null
390 error: null
385
391
386 Example error output:
392 Example error output:
387
393
388 .. code-block:: bash
394 .. code-block:: bash
389
395
390 id : <id_given_in_input>
396 id : <id_given_in_input>
391 result : null
397 result : null
392 error : {
398 error : {
393 "failed to delete user ID:<userid> <username>"
399 "failed to delete user ID:<userid> <username>"
394 }
400 }
395
401
396 """
402 """
397 if not has_superadmin_permission(apiuser):
403 if not has_superadmin_permission(apiuser):
398 raise JSONRPCForbidden()
404 raise JSONRPCForbidden()
399
405
400 user = get_user_or_error(userid)
406 user = get_user_or_error(userid)
401
407
402 try:
408 try:
403 UserModel().delete(userid)
409 UserModel().delete(userid)
404 Session().commit()
410 Session().commit()
405 return {
411 return {
406 'msg': 'deleted user ID:%s %s' % (user.user_id, user.username),
412 'msg': 'deleted user ID:%s %s' % (user.user_id, user.username),
407 'user': None
413 'user': None
408 }
414 }
409 except Exception:
415 except Exception:
410 log.exception("Error occurred during deleting of user")
416 log.exception("Error occurred during deleting of user")
411 raise JSONRPCError(
417 raise JSONRPCError(
412 'failed to delete user ID:%s %s' % (user.user_id, user.username))
418 'failed to delete user ID:%s %s' % (user.user_id, user.username))
413
419
414
420
415 @jsonrpc_method()
421 @jsonrpc_method()
416 def get_user_locks(request, apiuser, userid=Optional(OAttr('apiuser'))):
422 def get_user_locks(request, apiuser, userid=Optional(OAttr('apiuser'))):
417 """
423 """
418 Displays all repositories locked by the specified user.
424 Displays all repositories locked by the specified user.
419
425
420 * If this command is run by a non-admin user, it returns
426 * If this command is run by a non-admin user, it returns
421 a list of |repos| locked by that user.
427 a list of |repos| locked by that user.
422
428
423 This command takes the following options:
429 This command takes the following options:
424
430
425 :param apiuser: This is filled automatically from the |authtoken|.
431 :param apiuser: This is filled automatically from the |authtoken|.
426 :type apiuser: AuthUser
432 :type apiuser: AuthUser
427 :param userid: Sets the userid whose list of locked |repos| will be
433 :param userid: Sets the userid whose list of locked |repos| will be
428 displayed.
434 displayed.
429 :type userid: Optional(str or int)
435 :type userid: Optional(str or int)
430
436
431 Example output:
437 Example output:
432
438
433 .. code-block:: bash
439 .. code-block:: bash
434
440
435 id : <id_given_in_input>
441 id : <id_given_in_input>
436 result : {
442 result : {
437 [repo_object, repo_object,...]
443 [repo_object, repo_object,...]
438 }
444 }
439 error : null
445 error : null
440 """
446 """
441
447
442 include_secrets = False
448 include_secrets = False
443 if not has_superadmin_permission(apiuser):
449 if not has_superadmin_permission(apiuser):
444 # make sure normal user does not pass someone else userid,
450 # make sure normal user does not pass someone else userid,
445 # he is not allowed to do that
451 # he is not allowed to do that
446 if not isinstance(userid, Optional) and userid != apiuser.user_id:
452 if not isinstance(userid, Optional) and userid != apiuser.user_id:
447 raise JSONRPCError('userid is not the same as your user')
453 raise JSONRPCError('userid is not the same as your user')
448 else:
454 else:
449 include_secrets = True
455 include_secrets = True
450
456
451 userid = Optional.extract(userid, evaluate_locals=locals())
457 userid = Optional.extract(userid, evaluate_locals=locals())
452 userid = getattr(userid, 'user_id', userid)
458 userid = getattr(userid, 'user_id', userid)
453 user = get_user_or_error(userid)
459 user = get_user_or_error(userid)
454
460
455 ret = []
461 ret = []
456
462
457 # show all locks
463 # show all locks
458 for r in Repository.getAll():
464 for r in Repository.getAll():
459 _user_id, _time, _reason = r.locked
465 _user_id, _time, _reason = r.locked
460 if _user_id and _time:
466 if _user_id and _time:
461 _api_data = r.get_api_data(include_secrets=include_secrets)
467 _api_data = r.get_api_data(include_secrets=include_secrets)
462 # if we use user filter just show the locks for this user
468 # if we use user filter just show the locks for this user
463 if safe_int(_user_id) == user.user_id:
469 if safe_int(_user_id) == user.user_id:
464 ret.append(_api_data)
470 ret.append(_api_data)
465
471
466 return ret
472 return ret
@@ -1,881 +1,878 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2013-2016 RhodeCode GmbH
3 # Copyright (C) 2013-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21
21
22 """
22 """
23 Repositories controller for RhodeCode
23 Repositories controller for RhodeCode
24 """
24 """
25
25
26 import logging
26 import logging
27 import traceback
27 import traceback
28
28
29 import formencode
29 import formencode
30 from formencode import htmlfill
30 from formencode import htmlfill
31 from pylons import request, tmpl_context as c, url
31 from pylons import request, tmpl_context as c, url
32 from pylons.controllers.util import redirect
32 from pylons.controllers.util import redirect
33 from pylons.i18n.translation import _
33 from pylons.i18n.translation import _
34 from webob.exc import HTTPForbidden, HTTPNotFound, HTTPBadRequest
34 from webob.exc import HTTPForbidden, HTTPNotFound, HTTPBadRequest
35
35
36 import rhodecode
36 import rhodecode
37 from rhodecode.lib import auth, helpers as h
37 from rhodecode.lib import auth, helpers as h
38 from rhodecode.lib.auth import (
38 from rhodecode.lib.auth import (
39 LoginRequired, HasPermissionAllDecorator,
39 LoginRequired, HasPermissionAllDecorator,
40 HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny,
40 HasRepoPermissionAllDecorator, NotAnonymous, HasPermissionAny,
41 HasRepoGroupPermissionAny, HasRepoPermissionAnyDecorator)
41 HasRepoGroupPermissionAny, HasRepoPermissionAnyDecorator)
42 from rhodecode.lib.base import BaseRepoController, render
42 from rhodecode.lib.base import BaseRepoController, render
43 from rhodecode.lib.ext_json import json
43 from rhodecode.lib.ext_json import json
44 from rhodecode.lib.exceptions import AttachedForksError
44 from rhodecode.lib.exceptions import AttachedForksError
45 from rhodecode.lib.utils import action_logger, repo_name_slug, jsonify
45 from rhodecode.lib.utils import action_logger, repo_name_slug, jsonify
46 from rhodecode.lib.utils2 import safe_int, str2bool
46 from rhodecode.lib.utils2 import safe_int, str2bool
47 from rhodecode.lib.vcs import RepositoryError
47 from rhodecode.lib.vcs import RepositoryError
48 from rhodecode.model.db import (
48 from rhodecode.model.db import (
49 User, Repository, UserFollowing, RepoGroup, RepositoryField)
49 User, Repository, UserFollowing, RepoGroup, RepositoryField)
50 from rhodecode.model.forms import (
50 from rhodecode.model.forms import (
51 RepoForm, RepoFieldForm, RepoPermsForm, RepoVcsSettingsForm,
51 RepoForm, RepoFieldForm, RepoPermsForm, RepoVcsSettingsForm,
52 IssueTrackerPatternsForm)
52 IssueTrackerPatternsForm)
53 from rhodecode.model.meta import Session
53 from rhodecode.model.meta import Session
54 from rhodecode.model.repo import RepoModel
54 from rhodecode.model.repo import RepoModel
55 from rhodecode.model.scm import ScmModel, RepoGroupList, RepoList
55 from rhodecode.model.scm import ScmModel, RepoGroupList, RepoList
56 from rhodecode.model.settings import (
56 from rhodecode.model.settings import (
57 SettingsModel, IssueTrackerSettingsModel, VcsSettingsModel,
57 SettingsModel, IssueTrackerSettingsModel, VcsSettingsModel,
58 SettingNotFound)
58 SettingNotFound)
59
59
60 log = logging.getLogger(__name__)
60 log = logging.getLogger(__name__)
61
61
62
62
63 class ReposController(BaseRepoController):
63 class ReposController(BaseRepoController):
64 """
64 """
65 REST Controller styled on the Atom Publishing Protocol"""
65 REST Controller styled on the Atom Publishing Protocol"""
66 # To properly map this controller, ensure your config/routing.py
66 # To properly map this controller, ensure your config/routing.py
67 # file has a resource setup:
67 # file has a resource setup:
68 # map.resource('repo', 'repos')
68 # map.resource('repo', 'repos')
69
69
70 @LoginRequired()
70 @LoginRequired()
71 def __before__(self):
71 def __before__(self):
72 super(ReposController, self).__before__()
72 super(ReposController, self).__before__()
73
73
74 def _load_repo(self, repo_name):
74 def _load_repo(self, repo_name):
75 repo_obj = Repository.get_by_repo_name(repo_name)
75 repo_obj = Repository.get_by_repo_name(repo_name)
76
76
77 if repo_obj is None:
77 if repo_obj is None:
78 h.not_mapped_error(repo_name)
78 h.not_mapped_error(repo_name)
79 return redirect(url('repos'))
79 return redirect(url('repos'))
80
80
81 return repo_obj
81 return repo_obj
82
82
83 def __load_defaults(self, repo=None):
83 def __load_defaults(self, repo=None):
84 acl_groups = RepoGroupList(RepoGroup.query().all(),
84 acl_groups = RepoGroupList(RepoGroup.query().all(),
85 perm_set=['group.write', 'group.admin'])
85 perm_set=['group.write', 'group.admin'])
86 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
86 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
87 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
87 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
88
88
89 # in case someone no longer have a group.write access to a repository
89 # in case someone no longer have a group.write access to a repository
90 # pre fill the list with this entry, we don't care if this is the same
90 # pre fill the list with this entry, we don't care if this is the same
91 # but it will allow saving repo data properly.
91 # but it will allow saving repo data properly.
92
92
93 repo_group = None
93 repo_group = None
94 if repo:
94 if repo:
95 repo_group = repo.group
95 repo_group = repo.group
96 if repo_group and unicode(repo_group.group_id) not in c.repo_groups_choices:
96 if repo_group and unicode(repo_group.group_id) not in c.repo_groups_choices:
97 c.repo_groups_choices.append(unicode(repo_group.group_id))
97 c.repo_groups_choices.append(unicode(repo_group.group_id))
98 c.repo_groups.append(RepoGroup._generate_choice(repo_group))
98 c.repo_groups.append(RepoGroup._generate_choice(repo_group))
99
99
100 choices, c.landing_revs = ScmModel().get_repo_landing_revs()
100 choices, c.landing_revs = ScmModel().get_repo_landing_revs()
101 c.landing_revs_choices = choices
101 c.landing_revs_choices = choices
102
102
103 def __load_data(self, repo_name=None):
103 def __load_data(self, repo_name=None):
104 """
104 """
105 Load defaults settings for edit, and update
105 Load defaults settings for edit, and update
106
106
107 :param repo_name:
107 :param repo_name:
108 """
108 """
109 c.repo_info = self._load_repo(repo_name)
109 c.repo_info = self._load_repo(repo_name)
110 self.__load_defaults(c.repo_info)
110 self.__load_defaults(c.repo_info)
111
111
112 # override defaults for exact repo info here git/hg etc
112 # override defaults for exact repo info here git/hg etc
113 if not c.repository_requirements_missing:
113 if not c.repository_requirements_missing:
114 choices, c.landing_revs = ScmModel().get_repo_landing_revs(
114 choices, c.landing_revs = ScmModel().get_repo_landing_revs(
115 c.repo_info)
115 c.repo_info)
116 c.landing_revs_choices = choices
116 c.landing_revs_choices = choices
117 defaults = RepoModel()._get_defaults(repo_name)
117 defaults = RepoModel()._get_defaults(repo_name)
118
118
119 return defaults
119 return defaults
120
120
121 def _log_creation_exception(self, e, repo_name):
121 def _log_creation_exception(self, e, repo_name):
122 reason = None
122 reason = None
123 if len(e.args) == 2:
123 if len(e.args) == 2:
124 reason = e.args[1]
124 reason = e.args[1]
125
125
126 if reason == 'INVALID_CERTIFICATE':
126 if reason == 'INVALID_CERTIFICATE':
127 log.exception(
127 log.exception(
128 'Exception creating a repository: invalid certificate')
128 'Exception creating a repository: invalid certificate')
129 msg = (_('Error creating repository %s: invalid certificate')
129 msg = (_('Error creating repository %s: invalid certificate')
130 % repo_name)
130 % repo_name)
131 else:
131 else:
132 log.exception("Exception creating a repository")
132 log.exception("Exception creating a repository")
133 msg = (_('Error creating repository %s')
133 msg = (_('Error creating repository %s')
134 % repo_name)
134 % repo_name)
135
135
136 return msg
136 return msg
137
137
138 @NotAnonymous()
138 @NotAnonymous()
139 def index(self, format='html'):
139 def index(self, format='html'):
140 """GET /repos: All items in the collection"""
140 """GET /repos: All items in the collection"""
141 # url('repos')
141 # url('repos')
142
142
143 repo_list = Repository.get_all_repos()
143 repo_list = Repository.get_all_repos()
144 c.repo_list = RepoList(repo_list, perm_set=['repository.admin'])
144 c.repo_list = RepoList(repo_list, perm_set=['repository.admin'])
145 repos_data = RepoModel().get_repos_as_dict(
145 repos_data = RepoModel().get_repos_as_dict(
146 repo_list=c.repo_list, admin=True, super_user_actions=True)
146 repo_list=c.repo_list, admin=True, super_user_actions=True)
147 # json used to render the grid
147 # json used to render the grid
148 c.data = json.dumps(repos_data)
148 c.data = json.dumps(repos_data)
149
149
150 return render('admin/repos/repos.html')
150 return render('admin/repos/repos.html')
151
151
152 # perms check inside
152 # perms check inside
153 @NotAnonymous()
153 @NotAnonymous()
154 @auth.CSRFRequired()
154 @auth.CSRFRequired()
155 def create(self):
155 def create(self):
156 """
156 """
157 POST /repos: Create a new item"""
157 POST /repos: Create a new item"""
158 # url('repos')
158 # url('repos')
159
159
160 self.__load_defaults()
160 self.__load_defaults()
161 form_result = {}
161 form_result = {}
162 task_id = None
162 task_id = None
163 c.personal_repo_group = c.rhodecode_user.personal_repo_group
163 try:
164 try:
164 # CanWriteToGroup validators checks permissions of this POST
165 # CanWriteToGroup validators checks permissions of this POST
165 form_result = RepoForm(repo_groups=c.repo_groups_choices,
166 form_result = RepoForm(repo_groups=c.repo_groups_choices,
166 landing_revs=c.landing_revs_choices)()\
167 landing_revs=c.landing_revs_choices)()\
167 .to_python(dict(request.POST))
168 .to_python(dict(request.POST))
168
169
169 # create is done sometimes async on celery, db transaction
170 # create is done sometimes async on celery, db transaction
170 # management is handled there.
171 # management is handled there.
171 task = RepoModel().create(form_result, c.rhodecode_user.user_id)
172 task = RepoModel().create(form_result, c.rhodecode_user.user_id)
172 from celery.result import BaseAsyncResult
173 from celery.result import BaseAsyncResult
173 if isinstance(task, BaseAsyncResult):
174 if isinstance(task, BaseAsyncResult):
174 task_id = task.task_id
175 task_id = task.task_id
175 except formencode.Invalid as errors:
176 except formencode.Invalid as errors:
176 c.personal_repo_group = RepoGroup.get_by_group_name(
177 c.rhodecode_user.username)
178 return htmlfill.render(
177 return htmlfill.render(
179 render('admin/repos/repo_add.html'),
178 render('admin/repos/repo_add.html'),
180 defaults=errors.value,
179 defaults=errors.value,
181 errors=errors.error_dict or {},
180 errors=errors.error_dict or {},
182 prefix_error=False,
181 prefix_error=False,
183 encoding="UTF-8",
182 encoding="UTF-8",
184 force_defaults=False)
183 force_defaults=False)
185
184
186 except Exception as e:
185 except Exception as e:
187 msg = self._log_creation_exception(e, form_result.get('repo_name'))
186 msg = self._log_creation_exception(e, form_result.get('repo_name'))
188 h.flash(msg, category='error')
187 h.flash(msg, category='error')
189 return redirect(url('home'))
188 return redirect(url('home'))
190
189
191 return redirect(h.url('repo_creating_home',
190 return redirect(h.url('repo_creating_home',
192 repo_name=form_result['repo_name_full'],
191 repo_name=form_result['repo_name_full'],
193 task_id=task_id))
192 task_id=task_id))
194
193
195 # perms check inside
194 # perms check inside
196 @NotAnonymous()
195 @NotAnonymous()
197 def create_repository(self):
196 def create_repository(self):
198 """GET /_admin/create_repository: Form to create a new item"""
197 """GET /_admin/create_repository: Form to create a new item"""
199 new_repo = request.GET.get('repo', '')
198 new_repo = request.GET.get('repo', '')
200 parent_group = request.GET.get('parent_group')
199 parent_group = request.GET.get('parent_group')
201 if not HasPermissionAny('hg.admin', 'hg.create.repository')():
200 if not HasPermissionAny('hg.admin', 'hg.create.repository')():
202 # you're not super admin nor have global create permissions,
201 # you're not super admin nor have global create permissions,
203 # but maybe you have at least write permission to a parent group ?
202 # but maybe you have at least write permission to a parent group ?
204 _gr = RepoGroup.get(parent_group)
203 _gr = RepoGroup.get(parent_group)
205 gr_name = _gr.group_name if _gr else None
204 gr_name = _gr.group_name if _gr else None
206 # create repositories with write permission on group is set to true
205 # create repositories with write permission on group is set to true
207 create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()
206 create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()
208 group_admin = HasRepoGroupPermissionAny('group.admin')(group_name=gr_name)
207 group_admin = HasRepoGroupPermissionAny('group.admin')(group_name=gr_name)
209 group_write = HasRepoGroupPermissionAny('group.write')(group_name=gr_name)
208 group_write = HasRepoGroupPermissionAny('group.write')(group_name=gr_name)
210 if not (group_admin or (group_write and create_on_write)):
209 if not (group_admin or (group_write and create_on_write)):
211 raise HTTPForbidden
210 raise HTTPForbidden
212
211
213 acl_groups = RepoGroupList(RepoGroup.query().all(),
212 acl_groups = RepoGroupList(RepoGroup.query().all(),
214 perm_set=['group.write', 'group.admin'])
213 perm_set=['group.write', 'group.admin'])
215 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
214 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
216 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
215 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
217 choices, c.landing_revs = ScmModel().get_repo_landing_revs()
216 choices, c.landing_revs = ScmModel().get_repo_landing_revs()
218 c.personal_repo_group = RepoGroup.get_by_group_name(c.rhodecode_user.username)
217 c.personal_repo_group = c.rhodecode_user.personal_repo_group
219 c.new_repo = repo_name_slug(new_repo)
218 c.new_repo = repo_name_slug(new_repo)
220
219
221 ## apply the defaults from defaults page
220 ## apply the defaults from defaults page
222 defaults = SettingsModel().get_default_repo_settings(strip_prefix=True)
221 defaults = SettingsModel().get_default_repo_settings(strip_prefix=True)
223 # set checkbox to autochecked
222 # set checkbox to autochecked
224 defaults['repo_copy_permissions'] = True
223 defaults['repo_copy_permissions'] = True
225 if parent_group:
224 if parent_group:
226 defaults.update({'repo_group': parent_group})
225 defaults.update({'repo_group': parent_group})
227
226
228 return htmlfill.render(
227 return htmlfill.render(
229 render('admin/repos/repo_add.html'),
228 render('admin/repos/repo_add.html'),
230 defaults=defaults,
229 defaults=defaults,
231 errors={},
230 errors={},
232 prefix_error=False,
231 prefix_error=False,
233 encoding="UTF-8",
232 encoding="UTF-8",
234 force_defaults=False
233 force_defaults=False
235 )
234 )
236
235
237 @NotAnonymous()
236 @NotAnonymous()
238 def repo_creating(self, repo_name):
237 def repo_creating(self, repo_name):
239 c.repo = repo_name
238 c.repo = repo_name
240 c.task_id = request.GET.get('task_id')
239 c.task_id = request.GET.get('task_id')
241 if not c.repo:
240 if not c.repo:
242 raise HTTPNotFound()
241 raise HTTPNotFound()
243 return render('admin/repos/repo_creating.html')
242 return render('admin/repos/repo_creating.html')
244
243
245 @NotAnonymous()
244 @NotAnonymous()
246 @jsonify
245 @jsonify
247 def repo_check(self, repo_name):
246 def repo_check(self, repo_name):
248 c.repo = repo_name
247 c.repo = repo_name
249 task_id = request.GET.get('task_id')
248 task_id = request.GET.get('task_id')
250
249
251 if task_id and task_id not in ['None']:
250 if task_id and task_id not in ['None']:
252 import rhodecode
251 import rhodecode
253 from celery.result import AsyncResult
252 from celery.result import AsyncResult
254 if rhodecode.CELERY_ENABLED:
253 if rhodecode.CELERY_ENABLED:
255 task = AsyncResult(task_id)
254 task = AsyncResult(task_id)
256 if task.failed():
255 if task.failed():
257 msg = self._log_creation_exception(task.result, c.repo)
256 msg = self._log_creation_exception(task.result, c.repo)
258 h.flash(msg, category='error')
257 h.flash(msg, category='error')
259 return redirect(url('home'), code=501)
258 return redirect(url('home'), code=501)
260
259
261 repo = Repository.get_by_repo_name(repo_name)
260 repo = Repository.get_by_repo_name(repo_name)
262 if repo and repo.repo_state == Repository.STATE_CREATED:
261 if repo and repo.repo_state == Repository.STATE_CREATED:
263 if repo.clone_uri:
262 if repo.clone_uri:
264 clone_uri = repo.clone_uri_hidden
263 clone_uri = repo.clone_uri_hidden
265 h.flash(_('Created repository %s from %s')
264 h.flash(_('Created repository %s from %s')
266 % (repo.repo_name, clone_uri), category='success')
265 % (repo.repo_name, clone_uri), category='success')
267 else:
266 else:
268 repo_url = h.link_to(repo.repo_name,
267 repo_url = h.link_to(repo.repo_name,
269 h.url('summary_home',
268 h.url('summary_home',
270 repo_name=repo.repo_name))
269 repo_name=repo.repo_name))
271 fork = repo.fork
270 fork = repo.fork
272 if fork:
271 if fork:
273 fork_name = fork.repo_name
272 fork_name = fork.repo_name
274 h.flash(h.literal(_('Forked repository %s as %s')
273 h.flash(h.literal(_('Forked repository %s as %s')
275 % (fork_name, repo_url)), category='success')
274 % (fork_name, repo_url)), category='success')
276 else:
275 else:
277 h.flash(h.literal(_('Created repository %s') % repo_url),
276 h.flash(h.literal(_('Created repository %s') % repo_url),
278 category='success')
277 category='success')
279 return {'result': True}
278 return {'result': True}
280 return {'result': False}
279 return {'result': False}
281
280
282 @HasRepoPermissionAllDecorator('repository.admin')
281 @HasRepoPermissionAllDecorator('repository.admin')
283 @auth.CSRFRequired()
282 @auth.CSRFRequired()
284 def update(self, repo_name):
283 def update(self, repo_name):
285 """
284 """
286 PUT /repos/repo_name: Update an existing item"""
285 PUT /repos/repo_name: Update an existing item"""
287 # Forms posted to this method should contain a hidden field:
286 # Forms posted to this method should contain a hidden field:
288 # <input type="hidden" name="_method" value="PUT" />
287 # <input type="hidden" name="_method" value="PUT" />
289 # Or using helpers:
288 # Or using helpers:
290 # h.form(url('repo', repo_name=ID),
289 # h.form(url('repo', repo_name=ID),
291 # method='put')
290 # method='put')
292 # url('repo', repo_name=ID)
291 # url('repo', repo_name=ID)
293
292
294 self.__load_data(repo_name)
293 self.__load_data(repo_name)
295 c.active = 'settings'
294 c.active = 'settings'
296 c.repo_fields = RepositoryField.query()\
295 c.repo_fields = RepositoryField.query()\
297 .filter(RepositoryField.repository == c.repo_info).all()
296 .filter(RepositoryField.repository == c.repo_info).all()
298
297
299 repo_model = RepoModel()
298 repo_model = RepoModel()
300 changed_name = repo_name
299 changed_name = repo_name
301
300
301 c.personal_repo_group = c.rhodecode_user.personal_repo_group
302 # override the choices with extracted revisions !
302 # override the choices with extracted revisions !
303 c.personal_repo_group = RepoGroup.get_by_group_name(
304 c.rhodecode_user.username)
305 repo = Repository.get_by_repo_name(repo_name)
303 repo = Repository.get_by_repo_name(repo_name)
306 old_data = {
304 old_data = {
307 'repo_name': repo_name,
305 'repo_name': repo_name,
308 'repo_group': repo.group.get_dict() if repo.group else {},
306 'repo_group': repo.group.get_dict() if repo.group else {},
309 'repo_type': repo.repo_type,
307 'repo_type': repo.repo_type,
310 }
308 }
311 _form = RepoForm(
309 _form = RepoForm(
312 edit=True, old_data=old_data, repo_groups=c.repo_groups_choices,
310 edit=True, old_data=old_data, repo_groups=c.repo_groups_choices,
313 landing_revs=c.landing_revs_choices, allow_disabled=True)()
311 landing_revs=c.landing_revs_choices, allow_disabled=True)()
314
312
315 try:
313 try:
316 form_result = _form.to_python(dict(request.POST))
314 form_result = _form.to_python(dict(request.POST))
317 repo = repo_model.update(repo_name, **form_result)
315 repo = repo_model.update(repo_name, **form_result)
318 ScmModel().mark_for_invalidation(repo_name)
316 ScmModel().mark_for_invalidation(repo_name)
319 h.flash(_('Repository %s updated successfully') % repo_name,
317 h.flash(_('Repository %s updated successfully') % repo_name,
320 category='success')
318 category='success')
321 changed_name = repo.repo_name
319 changed_name = repo.repo_name
322 action_logger(c.rhodecode_user, 'admin_updated_repo',
320 action_logger(c.rhodecode_user, 'admin_updated_repo',
323 changed_name, self.ip_addr, self.sa)
321 changed_name, self.ip_addr, self.sa)
324 Session().commit()
322 Session().commit()
325 except formencode.Invalid as errors:
323 except formencode.Invalid as errors:
326 defaults = self.__load_data(repo_name)
324 defaults = self.__load_data(repo_name)
327 defaults.update(errors.value)
325 defaults.update(errors.value)
328 return htmlfill.render(
326 return htmlfill.render(
329 render('admin/repos/repo_edit.html'),
327 render('admin/repos/repo_edit.html'),
330 defaults=defaults,
328 defaults=defaults,
331 errors=errors.error_dict or {},
329 errors=errors.error_dict or {},
332 prefix_error=False,
330 prefix_error=False,
333 encoding="UTF-8",
331 encoding="UTF-8",
334 force_defaults=False)
332 force_defaults=False)
335
333
336 except Exception:
334 except Exception:
337 log.exception("Exception during update of repository")
335 log.exception("Exception during update of repository")
338 h.flash(_('Error occurred during update of repository %s') \
336 h.flash(_('Error occurred during update of repository %s') \
339 % repo_name, category='error')
337 % repo_name, category='error')
340 return redirect(url('edit_repo', repo_name=changed_name))
338 return redirect(url('edit_repo', repo_name=changed_name))
341
339
342 @HasRepoPermissionAllDecorator('repository.admin')
340 @HasRepoPermissionAllDecorator('repository.admin')
343 @auth.CSRFRequired()
341 @auth.CSRFRequired()
344 def delete(self, repo_name):
342 def delete(self, repo_name):
345 """
343 """
346 DELETE /repos/repo_name: Delete an existing item"""
344 DELETE /repos/repo_name: Delete an existing item"""
347 # Forms posted to this method should contain a hidden field:
345 # Forms posted to this method should contain a hidden field:
348 # <input type="hidden" name="_method" value="DELETE" />
346 # <input type="hidden" name="_method" value="DELETE" />
349 # Or using helpers:
347 # Or using helpers:
350 # h.form(url('repo', repo_name=ID),
348 # h.form(url('repo', repo_name=ID),
351 # method='delete')
349 # method='delete')
352 # url('repo', repo_name=ID)
350 # url('repo', repo_name=ID)
353
351
354 repo_model = RepoModel()
352 repo_model = RepoModel()
355 repo = repo_model.get_by_repo_name(repo_name)
353 repo = repo_model.get_by_repo_name(repo_name)
356 if not repo:
354 if not repo:
357 h.not_mapped_error(repo_name)
355 h.not_mapped_error(repo_name)
358 return redirect(url('repos'))
356 return redirect(url('repos'))
359 try:
357 try:
360 _forks = repo.forks.count()
358 _forks = repo.forks.count()
361 handle_forks = None
359 handle_forks = None
362 if _forks and request.POST.get('forks'):
360 if _forks and request.POST.get('forks'):
363 do = request.POST['forks']
361 do = request.POST['forks']
364 if do == 'detach_forks':
362 if do == 'detach_forks':
365 handle_forks = 'detach'
363 handle_forks = 'detach'
366 h.flash(_('Detached %s forks') % _forks, category='success')
364 h.flash(_('Detached %s forks') % _forks, category='success')
367 elif do == 'delete_forks':
365 elif do == 'delete_forks':
368 handle_forks = 'delete'
366 handle_forks = 'delete'
369 h.flash(_('Deleted %s forks') % _forks, category='success')
367 h.flash(_('Deleted %s forks') % _forks, category='success')
370 repo_model.delete(repo, forks=handle_forks)
368 repo_model.delete(repo, forks=handle_forks)
371 action_logger(c.rhodecode_user, 'admin_deleted_repo',
369 action_logger(c.rhodecode_user, 'admin_deleted_repo',
372 repo_name, self.ip_addr, self.sa)
370 repo_name, self.ip_addr, self.sa)
373 ScmModel().mark_for_invalidation(repo_name)
371 ScmModel().mark_for_invalidation(repo_name)
374 h.flash(_('Deleted repository %s') % repo_name, category='success')
372 h.flash(_('Deleted repository %s') % repo_name, category='success')
375 Session().commit()
373 Session().commit()
376 except AttachedForksError:
374 except AttachedForksError:
377 h.flash(_('Cannot delete %s it still contains attached forks')
375 h.flash(_('Cannot delete %s it still contains attached forks')
378 % repo_name, category='warning')
376 % repo_name, category='warning')
379
377
380 except Exception:
378 except Exception:
381 log.exception("Exception during deletion of repository")
379 log.exception("Exception during deletion of repository")
382 h.flash(_('An error occurred during deletion of %s') % repo_name,
380 h.flash(_('An error occurred during deletion of %s') % repo_name,
383 category='error')
381 category='error')
384
382
385 return redirect(url('repos'))
383 return redirect(url('repos'))
386
384
387 @HasPermissionAllDecorator('hg.admin')
385 @HasPermissionAllDecorator('hg.admin')
388 def show(self, repo_name, format='html'):
386 def show(self, repo_name, format='html'):
389 """GET /repos/repo_name: Show a specific item"""
387 """GET /repos/repo_name: Show a specific item"""
390 # url('repo', repo_name=ID)
388 # url('repo', repo_name=ID)
391
389
392 @HasRepoPermissionAllDecorator('repository.admin')
390 @HasRepoPermissionAllDecorator('repository.admin')
393 def edit(self, repo_name):
391 def edit(self, repo_name):
394 """GET /repo_name/settings: Form to edit an existing item"""
392 """GET /repo_name/settings: Form to edit an existing item"""
395 # url('edit_repo', repo_name=ID)
393 # url('edit_repo', repo_name=ID)
396 defaults = self.__load_data(repo_name)
394 defaults = self.__load_data(repo_name)
397 if 'clone_uri' in defaults:
395 if 'clone_uri' in defaults:
398 del defaults['clone_uri']
396 del defaults['clone_uri']
399
397
400 c.repo_fields = RepositoryField.query()\
398 c.repo_fields = RepositoryField.query()\
401 .filter(RepositoryField.repository == c.repo_info).all()
399 .filter(RepositoryField.repository == c.repo_info).all()
402 c.personal_repo_group = RepoGroup.get_by_group_name(
400 c.personal_repo_group = c.rhodecode_user.personal_repo_group
403 c.rhodecode_user.username)
404 c.active = 'settings'
401 c.active = 'settings'
405 return htmlfill.render(
402 return htmlfill.render(
406 render('admin/repos/repo_edit.html'),
403 render('admin/repos/repo_edit.html'),
407 defaults=defaults,
404 defaults=defaults,
408 encoding="UTF-8",
405 encoding="UTF-8",
409 force_defaults=False)
406 force_defaults=False)
410
407
411 @HasRepoPermissionAllDecorator('repository.admin')
408 @HasRepoPermissionAllDecorator('repository.admin')
412 def edit_permissions(self, repo_name):
409 def edit_permissions(self, repo_name):
413 """GET /repo_name/settings: Form to edit an existing item"""
410 """GET /repo_name/settings: Form to edit an existing item"""
414 # url('edit_repo', repo_name=ID)
411 # url('edit_repo', repo_name=ID)
415 c.repo_info = self._load_repo(repo_name)
412 c.repo_info = self._load_repo(repo_name)
416 c.active = 'permissions'
413 c.active = 'permissions'
417 defaults = RepoModel()._get_defaults(repo_name)
414 defaults = RepoModel()._get_defaults(repo_name)
418
415
419 return htmlfill.render(
416 return htmlfill.render(
420 render('admin/repos/repo_edit.html'),
417 render('admin/repos/repo_edit.html'),
421 defaults=defaults,
418 defaults=defaults,
422 encoding="UTF-8",
419 encoding="UTF-8",
423 force_defaults=False)
420 force_defaults=False)
424
421
425 @HasRepoPermissionAllDecorator('repository.admin')
422 @HasRepoPermissionAllDecorator('repository.admin')
426 @auth.CSRFRequired()
423 @auth.CSRFRequired()
427 def edit_permissions_update(self, repo_name):
424 def edit_permissions_update(self, repo_name):
428 form = RepoPermsForm()().to_python(request.POST)
425 form = RepoPermsForm()().to_python(request.POST)
429 RepoModel().update_permissions(repo_name,
426 RepoModel().update_permissions(repo_name,
430 form['perm_additions'], form['perm_updates'], form['perm_deletions'])
427 form['perm_additions'], form['perm_updates'], form['perm_deletions'])
431
428
432 #TODO: implement this
429 #TODO: implement this
433 #action_logger(c.rhodecode_user, 'admin_changed_repo_permissions',
430 #action_logger(c.rhodecode_user, 'admin_changed_repo_permissions',
434 # repo_name, self.ip_addr, self.sa)
431 # repo_name, self.ip_addr, self.sa)
435 Session().commit()
432 Session().commit()
436 h.flash(_('Repository permissions updated'), category='success')
433 h.flash(_('Repository permissions updated'), category='success')
437 return redirect(url('edit_repo_perms', repo_name=repo_name))
434 return redirect(url('edit_repo_perms', repo_name=repo_name))
438
435
439 @HasRepoPermissionAllDecorator('repository.admin')
436 @HasRepoPermissionAllDecorator('repository.admin')
440 def edit_fields(self, repo_name):
437 def edit_fields(self, repo_name):
441 """GET /repo_name/settings: Form to edit an existing item"""
438 """GET /repo_name/settings: Form to edit an existing item"""
442 # url('edit_repo', repo_name=ID)
439 # url('edit_repo', repo_name=ID)
443 c.repo_info = self._load_repo(repo_name)
440 c.repo_info = self._load_repo(repo_name)
444 c.repo_fields = RepositoryField.query()\
441 c.repo_fields = RepositoryField.query()\
445 .filter(RepositoryField.repository == c.repo_info).all()
442 .filter(RepositoryField.repository == c.repo_info).all()
446 c.active = 'fields'
443 c.active = 'fields'
447 if request.POST:
444 if request.POST:
448
445
449 return redirect(url('repo_edit_fields'))
446 return redirect(url('repo_edit_fields'))
450 return render('admin/repos/repo_edit.html')
447 return render('admin/repos/repo_edit.html')
451
448
452 @HasRepoPermissionAllDecorator('repository.admin')
449 @HasRepoPermissionAllDecorator('repository.admin')
453 @auth.CSRFRequired()
450 @auth.CSRFRequired()
454 def create_repo_field(self, repo_name):
451 def create_repo_field(self, repo_name):
455 try:
452 try:
456 form_result = RepoFieldForm()().to_python(dict(request.POST))
453 form_result = RepoFieldForm()().to_python(dict(request.POST))
457 RepoModel().add_repo_field(
454 RepoModel().add_repo_field(
458 repo_name, form_result['new_field_key'],
455 repo_name, form_result['new_field_key'],
459 field_type=form_result['new_field_type'],
456 field_type=form_result['new_field_type'],
460 field_value=form_result['new_field_value'],
457 field_value=form_result['new_field_value'],
461 field_label=form_result['new_field_label'],
458 field_label=form_result['new_field_label'],
462 field_desc=form_result['new_field_desc'])
459 field_desc=form_result['new_field_desc'])
463
460
464 Session().commit()
461 Session().commit()
465 except Exception as e:
462 except Exception as e:
466 log.exception("Exception creating field")
463 log.exception("Exception creating field")
467 msg = _('An error occurred during creation of field')
464 msg = _('An error occurred during creation of field')
468 if isinstance(e, formencode.Invalid):
465 if isinstance(e, formencode.Invalid):
469 msg += ". " + e.msg
466 msg += ". " + e.msg
470 h.flash(msg, category='error')
467 h.flash(msg, category='error')
471 return redirect(url('edit_repo_fields', repo_name=repo_name))
468 return redirect(url('edit_repo_fields', repo_name=repo_name))
472
469
473 @HasRepoPermissionAllDecorator('repository.admin')
470 @HasRepoPermissionAllDecorator('repository.admin')
474 @auth.CSRFRequired()
471 @auth.CSRFRequired()
475 def delete_repo_field(self, repo_name, field_id):
472 def delete_repo_field(self, repo_name, field_id):
476 field = RepositoryField.get_or_404(field_id)
473 field = RepositoryField.get_or_404(field_id)
477 try:
474 try:
478 RepoModel().delete_repo_field(repo_name, field.field_key)
475 RepoModel().delete_repo_field(repo_name, field.field_key)
479 Session().commit()
476 Session().commit()
480 except Exception as e:
477 except Exception as e:
481 log.exception("Exception during removal of field")
478 log.exception("Exception during removal of field")
482 msg = _('An error occurred during removal of field')
479 msg = _('An error occurred during removal of field')
483 h.flash(msg, category='error')
480 h.flash(msg, category='error')
484 return redirect(url('edit_repo_fields', repo_name=repo_name))
481 return redirect(url('edit_repo_fields', repo_name=repo_name))
485
482
486 @HasRepoPermissionAllDecorator('repository.admin')
483 @HasRepoPermissionAllDecorator('repository.admin')
487 def edit_advanced(self, repo_name):
484 def edit_advanced(self, repo_name):
488 """GET /repo_name/settings: Form to edit an existing item"""
485 """GET /repo_name/settings: Form to edit an existing item"""
489 # url('edit_repo', repo_name=ID)
486 # url('edit_repo', repo_name=ID)
490 c.repo_info = self._load_repo(repo_name)
487 c.repo_info = self._load_repo(repo_name)
491 c.default_user_id = User.get_default_user().user_id
488 c.default_user_id = User.get_default_user().user_id
492 c.in_public_journal = UserFollowing.query()\
489 c.in_public_journal = UserFollowing.query()\
493 .filter(UserFollowing.user_id == c.default_user_id)\
490 .filter(UserFollowing.user_id == c.default_user_id)\
494 .filter(UserFollowing.follows_repository == c.repo_info).scalar()
491 .filter(UserFollowing.follows_repository == c.repo_info).scalar()
495
492
496 c.active = 'advanced'
493 c.active = 'advanced'
497 c.has_origin_repo_read_perm = False
494 c.has_origin_repo_read_perm = False
498 if c.repo_info.fork:
495 if c.repo_info.fork:
499 c.has_origin_repo_read_perm = h.HasRepoPermissionAny(
496 c.has_origin_repo_read_perm = h.HasRepoPermissionAny(
500 'repository.write', 'repository.read', 'repository.admin')(
497 'repository.write', 'repository.read', 'repository.admin')(
501 c.repo_info.fork.repo_name, 'repo set as fork page')
498 c.repo_info.fork.repo_name, 'repo set as fork page')
502
499
503 if request.POST:
500 if request.POST:
504 return redirect(url('repo_edit_advanced'))
501 return redirect(url('repo_edit_advanced'))
505 return render('admin/repos/repo_edit.html')
502 return render('admin/repos/repo_edit.html')
506
503
507 @HasRepoPermissionAllDecorator('repository.admin')
504 @HasRepoPermissionAllDecorator('repository.admin')
508 @auth.CSRFRequired()
505 @auth.CSRFRequired()
509 def edit_advanced_journal(self, repo_name):
506 def edit_advanced_journal(self, repo_name):
510 """
507 """
511 Set's this repository to be visible in public journal,
508 Set's this repository to be visible in public journal,
512 in other words assing default user to follow this repo
509 in other words assing default user to follow this repo
513
510
514 :param repo_name:
511 :param repo_name:
515 """
512 """
516
513
517 try:
514 try:
518 repo_id = Repository.get_by_repo_name(repo_name).repo_id
515 repo_id = Repository.get_by_repo_name(repo_name).repo_id
519 user_id = User.get_default_user().user_id
516 user_id = User.get_default_user().user_id
520 self.scm_model.toggle_following_repo(repo_id, user_id)
517 self.scm_model.toggle_following_repo(repo_id, user_id)
521 h.flash(_('Updated repository visibility in public journal'),
518 h.flash(_('Updated repository visibility in public journal'),
522 category='success')
519 category='success')
523 Session().commit()
520 Session().commit()
524 except Exception:
521 except Exception:
525 h.flash(_('An error occurred during setting this'
522 h.flash(_('An error occurred during setting this'
526 ' repository in public journal'),
523 ' repository in public journal'),
527 category='error')
524 category='error')
528
525
529 return redirect(url('edit_repo_advanced', repo_name=repo_name))
526 return redirect(url('edit_repo_advanced', repo_name=repo_name))
530
527
531 @HasRepoPermissionAllDecorator('repository.admin')
528 @HasRepoPermissionAllDecorator('repository.admin')
532 @auth.CSRFRequired()
529 @auth.CSRFRequired()
533 def edit_advanced_fork(self, repo_name):
530 def edit_advanced_fork(self, repo_name):
534 """
531 """
535 Mark given repository as a fork of another
532 Mark given repository as a fork of another
536
533
537 :param repo_name:
534 :param repo_name:
538 """
535 """
539
536
540 new_fork_id = request.POST.get('id_fork_of')
537 new_fork_id = request.POST.get('id_fork_of')
541 try:
538 try:
542
539
543 if new_fork_id and not new_fork_id.isdigit():
540 if new_fork_id and not new_fork_id.isdigit():
544 log.error('Given fork id %s is not an INT', new_fork_id)
541 log.error('Given fork id %s is not an INT', new_fork_id)
545
542
546 fork_id = safe_int(new_fork_id)
543 fork_id = safe_int(new_fork_id)
547 repo = ScmModel().mark_as_fork(repo_name, fork_id,
544 repo = ScmModel().mark_as_fork(repo_name, fork_id,
548 c.rhodecode_user.username)
545 c.rhodecode_user.username)
549 fork = repo.fork.repo_name if repo.fork else _('Nothing')
546 fork = repo.fork.repo_name if repo.fork else _('Nothing')
550 Session().commit()
547 Session().commit()
551 h.flash(_('Marked repo %s as fork of %s') % (repo_name, fork),
548 h.flash(_('Marked repo %s as fork of %s') % (repo_name, fork),
552 category='success')
549 category='success')
553 except RepositoryError as e:
550 except RepositoryError as e:
554 log.exception("Repository Error occurred")
551 log.exception("Repository Error occurred")
555 h.flash(str(e), category='error')
552 h.flash(str(e), category='error')
556 except Exception as e:
553 except Exception as e:
557 log.exception("Exception while editing fork")
554 log.exception("Exception while editing fork")
558 h.flash(_('An error occurred during this operation'),
555 h.flash(_('An error occurred during this operation'),
559 category='error')
556 category='error')
560
557
561 return redirect(url('edit_repo_advanced', repo_name=repo_name))
558 return redirect(url('edit_repo_advanced', repo_name=repo_name))
562
559
563 @HasRepoPermissionAllDecorator('repository.admin')
560 @HasRepoPermissionAllDecorator('repository.admin')
564 @auth.CSRFRequired()
561 @auth.CSRFRequired()
565 def edit_advanced_locking(self, repo_name):
562 def edit_advanced_locking(self, repo_name):
566 """
563 """
567 Unlock repository when it is locked !
564 Unlock repository when it is locked !
568
565
569 :param repo_name:
566 :param repo_name:
570 """
567 """
571 try:
568 try:
572 repo = Repository.get_by_repo_name(repo_name)
569 repo = Repository.get_by_repo_name(repo_name)
573 if request.POST.get('set_lock'):
570 if request.POST.get('set_lock'):
574 Repository.lock(repo, c.rhodecode_user.user_id,
571 Repository.lock(repo, c.rhodecode_user.user_id,
575 lock_reason=Repository.LOCK_WEB)
572 lock_reason=Repository.LOCK_WEB)
576 h.flash(_('Locked repository'), category='success')
573 h.flash(_('Locked repository'), category='success')
577 elif request.POST.get('set_unlock'):
574 elif request.POST.get('set_unlock'):
578 Repository.unlock(repo)
575 Repository.unlock(repo)
579 h.flash(_('Unlocked repository'), category='success')
576 h.flash(_('Unlocked repository'), category='success')
580 except Exception as e:
577 except Exception as e:
581 log.exception("Exception during unlocking")
578 log.exception("Exception during unlocking")
582 h.flash(_('An error occurred during unlocking'),
579 h.flash(_('An error occurred during unlocking'),
583 category='error')
580 category='error')
584 return redirect(url('edit_repo_advanced', repo_name=repo_name))
581 return redirect(url('edit_repo_advanced', repo_name=repo_name))
585
582
586 @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
583 @HasRepoPermissionAnyDecorator('repository.write', 'repository.admin')
587 @auth.CSRFRequired()
584 @auth.CSRFRequired()
588 def toggle_locking(self, repo_name):
585 def toggle_locking(self, repo_name):
589 """
586 """
590 Toggle locking of repository by simple GET call to url
587 Toggle locking of repository by simple GET call to url
591
588
592 :param repo_name:
589 :param repo_name:
593 """
590 """
594
591
595 try:
592 try:
596 repo = Repository.get_by_repo_name(repo_name)
593 repo = Repository.get_by_repo_name(repo_name)
597
594
598 if repo.enable_locking:
595 if repo.enable_locking:
599 if repo.locked[0]:
596 if repo.locked[0]:
600 Repository.unlock(repo)
597 Repository.unlock(repo)
601 action = _('Unlocked')
598 action = _('Unlocked')
602 else:
599 else:
603 Repository.lock(repo, c.rhodecode_user.user_id,
600 Repository.lock(repo, c.rhodecode_user.user_id,
604 lock_reason=Repository.LOCK_WEB)
601 lock_reason=Repository.LOCK_WEB)
605 action = _('Locked')
602 action = _('Locked')
606
603
607 h.flash(_('Repository has been %s') % action,
604 h.flash(_('Repository has been %s') % action,
608 category='success')
605 category='success')
609 except Exception:
606 except Exception:
610 log.exception("Exception during unlocking")
607 log.exception("Exception during unlocking")
611 h.flash(_('An error occurred during unlocking'),
608 h.flash(_('An error occurred during unlocking'),
612 category='error')
609 category='error')
613 return redirect(url('summary_home', repo_name=repo_name))
610 return redirect(url('summary_home', repo_name=repo_name))
614
611
615 @HasRepoPermissionAllDecorator('repository.admin')
612 @HasRepoPermissionAllDecorator('repository.admin')
616 @auth.CSRFRequired()
613 @auth.CSRFRequired()
617 def edit_caches(self, repo_name):
614 def edit_caches(self, repo_name):
618 """PUT /{repo_name}/settings/caches: invalidate the repo caches."""
615 """PUT /{repo_name}/settings/caches: invalidate the repo caches."""
619 try:
616 try:
620 ScmModel().mark_for_invalidation(repo_name, delete=True)
617 ScmModel().mark_for_invalidation(repo_name, delete=True)
621 Session().commit()
618 Session().commit()
622 h.flash(_('Cache invalidation successful'),
619 h.flash(_('Cache invalidation successful'),
623 category='success')
620 category='success')
624 except Exception:
621 except Exception:
625 log.exception("Exception during cache invalidation")
622 log.exception("Exception during cache invalidation")
626 h.flash(_('An error occurred during cache invalidation'),
623 h.flash(_('An error occurred during cache invalidation'),
627 category='error')
624 category='error')
628
625
629 return redirect(url('edit_repo_caches', repo_name=c.repo_name))
626 return redirect(url('edit_repo_caches', repo_name=c.repo_name))
630
627
631 @HasRepoPermissionAllDecorator('repository.admin')
628 @HasRepoPermissionAllDecorator('repository.admin')
632 def edit_caches_form(self, repo_name):
629 def edit_caches_form(self, repo_name):
633 """GET /repo_name/settings: Form to edit an existing item"""
630 """GET /repo_name/settings: Form to edit an existing item"""
634 # url('edit_repo', repo_name=ID)
631 # url('edit_repo', repo_name=ID)
635 c.repo_info = self._load_repo(repo_name)
632 c.repo_info = self._load_repo(repo_name)
636 c.active = 'caches'
633 c.active = 'caches'
637
634
638 return render('admin/repos/repo_edit.html')
635 return render('admin/repos/repo_edit.html')
639
636
640 @HasRepoPermissionAllDecorator('repository.admin')
637 @HasRepoPermissionAllDecorator('repository.admin')
641 @auth.CSRFRequired()
638 @auth.CSRFRequired()
642 def edit_remote(self, repo_name):
639 def edit_remote(self, repo_name):
643 """PUT /{repo_name}/settings/remote: edit the repo remote."""
640 """PUT /{repo_name}/settings/remote: edit the repo remote."""
644 try:
641 try:
645 ScmModel().pull_changes(repo_name, c.rhodecode_user.username)
642 ScmModel().pull_changes(repo_name, c.rhodecode_user.username)
646 h.flash(_('Pulled from remote location'), category='success')
643 h.flash(_('Pulled from remote location'), category='success')
647 except Exception:
644 except Exception:
648 log.exception("Exception during pull from remote")
645 log.exception("Exception during pull from remote")
649 h.flash(_('An error occurred during pull from remote location'),
646 h.flash(_('An error occurred during pull from remote location'),
650 category='error')
647 category='error')
651 return redirect(url('edit_repo_remote', repo_name=c.repo_name))
648 return redirect(url('edit_repo_remote', repo_name=c.repo_name))
652
649
653 @HasRepoPermissionAllDecorator('repository.admin')
650 @HasRepoPermissionAllDecorator('repository.admin')
654 def edit_remote_form(self, repo_name):
651 def edit_remote_form(self, repo_name):
655 """GET /repo_name/settings: Form to edit an existing item"""
652 """GET /repo_name/settings: Form to edit an existing item"""
656 # url('edit_repo', repo_name=ID)
653 # url('edit_repo', repo_name=ID)
657 c.repo_info = self._load_repo(repo_name)
654 c.repo_info = self._load_repo(repo_name)
658 c.active = 'remote'
655 c.active = 'remote'
659
656
660 return render('admin/repos/repo_edit.html')
657 return render('admin/repos/repo_edit.html')
661
658
662 @HasRepoPermissionAllDecorator('repository.admin')
659 @HasRepoPermissionAllDecorator('repository.admin')
663 @auth.CSRFRequired()
660 @auth.CSRFRequired()
664 def edit_statistics(self, repo_name):
661 def edit_statistics(self, repo_name):
665 """PUT /{repo_name}/settings/statistics: reset the repo statistics."""
662 """PUT /{repo_name}/settings/statistics: reset the repo statistics."""
666 try:
663 try:
667 RepoModel().delete_stats(repo_name)
664 RepoModel().delete_stats(repo_name)
668 Session().commit()
665 Session().commit()
669 except Exception as e:
666 except Exception as e:
670 log.error(traceback.format_exc())
667 log.error(traceback.format_exc())
671 h.flash(_('An error occurred during deletion of repository stats'),
668 h.flash(_('An error occurred during deletion of repository stats'),
672 category='error')
669 category='error')
673 return redirect(url('edit_repo_statistics', repo_name=c.repo_name))
670 return redirect(url('edit_repo_statistics', repo_name=c.repo_name))
674
671
675 @HasRepoPermissionAllDecorator('repository.admin')
672 @HasRepoPermissionAllDecorator('repository.admin')
676 def edit_statistics_form(self, repo_name):
673 def edit_statistics_form(self, repo_name):
677 """GET /repo_name/settings: Form to edit an existing item"""
674 """GET /repo_name/settings: Form to edit an existing item"""
678 # url('edit_repo', repo_name=ID)
675 # url('edit_repo', repo_name=ID)
679 c.repo_info = self._load_repo(repo_name)
676 c.repo_info = self._load_repo(repo_name)
680 repo = c.repo_info.scm_instance()
677 repo = c.repo_info.scm_instance()
681
678
682 if c.repo_info.stats:
679 if c.repo_info.stats:
683 # this is on what revision we ended up so we add +1 for count
680 # this is on what revision we ended up so we add +1 for count
684 last_rev = c.repo_info.stats.stat_on_revision + 1
681 last_rev = c.repo_info.stats.stat_on_revision + 1
685 else:
682 else:
686 last_rev = 0
683 last_rev = 0
687 c.stats_revision = last_rev
684 c.stats_revision = last_rev
688
685
689 c.repo_last_rev = repo.count()
686 c.repo_last_rev = repo.count()
690
687
691 if last_rev == 0 or c.repo_last_rev == 0:
688 if last_rev == 0 or c.repo_last_rev == 0:
692 c.stats_percentage = 0
689 c.stats_percentage = 0
693 else:
690 else:
694 c.stats_percentage = '%.2f' % ((float((last_rev)) / c.repo_last_rev) * 100)
691 c.stats_percentage = '%.2f' % ((float((last_rev)) / c.repo_last_rev) * 100)
695
692
696 c.active = 'statistics'
693 c.active = 'statistics'
697
694
698 return render('admin/repos/repo_edit.html')
695 return render('admin/repos/repo_edit.html')
699
696
700 @HasRepoPermissionAllDecorator('repository.admin')
697 @HasRepoPermissionAllDecorator('repository.admin')
701 @auth.CSRFRequired()
698 @auth.CSRFRequired()
702 def repo_issuetracker_test(self, repo_name):
699 def repo_issuetracker_test(self, repo_name):
703 if request.is_xhr:
700 if request.is_xhr:
704 return h.urlify_commit_message(
701 return h.urlify_commit_message(
705 request.POST.get('test_text', ''),
702 request.POST.get('test_text', ''),
706 repo_name)
703 repo_name)
707 else:
704 else:
708 raise HTTPBadRequest()
705 raise HTTPBadRequest()
709
706
710 @HasRepoPermissionAllDecorator('repository.admin')
707 @HasRepoPermissionAllDecorator('repository.admin')
711 @auth.CSRFRequired()
708 @auth.CSRFRequired()
712 def repo_issuetracker_delete(self, repo_name):
709 def repo_issuetracker_delete(self, repo_name):
713 uid = request.POST.get('uid')
710 uid = request.POST.get('uid')
714 repo_settings = IssueTrackerSettingsModel(repo=repo_name)
711 repo_settings = IssueTrackerSettingsModel(repo=repo_name)
715 try:
712 try:
716 repo_settings.delete_entries(uid)
713 repo_settings.delete_entries(uid)
717 except Exception:
714 except Exception:
718 h.flash(_('Error occurred during deleting issue tracker entry'),
715 h.flash(_('Error occurred during deleting issue tracker entry'),
719 category='error')
716 category='error')
720 else:
717 else:
721 h.flash(_('Removed issue tracker entry'), category='success')
718 h.flash(_('Removed issue tracker entry'), category='success')
722 return redirect(url('repo_settings_issuetracker',
719 return redirect(url('repo_settings_issuetracker',
723 repo_name=repo_name))
720 repo_name=repo_name))
724
721
725 def _update_patterns(self, form, repo_settings):
722 def _update_patterns(self, form, repo_settings):
726 for uid in form['delete_patterns']:
723 for uid in form['delete_patterns']:
727 repo_settings.delete_entries(uid)
724 repo_settings.delete_entries(uid)
728
725
729 for pattern in form['patterns']:
726 for pattern in form['patterns']:
730 for setting, value, type_ in pattern:
727 for setting, value, type_ in pattern:
731 sett = repo_settings.create_or_update_setting(
728 sett = repo_settings.create_or_update_setting(
732 setting, value, type_)
729 setting, value, type_)
733 Session().add(sett)
730 Session().add(sett)
734
731
735 Session().commit()
732 Session().commit()
736
733
737 @HasRepoPermissionAllDecorator('repository.admin')
734 @HasRepoPermissionAllDecorator('repository.admin')
738 @auth.CSRFRequired()
735 @auth.CSRFRequired()
739 def repo_issuetracker_save(self, repo_name):
736 def repo_issuetracker_save(self, repo_name):
740 # Save inheritance
737 # Save inheritance
741 repo_settings = IssueTrackerSettingsModel(repo=repo_name)
738 repo_settings = IssueTrackerSettingsModel(repo=repo_name)
742 inherited = (request.POST.get('inherit_global_issuetracker')
739 inherited = (request.POST.get('inherit_global_issuetracker')
743 == "inherited")
740 == "inherited")
744 repo_settings.inherit_global_settings = inherited
741 repo_settings.inherit_global_settings = inherited
745 Session().commit()
742 Session().commit()
746
743
747 form = IssueTrackerPatternsForm()().to_python(request.POST)
744 form = IssueTrackerPatternsForm()().to_python(request.POST)
748 if form:
745 if form:
749 self._update_patterns(form, repo_settings)
746 self._update_patterns(form, repo_settings)
750
747
751 h.flash(_('Updated issue tracker entries'), category='success')
748 h.flash(_('Updated issue tracker entries'), category='success')
752 return redirect(url('repo_settings_issuetracker',
749 return redirect(url('repo_settings_issuetracker',
753 repo_name=repo_name))
750 repo_name=repo_name))
754
751
755 @HasRepoPermissionAllDecorator('repository.admin')
752 @HasRepoPermissionAllDecorator('repository.admin')
756 def repo_issuetracker(self, repo_name):
753 def repo_issuetracker(self, repo_name):
757 """GET /admin/settings/issue-tracker: All items in the collection"""
754 """GET /admin/settings/issue-tracker: All items in the collection"""
758 c.active = 'issuetracker'
755 c.active = 'issuetracker'
759 c.data = 'data'
756 c.data = 'data'
760 c.repo_info = self._load_repo(repo_name)
757 c.repo_info = self._load_repo(repo_name)
761
758
762 repo = Repository.get_by_repo_name(repo_name)
759 repo = Repository.get_by_repo_name(repo_name)
763 c.settings_model = IssueTrackerSettingsModel(repo=repo)
760 c.settings_model = IssueTrackerSettingsModel(repo=repo)
764 c.global_patterns = c.settings_model.get_global_settings()
761 c.global_patterns = c.settings_model.get_global_settings()
765 c.repo_patterns = c.settings_model.get_repo_settings()
762 c.repo_patterns = c.settings_model.get_repo_settings()
766
763
767 return render('admin/repos/repo_edit.html')
764 return render('admin/repos/repo_edit.html')
768
765
769 @HasRepoPermissionAllDecorator('repository.admin')
766 @HasRepoPermissionAllDecorator('repository.admin')
770 def repo_settings_vcs(self, repo_name):
767 def repo_settings_vcs(self, repo_name):
771 """GET /{repo_name}/settings/vcs/: All items in the collection"""
768 """GET /{repo_name}/settings/vcs/: All items in the collection"""
772
769
773 model = VcsSettingsModel(repo=repo_name)
770 model = VcsSettingsModel(repo=repo_name)
774
771
775 c.active = 'vcs'
772 c.active = 'vcs'
776 c.global_svn_branch_patterns = model.get_global_svn_branch_patterns()
773 c.global_svn_branch_patterns = model.get_global_svn_branch_patterns()
777 c.global_svn_tag_patterns = model.get_global_svn_tag_patterns()
774 c.global_svn_tag_patterns = model.get_global_svn_tag_patterns()
778 c.svn_branch_patterns = model.get_repo_svn_branch_patterns()
775 c.svn_branch_patterns = model.get_repo_svn_branch_patterns()
779 c.svn_tag_patterns = model.get_repo_svn_tag_patterns()
776 c.svn_tag_patterns = model.get_repo_svn_tag_patterns()
780 c.repo_info = self._load_repo(repo_name)
777 c.repo_info = self._load_repo(repo_name)
781 defaults = self._vcs_form_defaults(repo_name)
778 defaults = self._vcs_form_defaults(repo_name)
782 c.inherit_global_settings = defaults['inherit_global_settings']
779 c.inherit_global_settings = defaults['inherit_global_settings']
783 c.labs_active = str2bool(
780 c.labs_active = str2bool(
784 rhodecode.CONFIG.get('labs_settings_active', 'true'))
781 rhodecode.CONFIG.get('labs_settings_active', 'true'))
785
782
786 return htmlfill.render(
783 return htmlfill.render(
787 render('admin/repos/repo_edit.html'),
784 render('admin/repos/repo_edit.html'),
788 defaults=defaults,
785 defaults=defaults,
789 encoding="UTF-8",
786 encoding="UTF-8",
790 force_defaults=False)
787 force_defaults=False)
791
788
792 @HasRepoPermissionAllDecorator('repository.admin')
789 @HasRepoPermissionAllDecorator('repository.admin')
793 @auth.CSRFRequired()
790 @auth.CSRFRequired()
794 def repo_settings_vcs_update(self, repo_name):
791 def repo_settings_vcs_update(self, repo_name):
795 """POST /{repo_name}/settings/vcs/: All items in the collection"""
792 """POST /{repo_name}/settings/vcs/: All items in the collection"""
796 c.active = 'vcs'
793 c.active = 'vcs'
797
794
798 model = VcsSettingsModel(repo=repo_name)
795 model = VcsSettingsModel(repo=repo_name)
799 c.global_svn_branch_patterns = model.get_global_svn_branch_patterns()
796 c.global_svn_branch_patterns = model.get_global_svn_branch_patterns()
800 c.global_svn_tag_patterns = model.get_global_svn_tag_patterns()
797 c.global_svn_tag_patterns = model.get_global_svn_tag_patterns()
801 c.svn_branch_patterns = model.get_repo_svn_branch_patterns()
798 c.svn_branch_patterns = model.get_repo_svn_branch_patterns()
802 c.svn_tag_patterns = model.get_repo_svn_tag_patterns()
799 c.svn_tag_patterns = model.get_repo_svn_tag_patterns()
803 c.repo_info = self._load_repo(repo_name)
800 c.repo_info = self._load_repo(repo_name)
804 defaults = self._vcs_form_defaults(repo_name)
801 defaults = self._vcs_form_defaults(repo_name)
805 c.inherit_global_settings = defaults['inherit_global_settings']
802 c.inherit_global_settings = defaults['inherit_global_settings']
806
803
807 application_form = RepoVcsSettingsForm(repo_name)()
804 application_form = RepoVcsSettingsForm(repo_name)()
808 try:
805 try:
809 form_result = application_form.to_python(dict(request.POST))
806 form_result = application_form.to_python(dict(request.POST))
810 except formencode.Invalid as errors:
807 except formencode.Invalid as errors:
811 h.flash(
808 h.flash(
812 _("Some form inputs contain invalid data."),
809 _("Some form inputs contain invalid data."),
813 category='error')
810 category='error')
814 return htmlfill.render(
811 return htmlfill.render(
815 render('admin/repos/repo_edit.html'),
812 render('admin/repos/repo_edit.html'),
816 defaults=errors.value,
813 defaults=errors.value,
817 errors=errors.error_dict or {},
814 errors=errors.error_dict or {},
818 prefix_error=False,
815 prefix_error=False,
819 encoding="UTF-8",
816 encoding="UTF-8",
820 force_defaults=False
817 force_defaults=False
821 )
818 )
822
819
823 try:
820 try:
824 inherit_global_settings = form_result['inherit_global_settings']
821 inherit_global_settings = form_result['inherit_global_settings']
825 model.create_or_update_repo_settings(
822 model.create_or_update_repo_settings(
826 form_result, inherit_global_settings=inherit_global_settings)
823 form_result, inherit_global_settings=inherit_global_settings)
827 except Exception:
824 except Exception:
828 log.exception("Exception while updating settings")
825 log.exception("Exception while updating settings")
829 h.flash(
826 h.flash(
830 _('Error occurred during updating repository VCS settings'),
827 _('Error occurred during updating repository VCS settings'),
831 category='error')
828 category='error')
832 else:
829 else:
833 Session().commit()
830 Session().commit()
834 h.flash(_('Updated VCS settings'), category='success')
831 h.flash(_('Updated VCS settings'), category='success')
835 return redirect(url('repo_vcs_settings', repo_name=repo_name))
832 return redirect(url('repo_vcs_settings', repo_name=repo_name))
836
833
837 return htmlfill.render(
834 return htmlfill.render(
838 render('admin/repos/repo_edit.html'),
835 render('admin/repos/repo_edit.html'),
839 defaults=self._vcs_form_defaults(repo_name),
836 defaults=self._vcs_form_defaults(repo_name),
840 encoding="UTF-8",
837 encoding="UTF-8",
841 force_defaults=False)
838 force_defaults=False)
842
839
843 @HasRepoPermissionAllDecorator('repository.admin')
840 @HasRepoPermissionAllDecorator('repository.admin')
844 @auth.CSRFRequired()
841 @auth.CSRFRequired()
845 @jsonify
842 @jsonify
846 def repo_delete_svn_pattern(self, repo_name):
843 def repo_delete_svn_pattern(self, repo_name):
847 if not request.is_xhr:
844 if not request.is_xhr:
848 return False
845 return False
849
846
850 delete_pattern_id = request.POST.get('delete_svn_pattern')
847 delete_pattern_id = request.POST.get('delete_svn_pattern')
851 model = VcsSettingsModel(repo=repo_name)
848 model = VcsSettingsModel(repo=repo_name)
852 try:
849 try:
853 model.delete_repo_svn_pattern(delete_pattern_id)
850 model.delete_repo_svn_pattern(delete_pattern_id)
854 except SettingNotFound:
851 except SettingNotFound:
855 raise HTTPBadRequest()
852 raise HTTPBadRequest()
856
853
857 Session().commit()
854 Session().commit()
858 return True
855 return True
859
856
860 def _vcs_form_defaults(self, repo_name):
857 def _vcs_form_defaults(self, repo_name):
861 model = VcsSettingsModel(repo=repo_name)
858 model = VcsSettingsModel(repo=repo_name)
862 global_defaults = model.get_global_settings()
859 global_defaults = model.get_global_settings()
863
860
864 repo_defaults = {}
861 repo_defaults = {}
865 repo_defaults.update(global_defaults)
862 repo_defaults.update(global_defaults)
866 repo_defaults.update(model.get_repo_settings())
863 repo_defaults.update(model.get_repo_settings())
867
864
868 global_defaults = {
865 global_defaults = {
869 '{}_inherited'.format(k): global_defaults[k]
866 '{}_inherited'.format(k): global_defaults[k]
870 for k in global_defaults}
867 for k in global_defaults}
871
868
872 defaults = {
869 defaults = {
873 'inherit_global_settings': model.inherit_global_settings
870 'inherit_global_settings': model.inherit_global_settings
874 }
871 }
875 defaults.update(global_defaults)
872 defaults.update(global_defaults)
876 defaults.update(repo_defaults)
873 defaults.update(repo_defaults)
877 defaults.update({
874 defaults.update({
878 'new_svn_branch': '',
875 'new_svn_branch': '',
879 'new_svn_tag': '',
876 'new_svn_tag': '',
880 })
877 })
881 return defaults
878 return defaults
@@ -1,807 +1,814 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21
21
22 """
22 """
23 settings controller for rhodecode admin
23 settings controller for rhodecode admin
24 """
24 """
25
25
26 import collections
26 import collections
27 import logging
27 import logging
28 import urllib2
28 import urllib2
29
29
30 import datetime
30 import datetime
31 import formencode
31 import formencode
32 from formencode import htmlfill
32 from formencode import htmlfill
33 import packaging.version
33 import packaging.version
34 from pylons import request, tmpl_context as c, url, config
34 from pylons import request, tmpl_context as c, url, config
35 from pylons.controllers.util import redirect
35 from pylons.controllers.util import redirect
36 from pylons.i18n.translation import _, lazy_ugettext
36 from pylons.i18n.translation import _, lazy_ugettext
37 from pyramid.threadlocal import get_current_registry
37 from pyramid.threadlocal import get_current_registry
38 from webob.exc import HTTPBadRequest
38 from webob.exc import HTTPBadRequest
39
39
40 import rhodecode
40 import rhodecode
41 from rhodecode.admin.navigation import navigation_list
41 from rhodecode.admin.navigation import navigation_list
42 from rhodecode.lib import auth
42 from rhodecode.lib import auth
43 from rhodecode.lib import helpers as h
43 from rhodecode.lib import helpers as h
44 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
44 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
45 from rhodecode.lib.base import BaseController, render
45 from rhodecode.lib.base import BaseController, render
46 from rhodecode.lib.celerylib import tasks, run_task
46 from rhodecode.lib.celerylib import tasks, run_task
47 from rhodecode.lib.utils import repo2db_mapper
47 from rhodecode.lib.utils import repo2db_mapper
48 from rhodecode.lib.utils2 import (
48 from rhodecode.lib.utils2 import (
49 str2bool, safe_unicode, AttributeDict, safe_int)
49 str2bool, safe_unicode, AttributeDict, safe_int)
50 from rhodecode.lib.compat import OrderedDict
50 from rhodecode.lib.compat import OrderedDict
51 from rhodecode.lib.ext_json import json
51 from rhodecode.lib.ext_json import json
52 from rhodecode.lib.utils import jsonify
52 from rhodecode.lib.utils import jsonify
53
53
54 from rhodecode.model.db import RhodeCodeUi, Repository
54 from rhodecode.model.db import RhodeCodeUi, Repository
55 from rhodecode.model.forms import ApplicationSettingsForm, \
55 from rhodecode.model.forms import ApplicationSettingsForm, \
56 ApplicationUiSettingsForm, ApplicationVisualisationForm, \
56 ApplicationUiSettingsForm, ApplicationVisualisationForm, \
57 LabsSettingsForm, IssueTrackerPatternsForm
57 LabsSettingsForm, IssueTrackerPatternsForm
58 from rhodecode.model.repo_group import RepoGroupModel
58
59
59 from rhodecode.model.scm import ScmModel
60 from rhodecode.model.scm import ScmModel
60 from rhodecode.model.notification import EmailNotificationModel
61 from rhodecode.model.notification import EmailNotificationModel
61 from rhodecode.model.meta import Session
62 from rhodecode.model.meta import Session
62 from rhodecode.model.settings import (
63 from rhodecode.model.settings import (
63 IssueTrackerSettingsModel, VcsSettingsModel, SettingNotFound,
64 IssueTrackerSettingsModel, VcsSettingsModel, SettingNotFound,
64 SettingsModel)
65 SettingsModel)
65
66
66 from rhodecode.model.supervisor import SupervisorModel, SUPERVISOR_MASTER
67 from rhodecode.model.supervisor import SupervisorModel, SUPERVISOR_MASTER
67 from rhodecode.svn_support.config_keys import generate_config
68 from rhodecode.svn_support.config_keys import generate_config
68
69
69
70
70 log = logging.getLogger(__name__)
71 log = logging.getLogger(__name__)
71
72
72
73
73 class SettingsController(BaseController):
74 class SettingsController(BaseController):
74 """REST Controller styled on the Atom Publishing Protocol"""
75 """REST Controller styled on the Atom Publishing Protocol"""
75 # To properly map this controller, ensure your config/routing.py
76 # To properly map this controller, ensure your config/routing.py
76 # file has a resource setup:
77 # file has a resource setup:
77 # map.resource('setting', 'settings', controller='admin/settings',
78 # map.resource('setting', 'settings', controller='admin/settings',
78 # path_prefix='/admin', name_prefix='admin_')
79 # path_prefix='/admin', name_prefix='admin_')
79
80
80 @LoginRequired()
81 @LoginRequired()
81 def __before__(self):
82 def __before__(self):
82 super(SettingsController, self).__before__()
83 super(SettingsController, self).__before__()
83 c.labs_active = str2bool(
84 c.labs_active = str2bool(
84 rhodecode.CONFIG.get('labs_settings_active', 'true'))
85 rhodecode.CONFIG.get('labs_settings_active', 'true'))
85 c.navlist = navigation_list(request)
86 c.navlist = navigation_list(request)
86
87
87 def _get_hg_ui_settings(self):
88 def _get_hg_ui_settings(self):
88 ret = RhodeCodeUi.query().all()
89 ret = RhodeCodeUi.query().all()
89
90
90 if not ret:
91 if not ret:
91 raise Exception('Could not get application ui settings !')
92 raise Exception('Could not get application ui settings !')
92 settings = {}
93 settings = {}
93 for each in ret:
94 for each in ret:
94 k = each.ui_key
95 k = each.ui_key
95 v = each.ui_value
96 v = each.ui_value
96 if k == '/':
97 if k == '/':
97 k = 'root_path'
98 k = 'root_path'
98
99
99 if k in ['push_ssl', 'publish']:
100 if k in ['push_ssl', 'publish']:
100 v = str2bool(v)
101 v = str2bool(v)
101
102
102 if k.find('.') != -1:
103 if k.find('.') != -1:
103 k = k.replace('.', '_')
104 k = k.replace('.', '_')
104
105
105 if each.ui_section in ['hooks', 'extensions']:
106 if each.ui_section in ['hooks', 'extensions']:
106 v = each.ui_active
107 v = each.ui_active
107
108
108 settings[each.ui_section + '_' + k] = v
109 settings[each.ui_section + '_' + k] = v
109 return settings
110 return settings
110
111
111 @HasPermissionAllDecorator('hg.admin')
112 @HasPermissionAllDecorator('hg.admin')
112 @auth.CSRFRequired()
113 @auth.CSRFRequired()
113 @jsonify
114 @jsonify
114 def delete_svn_pattern(self):
115 def delete_svn_pattern(self):
115 if not request.is_xhr:
116 if not request.is_xhr:
116 raise HTTPBadRequest()
117 raise HTTPBadRequest()
117
118
118 delete_pattern_id = request.POST.get('delete_svn_pattern')
119 delete_pattern_id = request.POST.get('delete_svn_pattern')
119 model = VcsSettingsModel()
120 model = VcsSettingsModel()
120 try:
121 try:
121 model.delete_global_svn_pattern(delete_pattern_id)
122 model.delete_global_svn_pattern(delete_pattern_id)
122 except SettingNotFound:
123 except SettingNotFound:
123 raise HTTPBadRequest()
124 raise HTTPBadRequest()
124
125
125 Session().commit()
126 Session().commit()
126 return True
127 return True
127
128
128 @HasPermissionAllDecorator('hg.admin')
129 @HasPermissionAllDecorator('hg.admin')
129 @auth.CSRFRequired()
130 @auth.CSRFRequired()
130 def settings_vcs_update(self):
131 def settings_vcs_update(self):
131 """POST /admin/settings: All items in the collection"""
132 """POST /admin/settings: All items in the collection"""
132 # url('admin_settings_vcs')
133 # url('admin_settings_vcs')
133 c.active = 'vcs'
134 c.active = 'vcs'
134
135
135 model = VcsSettingsModel()
136 model = VcsSettingsModel()
136 c.svn_branch_patterns = model.get_global_svn_branch_patterns()
137 c.svn_branch_patterns = model.get_global_svn_branch_patterns()
137 c.svn_tag_patterns = model.get_global_svn_tag_patterns()
138 c.svn_tag_patterns = model.get_global_svn_tag_patterns()
138
139
139 # TODO: Replace with request.registry after migrating to pyramid.
140 # TODO: Replace with request.registry after migrating to pyramid.
140 pyramid_settings = get_current_registry().settings
141 pyramid_settings = get_current_registry().settings
141 c.svn_proxy_generate_config = pyramid_settings[generate_config]
142 c.svn_proxy_generate_config = pyramid_settings[generate_config]
142
143
143 application_form = ApplicationUiSettingsForm()()
144 application_form = ApplicationUiSettingsForm()()
144
145
145 try:
146 try:
146 form_result = application_form.to_python(dict(request.POST))
147 form_result = application_form.to_python(dict(request.POST))
147 except formencode.Invalid as errors:
148 except formencode.Invalid as errors:
148 h.flash(
149 h.flash(
149 _("Some form inputs contain invalid data."),
150 _("Some form inputs contain invalid data."),
150 category='error')
151 category='error')
151 return htmlfill.render(
152 return htmlfill.render(
152 render('admin/settings/settings.html'),
153 render('admin/settings/settings.html'),
153 defaults=errors.value,
154 defaults=errors.value,
154 errors=errors.error_dict or {},
155 errors=errors.error_dict or {},
155 prefix_error=False,
156 prefix_error=False,
156 encoding="UTF-8",
157 encoding="UTF-8",
157 force_defaults=False
158 force_defaults=False
158 )
159 )
159
160
160 try:
161 try:
161 if c.visual.allow_repo_location_change:
162 if c.visual.allow_repo_location_change:
162 model.update_global_path_setting(
163 model.update_global_path_setting(
163 form_result['paths_root_path'])
164 form_result['paths_root_path'])
164
165
165 model.update_global_ssl_setting(form_result['web_push_ssl'])
166 model.update_global_ssl_setting(form_result['web_push_ssl'])
166 model.update_global_hook_settings(form_result)
167 model.update_global_hook_settings(form_result)
167
168
168 model.create_or_update_global_svn_settings(form_result)
169 model.create_or_update_global_svn_settings(form_result)
169 model.create_or_update_global_hg_settings(form_result)
170 model.create_or_update_global_hg_settings(form_result)
170 model.create_or_update_global_pr_settings(form_result)
171 model.create_or_update_global_pr_settings(form_result)
171 except Exception:
172 except Exception:
172 log.exception("Exception while updating settings")
173 log.exception("Exception while updating settings")
173 h.flash(_('Error occurred during updating '
174 h.flash(_('Error occurred during updating '
174 'application settings'), category='error')
175 'application settings'), category='error')
175 else:
176 else:
176 Session().commit()
177 Session().commit()
177 h.flash(_('Updated VCS settings'), category='success')
178 h.flash(_('Updated VCS settings'), category='success')
178 return redirect(url('admin_settings_vcs'))
179 return redirect(url('admin_settings_vcs'))
179
180
180 return htmlfill.render(
181 return htmlfill.render(
181 render('admin/settings/settings.html'),
182 render('admin/settings/settings.html'),
182 defaults=self._form_defaults(),
183 defaults=self._form_defaults(),
183 encoding="UTF-8",
184 encoding="UTF-8",
184 force_defaults=False)
185 force_defaults=False)
185
186
186 @HasPermissionAllDecorator('hg.admin')
187 @HasPermissionAllDecorator('hg.admin')
187 def settings_vcs(self):
188 def settings_vcs(self):
188 """GET /admin/settings: All items in the collection"""
189 """GET /admin/settings: All items in the collection"""
189 # url('admin_settings_vcs')
190 # url('admin_settings_vcs')
190 c.active = 'vcs'
191 c.active = 'vcs'
191 model = VcsSettingsModel()
192 model = VcsSettingsModel()
192 c.svn_branch_patterns = model.get_global_svn_branch_patterns()
193 c.svn_branch_patterns = model.get_global_svn_branch_patterns()
193 c.svn_tag_patterns = model.get_global_svn_tag_patterns()
194 c.svn_tag_patterns = model.get_global_svn_tag_patterns()
194
195
195 # TODO: Replace with request.registry after migrating to pyramid.
196 # TODO: Replace with request.registry after migrating to pyramid.
196 pyramid_settings = get_current_registry().settings
197 pyramid_settings = get_current_registry().settings
197 c.svn_proxy_generate_config = pyramid_settings[generate_config]
198 c.svn_proxy_generate_config = pyramid_settings[generate_config]
198
199
199 return htmlfill.render(
200 return htmlfill.render(
200 render('admin/settings/settings.html'),
201 render('admin/settings/settings.html'),
201 defaults=self._form_defaults(),
202 defaults=self._form_defaults(),
202 encoding="UTF-8",
203 encoding="UTF-8",
203 force_defaults=False)
204 force_defaults=False)
204
205
205 @HasPermissionAllDecorator('hg.admin')
206 @HasPermissionAllDecorator('hg.admin')
206 @auth.CSRFRequired()
207 @auth.CSRFRequired()
207 def settings_mapping_update(self):
208 def settings_mapping_update(self):
208 """POST /admin/settings/mapping: All items in the collection"""
209 """POST /admin/settings/mapping: All items in the collection"""
209 # url('admin_settings_mapping')
210 # url('admin_settings_mapping')
210 c.active = 'mapping'
211 c.active = 'mapping'
211 rm_obsolete = request.POST.get('destroy', False)
212 rm_obsolete = request.POST.get('destroy', False)
212 invalidate_cache = request.POST.get('invalidate', False)
213 invalidate_cache = request.POST.get('invalidate', False)
213 log.debug(
214 log.debug(
214 'rescanning repo location with destroy obsolete=%s', rm_obsolete)
215 'rescanning repo location with destroy obsolete=%s', rm_obsolete)
215
216
216 if invalidate_cache:
217 if invalidate_cache:
217 log.debug('invalidating all repositories cache')
218 log.debug('invalidating all repositories cache')
218 for repo in Repository.get_all():
219 for repo in Repository.get_all():
219 ScmModel().mark_for_invalidation(repo.repo_name, delete=True)
220 ScmModel().mark_for_invalidation(repo.repo_name, delete=True)
220
221
221 filesystem_repos = ScmModel().repo_scan()
222 filesystem_repos = ScmModel().repo_scan()
222 added, removed = repo2db_mapper(filesystem_repos, rm_obsolete)
223 added, removed = repo2db_mapper(filesystem_repos, rm_obsolete)
223 _repr = lambda l: ', '.join(map(safe_unicode, l)) or '-'
224 _repr = lambda l: ', '.join(map(safe_unicode, l)) or '-'
224 h.flash(_('Repositories successfully '
225 h.flash(_('Repositories successfully '
225 'rescanned added: %s ; removed: %s') %
226 'rescanned added: %s ; removed: %s') %
226 (_repr(added), _repr(removed)),
227 (_repr(added), _repr(removed)),
227 category='success')
228 category='success')
228 return redirect(url('admin_settings_mapping'))
229 return redirect(url('admin_settings_mapping'))
229
230
230 @HasPermissionAllDecorator('hg.admin')
231 @HasPermissionAllDecorator('hg.admin')
231 def settings_mapping(self):
232 def settings_mapping(self):
232 """GET /admin/settings/mapping: All items in the collection"""
233 """GET /admin/settings/mapping: All items in the collection"""
233 # url('admin_settings_mapping')
234 # url('admin_settings_mapping')
234 c.active = 'mapping'
235 c.active = 'mapping'
235
236
236 return htmlfill.render(
237 return htmlfill.render(
237 render('admin/settings/settings.html'),
238 render('admin/settings/settings.html'),
238 defaults=self._form_defaults(),
239 defaults=self._form_defaults(),
239 encoding="UTF-8",
240 encoding="UTF-8",
240 force_defaults=False)
241 force_defaults=False)
241
242
242 @HasPermissionAllDecorator('hg.admin')
243 @HasPermissionAllDecorator('hg.admin')
243 @auth.CSRFRequired()
244 @auth.CSRFRequired()
244 def settings_global_update(self):
245 def settings_global_update(self):
245 """POST /admin/settings/global: All items in the collection"""
246 """POST /admin/settings/global: All items in the collection"""
246 # url('admin_settings_global')
247 # url('admin_settings_global')
247 c.active = 'global'
248 c.active = 'global'
249 c.personal_repo_group_default_pattern = RepoGroupModel()\
250 .get_personal_group_name_pattern()
248 application_form = ApplicationSettingsForm()()
251 application_form = ApplicationSettingsForm()()
249 try:
252 try:
250 form_result = application_form.to_python(dict(request.POST))
253 form_result = application_form.to_python(dict(request.POST))
251 except formencode.Invalid as errors:
254 except formencode.Invalid as errors:
252 return htmlfill.render(
255 return htmlfill.render(
253 render('admin/settings/settings.html'),
256 render('admin/settings/settings.html'),
254 defaults=errors.value,
257 defaults=errors.value,
255 errors=errors.error_dict or {},
258 errors=errors.error_dict or {},
256 prefix_error=False,
259 prefix_error=False,
257 encoding="UTF-8",
260 encoding="UTF-8",
258 force_defaults=False)
261 force_defaults=False)
259
262
260 try:
263 try:
261 settings = [
264 settings = [
262 ('title', 'rhodecode_title'),
265 ('title', 'rhodecode_title', 'unicode'),
263 ('realm', 'rhodecode_realm'),
266 ('realm', 'rhodecode_realm', 'unicode'),
264 ('pre_code', 'rhodecode_pre_code'),
267 ('pre_code', 'rhodecode_pre_code', 'unicode'),
265 ('post_code', 'rhodecode_post_code'),
268 ('post_code', 'rhodecode_post_code', 'unicode'),
266 ('captcha_public_key', 'rhodecode_captcha_public_key'),
269 ('captcha_public_key', 'rhodecode_captcha_public_key', 'unicode'),
267 ('captcha_private_key', 'rhodecode_captcha_private_key'),
270 ('captcha_private_key', 'rhodecode_captcha_private_key', 'unicode'),
271 ('create_personal_repo_group', 'rhodecode_create_personal_repo_group', 'bool'),
272 ('personal_repo_group_pattern', 'rhodecode_personal_repo_group_pattern', 'unicode'),
268 ]
273 ]
269 for setting, form_key in settings:
274 for setting, form_key, type_ in settings:
270 sett = SettingsModel().create_or_update_setting(
275 sett = SettingsModel().create_or_update_setting(
271 setting, form_result[form_key])
276 setting, form_result[form_key], type_)
272 Session().add(sett)
277 Session().add(sett)
273
278
274 Session().commit()
279 Session().commit()
275 SettingsModel().invalidate_settings_cache()
280 SettingsModel().invalidate_settings_cache()
276 h.flash(_('Updated application settings'), category='success')
281 h.flash(_('Updated application settings'), category='success')
277 except Exception:
282 except Exception:
278 log.exception("Exception while updating application settings")
283 log.exception("Exception while updating application settings")
279 h.flash(
284 h.flash(
280 _('Error occurred during updating application settings'),
285 _('Error occurred during updating application settings'),
281 category='error')
286 category='error')
282
287
283 return redirect(url('admin_settings_global'))
288 return redirect(url('admin_settings_global'))
284
289
285 @HasPermissionAllDecorator('hg.admin')
290 @HasPermissionAllDecorator('hg.admin')
286 def settings_global(self):
291 def settings_global(self):
287 """GET /admin/settings/global: All items in the collection"""
292 """GET /admin/settings/global: All items in the collection"""
288 # url('admin_settings_global')
293 # url('admin_settings_global')
289 c.active = 'global'
294 c.active = 'global'
295 c.personal_repo_group_default_pattern = RepoGroupModel()\
296 .get_personal_group_name_pattern()
290
297
291 return htmlfill.render(
298 return htmlfill.render(
292 render('admin/settings/settings.html'),
299 render('admin/settings/settings.html'),
293 defaults=self._form_defaults(),
300 defaults=self._form_defaults(),
294 encoding="UTF-8",
301 encoding="UTF-8",
295 force_defaults=False)
302 force_defaults=False)
296
303
297 @HasPermissionAllDecorator('hg.admin')
304 @HasPermissionAllDecorator('hg.admin')
298 @auth.CSRFRequired()
305 @auth.CSRFRequired()
299 def settings_visual_update(self):
306 def settings_visual_update(self):
300 """POST /admin/settings/visual: All items in the collection"""
307 """POST /admin/settings/visual: All items in the collection"""
301 # url('admin_settings_visual')
308 # url('admin_settings_visual')
302 c.active = 'visual'
309 c.active = 'visual'
303 application_form = ApplicationVisualisationForm()()
310 application_form = ApplicationVisualisationForm()()
304 try:
311 try:
305 form_result = application_form.to_python(dict(request.POST))
312 form_result = application_form.to_python(dict(request.POST))
306 except formencode.Invalid as errors:
313 except formencode.Invalid as errors:
307 return htmlfill.render(
314 return htmlfill.render(
308 render('admin/settings/settings.html'),
315 render('admin/settings/settings.html'),
309 defaults=errors.value,
316 defaults=errors.value,
310 errors=errors.error_dict or {},
317 errors=errors.error_dict or {},
311 prefix_error=False,
318 prefix_error=False,
312 encoding="UTF-8",
319 encoding="UTF-8",
313 force_defaults=False
320 force_defaults=False
314 )
321 )
315
322
316 try:
323 try:
317 settings = [
324 settings = [
318 ('show_public_icon', 'rhodecode_show_public_icon', 'bool'),
325 ('show_public_icon', 'rhodecode_show_public_icon', 'bool'),
319 ('show_private_icon', 'rhodecode_show_private_icon', 'bool'),
326 ('show_private_icon', 'rhodecode_show_private_icon', 'bool'),
320 ('stylify_metatags', 'rhodecode_stylify_metatags', 'bool'),
327 ('stylify_metatags', 'rhodecode_stylify_metatags', 'bool'),
321 ('repository_fields', 'rhodecode_repository_fields', 'bool'),
328 ('repository_fields', 'rhodecode_repository_fields', 'bool'),
322 ('dashboard_items', 'rhodecode_dashboard_items', 'int'),
329 ('dashboard_items', 'rhodecode_dashboard_items', 'int'),
323 ('admin_grid_items', 'rhodecode_admin_grid_items', 'int'),
330 ('admin_grid_items', 'rhodecode_admin_grid_items', 'int'),
324 ('show_version', 'rhodecode_show_version', 'bool'),
331 ('show_version', 'rhodecode_show_version', 'bool'),
325 ('use_gravatar', 'rhodecode_use_gravatar', 'bool'),
332 ('use_gravatar', 'rhodecode_use_gravatar', 'bool'),
326 ('markup_renderer', 'rhodecode_markup_renderer', 'unicode'),
333 ('markup_renderer', 'rhodecode_markup_renderer', 'unicode'),
327 ('gravatar_url', 'rhodecode_gravatar_url', 'unicode'),
334 ('gravatar_url', 'rhodecode_gravatar_url', 'unicode'),
328 ('clone_uri_tmpl', 'rhodecode_clone_uri_tmpl', 'unicode'),
335 ('clone_uri_tmpl', 'rhodecode_clone_uri_tmpl', 'unicode'),
329 ('support_url', 'rhodecode_support_url', 'unicode'),
336 ('support_url', 'rhodecode_support_url', 'unicode'),
330 ('show_revision_number', 'rhodecode_show_revision_number', 'bool'),
337 ('show_revision_number', 'rhodecode_show_revision_number', 'bool'),
331 ('show_sha_length', 'rhodecode_show_sha_length', 'int'),
338 ('show_sha_length', 'rhodecode_show_sha_length', 'int'),
332 ]
339 ]
333 for setting, form_key, type_ in settings:
340 for setting, form_key, type_ in settings:
334 sett = SettingsModel().create_or_update_setting(
341 sett = SettingsModel().create_or_update_setting(
335 setting, form_result[form_key], type_)
342 setting, form_result[form_key], type_)
336 Session().add(sett)
343 Session().add(sett)
337
344
338 Session().commit()
345 Session().commit()
339 SettingsModel().invalidate_settings_cache()
346 SettingsModel().invalidate_settings_cache()
340 h.flash(_('Updated visualisation settings'), category='success')
347 h.flash(_('Updated visualisation settings'), category='success')
341 except Exception:
348 except Exception:
342 log.exception("Exception updating visualization settings")
349 log.exception("Exception updating visualization settings")
343 h.flash(_('Error occurred during updating '
350 h.flash(_('Error occurred during updating '
344 'visualisation settings'),
351 'visualisation settings'),
345 category='error')
352 category='error')
346
353
347 return redirect(url('admin_settings_visual'))
354 return redirect(url('admin_settings_visual'))
348
355
349 @HasPermissionAllDecorator('hg.admin')
356 @HasPermissionAllDecorator('hg.admin')
350 def settings_visual(self):
357 def settings_visual(self):
351 """GET /admin/settings/visual: All items in the collection"""
358 """GET /admin/settings/visual: All items in the collection"""
352 # url('admin_settings_visual')
359 # url('admin_settings_visual')
353 c.active = 'visual'
360 c.active = 'visual'
354
361
355 return htmlfill.render(
362 return htmlfill.render(
356 render('admin/settings/settings.html'),
363 render('admin/settings/settings.html'),
357 defaults=self._form_defaults(),
364 defaults=self._form_defaults(),
358 encoding="UTF-8",
365 encoding="UTF-8",
359 force_defaults=False)
366 force_defaults=False)
360
367
361 @HasPermissionAllDecorator('hg.admin')
368 @HasPermissionAllDecorator('hg.admin')
362 @auth.CSRFRequired()
369 @auth.CSRFRequired()
363 def settings_issuetracker_test(self):
370 def settings_issuetracker_test(self):
364 if request.is_xhr:
371 if request.is_xhr:
365 return h.urlify_commit_message(
372 return h.urlify_commit_message(
366 request.POST.get('test_text', ''),
373 request.POST.get('test_text', ''),
367 'repo_group/test_repo1')
374 'repo_group/test_repo1')
368 else:
375 else:
369 raise HTTPBadRequest()
376 raise HTTPBadRequest()
370
377
371 @HasPermissionAllDecorator('hg.admin')
378 @HasPermissionAllDecorator('hg.admin')
372 @auth.CSRFRequired()
379 @auth.CSRFRequired()
373 def settings_issuetracker_delete(self):
380 def settings_issuetracker_delete(self):
374 uid = request.POST.get('uid')
381 uid = request.POST.get('uid')
375 IssueTrackerSettingsModel().delete_entries(uid)
382 IssueTrackerSettingsModel().delete_entries(uid)
376 h.flash(_('Removed issue tracker entry'), category='success')
383 h.flash(_('Removed issue tracker entry'), category='success')
377 return redirect(url('admin_settings_issuetracker'))
384 return redirect(url('admin_settings_issuetracker'))
378
385
379 @HasPermissionAllDecorator('hg.admin')
386 @HasPermissionAllDecorator('hg.admin')
380 def settings_issuetracker(self):
387 def settings_issuetracker(self):
381 """GET /admin/settings/issue-tracker: All items in the collection"""
388 """GET /admin/settings/issue-tracker: All items in the collection"""
382 # url('admin_settings_issuetracker')
389 # url('admin_settings_issuetracker')
383 c.active = 'issuetracker'
390 c.active = 'issuetracker'
384 defaults = SettingsModel().get_all_settings()
391 defaults = SettingsModel().get_all_settings()
385
392
386 entry_key = 'rhodecode_issuetracker_pat_'
393 entry_key = 'rhodecode_issuetracker_pat_'
387
394
388 c.issuetracker_entries = {}
395 c.issuetracker_entries = {}
389 for k, v in defaults.items():
396 for k, v in defaults.items():
390 if k.startswith(entry_key):
397 if k.startswith(entry_key):
391 uid = k[len(entry_key):]
398 uid = k[len(entry_key):]
392 c.issuetracker_entries[uid] = None
399 c.issuetracker_entries[uid] = None
393
400
394 for uid in c.issuetracker_entries:
401 for uid in c.issuetracker_entries:
395 c.issuetracker_entries[uid] = AttributeDict({
402 c.issuetracker_entries[uid] = AttributeDict({
396 'pat': defaults.get('rhodecode_issuetracker_pat_' + uid),
403 'pat': defaults.get('rhodecode_issuetracker_pat_' + uid),
397 'url': defaults.get('rhodecode_issuetracker_url_' + uid),
404 'url': defaults.get('rhodecode_issuetracker_url_' + uid),
398 'pref': defaults.get('rhodecode_issuetracker_pref_' + uid),
405 'pref': defaults.get('rhodecode_issuetracker_pref_' + uid),
399 'desc': defaults.get('rhodecode_issuetracker_desc_' + uid),
406 'desc': defaults.get('rhodecode_issuetracker_desc_' + uid),
400 })
407 })
401
408
402 return render('admin/settings/settings.html')
409 return render('admin/settings/settings.html')
403
410
404 @HasPermissionAllDecorator('hg.admin')
411 @HasPermissionAllDecorator('hg.admin')
405 @auth.CSRFRequired()
412 @auth.CSRFRequired()
406 def settings_issuetracker_save(self):
413 def settings_issuetracker_save(self):
407 settings_model = IssueTrackerSettingsModel()
414 settings_model = IssueTrackerSettingsModel()
408
415
409 form = IssueTrackerPatternsForm()().to_python(request.POST)
416 form = IssueTrackerPatternsForm()().to_python(request.POST)
410 if form:
417 if form:
411 for uid in form.get('delete_patterns', []):
418 for uid in form.get('delete_patterns', []):
412 settings_model.delete_entries(uid)
419 settings_model.delete_entries(uid)
413
420
414 for pattern in form.get('patterns', []):
421 for pattern in form.get('patterns', []):
415 for setting, value, type_ in pattern:
422 for setting, value, type_ in pattern:
416 sett = settings_model.create_or_update_setting(
423 sett = settings_model.create_or_update_setting(
417 setting, value, type_)
424 setting, value, type_)
418 Session().add(sett)
425 Session().add(sett)
419
426
420 Session().commit()
427 Session().commit()
421
428
422 SettingsModel().invalidate_settings_cache()
429 SettingsModel().invalidate_settings_cache()
423 h.flash(_('Updated issue tracker entries'), category='success')
430 h.flash(_('Updated issue tracker entries'), category='success')
424 return redirect(url('admin_settings_issuetracker'))
431 return redirect(url('admin_settings_issuetracker'))
425
432
426 @HasPermissionAllDecorator('hg.admin')
433 @HasPermissionAllDecorator('hg.admin')
427 @auth.CSRFRequired()
434 @auth.CSRFRequired()
428 def settings_email_update(self):
435 def settings_email_update(self):
429 """POST /admin/settings/email: All items in the collection"""
436 """POST /admin/settings/email: All items in the collection"""
430 # url('admin_settings_email')
437 # url('admin_settings_email')
431 c.active = 'email'
438 c.active = 'email'
432
439
433 test_email = request.POST.get('test_email')
440 test_email = request.POST.get('test_email')
434
441
435 if not test_email:
442 if not test_email:
436 h.flash(_('Please enter email address'), category='error')
443 h.flash(_('Please enter email address'), category='error')
437 return redirect(url('admin_settings_email'))
444 return redirect(url('admin_settings_email'))
438
445
439 email_kwargs = {
446 email_kwargs = {
440 'date': datetime.datetime.now(),
447 'date': datetime.datetime.now(),
441 'user': c.rhodecode_user,
448 'user': c.rhodecode_user,
442 'rhodecode_version': c.rhodecode_version
449 'rhodecode_version': c.rhodecode_version
443 }
450 }
444
451
445 (subject, headers, email_body,
452 (subject, headers, email_body,
446 email_body_plaintext) = EmailNotificationModel().render_email(
453 email_body_plaintext) = EmailNotificationModel().render_email(
447 EmailNotificationModel.TYPE_EMAIL_TEST, **email_kwargs)
454 EmailNotificationModel.TYPE_EMAIL_TEST, **email_kwargs)
448
455
449 recipients = [test_email] if test_email else None
456 recipients = [test_email] if test_email else None
450
457
451 run_task(tasks.send_email, recipients, subject,
458 run_task(tasks.send_email, recipients, subject,
452 email_body_plaintext, email_body)
459 email_body_plaintext, email_body)
453
460
454 h.flash(_('Send email task created'), category='success')
461 h.flash(_('Send email task created'), category='success')
455 return redirect(url('admin_settings_email'))
462 return redirect(url('admin_settings_email'))
456
463
457 @HasPermissionAllDecorator('hg.admin')
464 @HasPermissionAllDecorator('hg.admin')
458 def settings_email(self):
465 def settings_email(self):
459 """GET /admin/settings/email: All items in the collection"""
466 """GET /admin/settings/email: All items in the collection"""
460 # url('admin_settings_email')
467 # url('admin_settings_email')
461 c.active = 'email'
468 c.active = 'email'
462 c.rhodecode_ini = rhodecode.CONFIG
469 c.rhodecode_ini = rhodecode.CONFIG
463
470
464 return htmlfill.render(
471 return htmlfill.render(
465 render('admin/settings/settings.html'),
472 render('admin/settings/settings.html'),
466 defaults=self._form_defaults(),
473 defaults=self._form_defaults(),
467 encoding="UTF-8",
474 encoding="UTF-8",
468 force_defaults=False)
475 force_defaults=False)
469
476
470 @HasPermissionAllDecorator('hg.admin')
477 @HasPermissionAllDecorator('hg.admin')
471 @auth.CSRFRequired()
478 @auth.CSRFRequired()
472 def settings_hooks_update(self):
479 def settings_hooks_update(self):
473 """POST or DELETE /admin/settings/hooks: All items in the collection"""
480 """POST or DELETE /admin/settings/hooks: All items in the collection"""
474 # url('admin_settings_hooks')
481 # url('admin_settings_hooks')
475 c.active = 'hooks'
482 c.active = 'hooks'
476 if c.visual.allow_custom_hooks_settings:
483 if c.visual.allow_custom_hooks_settings:
477 ui_key = request.POST.get('new_hook_ui_key')
484 ui_key = request.POST.get('new_hook_ui_key')
478 ui_value = request.POST.get('new_hook_ui_value')
485 ui_value = request.POST.get('new_hook_ui_value')
479
486
480 hook_id = request.POST.get('hook_id')
487 hook_id = request.POST.get('hook_id')
481 new_hook = False
488 new_hook = False
482
489
483 model = SettingsModel()
490 model = SettingsModel()
484 try:
491 try:
485 if ui_value and ui_key:
492 if ui_value and ui_key:
486 model.create_or_update_hook(ui_key, ui_value)
493 model.create_or_update_hook(ui_key, ui_value)
487 h.flash(_('Added new hook'), category='success')
494 h.flash(_('Added new hook'), category='success')
488 new_hook = True
495 new_hook = True
489 elif hook_id:
496 elif hook_id:
490 RhodeCodeUi.delete(hook_id)
497 RhodeCodeUi.delete(hook_id)
491 Session().commit()
498 Session().commit()
492
499
493 # check for edits
500 # check for edits
494 update = False
501 update = False
495 _d = request.POST.dict_of_lists()
502 _d = request.POST.dict_of_lists()
496 for k, v in zip(_d.get('hook_ui_key', []),
503 for k, v in zip(_d.get('hook_ui_key', []),
497 _d.get('hook_ui_value_new', [])):
504 _d.get('hook_ui_value_new', [])):
498 model.create_or_update_hook(k, v)
505 model.create_or_update_hook(k, v)
499 update = True
506 update = True
500
507
501 if update and not new_hook:
508 if update and not new_hook:
502 h.flash(_('Updated hooks'), category='success')
509 h.flash(_('Updated hooks'), category='success')
503 Session().commit()
510 Session().commit()
504 except Exception:
511 except Exception:
505 log.exception("Exception during hook creation")
512 log.exception("Exception during hook creation")
506 h.flash(_('Error occurred during hook creation'),
513 h.flash(_('Error occurred during hook creation'),
507 category='error')
514 category='error')
508
515
509 return redirect(url('admin_settings_hooks'))
516 return redirect(url('admin_settings_hooks'))
510
517
511 @HasPermissionAllDecorator('hg.admin')
518 @HasPermissionAllDecorator('hg.admin')
512 def settings_hooks(self):
519 def settings_hooks(self):
513 """GET /admin/settings/hooks: All items in the collection"""
520 """GET /admin/settings/hooks: All items in the collection"""
514 # url('admin_settings_hooks')
521 # url('admin_settings_hooks')
515 c.active = 'hooks'
522 c.active = 'hooks'
516
523
517 model = SettingsModel()
524 model = SettingsModel()
518 c.hooks = model.get_builtin_hooks()
525 c.hooks = model.get_builtin_hooks()
519 c.custom_hooks = model.get_custom_hooks()
526 c.custom_hooks = model.get_custom_hooks()
520
527
521 return htmlfill.render(
528 return htmlfill.render(
522 render('admin/settings/settings.html'),
529 render('admin/settings/settings.html'),
523 defaults=self._form_defaults(),
530 defaults=self._form_defaults(),
524 encoding="UTF-8",
531 encoding="UTF-8",
525 force_defaults=False)
532 force_defaults=False)
526
533
527 @HasPermissionAllDecorator('hg.admin')
534 @HasPermissionAllDecorator('hg.admin')
528 def settings_search(self):
535 def settings_search(self):
529 """GET /admin/settings/search: All items in the collection"""
536 """GET /admin/settings/search: All items in the collection"""
530 # url('admin_settings_search')
537 # url('admin_settings_search')
531 c.active = 'search'
538 c.active = 'search'
532
539
533 from rhodecode.lib.index import searcher_from_config
540 from rhodecode.lib.index import searcher_from_config
534 searcher = searcher_from_config(config)
541 searcher = searcher_from_config(config)
535 c.statistics = searcher.statistics()
542 c.statistics = searcher.statistics()
536
543
537 return render('admin/settings/settings.html')
544 return render('admin/settings/settings.html')
538
545
539 @HasPermissionAllDecorator('hg.admin')
546 @HasPermissionAllDecorator('hg.admin')
540 def settings_system(self):
547 def settings_system(self):
541 """GET /admin/settings/system: All items in the collection"""
548 """GET /admin/settings/system: All items in the collection"""
542 # url('admin_settings_system')
549 # url('admin_settings_system')
543 snapshot = str2bool(request.GET.get('snapshot'))
550 snapshot = str2bool(request.GET.get('snapshot'))
544 c.active = 'system'
551 c.active = 'system'
545
552
546 defaults = self._form_defaults()
553 defaults = self._form_defaults()
547 c.rhodecode_ini = rhodecode.CONFIG
554 c.rhodecode_ini = rhodecode.CONFIG
548 c.rhodecode_update_url = defaults.get('rhodecode_update_url')
555 c.rhodecode_update_url = defaults.get('rhodecode_update_url')
549 server_info = ScmModel().get_server_info(request.environ)
556 server_info = ScmModel().get_server_info(request.environ)
550 for key, val in server_info.iteritems():
557 for key, val in server_info.iteritems():
551 setattr(c, key, val)
558 setattr(c, key, val)
552
559
553 if c.disk['percent'] > 90:
560 if c.disk['percent'] > 90:
554 h.flash(h.literal(_(
561 h.flash(h.literal(_(
555 'Critical: your disk space is very low <b>%s%%</b> used' %
562 'Critical: your disk space is very low <b>%s%%</b> used' %
556 c.disk['percent'])), 'error')
563 c.disk['percent'])), 'error')
557 elif c.disk['percent'] > 70:
564 elif c.disk['percent'] > 70:
558 h.flash(h.literal(_(
565 h.flash(h.literal(_(
559 'Warning: your disk space is running low <b>%s%%</b> used' %
566 'Warning: your disk space is running low <b>%s%%</b> used' %
560 c.disk['percent'])), 'warning')
567 c.disk['percent'])), 'warning')
561
568
562 try:
569 try:
563 c.uptime_age = h._age(
570 c.uptime_age = h._age(
564 h.time_to_datetime(c.boot_time), False, show_suffix=False)
571 h.time_to_datetime(c.boot_time), False, show_suffix=False)
565 except TypeError:
572 except TypeError:
566 c.uptime_age = c.boot_time
573 c.uptime_age = c.boot_time
567
574
568 try:
575 try:
569 c.system_memory = '%s/%s, %s%% (%s%%) used%s' % (
576 c.system_memory = '%s/%s, %s%% (%s%%) used%s' % (
570 h.format_byte_size_binary(c.memory['used']),
577 h.format_byte_size_binary(c.memory['used']),
571 h.format_byte_size_binary(c.memory['total']),
578 h.format_byte_size_binary(c.memory['total']),
572 c.memory['percent2'],
579 c.memory['percent2'],
573 c.memory['percent'],
580 c.memory['percent'],
574 ' %s' % c.memory['error'] if 'error' in c.memory else '')
581 ' %s' % c.memory['error'] if 'error' in c.memory else '')
575 except TypeError:
582 except TypeError:
576 c.system_memory = 'NOT AVAILABLE'
583 c.system_memory = 'NOT AVAILABLE'
577
584
578 rhodecode_ini_safe = rhodecode.CONFIG.copy()
585 rhodecode_ini_safe = rhodecode.CONFIG.copy()
579 blacklist = [
586 blacklist = [
580 'rhodecode_license_key',
587 'rhodecode_license_key',
581 'routes.map',
588 'routes.map',
582 'pylons.h',
589 'pylons.h',
583 'pylons.app_globals',
590 'pylons.app_globals',
584 'pylons.environ_config',
591 'pylons.environ_config',
585 'sqlalchemy.db1.url',
592 'sqlalchemy.db1.url',
586 ('app_conf', 'sqlalchemy.db1.url')
593 ('app_conf', 'sqlalchemy.db1.url')
587 ]
594 ]
588 for k in blacklist:
595 for k in blacklist:
589 if isinstance(k, tuple):
596 if isinstance(k, tuple):
590 section, key = k
597 section, key = k
591 if section in rhodecode_ini_safe:
598 if section in rhodecode_ini_safe:
592 rhodecode_ini_safe[section].pop(key, None)
599 rhodecode_ini_safe[section].pop(key, None)
593 else:
600 else:
594 rhodecode_ini_safe.pop(k, None)
601 rhodecode_ini_safe.pop(k, None)
595
602
596 c.rhodecode_ini_safe = rhodecode_ini_safe
603 c.rhodecode_ini_safe = rhodecode_ini_safe
597
604
598 # TODO: marcink, figure out how to allow only selected users to do this
605 # TODO: marcink, figure out how to allow only selected users to do this
599 c.allowed_to_snapshot = False
606 c.allowed_to_snapshot = False
600
607
601 if snapshot:
608 if snapshot:
602 if c.allowed_to_snapshot:
609 if c.allowed_to_snapshot:
603 return render('admin/settings/settings_system_snapshot.html')
610 return render('admin/settings/settings_system_snapshot.html')
604 else:
611 else:
605 h.flash('You are not allowed to do this', category='warning')
612 h.flash('You are not allowed to do this', category='warning')
606
613
607 return htmlfill.render(
614 return htmlfill.render(
608 render('admin/settings/settings.html'),
615 render('admin/settings/settings.html'),
609 defaults=defaults,
616 defaults=defaults,
610 encoding="UTF-8",
617 encoding="UTF-8",
611 force_defaults=False)
618 force_defaults=False)
612
619
613 @staticmethod
620 @staticmethod
614 def get_update_data(update_url):
621 def get_update_data(update_url):
615 """Return the JSON update data."""
622 """Return the JSON update data."""
616 ver = rhodecode.__version__
623 ver = rhodecode.__version__
617 log.debug('Checking for upgrade on `%s` server', update_url)
624 log.debug('Checking for upgrade on `%s` server', update_url)
618 opener = urllib2.build_opener()
625 opener = urllib2.build_opener()
619 opener.addheaders = [('User-agent', 'RhodeCode-SCM/%s' % ver)]
626 opener.addheaders = [('User-agent', 'RhodeCode-SCM/%s' % ver)]
620 response = opener.open(update_url)
627 response = opener.open(update_url)
621 response_data = response.read()
628 response_data = response.read()
622 data = json.loads(response_data)
629 data = json.loads(response_data)
623
630
624 return data
631 return data
625
632
626 @HasPermissionAllDecorator('hg.admin')
633 @HasPermissionAllDecorator('hg.admin')
627 def settings_system_update(self):
634 def settings_system_update(self):
628 """GET /admin/settings/system/updates: All items in the collection"""
635 """GET /admin/settings/system/updates: All items in the collection"""
629 # url('admin_settings_system_update')
636 # url('admin_settings_system_update')
630 defaults = self._form_defaults()
637 defaults = self._form_defaults()
631 update_url = defaults.get('rhodecode_update_url', '')
638 update_url = defaults.get('rhodecode_update_url', '')
632
639
633 _err = lambda s: '<div style="color:#ff8888; padding:4px 0px">%s</div>' % (s)
640 _err = lambda s: '<div style="color:#ff8888; padding:4px 0px">%s</div>' % (s)
634 try:
641 try:
635 data = self.get_update_data(update_url)
642 data = self.get_update_data(update_url)
636 except urllib2.URLError as e:
643 except urllib2.URLError as e:
637 log.exception("Exception contacting upgrade server")
644 log.exception("Exception contacting upgrade server")
638 return _err('Failed to contact upgrade server: %r' % e)
645 return _err('Failed to contact upgrade server: %r' % e)
639 except ValueError as e:
646 except ValueError as e:
640 log.exception("Bad data sent from update server")
647 log.exception("Bad data sent from update server")
641 return _err('Bad data sent from update server')
648 return _err('Bad data sent from update server')
642
649
643 latest = data['versions'][0]
650 latest = data['versions'][0]
644
651
645 c.update_url = update_url
652 c.update_url = update_url
646 c.latest_data = latest
653 c.latest_data = latest
647 c.latest_ver = latest['version']
654 c.latest_ver = latest['version']
648 c.cur_ver = rhodecode.__version__
655 c.cur_ver = rhodecode.__version__
649 c.should_upgrade = False
656 c.should_upgrade = False
650
657
651 if (packaging.version.Version(c.latest_ver) >
658 if (packaging.version.Version(c.latest_ver) >
652 packaging.version.Version(c.cur_ver)):
659 packaging.version.Version(c.cur_ver)):
653 c.should_upgrade = True
660 c.should_upgrade = True
654 c.important_notices = latest['general']
661 c.important_notices = latest['general']
655
662
656 return render('admin/settings/settings_system_update.html')
663 return render('admin/settings/settings_system_update.html')
657
664
658 @HasPermissionAllDecorator('hg.admin')
665 @HasPermissionAllDecorator('hg.admin')
659 def settings_supervisor(self):
666 def settings_supervisor(self):
660 c.rhodecode_ini = rhodecode.CONFIG
667 c.rhodecode_ini = rhodecode.CONFIG
661 c.active = 'supervisor'
668 c.active = 'supervisor'
662
669
663 c.supervisor_procs = OrderedDict([
670 c.supervisor_procs = OrderedDict([
664 (SUPERVISOR_MASTER, {}),
671 (SUPERVISOR_MASTER, {}),
665 ])
672 ])
666
673
667 c.log_size = 10240
674 c.log_size = 10240
668 supervisor = SupervisorModel()
675 supervisor = SupervisorModel()
669
676
670 _connection = supervisor.get_connection(
677 _connection = supervisor.get_connection(
671 c.rhodecode_ini.get('supervisor.uri'))
678 c.rhodecode_ini.get('supervisor.uri'))
672 c.connection_error = None
679 c.connection_error = None
673 try:
680 try:
674 _connection.supervisor.getAllProcessInfo()
681 _connection.supervisor.getAllProcessInfo()
675 except Exception as e:
682 except Exception as e:
676 c.connection_error = str(e)
683 c.connection_error = str(e)
677 log.exception("Exception reading supervisor data")
684 log.exception("Exception reading supervisor data")
678 return render('admin/settings/settings.html')
685 return render('admin/settings/settings.html')
679
686
680 groupid = c.rhodecode_ini.get('supervisor.group_id')
687 groupid = c.rhodecode_ini.get('supervisor.group_id')
681
688
682 # feed our group processes to the main
689 # feed our group processes to the main
683 for proc in supervisor.get_group_processes(_connection, groupid):
690 for proc in supervisor.get_group_processes(_connection, groupid):
684 c.supervisor_procs[proc['name']] = {}
691 c.supervisor_procs[proc['name']] = {}
685
692
686 for k in c.supervisor_procs.keys():
693 for k in c.supervisor_procs.keys():
687 try:
694 try:
688 # master process info
695 # master process info
689 if k == SUPERVISOR_MASTER:
696 if k == SUPERVISOR_MASTER:
690 _data = supervisor.get_master_state(_connection)
697 _data = supervisor.get_master_state(_connection)
691 _data['name'] = 'supervisor master'
698 _data['name'] = 'supervisor master'
692 _data['description'] = 'pid %s, id: %s, ver: %s' % (
699 _data['description'] = 'pid %s, id: %s, ver: %s' % (
693 _data['pid'], _data['id'], _data['ver'])
700 _data['pid'], _data['id'], _data['ver'])
694 c.supervisor_procs[k] = _data
701 c.supervisor_procs[k] = _data
695 else:
702 else:
696 procid = groupid + ":" + k
703 procid = groupid + ":" + k
697 c.supervisor_procs[k] = supervisor.get_process_info(_connection, procid)
704 c.supervisor_procs[k] = supervisor.get_process_info(_connection, procid)
698 except Exception as e:
705 except Exception as e:
699 log.exception("Exception reading supervisor data")
706 log.exception("Exception reading supervisor data")
700 c.supervisor_procs[k] = {'_rhodecode_error': str(e)}
707 c.supervisor_procs[k] = {'_rhodecode_error': str(e)}
701
708
702 return render('admin/settings/settings.html')
709 return render('admin/settings/settings.html')
703
710
704 @HasPermissionAllDecorator('hg.admin')
711 @HasPermissionAllDecorator('hg.admin')
705 def settings_supervisor_log(self, procid):
712 def settings_supervisor_log(self, procid):
706 import rhodecode
713 import rhodecode
707 c.rhodecode_ini = rhodecode.CONFIG
714 c.rhodecode_ini = rhodecode.CONFIG
708 c.active = 'supervisor_tail'
715 c.active = 'supervisor_tail'
709
716
710 supervisor = SupervisorModel()
717 supervisor = SupervisorModel()
711 _connection = supervisor.get_connection(c.rhodecode_ini.get('supervisor.uri'))
718 _connection = supervisor.get_connection(c.rhodecode_ini.get('supervisor.uri'))
712 groupid = c.rhodecode_ini.get('supervisor.group_id')
719 groupid = c.rhodecode_ini.get('supervisor.group_id')
713 procid = groupid + ":" + procid if procid != SUPERVISOR_MASTER else procid
720 procid = groupid + ":" + procid if procid != SUPERVISOR_MASTER else procid
714
721
715 c.log_size = 10240
722 c.log_size = 10240
716 offset = abs(safe_int(request.GET.get('offset', c.log_size))) * -1
723 offset = abs(safe_int(request.GET.get('offset', c.log_size))) * -1
717 c.log = supervisor.read_process_log(_connection, procid, offset, 0)
724 c.log = supervisor.read_process_log(_connection, procid, offset, 0)
718
725
719 return render('admin/settings/settings.html')
726 return render('admin/settings/settings.html')
720
727
721 @HasPermissionAllDecorator('hg.admin')
728 @HasPermissionAllDecorator('hg.admin')
722 @auth.CSRFRequired()
729 @auth.CSRFRequired()
723 def settings_labs_update(self):
730 def settings_labs_update(self):
724 """POST /admin/settings/labs: All items in the collection"""
731 """POST /admin/settings/labs: All items in the collection"""
725 # url('admin_settings/labs', method={'POST'})
732 # url('admin_settings/labs', method={'POST'})
726 c.active = 'labs'
733 c.active = 'labs'
727
734
728 application_form = LabsSettingsForm()()
735 application_form = LabsSettingsForm()()
729 try:
736 try:
730 form_result = application_form.to_python(dict(request.POST))
737 form_result = application_form.to_python(dict(request.POST))
731 except formencode.Invalid as errors:
738 except formencode.Invalid as errors:
732 h.flash(
739 h.flash(
733 _('Some form inputs contain invalid data.'),
740 _('Some form inputs contain invalid data.'),
734 category='error')
741 category='error')
735 return htmlfill.render(
742 return htmlfill.render(
736 render('admin/settings/settings.html'),
743 render('admin/settings/settings.html'),
737 defaults=errors.value,
744 defaults=errors.value,
738 errors=errors.error_dict or {},
745 errors=errors.error_dict or {},
739 prefix_error=False,
746 prefix_error=False,
740 encoding='UTF-8',
747 encoding='UTF-8',
741 force_defaults=False
748 force_defaults=False
742 )
749 )
743
750
744 try:
751 try:
745 session = Session()
752 session = Session()
746 for setting in _LAB_SETTINGS:
753 for setting in _LAB_SETTINGS:
747 setting_name = setting.key[len('rhodecode_'):]
754 setting_name = setting.key[len('rhodecode_'):]
748 sett = SettingsModel().create_or_update_setting(
755 sett = SettingsModel().create_or_update_setting(
749 setting_name, form_result[setting.key], setting.type)
756 setting_name, form_result[setting.key], setting.type)
750 session.add(sett)
757 session.add(sett)
751
758
752 except Exception:
759 except Exception:
753 log.exception('Exception while updating lab settings')
760 log.exception('Exception while updating lab settings')
754 h.flash(_('Error occurred during updating labs settings'),
761 h.flash(_('Error occurred during updating labs settings'),
755 category='error')
762 category='error')
756 else:
763 else:
757 Session().commit()
764 Session().commit()
758 SettingsModel().invalidate_settings_cache()
765 SettingsModel().invalidate_settings_cache()
759 h.flash(_('Updated Labs settings'), category='success')
766 h.flash(_('Updated Labs settings'), category='success')
760 return redirect(url('admin_settings_labs'))
767 return redirect(url('admin_settings_labs'))
761
768
762 return htmlfill.render(
769 return htmlfill.render(
763 render('admin/settings/settings.html'),
770 render('admin/settings/settings.html'),
764 defaults=self._form_defaults(),
771 defaults=self._form_defaults(),
765 encoding='UTF-8',
772 encoding='UTF-8',
766 force_defaults=False)
773 force_defaults=False)
767
774
768 @HasPermissionAllDecorator('hg.admin')
775 @HasPermissionAllDecorator('hg.admin')
769 def settings_labs(self):
776 def settings_labs(self):
770 """GET /admin/settings/labs: All items in the collection"""
777 """GET /admin/settings/labs: All items in the collection"""
771 # url('admin_settings_labs')
778 # url('admin_settings_labs')
772 if not c.labs_active:
779 if not c.labs_active:
773 redirect(url('admin_settings'))
780 redirect(url('admin_settings'))
774
781
775 c.active = 'labs'
782 c.active = 'labs'
776 c.lab_settings = _LAB_SETTINGS
783 c.lab_settings = _LAB_SETTINGS
777
784
778 return htmlfill.render(
785 return htmlfill.render(
779 render('admin/settings/settings.html'),
786 render('admin/settings/settings.html'),
780 defaults=self._form_defaults(),
787 defaults=self._form_defaults(),
781 encoding='UTF-8',
788 encoding='UTF-8',
782 force_defaults=False)
789 force_defaults=False)
783
790
784 def _form_defaults(self):
791 def _form_defaults(self):
785 defaults = SettingsModel().get_all_settings()
792 defaults = SettingsModel().get_all_settings()
786 defaults.update(self._get_hg_ui_settings())
793 defaults.update(self._get_hg_ui_settings())
787 defaults.update({
794 defaults.update({
788 'new_svn_branch': '',
795 'new_svn_branch': '',
789 'new_svn_tag': '',
796 'new_svn_tag': '',
790 })
797 })
791 return defaults
798 return defaults
792
799
793
800
794 # :param key: name of the setting including the 'rhodecode_' prefix
801 # :param key: name of the setting including the 'rhodecode_' prefix
795 # :param type: the RhodeCodeSetting type to use.
802 # :param type: the RhodeCodeSetting type to use.
796 # :param group: the i18ned group in which we should dispaly this setting
803 # :param group: the i18ned group in which we should dispaly this setting
797 # :param label: the i18ned label we should display for this setting
804 # :param label: the i18ned label we should display for this setting
798 # :param help: the i18ned help we should dispaly for this setting
805 # :param help: the i18ned help we should dispaly for this setting
799 LabSetting = collections.namedtuple(
806 LabSetting = collections.namedtuple(
800 'LabSetting', ('key', 'type', 'group', 'label', 'help'))
807 'LabSetting', ('key', 'type', 'group', 'label', 'help'))
801
808
802
809
803 # This list has to be kept in sync with the form
810 # This list has to be kept in sync with the form
804 # rhodecode.model.forms.LabsSettingsForm.
811 # rhodecode.model.forms.LabsSettingsForm.
805 _LAB_SETTINGS = [
812 _LAB_SETTINGS = [
806
813
807 ]
814 ]
@@ -1,714 +1,748 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 Users crud controller for pylons
22 Users crud controller for pylons
23 """
23 """
24
24
25 import logging
25 import logging
26 import formencode
26 import formencode
27
27
28 from formencode import htmlfill
28 from formencode import htmlfill
29 from pylons import request, tmpl_context as c, url, config
29 from pylons import request, tmpl_context as c, url, config
30 from pylons.controllers.util import redirect
30 from pylons.controllers.util import redirect
31 from pylons.i18n.translation import _
31 from pylons.i18n.translation import _
32
32
33 from rhodecode.authentication.plugins import auth_rhodecode
33 from rhodecode.authentication.plugins import auth_rhodecode
34 from rhodecode.lib.exceptions import (
34 from rhodecode.lib.exceptions import (
35 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
35 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
36 UserOwnsUserGroupsException, UserCreationError)
36 UserOwnsUserGroupsException, UserCreationError)
37 from rhodecode.lib import helpers as h
37 from rhodecode.lib import helpers as h
38 from rhodecode.lib import auth
38 from rhodecode.lib import auth
39 from rhodecode.lib.auth import (
39 from rhodecode.lib.auth import (
40 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
40 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
41 from rhodecode.lib.base import BaseController, render
41 from rhodecode.lib.base import BaseController, render
42 from rhodecode.model.auth_token import AuthTokenModel
42 from rhodecode.model.auth_token import AuthTokenModel
43
43
44 from rhodecode.model.db import (
44 from rhodecode.model.db import (
45 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
45 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
46 from rhodecode.model.forms import (
46 from rhodecode.model.forms import (
47 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
47 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
48 from rhodecode.model.repo_group import RepoGroupModel
48 from rhodecode.model.user import UserModel
49 from rhodecode.model.user import UserModel
49 from rhodecode.model.meta import Session
50 from rhodecode.model.meta import Session
50 from rhodecode.model.permission import PermissionModel
51 from rhodecode.model.permission import PermissionModel
51 from rhodecode.lib.utils import action_logger
52 from rhodecode.lib.utils import action_logger
52 from rhodecode.lib.ext_json import json
53 from rhodecode.lib.ext_json import json
53 from rhodecode.lib.utils2 import datetime_to_time, safe_int
54 from rhodecode.lib.utils2 import datetime_to_time, safe_int, AttributeDict
54
55
55 log = logging.getLogger(__name__)
56 log = logging.getLogger(__name__)
56
57
57
58
58 class UsersController(BaseController):
59 class UsersController(BaseController):
59 """REST Controller styled on the Atom Publishing Protocol"""
60 """REST Controller styled on the Atom Publishing Protocol"""
60
61
61 @LoginRequired()
62 @LoginRequired()
62 def __before__(self):
63 def __before__(self):
63 super(UsersController, self).__before__()
64 super(UsersController, self).__before__()
64 c.available_permissions = config['available_permissions']
65 c.available_permissions = config['available_permissions']
65 c.allowed_languages = [
66 c.allowed_languages = [
66 ('en', 'English (en)'),
67 ('en', 'English (en)'),
67 ('de', 'German (de)'),
68 ('de', 'German (de)'),
68 ('fr', 'French (fr)'),
69 ('fr', 'French (fr)'),
69 ('it', 'Italian (it)'),
70 ('it', 'Italian (it)'),
70 ('ja', 'Japanese (ja)'),
71 ('ja', 'Japanese (ja)'),
71 ('pl', 'Polish (pl)'),
72 ('pl', 'Polish (pl)'),
72 ('pt', 'Portuguese (pt)'),
73 ('pt', 'Portuguese (pt)'),
73 ('ru', 'Russian (ru)'),
74 ('ru', 'Russian (ru)'),
74 ('zh', 'Chinese (zh)'),
75 ('zh', 'Chinese (zh)'),
75 ]
76 ]
76 PermissionModel().set_global_permission_choices(c, translator=_)
77 PermissionModel().set_global_permission_choices(c, translator=_)
77
78
78 @HasPermissionAllDecorator('hg.admin')
79 @HasPermissionAllDecorator('hg.admin')
79 def index(self):
80 def index(self):
80 """GET /users: All items in the collection"""
81 """GET /users: All items in the collection"""
81 # url('users')
82 # url('users')
82
83
83 from rhodecode.lib.utils import PartialRenderer
84 from rhodecode.lib.utils import PartialRenderer
84 _render = PartialRenderer('data_table/_dt_elements.html')
85 _render = PartialRenderer('data_table/_dt_elements.html')
85
86
86 def username(user_id, username):
87 def username(user_id, username):
87 return _render("user_name", user_id, username)
88 return _render("user_name", user_id, username)
88
89
89 def user_actions(user_id, username):
90 def user_actions(user_id, username):
90 return _render("user_actions", user_id, username)
91 return _render("user_actions", user_id, username)
91
92
92 # json generate
93 # json generate
93 c.users_list = User.query()\
94 c.users_list = User.query()\
94 .filter(User.username != User.DEFAULT_USER) \
95 .filter(User.username != User.DEFAULT_USER) \
95 .all()
96 .all()
96
97
97 users_data = []
98 users_data = []
98 for user in c.users_list:
99 for user in c.users_list:
99 users_data.append({
100 users_data.append({
100 "username": h.gravatar_with_user(user.username),
101 "username": h.gravatar_with_user(user.username),
101 "username_raw": user.username,
102 "username_raw": user.username,
102 "email": user.email,
103 "email": user.email,
103 "first_name": h.escape(user.name),
104 "first_name": h.escape(user.name),
104 "last_name": h.escape(user.lastname),
105 "last_name": h.escape(user.lastname),
105 "last_login": h.format_date(user.last_login),
106 "last_login": h.format_date(user.last_login),
106 "last_login_raw": datetime_to_time(user.last_login),
107 "last_login_raw": datetime_to_time(user.last_login),
107 "last_activity": h.format_date(
108 "last_activity": h.format_date(
108 h.time_to_datetime(user.user_data.get('last_activity', 0))),
109 h.time_to_datetime(user.user_data.get('last_activity', 0))),
109 "last_activity_raw": user.user_data.get('last_activity', 0),
110 "last_activity_raw": user.user_data.get('last_activity', 0),
110 "active": h.bool2icon(user.active),
111 "active": h.bool2icon(user.active),
111 "active_raw": user.active,
112 "active_raw": user.active,
112 "admin": h.bool2icon(user.admin),
113 "admin": h.bool2icon(user.admin),
113 "admin_raw": user.admin,
114 "admin_raw": user.admin,
114 "extern_type": user.extern_type,
115 "extern_type": user.extern_type,
115 "extern_name": user.extern_name,
116 "extern_name": user.extern_name,
116 "action": user_actions(user.user_id, user.username),
117 "action": user_actions(user.user_id, user.username),
117 })
118 })
118
119
119
120
120 c.data = json.dumps(users_data)
121 c.data = json.dumps(users_data)
121 return render('admin/users/users.html')
122 return render('admin/users/users.html')
122
123
124 def _get_personal_repo_group_template_vars(self):
125 DummyUser = AttributeDict({
126 'username': '${username}',
127 'user_id': '${user_id}',
128 })
129 c.default_create_repo_group = RepoGroupModel() \
130 .get_default_create_personal_repo_group()
131 c.personal_repo_group_name = RepoGroupModel() \
132 .get_personal_group_name(DummyUser)
133
123 @HasPermissionAllDecorator('hg.admin')
134 @HasPermissionAllDecorator('hg.admin')
124 @auth.CSRFRequired()
135 @auth.CSRFRequired()
125 def create(self):
136 def create(self):
126 """POST /users: Create a new item"""
137 """POST /users: Create a new item"""
127 # url('users')
138 # url('users')
128 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
139 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
129 user_model = UserModel()
140 user_model = UserModel()
130 user_form = UserForm()()
141 user_form = UserForm()()
131 try:
142 try:
132 form_result = user_form.to_python(dict(request.POST))
143 form_result = user_form.to_python(dict(request.POST))
133 user = user_model.create(form_result)
144 user = user_model.create(form_result)
134 Session().flush()
145 Session().flush()
135 username = form_result['username']
146 username = form_result['username']
136 action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
147 action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
137 None, self.ip_addr, self.sa)
148 None, self.ip_addr, self.sa)
138
149
139 user_link = h.link_to(h.escape(username),
150 user_link = h.link_to(h.escape(username),
140 url('edit_user',
151 url('edit_user',
141 user_id=user.user_id))
152 user_id=user.user_id))
142 h.flash(h.literal(_('Created user %(user_link)s')
153 h.flash(h.literal(_('Created user %(user_link)s')
143 % {'user_link': user_link}), category='success')
154 % {'user_link': user_link}), category='success')
144 Session().commit()
155 Session().commit()
145 except formencode.Invalid as errors:
156 except formencode.Invalid as errors:
157 self._get_personal_repo_group_template_vars()
146 return htmlfill.render(
158 return htmlfill.render(
147 render('admin/users/user_add.html'),
159 render('admin/users/user_add.html'),
148 defaults=errors.value,
160 defaults=errors.value,
149 errors=errors.error_dict or {},
161 errors=errors.error_dict or {},
150 prefix_error=False,
162 prefix_error=False,
151 encoding="UTF-8",
163 encoding="UTF-8",
152 force_defaults=False)
164 force_defaults=False)
153 except UserCreationError as e:
165 except UserCreationError as e:
154 h.flash(e, 'error')
166 h.flash(e, 'error')
155 except Exception:
167 except Exception:
156 log.exception("Exception creation of user")
168 log.exception("Exception creation of user")
157 h.flash(_('Error occurred during creation of user %s')
169 h.flash(_('Error occurred during creation of user %s')
158 % request.POST.get('username'), category='error')
170 % request.POST.get('username'), category='error')
159 return redirect(url('users'))
171 return redirect(url('users'))
160
172
161 @HasPermissionAllDecorator('hg.admin')
173 @HasPermissionAllDecorator('hg.admin')
162 def new(self):
174 def new(self):
163 """GET /users/new: Form to create a new item"""
175 """GET /users/new: Form to create a new item"""
164 # url('new_user')
176 # url('new_user')
165 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
177 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
178 self._get_personal_repo_group_template_vars()
166 return render('admin/users/user_add.html')
179 return render('admin/users/user_add.html')
167
180
168 @HasPermissionAllDecorator('hg.admin')
181 @HasPermissionAllDecorator('hg.admin')
169 @auth.CSRFRequired()
182 @auth.CSRFRequired()
170 def update(self, user_id):
183 def update(self, user_id):
171 """PUT /users/user_id: Update an existing item"""
184 """PUT /users/user_id: Update an existing item"""
172 # Forms posted to this method should contain a hidden field:
185 # Forms posted to this method should contain a hidden field:
173 # <input type="hidden" name="_method" value="PUT" />
186 # <input type="hidden" name="_method" value="PUT" />
174 # Or using helpers:
187 # Or using helpers:
175 # h.form(url('update_user', user_id=ID),
188 # h.form(url('update_user', user_id=ID),
176 # method='put')
189 # method='put')
177 # url('user', user_id=ID)
190 # url('user', user_id=ID)
178 user_id = safe_int(user_id)
191 user_id = safe_int(user_id)
179 c.user = User.get_or_404(user_id)
192 c.user = User.get_or_404(user_id)
180 c.active = 'profile'
193 c.active = 'profile'
181 c.extern_type = c.user.extern_type
194 c.extern_type = c.user.extern_type
182 c.extern_name = c.user.extern_name
195 c.extern_name = c.user.extern_name
183 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
196 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
184 available_languages = [x[0] for x in c.allowed_languages]
197 available_languages = [x[0] for x in c.allowed_languages]
185 _form = UserForm(edit=True, available_languages=available_languages,
198 _form = UserForm(edit=True, available_languages=available_languages,
186 old_data={'user_id': user_id,
199 old_data={'user_id': user_id,
187 'email': c.user.email})()
200 'email': c.user.email})()
188 form_result = {}
201 form_result = {}
189 try:
202 try:
190 form_result = _form.to_python(dict(request.POST))
203 form_result = _form.to_python(dict(request.POST))
191 skip_attrs = ['extern_type', 'extern_name']
204 skip_attrs = ['extern_type', 'extern_name']
192 # TODO: plugin should define if username can be updated
205 # TODO: plugin should define if username can be updated
193 if c.extern_type != "rhodecode":
206 if c.extern_type != "rhodecode":
194 # forbid updating username for external accounts
207 # forbid updating username for external accounts
195 skip_attrs.append('username')
208 skip_attrs.append('username')
196
209
197 UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
210 UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
198 usr = form_result['username']
211 usr = form_result['username']
199 action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
212 action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
200 None, self.ip_addr, self.sa)
213 None, self.ip_addr, self.sa)
201 h.flash(_('User updated successfully'), category='success')
214 h.flash(_('User updated successfully'), category='success')
202 Session().commit()
215 Session().commit()
203 except formencode.Invalid as errors:
216 except formencode.Invalid as errors:
204 defaults = errors.value
217 defaults = errors.value
205 e = errors.error_dict or {}
218 e = errors.error_dict or {}
206
219
207 return htmlfill.render(
220 return htmlfill.render(
208 render('admin/users/user_edit.html'),
221 render('admin/users/user_edit.html'),
209 defaults=defaults,
222 defaults=defaults,
210 errors=e,
223 errors=e,
211 prefix_error=False,
224 prefix_error=False,
212 encoding="UTF-8",
225 encoding="UTF-8",
213 force_defaults=False)
226 force_defaults=False)
214 except UserCreationError as e:
227 except UserCreationError as e:
215 h.flash(e, 'error')
228 h.flash(e, 'error')
216 except Exception:
229 except Exception:
217 log.exception("Exception updating user")
230 log.exception("Exception updating user")
218 h.flash(_('Error occurred during update of user %s')
231 h.flash(_('Error occurred during update of user %s')
219 % form_result.get('username'), category='error')
232 % form_result.get('username'), category='error')
220 return redirect(url('edit_user', user_id=user_id))
233 return redirect(url('edit_user', user_id=user_id))
221
234
222 @HasPermissionAllDecorator('hg.admin')
235 @HasPermissionAllDecorator('hg.admin')
223 @auth.CSRFRequired()
236 @auth.CSRFRequired()
224 def delete(self, user_id):
237 def delete(self, user_id):
225 """DELETE /users/user_id: Delete an existing item"""
238 """DELETE /users/user_id: Delete an existing item"""
226 # Forms posted to this method should contain a hidden field:
239 # Forms posted to this method should contain a hidden field:
227 # <input type="hidden" name="_method" value="DELETE" />
240 # <input type="hidden" name="_method" value="DELETE" />
228 # Or using helpers:
241 # Or using helpers:
229 # h.form(url('delete_user', user_id=ID),
242 # h.form(url('delete_user', user_id=ID),
230 # method='delete')
243 # method='delete')
231 # url('user', user_id=ID)
244 # url('user', user_id=ID)
232 user_id = safe_int(user_id)
245 user_id = safe_int(user_id)
233 c.user = User.get_or_404(user_id)
246 c.user = User.get_or_404(user_id)
234
247
235 _repos = c.user.repositories
248 _repos = c.user.repositories
236 _repo_groups = c.user.repository_groups
249 _repo_groups = c.user.repository_groups
237 _user_groups = c.user.user_groups
250 _user_groups = c.user.user_groups
238
251
239 handle_repos = None
252 handle_repos = None
240 handle_repo_groups = None
253 handle_repo_groups = None
241 handle_user_groups = None
254 handle_user_groups = None
242 # dummy call for flash of handle
255 # dummy call for flash of handle
243 set_handle_flash_repos = lambda: None
256 set_handle_flash_repos = lambda: None
244 set_handle_flash_repo_groups = lambda: None
257 set_handle_flash_repo_groups = lambda: None
245 set_handle_flash_user_groups = lambda: None
258 set_handle_flash_user_groups = lambda: None
246
259
247 if _repos and request.POST.get('user_repos'):
260 if _repos and request.POST.get('user_repos'):
248 do = request.POST['user_repos']
261 do = request.POST['user_repos']
249 if do == 'detach':
262 if do == 'detach':
250 handle_repos = 'detach'
263 handle_repos = 'detach'
251 set_handle_flash_repos = lambda: h.flash(
264 set_handle_flash_repos = lambda: h.flash(
252 _('Detached %s repositories') % len(_repos),
265 _('Detached %s repositories') % len(_repos),
253 category='success')
266 category='success')
254 elif do == 'delete':
267 elif do == 'delete':
255 handle_repos = 'delete'
268 handle_repos = 'delete'
256 set_handle_flash_repos = lambda: h.flash(
269 set_handle_flash_repos = lambda: h.flash(
257 _('Deleted %s repositories') % len(_repos),
270 _('Deleted %s repositories') % len(_repos),
258 category='success')
271 category='success')
259
272
260 if _repo_groups and request.POST.get('user_repo_groups'):
273 if _repo_groups and request.POST.get('user_repo_groups'):
261 do = request.POST['user_repo_groups']
274 do = request.POST['user_repo_groups']
262 if do == 'detach':
275 if do == 'detach':
263 handle_repo_groups = 'detach'
276 handle_repo_groups = 'detach'
264 set_handle_flash_repo_groups = lambda: h.flash(
277 set_handle_flash_repo_groups = lambda: h.flash(
265 _('Detached %s repository groups') % len(_repo_groups),
278 _('Detached %s repository groups') % len(_repo_groups),
266 category='success')
279 category='success')
267 elif do == 'delete':
280 elif do == 'delete':
268 handle_repo_groups = 'delete'
281 handle_repo_groups = 'delete'
269 set_handle_flash_repo_groups = lambda: h.flash(
282 set_handle_flash_repo_groups = lambda: h.flash(
270 _('Deleted %s repository groups') % len(_repo_groups),
283 _('Deleted %s repository groups') % len(_repo_groups),
271 category='success')
284 category='success')
272
285
273 if _user_groups and request.POST.get('user_user_groups'):
286 if _user_groups and request.POST.get('user_user_groups'):
274 do = request.POST['user_user_groups']
287 do = request.POST['user_user_groups']
275 if do == 'detach':
288 if do == 'detach':
276 handle_user_groups = 'detach'
289 handle_user_groups = 'detach'
277 set_handle_flash_user_groups = lambda: h.flash(
290 set_handle_flash_user_groups = lambda: h.flash(
278 _('Detached %s user groups') % len(_user_groups),
291 _('Detached %s user groups') % len(_user_groups),
279 category='success')
292 category='success')
280 elif do == 'delete':
293 elif do == 'delete':
281 handle_user_groups = 'delete'
294 handle_user_groups = 'delete'
282 set_handle_flash_user_groups = lambda: h.flash(
295 set_handle_flash_user_groups = lambda: h.flash(
283 _('Deleted %s user groups') % len(_user_groups),
296 _('Deleted %s user groups') % len(_user_groups),
284 category='success')
297 category='success')
285
298
286 try:
299 try:
287 UserModel().delete(c.user, handle_repos=handle_repos,
300 UserModel().delete(c.user, handle_repos=handle_repos,
288 handle_repo_groups=handle_repo_groups,
301 handle_repo_groups=handle_repo_groups,
289 handle_user_groups=handle_user_groups)
302 handle_user_groups=handle_user_groups)
290 Session().commit()
303 Session().commit()
291 set_handle_flash_repos()
304 set_handle_flash_repos()
292 set_handle_flash_repo_groups()
305 set_handle_flash_repo_groups()
293 set_handle_flash_user_groups()
306 set_handle_flash_user_groups()
294 h.flash(_('Successfully deleted user'), category='success')
307 h.flash(_('Successfully deleted user'), category='success')
295 except (UserOwnsReposException, UserOwnsRepoGroupsException,
308 except (UserOwnsReposException, UserOwnsRepoGroupsException,
296 UserOwnsUserGroupsException, DefaultUserException) as e:
309 UserOwnsUserGroupsException, DefaultUserException) as e:
297 h.flash(e, category='warning')
310 h.flash(e, category='warning')
298 except Exception:
311 except Exception:
299 log.exception("Exception during deletion of user")
312 log.exception("Exception during deletion of user")
300 h.flash(_('An error occurred during deletion of user'),
313 h.flash(_('An error occurred during deletion of user'),
301 category='error')
314 category='error')
302 return redirect(url('users'))
315 return redirect(url('users'))
303
316
304 @HasPermissionAllDecorator('hg.admin')
317 @HasPermissionAllDecorator('hg.admin')
305 @auth.CSRFRequired()
318 @auth.CSRFRequired()
306 def reset_password(self, user_id):
319 def reset_password(self, user_id):
307 """
320 """
308 toggle reset password flag for this user
321 toggle reset password flag for this user
309
322
310 :param user_id:
323 :param user_id:
311 """
324 """
312 user_id = safe_int(user_id)
325 user_id = safe_int(user_id)
313 c.user = User.get_or_404(user_id)
326 c.user = User.get_or_404(user_id)
314 try:
327 try:
315 old_value = c.user.user_data.get('force_password_change')
328 old_value = c.user.user_data.get('force_password_change')
316 c.user.update_userdata(force_password_change=not old_value)
329 c.user.update_userdata(force_password_change=not old_value)
317 Session().commit()
330 Session().commit()
318 if old_value:
331 if old_value:
319 msg = _('Force password change disabled for user')
332 msg = _('Force password change disabled for user')
320 else:
333 else:
321 msg = _('Force password change enabled for user')
334 msg = _('Force password change enabled for user')
322 h.flash(msg, category='success')
335 h.flash(msg, category='success')
323 except Exception:
336 except Exception:
324 log.exception("Exception during password reset for user")
337 log.exception("Exception during password reset for user")
325 h.flash(_('An error occurred during password reset for user'),
338 h.flash(_('An error occurred during password reset for user'),
326 category='error')
339 category='error')
327
340
328 return redirect(url('edit_user_advanced', user_id=user_id))
341 return redirect(url('edit_user_advanced', user_id=user_id))
329
342
330 @HasPermissionAllDecorator('hg.admin')
343 @HasPermissionAllDecorator('hg.admin')
331 @auth.CSRFRequired()
344 @auth.CSRFRequired()
332 def create_personal_repo_group(self, user_id):
345 def create_personal_repo_group(self, user_id):
333 """
346 """
334 Create personal repository group for this user
347 Create personal repository group for this user
335
348
336 :param user_id:
349 :param user_id:
337 """
350 """
338 from rhodecode.model.repo_group import RepoGroupModel
351 from rhodecode.model.repo_group import RepoGroupModel
339
352
340 user_id = safe_int(user_id)
353 user_id = safe_int(user_id)
341 c.user = User.get_or_404(user_id)
354 c.user = User.get_or_404(user_id)
355 personal_repo_group = RepoGroup.get_user_personal_repo_group(
356 c.user.user_id)
357 if personal_repo_group:
358 return redirect(url('edit_user_advanced', user_id=user_id))
342
359
360 personal_repo_group_name = RepoGroupModel().get_personal_group_name(
361 c.user)
362 named_personal_group = RepoGroup.get_by_group_name(
363 personal_repo_group_name)
343 try:
364 try:
344 desc = RepoGroupModel.PERSONAL_GROUP_DESC % {
345 'username': c.user.username}
346 if not RepoGroup.get_by_group_name(c.user.username):
347 RepoGroupModel().create(group_name=c.user.username,
348 group_description=desc,
349 owner=c.user.username)
350
365
351 msg = _('Created repository group `%s`' % (c.user.username,))
366 if named_personal_group and named_personal_group.user_id == c.user.user_id:
367 # migrate the same named group, and mark it as personal
368 named_personal_group.personal = True
369 Session().add(named_personal_group)
370 Session().commit()
371 msg = _('Linked repository group `%s` as personal' % (
372 personal_repo_group_name,))
352 h.flash(msg, category='success')
373 h.flash(msg, category='success')
374 elif not named_personal_group:
375 RepoGroupModel().create_personal_repo_group(c.user)
376
377 msg = _('Created repository group `%s`' % (
378 personal_repo_group_name,))
379 h.flash(msg, category='success')
380 else:
381 msg = _('Repository group `%s` is already taken' % (
382 personal_repo_group_name,))
383 h.flash(msg, category='warning')
353 except Exception:
384 except Exception:
354 log.exception("Exception during repository group creation")
385 log.exception("Exception during repository group creation")
355 msg = _(
386 msg = _(
356 'An error occurred during repository group creation for user')
387 'An error occurred during repository group creation for user')
357 h.flash(msg, category='error')
388 h.flash(msg, category='error')
389 Session().rollback()
358
390
359 return redirect(url('edit_user_advanced', user_id=user_id))
391 return redirect(url('edit_user_advanced', user_id=user_id))
360
392
361 @HasPermissionAllDecorator('hg.admin')
393 @HasPermissionAllDecorator('hg.admin')
362 def show(self, user_id):
394 def show(self, user_id):
363 """GET /users/user_id: Show a specific item"""
395 """GET /users/user_id: Show a specific item"""
364 # url('user', user_id=ID)
396 # url('user', user_id=ID)
365 User.get_or_404(-1)
397 User.get_or_404(-1)
366
398
367 @HasPermissionAllDecorator('hg.admin')
399 @HasPermissionAllDecorator('hg.admin')
368 def edit(self, user_id):
400 def edit(self, user_id):
369 """GET /users/user_id/edit: Form to edit an existing item"""
401 """GET /users/user_id/edit: Form to edit an existing item"""
370 # url('edit_user', user_id=ID)
402 # url('edit_user', user_id=ID)
371 user_id = safe_int(user_id)
403 user_id = safe_int(user_id)
372 c.user = User.get_or_404(user_id)
404 c.user = User.get_or_404(user_id)
373 if c.user.username == User.DEFAULT_USER:
405 if c.user.username == User.DEFAULT_USER:
374 h.flash(_("You can't edit this user"), category='warning')
406 h.flash(_("You can't edit this user"), category='warning')
375 return redirect(url('users'))
407 return redirect(url('users'))
376
408
377 c.active = 'profile'
409 c.active = 'profile'
378 c.extern_type = c.user.extern_type
410 c.extern_type = c.user.extern_type
379 c.extern_name = c.user.extern_name
411 c.extern_name = c.user.extern_name
380 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
412 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
381
413
382 defaults = c.user.get_dict()
414 defaults = c.user.get_dict()
383 defaults.update({'language': c.user.user_data.get('language')})
415 defaults.update({'language': c.user.user_data.get('language')})
384 return htmlfill.render(
416 return htmlfill.render(
385 render('admin/users/user_edit.html'),
417 render('admin/users/user_edit.html'),
386 defaults=defaults,
418 defaults=defaults,
387 encoding="UTF-8",
419 encoding="UTF-8",
388 force_defaults=False)
420 force_defaults=False)
389
421
390 @HasPermissionAllDecorator('hg.admin')
422 @HasPermissionAllDecorator('hg.admin')
391 def edit_advanced(self, user_id):
423 def edit_advanced(self, user_id):
392 user_id = safe_int(user_id)
424 user_id = safe_int(user_id)
393 user = c.user = User.get_or_404(user_id)
425 user = c.user = User.get_or_404(user_id)
394 if user.username == User.DEFAULT_USER:
426 if user.username == User.DEFAULT_USER:
395 h.flash(_("You can't edit this user"), category='warning')
427 h.flash(_("You can't edit this user"), category='warning')
396 return redirect(url('users'))
428 return redirect(url('users'))
397
429
398 c.active = 'advanced'
430 c.active = 'advanced'
399 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
431 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
400 c.personal_repo_group = RepoGroup.get_by_group_name(user.username)
432 c.personal_repo_group = c.perm_user.personal_repo_group
433 c.personal_repo_group_name = RepoGroupModel()\
434 .get_personal_group_name(user)
401 c.first_admin = User.get_first_super_admin()
435 c.first_admin = User.get_first_super_admin()
402 defaults = user.get_dict()
436 defaults = user.get_dict()
403
437
404 # Interim workaround if the user participated on any pull requests as a
438 # Interim workaround if the user participated on any pull requests as a
405 # reviewer.
439 # reviewer.
406 has_review = bool(PullRequestReviewers.query().filter(
440 has_review = bool(PullRequestReviewers.query().filter(
407 PullRequestReviewers.user_id == user_id).first())
441 PullRequestReviewers.user_id == user_id).first())
408 c.can_delete_user = not has_review
442 c.can_delete_user = not has_review
409 c.can_delete_user_message = _(
443 c.can_delete_user_message = _(
410 'The user participates as reviewer in pull requests and '
444 'The user participates as reviewer in pull requests and '
411 'cannot be deleted. You can set the user to '
445 'cannot be deleted. You can set the user to '
412 '"inactive" instead of deleting it.') if has_review else ''
446 '"inactive" instead of deleting it.') if has_review else ''
413
447
414 return htmlfill.render(
448 return htmlfill.render(
415 render('admin/users/user_edit.html'),
449 render('admin/users/user_edit.html'),
416 defaults=defaults,
450 defaults=defaults,
417 encoding="UTF-8",
451 encoding="UTF-8",
418 force_defaults=False)
452 force_defaults=False)
419
453
420 @HasPermissionAllDecorator('hg.admin')
454 @HasPermissionAllDecorator('hg.admin')
421 def edit_auth_tokens(self, user_id):
455 def edit_auth_tokens(self, user_id):
422 user_id = safe_int(user_id)
456 user_id = safe_int(user_id)
423 c.user = User.get_or_404(user_id)
457 c.user = User.get_or_404(user_id)
424 if c.user.username == User.DEFAULT_USER:
458 if c.user.username == User.DEFAULT_USER:
425 h.flash(_("You can't edit this user"), category='warning')
459 h.flash(_("You can't edit this user"), category='warning')
426 return redirect(url('users'))
460 return redirect(url('users'))
427
461
428 c.active = 'auth_tokens'
462 c.active = 'auth_tokens'
429 show_expired = True
463 show_expired = True
430 c.lifetime_values = [
464 c.lifetime_values = [
431 (str(-1), _('forever')),
465 (str(-1), _('forever')),
432 (str(5), _('5 minutes')),
466 (str(5), _('5 minutes')),
433 (str(60), _('1 hour')),
467 (str(60), _('1 hour')),
434 (str(60 * 24), _('1 day')),
468 (str(60 * 24), _('1 day')),
435 (str(60 * 24 * 30), _('1 month')),
469 (str(60 * 24 * 30), _('1 month')),
436 ]
470 ]
437 c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
471 c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
438 c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))
472 c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))
439 for x in AuthTokenModel.cls.ROLES]
473 for x in AuthTokenModel.cls.ROLES]
440 c.role_options = [(c.role_values, _("Role"))]
474 c.role_options = [(c.role_values, _("Role"))]
441 c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
475 c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
442 c.user.user_id, show_expired=show_expired)
476 c.user.user_id, show_expired=show_expired)
443 defaults = c.user.get_dict()
477 defaults = c.user.get_dict()
444 return htmlfill.render(
478 return htmlfill.render(
445 render('admin/users/user_edit.html'),
479 render('admin/users/user_edit.html'),
446 defaults=defaults,
480 defaults=defaults,
447 encoding="UTF-8",
481 encoding="UTF-8",
448 force_defaults=False)
482 force_defaults=False)
449
483
450 @HasPermissionAllDecorator('hg.admin')
484 @HasPermissionAllDecorator('hg.admin')
451 @auth.CSRFRequired()
485 @auth.CSRFRequired()
452 def add_auth_token(self, user_id):
486 def add_auth_token(self, user_id):
453 user_id = safe_int(user_id)
487 user_id = safe_int(user_id)
454 c.user = User.get_or_404(user_id)
488 c.user = User.get_or_404(user_id)
455 if c.user.username == User.DEFAULT_USER:
489 if c.user.username == User.DEFAULT_USER:
456 h.flash(_("You can't edit this user"), category='warning')
490 h.flash(_("You can't edit this user"), category='warning')
457 return redirect(url('users'))
491 return redirect(url('users'))
458
492
459 lifetime = safe_int(request.POST.get('lifetime'), -1)
493 lifetime = safe_int(request.POST.get('lifetime'), -1)
460 description = request.POST.get('description')
494 description = request.POST.get('description')
461 role = request.POST.get('role')
495 role = request.POST.get('role')
462 AuthTokenModel().create(c.user.user_id, description, lifetime, role)
496 AuthTokenModel().create(c.user.user_id, description, lifetime, role)
463 Session().commit()
497 Session().commit()
464 h.flash(_("Auth token successfully created"), category='success')
498 h.flash(_("Auth token successfully created"), category='success')
465 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
499 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
466
500
467 @HasPermissionAllDecorator('hg.admin')
501 @HasPermissionAllDecorator('hg.admin')
468 @auth.CSRFRequired()
502 @auth.CSRFRequired()
469 def delete_auth_token(self, user_id):
503 def delete_auth_token(self, user_id):
470 user_id = safe_int(user_id)
504 user_id = safe_int(user_id)
471 c.user = User.get_or_404(user_id)
505 c.user = User.get_or_404(user_id)
472 if c.user.username == User.DEFAULT_USER:
506 if c.user.username == User.DEFAULT_USER:
473 h.flash(_("You can't edit this user"), category='warning')
507 h.flash(_("You can't edit this user"), category='warning')
474 return redirect(url('users'))
508 return redirect(url('users'))
475
509
476 auth_token = request.POST.get('del_auth_token')
510 auth_token = request.POST.get('del_auth_token')
477 if request.POST.get('del_auth_token_builtin'):
511 if request.POST.get('del_auth_token_builtin'):
478 user = User.get(c.user.user_id)
512 user = User.get(c.user.user_id)
479 if user:
513 if user:
480 user.api_key = generate_auth_token(user.username)
514 user.api_key = generate_auth_token(user.username)
481 Session().add(user)
515 Session().add(user)
482 Session().commit()
516 Session().commit()
483 h.flash(_("Auth token successfully reset"), category='success')
517 h.flash(_("Auth token successfully reset"), category='success')
484 elif auth_token:
518 elif auth_token:
485 AuthTokenModel().delete(auth_token, c.user.user_id)
519 AuthTokenModel().delete(auth_token, c.user.user_id)
486 Session().commit()
520 Session().commit()
487 h.flash(_("Auth token successfully deleted"), category='success')
521 h.flash(_("Auth token successfully deleted"), category='success')
488
522
489 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
523 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
490
524
491 @HasPermissionAllDecorator('hg.admin')
525 @HasPermissionAllDecorator('hg.admin')
492 def edit_global_perms(self, user_id):
526 def edit_global_perms(self, user_id):
493 user_id = safe_int(user_id)
527 user_id = safe_int(user_id)
494 c.user = User.get_or_404(user_id)
528 c.user = User.get_or_404(user_id)
495 if c.user.username == User.DEFAULT_USER:
529 if c.user.username == User.DEFAULT_USER:
496 h.flash(_("You can't edit this user"), category='warning')
530 h.flash(_("You can't edit this user"), category='warning')
497 return redirect(url('users'))
531 return redirect(url('users'))
498
532
499 c.active = 'global_perms'
533 c.active = 'global_perms'
500
534
501 c.default_user = User.get_default_user()
535 c.default_user = User.get_default_user()
502 defaults = c.user.get_dict()
536 defaults = c.user.get_dict()
503 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
537 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
504 defaults.update(c.default_user.get_default_perms())
538 defaults.update(c.default_user.get_default_perms())
505 defaults.update(c.user.get_default_perms())
539 defaults.update(c.user.get_default_perms())
506
540
507 return htmlfill.render(
541 return htmlfill.render(
508 render('admin/users/user_edit.html'),
542 render('admin/users/user_edit.html'),
509 defaults=defaults,
543 defaults=defaults,
510 encoding="UTF-8",
544 encoding="UTF-8",
511 force_defaults=False)
545 force_defaults=False)
512
546
513 @HasPermissionAllDecorator('hg.admin')
547 @HasPermissionAllDecorator('hg.admin')
514 @auth.CSRFRequired()
548 @auth.CSRFRequired()
515 def update_global_perms(self, user_id):
549 def update_global_perms(self, user_id):
516 """PUT /users_perm/user_id: Update an existing item"""
550 """PUT /users_perm/user_id: Update an existing item"""
517 # url('user_perm', user_id=ID, method='put')
551 # url('user_perm', user_id=ID, method='put')
518 user_id = safe_int(user_id)
552 user_id = safe_int(user_id)
519 user = User.get_or_404(user_id)
553 user = User.get_or_404(user_id)
520 c.active = 'global_perms'
554 c.active = 'global_perms'
521 try:
555 try:
522 # first stage that verifies the checkbox
556 # first stage that verifies the checkbox
523 _form = UserIndividualPermissionsForm()
557 _form = UserIndividualPermissionsForm()
524 form_result = _form.to_python(dict(request.POST))
558 form_result = _form.to_python(dict(request.POST))
525 inherit_perms = form_result['inherit_default_permissions']
559 inherit_perms = form_result['inherit_default_permissions']
526 user.inherit_default_permissions = inherit_perms
560 user.inherit_default_permissions = inherit_perms
527 Session().add(user)
561 Session().add(user)
528
562
529 if not inherit_perms:
563 if not inherit_perms:
530 # only update the individual ones if we un check the flag
564 # only update the individual ones if we un check the flag
531 _form = UserPermissionsForm(
565 _form = UserPermissionsForm(
532 [x[0] for x in c.repo_create_choices],
566 [x[0] for x in c.repo_create_choices],
533 [x[0] for x in c.repo_create_on_write_choices],
567 [x[0] for x in c.repo_create_on_write_choices],
534 [x[0] for x in c.repo_group_create_choices],
568 [x[0] for x in c.repo_group_create_choices],
535 [x[0] for x in c.user_group_create_choices],
569 [x[0] for x in c.user_group_create_choices],
536 [x[0] for x in c.fork_choices],
570 [x[0] for x in c.fork_choices],
537 [x[0] for x in c.inherit_default_permission_choices])()
571 [x[0] for x in c.inherit_default_permission_choices])()
538
572
539 form_result = _form.to_python(dict(request.POST))
573 form_result = _form.to_python(dict(request.POST))
540 form_result.update({'perm_user_id': user.user_id})
574 form_result.update({'perm_user_id': user.user_id})
541
575
542 PermissionModel().update_user_permissions(form_result)
576 PermissionModel().update_user_permissions(form_result)
543
577
544 Session().commit()
578 Session().commit()
545 h.flash(_('User global permissions updated successfully'),
579 h.flash(_('User global permissions updated successfully'),
546 category='success')
580 category='success')
547
581
548 Session().commit()
582 Session().commit()
549 except formencode.Invalid as errors:
583 except formencode.Invalid as errors:
550 defaults = errors.value
584 defaults = errors.value
551 c.user = user
585 c.user = user
552 return htmlfill.render(
586 return htmlfill.render(
553 render('admin/users/user_edit.html'),
587 render('admin/users/user_edit.html'),
554 defaults=defaults,
588 defaults=defaults,
555 errors=errors.error_dict or {},
589 errors=errors.error_dict or {},
556 prefix_error=False,
590 prefix_error=False,
557 encoding="UTF-8",
591 encoding="UTF-8",
558 force_defaults=False)
592 force_defaults=False)
559 except Exception:
593 except Exception:
560 log.exception("Exception during permissions saving")
594 log.exception("Exception during permissions saving")
561 h.flash(_('An error occurred during permissions saving'),
595 h.flash(_('An error occurred during permissions saving'),
562 category='error')
596 category='error')
563 return redirect(url('edit_user_global_perms', user_id=user_id))
597 return redirect(url('edit_user_global_perms', user_id=user_id))
564
598
565 @HasPermissionAllDecorator('hg.admin')
599 @HasPermissionAllDecorator('hg.admin')
566 def edit_perms_summary(self, user_id):
600 def edit_perms_summary(self, user_id):
567 user_id = safe_int(user_id)
601 user_id = safe_int(user_id)
568 c.user = User.get_or_404(user_id)
602 c.user = User.get_or_404(user_id)
569 if c.user.username == User.DEFAULT_USER:
603 if c.user.username == User.DEFAULT_USER:
570 h.flash(_("You can't edit this user"), category='warning')
604 h.flash(_("You can't edit this user"), category='warning')
571 return redirect(url('users'))
605 return redirect(url('users'))
572
606
573 c.active = 'perms_summary'
607 c.active = 'perms_summary'
574 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
608 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
575
609
576 return render('admin/users/user_edit.html')
610 return render('admin/users/user_edit.html')
577
611
578 @HasPermissionAllDecorator('hg.admin')
612 @HasPermissionAllDecorator('hg.admin')
579 def edit_emails(self, user_id):
613 def edit_emails(self, user_id):
580 user_id = safe_int(user_id)
614 user_id = safe_int(user_id)
581 c.user = User.get_or_404(user_id)
615 c.user = User.get_or_404(user_id)
582 if c.user.username == User.DEFAULT_USER:
616 if c.user.username == User.DEFAULT_USER:
583 h.flash(_("You can't edit this user"), category='warning')
617 h.flash(_("You can't edit this user"), category='warning')
584 return redirect(url('users'))
618 return redirect(url('users'))
585
619
586 c.active = 'emails'
620 c.active = 'emails'
587 c.user_email_map = UserEmailMap.query() \
621 c.user_email_map = UserEmailMap.query() \
588 .filter(UserEmailMap.user == c.user).all()
622 .filter(UserEmailMap.user == c.user).all()
589
623
590 defaults = c.user.get_dict()
624 defaults = c.user.get_dict()
591 return htmlfill.render(
625 return htmlfill.render(
592 render('admin/users/user_edit.html'),
626 render('admin/users/user_edit.html'),
593 defaults=defaults,
627 defaults=defaults,
594 encoding="UTF-8",
628 encoding="UTF-8",
595 force_defaults=False)
629 force_defaults=False)
596
630
597 @HasPermissionAllDecorator('hg.admin')
631 @HasPermissionAllDecorator('hg.admin')
598 @auth.CSRFRequired()
632 @auth.CSRFRequired()
599 def add_email(self, user_id):
633 def add_email(self, user_id):
600 """POST /user_emails:Add an existing item"""
634 """POST /user_emails:Add an existing item"""
601 # url('user_emails', user_id=ID, method='put')
635 # url('user_emails', user_id=ID, method='put')
602 user_id = safe_int(user_id)
636 user_id = safe_int(user_id)
603 c.user = User.get_or_404(user_id)
637 c.user = User.get_or_404(user_id)
604
638
605 email = request.POST.get('new_email')
639 email = request.POST.get('new_email')
606 user_model = UserModel()
640 user_model = UserModel()
607
641
608 try:
642 try:
609 user_model.add_extra_email(user_id, email)
643 user_model.add_extra_email(user_id, email)
610 Session().commit()
644 Session().commit()
611 h.flash(_("Added new email address `%s` for user account") % email,
645 h.flash(_("Added new email address `%s` for user account") % email,
612 category='success')
646 category='success')
613 except formencode.Invalid as error:
647 except formencode.Invalid as error:
614 msg = error.error_dict['email']
648 msg = error.error_dict['email']
615 h.flash(msg, category='error')
649 h.flash(msg, category='error')
616 except Exception:
650 except Exception:
617 log.exception("Exception during email saving")
651 log.exception("Exception during email saving")
618 h.flash(_('An error occurred during email saving'),
652 h.flash(_('An error occurred during email saving'),
619 category='error')
653 category='error')
620 return redirect(url('edit_user_emails', user_id=user_id))
654 return redirect(url('edit_user_emails', user_id=user_id))
621
655
622 @HasPermissionAllDecorator('hg.admin')
656 @HasPermissionAllDecorator('hg.admin')
623 @auth.CSRFRequired()
657 @auth.CSRFRequired()
624 def delete_email(self, user_id):
658 def delete_email(self, user_id):
625 """DELETE /user_emails_delete/user_id: Delete an existing item"""
659 """DELETE /user_emails_delete/user_id: Delete an existing item"""
626 # url('user_emails_delete', user_id=ID, method='delete')
660 # url('user_emails_delete', user_id=ID, method='delete')
627 user_id = safe_int(user_id)
661 user_id = safe_int(user_id)
628 c.user = User.get_or_404(user_id)
662 c.user = User.get_or_404(user_id)
629 email_id = request.POST.get('del_email_id')
663 email_id = request.POST.get('del_email_id')
630 user_model = UserModel()
664 user_model = UserModel()
631 user_model.delete_extra_email(user_id, email_id)
665 user_model.delete_extra_email(user_id, email_id)
632 Session().commit()
666 Session().commit()
633 h.flash(_("Removed email address from user account"), category='success')
667 h.flash(_("Removed email address from user account"), category='success')
634 return redirect(url('edit_user_emails', user_id=user_id))
668 return redirect(url('edit_user_emails', user_id=user_id))
635
669
636 @HasPermissionAllDecorator('hg.admin')
670 @HasPermissionAllDecorator('hg.admin')
637 def edit_ips(self, user_id):
671 def edit_ips(self, user_id):
638 user_id = safe_int(user_id)
672 user_id = safe_int(user_id)
639 c.user = User.get_or_404(user_id)
673 c.user = User.get_or_404(user_id)
640 if c.user.username == User.DEFAULT_USER:
674 if c.user.username == User.DEFAULT_USER:
641 h.flash(_("You can't edit this user"), category='warning')
675 h.flash(_("You can't edit this user"), category='warning')
642 return redirect(url('users'))
676 return redirect(url('users'))
643
677
644 c.active = 'ips'
678 c.active = 'ips'
645 c.user_ip_map = UserIpMap.query() \
679 c.user_ip_map = UserIpMap.query() \
646 .filter(UserIpMap.user == c.user).all()
680 .filter(UserIpMap.user == c.user).all()
647
681
648 c.inherit_default_ips = c.user.inherit_default_permissions
682 c.inherit_default_ips = c.user.inherit_default_permissions
649 c.default_user_ip_map = UserIpMap.query() \
683 c.default_user_ip_map = UserIpMap.query() \
650 .filter(UserIpMap.user == User.get_default_user()).all()
684 .filter(UserIpMap.user == User.get_default_user()).all()
651
685
652 defaults = c.user.get_dict()
686 defaults = c.user.get_dict()
653 return htmlfill.render(
687 return htmlfill.render(
654 render('admin/users/user_edit.html'),
688 render('admin/users/user_edit.html'),
655 defaults=defaults,
689 defaults=defaults,
656 encoding="UTF-8",
690 encoding="UTF-8",
657 force_defaults=False)
691 force_defaults=False)
658
692
659 @HasPermissionAllDecorator('hg.admin')
693 @HasPermissionAllDecorator('hg.admin')
660 @auth.CSRFRequired()
694 @auth.CSRFRequired()
661 def add_ip(self, user_id):
695 def add_ip(self, user_id):
662 """POST /user_ips:Add an existing item"""
696 """POST /user_ips:Add an existing item"""
663 # url('user_ips', user_id=ID, method='put')
697 # url('user_ips', user_id=ID, method='put')
664
698
665 user_id = safe_int(user_id)
699 user_id = safe_int(user_id)
666 c.user = User.get_or_404(user_id)
700 c.user = User.get_or_404(user_id)
667 user_model = UserModel()
701 user_model = UserModel()
668 try:
702 try:
669 ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))
703 ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))
670 except Exception as e:
704 except Exception as e:
671 ip_list = []
705 ip_list = []
672 log.exception("Exception during ip saving")
706 log.exception("Exception during ip saving")
673 h.flash(_('An error occurred during ip saving:%s' % (e,)),
707 h.flash(_('An error occurred during ip saving:%s' % (e,)),
674 category='error')
708 category='error')
675
709
676 desc = request.POST.get('description')
710 desc = request.POST.get('description')
677 added = []
711 added = []
678 for ip in ip_list:
712 for ip in ip_list:
679 try:
713 try:
680 user_model.add_extra_ip(user_id, ip, desc)
714 user_model.add_extra_ip(user_id, ip, desc)
681 Session().commit()
715 Session().commit()
682 added.append(ip)
716 added.append(ip)
683 except formencode.Invalid as error:
717 except formencode.Invalid as error:
684 msg = error.error_dict['ip']
718 msg = error.error_dict['ip']
685 h.flash(msg, category='error')
719 h.flash(msg, category='error')
686 except Exception:
720 except Exception:
687 log.exception("Exception during ip saving")
721 log.exception("Exception during ip saving")
688 h.flash(_('An error occurred during ip saving'),
722 h.flash(_('An error occurred during ip saving'),
689 category='error')
723 category='error')
690 if added:
724 if added:
691 h.flash(
725 h.flash(
692 _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
726 _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
693 category='success')
727 category='success')
694 if 'default_user' in request.POST:
728 if 'default_user' in request.POST:
695 return redirect(url('admin_permissions_ips'))
729 return redirect(url('admin_permissions_ips'))
696 return redirect(url('edit_user_ips', user_id=user_id))
730 return redirect(url('edit_user_ips', user_id=user_id))
697
731
698 @HasPermissionAllDecorator('hg.admin')
732 @HasPermissionAllDecorator('hg.admin')
699 @auth.CSRFRequired()
733 @auth.CSRFRequired()
700 def delete_ip(self, user_id):
734 def delete_ip(self, user_id):
701 """DELETE /user_ips_delete/user_id: Delete an existing item"""
735 """DELETE /user_ips_delete/user_id: Delete an existing item"""
702 # url('user_ips_delete', user_id=ID, method='delete')
736 # url('user_ips_delete', user_id=ID, method='delete')
703 user_id = safe_int(user_id)
737 user_id = safe_int(user_id)
704 c.user = User.get_or_404(user_id)
738 c.user = User.get_or_404(user_id)
705
739
706 ip_id = request.POST.get('del_ip_id')
740 ip_id = request.POST.get('del_ip_id')
707 user_model = UserModel()
741 user_model = UserModel()
708 user_model.delete_extra_ip(user_id, ip_id)
742 user_model.delete_extra_ip(user_id, ip_id)
709 Session().commit()
743 Session().commit()
710 h.flash(_("Removed ip address from user whitelist"), category='success')
744 h.flash(_("Removed ip address from user whitelist"), category='success')
711
745
712 if 'default_user' in request.POST:
746 if 'default_user' in request.POST:
713 return redirect(url('admin_permissions_ips'))
747 return redirect(url('admin_permissions_ips'))
714 return redirect(url('edit_user_ips', user_id=user_id))
748 return redirect(url('edit_user_ips', user_id=user_id))
@@ -1,197 +1,196 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2016 RhodeCode GmbH
3 # Copyright (C) 2011-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 forks controller for rhodecode
22 forks controller for rhodecode
23 """
23 """
24
24
25 import formencode
25 import formencode
26 import logging
26 import logging
27 from formencode import htmlfill
27 from formencode import htmlfill
28
28
29 from pylons import tmpl_context as c, request, url
29 from pylons import tmpl_context as c, request, url
30 from pylons.controllers.util import redirect
30 from pylons.controllers.util import redirect
31 from pylons.i18n.translation import _
31 from pylons.i18n.translation import _
32
32
33 import rhodecode.lib.helpers as h
33 import rhodecode.lib.helpers as h
34
34
35 from rhodecode.lib import auth
35 from rhodecode.lib import auth
36 from rhodecode.lib.helpers import Page
36 from rhodecode.lib.helpers import Page
37 from rhodecode.lib.auth import (
37 from rhodecode.lib.auth import (
38 LoginRequired, HasRepoPermissionAnyDecorator, NotAnonymous,
38 LoginRequired, HasRepoPermissionAnyDecorator, NotAnonymous,
39 HasRepoPermissionAny, HasPermissionAnyDecorator, HasAcceptedRepoType)
39 HasRepoPermissionAny, HasPermissionAnyDecorator, HasAcceptedRepoType)
40 from rhodecode.lib.base import BaseRepoController, render
40 from rhodecode.lib.base import BaseRepoController, render
41 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
41 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
42 from rhodecode.model.repo import RepoModel
42 from rhodecode.model.repo import RepoModel
43 from rhodecode.model.forms import RepoForkForm
43 from rhodecode.model.forms import RepoForkForm
44 from rhodecode.model.scm import ScmModel, RepoGroupList
44 from rhodecode.model.scm import ScmModel, RepoGroupList
45 from rhodecode.lib.utils2 import safe_int
45 from rhodecode.lib.utils2 import safe_int
46
46
47 log = logging.getLogger(__name__)
47 log = logging.getLogger(__name__)
48
48
49
49
50 class ForksController(BaseRepoController):
50 class ForksController(BaseRepoController):
51
51
52 def __before__(self):
52 def __before__(self):
53 super(ForksController, self).__before__()
53 super(ForksController, self).__before__()
54
54
55 def __load_defaults(self):
55 def __load_defaults(self):
56 acl_groups = RepoGroupList(
56 acl_groups = RepoGroupList(
57 RepoGroup.query().all(),
57 RepoGroup.query().all(),
58 perm_set=['group.write', 'group.admin'])
58 perm_set=['group.write', 'group.admin'])
59 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
59 c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
60 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
60 c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
61 choices, c.landing_revs = ScmModel().get_repo_landing_revs()
61 choices, c.landing_revs = ScmModel().get_repo_landing_revs()
62 c.landing_revs_choices = choices
62 c.landing_revs_choices = choices
63 c.personal_repo_group = RepoGroup.get_by_group_name(
63 c.personal_repo_group = c.rhodecode_user.personal_repo_group
64 c.rhodecode_user.username)
65
64
66 def __load_data(self, repo_name=None):
65 def __load_data(self, repo_name=None):
67 """
66 """
68 Load defaults settings for edit, and update
67 Load defaults settings for edit, and update
69
68
70 :param repo_name:
69 :param repo_name:
71 """
70 """
72 self.__load_defaults()
71 self.__load_defaults()
73
72
74 c.repo_info = Repository.get_by_repo_name(repo_name)
73 c.repo_info = Repository.get_by_repo_name(repo_name)
75 repo = c.repo_info.scm_instance()
74 repo = c.repo_info.scm_instance()
76
75
77 if c.repo_info is None:
76 if c.repo_info is None:
78 h.not_mapped_error(repo_name)
77 h.not_mapped_error(repo_name)
79 return redirect(url('repos'))
78 return redirect(url('repos'))
80
79
81 c.default_user_id = User.get_default_user().user_id
80 c.default_user_id = User.get_default_user().user_id
82 c.in_public_journal = UserFollowing.query()\
81 c.in_public_journal = UserFollowing.query()\
83 .filter(UserFollowing.user_id == c.default_user_id)\
82 .filter(UserFollowing.user_id == c.default_user_id)\
84 .filter(UserFollowing.follows_repository == c.repo_info).scalar()
83 .filter(UserFollowing.follows_repository == c.repo_info).scalar()
85
84
86 if c.repo_info.stats:
85 if c.repo_info.stats:
87 last_rev = c.repo_info.stats.stat_on_revision+1
86 last_rev = c.repo_info.stats.stat_on_revision+1
88 else:
87 else:
89 last_rev = 0
88 last_rev = 0
90 c.stats_revision = last_rev
89 c.stats_revision = last_rev
91
90
92 c.repo_last_rev = repo.count()
91 c.repo_last_rev = repo.count()
93
92
94 if last_rev == 0 or c.repo_last_rev == 0:
93 if last_rev == 0 or c.repo_last_rev == 0:
95 c.stats_percentage = 0
94 c.stats_percentage = 0
96 else:
95 else:
97 c.stats_percentage = '%.2f' % ((float((last_rev)) /
96 c.stats_percentage = '%.2f' % ((float((last_rev)) /
98 c.repo_last_rev) * 100)
97 c.repo_last_rev) * 100)
99
98
100 defaults = RepoModel()._get_defaults(repo_name)
99 defaults = RepoModel()._get_defaults(repo_name)
101 # alter the description to indicate a fork
100 # alter the description to indicate a fork
102 defaults['description'] = ('fork of repository: %s \n%s'
101 defaults['description'] = ('fork of repository: %s \n%s'
103 % (defaults['repo_name'],
102 % (defaults['repo_name'],
104 defaults['description']))
103 defaults['description']))
105 # add suffix to fork
104 # add suffix to fork
106 defaults['repo_name'] = '%s-fork' % defaults['repo_name']
105 defaults['repo_name'] = '%s-fork' % defaults['repo_name']
107
106
108 return defaults
107 return defaults
109
108
110 @LoginRequired()
109 @LoginRequired()
111 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
110 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
112 'repository.admin')
111 'repository.admin')
113 @HasAcceptedRepoType('git', 'hg')
112 @HasAcceptedRepoType('git', 'hg')
114 def forks(self, repo_name):
113 def forks(self, repo_name):
115 p = safe_int(request.GET.get('page', 1), 1)
114 p = safe_int(request.GET.get('page', 1), 1)
116 repo_id = c.rhodecode_db_repo.repo_id
115 repo_id = c.rhodecode_db_repo.repo_id
117 d = []
116 d = []
118 for r in Repository.get_repo_forks(repo_id):
117 for r in Repository.get_repo_forks(repo_id):
119 if not HasRepoPermissionAny(
118 if not HasRepoPermissionAny(
120 'repository.read', 'repository.write', 'repository.admin'
119 'repository.read', 'repository.write', 'repository.admin'
121 )(r.repo_name, 'get forks check'):
120 )(r.repo_name, 'get forks check'):
122 continue
121 continue
123 d.append(r)
122 d.append(r)
124 c.forks_pager = Page(d, page=p, items_per_page=20)
123 c.forks_pager = Page(d, page=p, items_per_page=20)
125
124
126 c.forks_data = render('/forks/forks_data.html')
125 c.forks_data = render('/forks/forks_data.html')
127
126
128 if request.environ.get('HTTP_X_PJAX'):
127 if request.environ.get('HTTP_X_PJAX'):
129 return c.forks_data
128 return c.forks_data
130
129
131 return render('/forks/forks.html')
130 return render('/forks/forks.html')
132
131
133 @LoginRequired()
132 @LoginRequired()
134 @NotAnonymous()
133 @NotAnonymous()
135 @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
134 @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
136 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
135 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
137 'repository.admin')
136 'repository.admin')
138 @HasAcceptedRepoType('git', 'hg')
137 @HasAcceptedRepoType('git', 'hg')
139 def fork(self, repo_name):
138 def fork(self, repo_name):
140 c.repo_info = Repository.get_by_repo_name(repo_name)
139 c.repo_info = Repository.get_by_repo_name(repo_name)
141 if not c.repo_info:
140 if not c.repo_info:
142 h.not_mapped_error(repo_name)
141 h.not_mapped_error(repo_name)
143 return redirect(url('home'))
142 return redirect(url('home'))
144
143
145 defaults = self.__load_data(repo_name)
144 defaults = self.__load_data(repo_name)
146
145
147 return htmlfill.render(
146 return htmlfill.render(
148 render('forks/fork.html'),
147 render('forks/fork.html'),
149 defaults=defaults,
148 defaults=defaults,
150 encoding="UTF-8",
149 encoding="UTF-8",
151 force_defaults=False
150 force_defaults=False
152 )
151 )
153
152
154 @LoginRequired()
153 @LoginRequired()
155 @NotAnonymous()
154 @NotAnonymous()
156 @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
155 @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
157 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
156 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
158 'repository.admin')
157 'repository.admin')
159 @HasAcceptedRepoType('git', 'hg')
158 @HasAcceptedRepoType('git', 'hg')
160 @auth.CSRFRequired()
159 @auth.CSRFRequired()
161 def fork_create(self, repo_name):
160 def fork_create(self, repo_name):
162 self.__load_defaults()
161 self.__load_defaults()
163 c.repo_info = Repository.get_by_repo_name(repo_name)
162 c.repo_info = Repository.get_by_repo_name(repo_name)
164 _form = RepoForkForm(old_data={'repo_type': c.repo_info.repo_type},
163 _form = RepoForkForm(old_data={'repo_type': c.repo_info.repo_type},
165 repo_groups=c.repo_groups_choices,
164 repo_groups=c.repo_groups_choices,
166 landing_revs=c.landing_revs_choices)()
165 landing_revs=c.landing_revs_choices)()
167 form_result = {}
166 form_result = {}
168 task_id = None
167 task_id = None
169 try:
168 try:
170 form_result = _form.to_python(dict(request.POST))
169 form_result = _form.to_python(dict(request.POST))
171 # create fork is done sometimes async on celery, db transaction
170 # create fork is done sometimes async on celery, db transaction
172 # management is handled there.
171 # management is handled there.
173 task = RepoModel().create_fork(
172 task = RepoModel().create_fork(
174 form_result, c.rhodecode_user.user_id)
173 form_result, c.rhodecode_user.user_id)
175 from celery.result import BaseAsyncResult
174 from celery.result import BaseAsyncResult
176 if isinstance(task, BaseAsyncResult):
175 if isinstance(task, BaseAsyncResult):
177 task_id = task.task_id
176 task_id = task.task_id
178 except formencode.Invalid as errors:
177 except formencode.Invalid as errors:
179 c.new_repo = errors.value['repo_name']
178 c.new_repo = errors.value['repo_name']
180 return htmlfill.render(
179 return htmlfill.render(
181 render('forks/fork.html'),
180 render('forks/fork.html'),
182 defaults=errors.value,
181 defaults=errors.value,
183 errors=errors.error_dict or {},
182 errors=errors.error_dict or {},
184 prefix_error=False,
183 prefix_error=False,
185 encoding="UTF-8",
184 encoding="UTF-8",
186 force_defaults=False)
185 force_defaults=False)
187 except Exception:
186 except Exception:
188 log.exception(
187 log.exception(
189 u'Exception while trying to fork the repository %s', repo_name)
188 u'Exception while trying to fork the repository %s', repo_name)
190 msg = (
189 msg = (
191 _('An error occurred during repository forking %s') %
190 _('An error occurred during repository forking %s') %
192 (repo_name, ))
191 (repo_name, ))
193 h.flash(msg, category='error')
192 h.flash(msg, category='error')
194
193
195 return redirect(h.url('repo_creating_home',
194 return redirect(h.url('repo_creating_home',
196 repo_name=form_result['repo_name_full'],
195 repo_name=form_result['repo_name_full'],
197 task_id=task_id))
196 task_id=task_id))
@@ -1,78 +1,79 b''
1 # Copyright (C) 2016-2016 RhodeCode GmbH
1 # Copyright (C) 2016-2016 RhodeCode GmbH
2 #
2 #
3 # This program is free software: you can redistribute it and/or modify
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU Affero General Public License, version 3
4 # it under the terms of the GNU Affero General Public License, version 3
5 # (only), as published by the Free Software Foundation.
5 # (only), as published by the Free Software Foundation.
6 #
6 #
7 # This program is distributed in the hope that it will be useful,
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
10 # GNU General Public License for more details.
11 #
11 #
12 # You should have received a copy of the GNU Affero General Public License
12 # You should have received a copy of the GNU Affero General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 #
14 #
15 # This program is dual-licensed. If you wish to learn more about the
15 # This program is dual-licensed. If you wish to learn more about the
16 # RhodeCode Enterprise Edition, including its added features, Support services,
16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18
18
19 import logging
19 import logging
20 from pyramid.threadlocal import get_current_registry
20 from pyramid.threadlocal import get_current_registry
21
21
22 log = logging.getLogger(__name__)
22 log = logging.getLogger(__name__)
23
23
24
24
25 def trigger(event, registry=None):
25 def trigger(event, registry=None):
26 """
26 """
27 Helper method to send an event. This wraps the pyramid logic to send an
27 Helper method to send an event. This wraps the pyramid logic to send an
28 event.
28 event.
29 """
29 """
30 # For the first step we are using pyramids thread locals here. If the
30 # For the first step we are using pyramids thread locals here. If the
31 # event mechanism works out as a good solution we should think about
31 # event mechanism works out as a good solution we should think about
32 # passing the registry as an argument to get rid of it.
32 # passing the registry as an argument to get rid of it.
33 registry = registry or get_current_registry()
33 registry = registry or get_current_registry()
34 registry.notify(event)
34 registry.notify(event)
35 log.debug('event %s triggered', event)
35 log.debug('event %s triggered', event)
36
36
37 # Until we can work around the problem that VCS operations do not have a
37 # Until we can work around the problem that VCS operations do not have a
38 # pyramid context to work with, we send the events to integrations directly
38 # pyramid context to work with, we send the events to integrations directly
39
39
40 # Later it will be possible to use regular pyramid subscribers ie:
40 # Later it will be possible to use regular pyramid subscribers ie:
41 # config.add_subscriber(integrations_event_handler, RhodecodeEvent)
41 # config.add_subscriber(integrations_event_handler, RhodecodeEvent)
42 from rhodecode.integrations import integrations_event_handler
42 from rhodecode.integrations import integrations_event_handler
43 if isinstance(event, RhodecodeEvent):
43 if isinstance(event, RhodecodeEvent):
44 integrations_event_handler(event)
44 integrations_event_handler(event)
45
45
46
46
47 from rhodecode.events.base import RhodecodeEvent
47 from rhodecode.events.base import RhodecodeEvent
48
48
49 from rhodecode.events.user import ( # noqa
49 from rhodecode.events.user import ( # noqa
50 UserPreCreate,
50 UserPreCreate,
51 UserPostCreate,
51 UserPreUpdate,
52 UserPreUpdate,
52 UserRegistered
53 UserRegistered
53 )
54 )
54
55
55 from rhodecode.events.repo import ( # noqa
56 from rhodecode.events.repo import ( # noqa
56 RepoEvent,
57 RepoEvent,
57 RepoPreCreateEvent, RepoCreateEvent,
58 RepoPreCreateEvent, RepoCreateEvent,
58 RepoPreDeleteEvent, RepoDeleteEvent,
59 RepoPreDeleteEvent, RepoDeleteEvent,
59 RepoPrePushEvent, RepoPushEvent,
60 RepoPrePushEvent, RepoPushEvent,
60 RepoPrePullEvent, RepoPullEvent,
61 RepoPrePullEvent, RepoPullEvent,
61 )
62 )
62
63
63 from rhodecode.events.repo_group import ( # noqa
64 from rhodecode.events.repo_group import ( # noqa
64 RepoGroupEvent,
65 RepoGroupEvent,
65 RepoGroupCreateEvent,
66 RepoGroupCreateEvent,
66 RepoGroupUpdateEvent,
67 RepoGroupUpdateEvent,
67 RepoGroupDeleteEvent,
68 RepoGroupDeleteEvent,
68 )
69 )
69
70
70 from rhodecode.events.pullrequest import ( # noqa
71 from rhodecode.events.pullrequest import ( # noqa
71 PullRequestEvent,
72 PullRequestEvent,
72 PullRequestCreateEvent,
73 PullRequestCreateEvent,
73 PullRequestUpdateEvent,
74 PullRequestUpdateEvent,
74 PullRequestCommentEvent,
75 PullRequestCommentEvent,
75 PullRequestReviewEvent,
76 PullRequestReviewEvent,
76 PullRequestMergeEvent,
77 PullRequestMergeEvent,
77 PullRequestCloseEvent,
78 PullRequestCloseEvent,
78 )
79 )
@@ -1,65 +1,78 b''
1 # Copyright (C) 2016-2016 RhodeCode GmbH
1 # Copyright (C) 2016-2016 RhodeCode GmbH
2 #
2 #
3 # This program is free software: you can redistribute it and/or modify
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU Affero General Public License, version 3
4 # it under the terms of the GNU Affero General Public License, version 3
5 # (only), as published by the Free Software Foundation.
5 # (only), as published by the Free Software Foundation.
6 #
6 #
7 # This program is distributed in the hope that it will be useful,
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
10 # GNU General Public License for more details.
11 #
11 #
12 # You should have received a copy of the GNU Affero General Public License
12 # You should have received a copy of the GNU Affero General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 #
14 #
15 # This program is dual-licensed. If you wish to learn more about the
15 # This program is dual-licensed. If you wish to learn more about the
16 # RhodeCode Enterprise Edition, including its added features, Support services,
16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18
18
19 from zope.interface import implementer
19 from zope.interface import implementer
20
20
21 from rhodecode.translation import lazy_ugettext
21 from rhodecode.translation import lazy_ugettext
22 from rhodecode.events.base import RhodecodeEvent
22 from rhodecode.events.base import RhodecodeEvent
23 from rhodecode.events.interfaces import (
23 from rhodecode.events.interfaces import (
24 IUserRegistered, IUserPreCreate, IUserPreUpdate)
24 IUserRegistered, IUserPreCreate, IUserPreUpdate)
25
25
26
26
27 @implementer(IUserRegistered)
27 @implementer(IUserRegistered)
28 class UserRegistered(RhodecodeEvent):
28 class UserRegistered(RhodecodeEvent):
29 """
29 """
30 An instance of this class is emitted as an :term:`event` whenever a user
30 An instance of this class is emitted as an :term:`event` whenever a user
31 account is registered.
31 account is registered.
32 """
32 """
33 name = 'user-register'
33 name = 'user-register'
34 display_name = lazy_ugettext('user registered')
34 display_name = lazy_ugettext('user registered')
35
35
36 def __init__(self, user, session):
36 def __init__(self, user, session):
37 self.user = user
37 self.user = user
38 self.session = session
38 self.session = session
39
39
40
40
41 @implementer(IUserPreCreate)
41 @implementer(IUserPreCreate)
42 class UserPreCreate(RhodecodeEvent):
42 class UserPreCreate(RhodecodeEvent):
43 """
43 """
44 An instance of this class is emitted as an :term:`event` before a new user
44 An instance of this class is emitted as an :term:`event` before a new user
45 object is created.
45 object is created.
46 """
46 """
47 name = 'user-pre-create'
47 name = 'user-pre-create'
48 display_name = lazy_ugettext('user pre create')
48 display_name = lazy_ugettext('user pre create')
49
49
50 def __init__(self, user_data):
50 def __init__(self, user_data):
51 self.user_data = user_data
51 self.user_data = user_data
52
52
53
53
54 @implementer(IUserPreCreate)
55 class UserPostCreate(RhodecodeEvent):
56 """
57 An instance of this class is emitted as an :term:`event` after a new user
58 object is created.
59 """
60 name = 'user-post-create'
61 display_name = lazy_ugettext('user post create')
62
63 def __init__(self, user_data):
64 self.user_data = user_data
65
66
54 @implementer(IUserPreUpdate)
67 @implementer(IUserPreUpdate)
55 class UserPreUpdate(RhodecodeEvent):
68 class UserPreUpdate(RhodecodeEvent):
56 """
69 """
57 An instance of this class is emitted as an :term:`event` before a user
70 An instance of this class is emitted as an :term:`event` before a user
58 object is updated.
71 object is updated.
59 """
72 """
60 name = 'user-pre-update'
73 name = 'user-pre-update'
61 display_name = lazy_ugettext('user pre update')
74 display_name = lazy_ugettext('user pre update')
62
75
63 def __init__(self, user, user_data):
76 def __init__(self, user, user_data):
64 self.user = user
77 self.user = user
65 self.user_data = user_data
78 self.user_data = user_data
@@ -1,1903 +1,1906 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 authentication and permission libraries
22 authentication and permission libraries
23 """
23 """
24
24
25 import inspect
25 import inspect
26 import collections
26 import collections
27 import fnmatch
27 import fnmatch
28 import hashlib
28 import hashlib
29 import itertools
29 import itertools
30 import logging
30 import logging
31 import os
31 import os
32 import random
32 import random
33 import time
33 import time
34 import traceback
34 import traceback
35 from functools import wraps
35 from functools import wraps
36
36
37 import ipaddress
37 import ipaddress
38 from pylons import url, request
38 from pylons import url, request
39 from pylons.controllers.util import abort, redirect
39 from pylons.controllers.util import abort, redirect
40 from pylons.i18n.translation import _
40 from pylons.i18n.translation import _
41 from sqlalchemy import or_
41 from sqlalchemy import or_
42 from sqlalchemy.orm.exc import ObjectDeletedError
42 from sqlalchemy.orm.exc import ObjectDeletedError
43 from sqlalchemy.orm import joinedload
43 from sqlalchemy.orm import joinedload
44 from zope.cachedescriptors.property import Lazy as LazyProperty
44 from zope.cachedescriptors.property import Lazy as LazyProperty
45
45
46 import rhodecode
46 import rhodecode
47 from rhodecode.model import meta
47 from rhodecode.model import meta
48 from rhodecode.model.meta import Session
48 from rhodecode.model.meta import Session
49 from rhodecode.model.user import UserModel
49 from rhodecode.model.user import UserModel
50 from rhodecode.model.db import (
50 from rhodecode.model.db import (
51 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
51 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
52 UserIpMap, UserApiKeys)
52 UserIpMap, UserApiKeys, RepoGroup)
53 from rhodecode.lib import caches
53 from rhodecode.lib import caches
54 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
54 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
55 from rhodecode.lib.utils import (
55 from rhodecode.lib.utils import (
56 get_repo_slug, get_repo_group_slug, get_user_group_slug)
56 get_repo_slug, get_repo_group_slug, get_user_group_slug)
57 from rhodecode.lib.caching_query import FromCache
57 from rhodecode.lib.caching_query import FromCache
58
58
59
59
60 if rhodecode.is_unix:
60 if rhodecode.is_unix:
61 import bcrypt
61 import bcrypt
62
62
63 log = logging.getLogger(__name__)
63 log = logging.getLogger(__name__)
64
64
65 csrf_token_key = "csrf_token"
65 csrf_token_key = "csrf_token"
66
66
67
67
68 class PasswordGenerator(object):
68 class PasswordGenerator(object):
69 """
69 """
70 This is a simple class for generating password from different sets of
70 This is a simple class for generating password from different sets of
71 characters
71 characters
72 usage::
72 usage::
73
73
74 passwd_gen = PasswordGenerator()
74 passwd_gen = PasswordGenerator()
75 #print 8-letter password containing only big and small letters
75 #print 8-letter password containing only big and small letters
76 of alphabet
76 of alphabet
77 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
77 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
78 """
78 """
79 ALPHABETS_NUM = r'''1234567890'''
79 ALPHABETS_NUM = r'''1234567890'''
80 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
80 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
81 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
81 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
82 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
82 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
83 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
83 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
84 + ALPHABETS_NUM + ALPHABETS_SPECIAL
84 + ALPHABETS_NUM + ALPHABETS_SPECIAL
85 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
85 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
86 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
86 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
87 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
87 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
88 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
88 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
89
89
90 def __init__(self, passwd=''):
90 def __init__(self, passwd=''):
91 self.passwd = passwd
91 self.passwd = passwd
92
92
93 def gen_password(self, length, type_=None):
93 def gen_password(self, length, type_=None):
94 if type_ is None:
94 if type_ is None:
95 type_ = self.ALPHABETS_FULL
95 type_ = self.ALPHABETS_FULL
96 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
96 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
97 return self.passwd
97 return self.passwd
98
98
99
99
100 class _RhodeCodeCryptoBase(object):
100 class _RhodeCodeCryptoBase(object):
101
101
102 def hash_create(self, str_):
102 def hash_create(self, str_):
103 """
103 """
104 hash the string using
104 hash the string using
105
105
106 :param str_: password to hash
106 :param str_: password to hash
107 """
107 """
108 raise NotImplementedError
108 raise NotImplementedError
109
109
110 def hash_check_with_upgrade(self, password, hashed):
110 def hash_check_with_upgrade(self, password, hashed):
111 """
111 """
112 Returns tuple in which first element is boolean that states that
112 Returns tuple in which first element is boolean that states that
113 given password matches it's hashed version, and the second is new hash
113 given password matches it's hashed version, and the second is new hash
114 of the password, in case this password should be migrated to new
114 of the password, in case this password should be migrated to new
115 cipher.
115 cipher.
116 """
116 """
117 checked_hash = self.hash_check(password, hashed)
117 checked_hash = self.hash_check(password, hashed)
118 return checked_hash, None
118 return checked_hash, None
119
119
120 def hash_check(self, password, hashed):
120 def hash_check(self, password, hashed):
121 """
121 """
122 Checks matching password with it's hashed value.
122 Checks matching password with it's hashed value.
123
123
124 :param password: password
124 :param password: password
125 :param hashed: password in hashed form
125 :param hashed: password in hashed form
126 """
126 """
127 raise NotImplementedError
127 raise NotImplementedError
128
128
129 def _assert_bytes(self, value):
129 def _assert_bytes(self, value):
130 """
130 """
131 Passing in an `unicode` object can lead to hard to detect issues
131 Passing in an `unicode` object can lead to hard to detect issues
132 if passwords contain non-ascii characters. Doing a type check
132 if passwords contain non-ascii characters. Doing a type check
133 during runtime, so that such mistakes are detected early on.
133 during runtime, so that such mistakes are detected early on.
134 """
134 """
135 if not isinstance(value, str):
135 if not isinstance(value, str):
136 raise TypeError(
136 raise TypeError(
137 "Bytestring required as input, got %r." % (value, ))
137 "Bytestring required as input, got %r." % (value, ))
138
138
139
139
140 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
140 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
141
141
142 def hash_create(self, str_):
142 def hash_create(self, str_):
143 self._assert_bytes(str_)
143 self._assert_bytes(str_)
144 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
144 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
145
145
146 def hash_check_with_upgrade(self, password, hashed):
146 def hash_check_with_upgrade(self, password, hashed):
147 """
147 """
148 Returns tuple in which first element is boolean that states that
148 Returns tuple in which first element is boolean that states that
149 given password matches it's hashed version, and the second is new hash
149 given password matches it's hashed version, and the second is new hash
150 of the password, in case this password should be migrated to new
150 of the password, in case this password should be migrated to new
151 cipher.
151 cipher.
152
152
153 This implements special upgrade logic which works like that:
153 This implements special upgrade logic which works like that:
154 - check if the given password == bcrypted hash, if yes then we
154 - check if the given password == bcrypted hash, if yes then we
155 properly used password and it was already in bcrypt. Proceed
155 properly used password and it was already in bcrypt. Proceed
156 without any changes
156 without any changes
157 - if bcrypt hash check is not working try with sha256. If hash compare
157 - if bcrypt hash check is not working try with sha256. If hash compare
158 is ok, it means we using correct but old hashed password. indicate
158 is ok, it means we using correct but old hashed password. indicate
159 hash change and proceed
159 hash change and proceed
160 """
160 """
161
161
162 new_hash = None
162 new_hash = None
163
163
164 # regular pw check
164 # regular pw check
165 password_match_bcrypt = self.hash_check(password, hashed)
165 password_match_bcrypt = self.hash_check(password, hashed)
166
166
167 # now we want to know if the password was maybe from sha256
167 # now we want to know if the password was maybe from sha256
168 # basically calling _RhodeCodeCryptoSha256().hash_check()
168 # basically calling _RhodeCodeCryptoSha256().hash_check()
169 if not password_match_bcrypt:
169 if not password_match_bcrypt:
170 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
170 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
171 new_hash = self.hash_create(password) # make new bcrypt hash
171 new_hash = self.hash_create(password) # make new bcrypt hash
172 password_match_bcrypt = True
172 password_match_bcrypt = True
173
173
174 return password_match_bcrypt, new_hash
174 return password_match_bcrypt, new_hash
175
175
176 def hash_check(self, password, hashed):
176 def hash_check(self, password, hashed):
177 """
177 """
178 Checks matching password with it's hashed value.
178 Checks matching password with it's hashed value.
179
179
180 :param password: password
180 :param password: password
181 :param hashed: password in hashed form
181 :param hashed: password in hashed form
182 """
182 """
183 self._assert_bytes(password)
183 self._assert_bytes(password)
184 try:
184 try:
185 return bcrypt.hashpw(password, hashed) == hashed
185 return bcrypt.hashpw(password, hashed) == hashed
186 except ValueError as e:
186 except ValueError as e:
187 # we're having a invalid salt here probably, we should not crash
187 # we're having a invalid salt here probably, we should not crash
188 # just return with False as it would be a wrong password.
188 # just return with False as it would be a wrong password.
189 log.debug('Failed to check password hash using bcrypt %s',
189 log.debug('Failed to check password hash using bcrypt %s',
190 safe_str(e))
190 safe_str(e))
191
191
192 return False
192 return False
193
193
194
194
195 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
195 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
196
196
197 def hash_create(self, str_):
197 def hash_create(self, str_):
198 self._assert_bytes(str_)
198 self._assert_bytes(str_)
199 return hashlib.sha256(str_).hexdigest()
199 return hashlib.sha256(str_).hexdigest()
200
200
201 def hash_check(self, password, hashed):
201 def hash_check(self, password, hashed):
202 """
202 """
203 Checks matching password with it's hashed value.
203 Checks matching password with it's hashed value.
204
204
205 :param password: password
205 :param password: password
206 :param hashed: password in hashed form
206 :param hashed: password in hashed form
207 """
207 """
208 self._assert_bytes(password)
208 self._assert_bytes(password)
209 return hashlib.sha256(password).hexdigest() == hashed
209 return hashlib.sha256(password).hexdigest() == hashed
210
210
211
211
212 class _RhodeCodeCryptoMd5(_RhodeCodeCryptoBase):
212 class _RhodeCodeCryptoMd5(_RhodeCodeCryptoBase):
213
213
214 def hash_create(self, str_):
214 def hash_create(self, str_):
215 self._assert_bytes(str_)
215 self._assert_bytes(str_)
216 return hashlib.md5(str_).hexdigest()
216 return hashlib.md5(str_).hexdigest()
217
217
218 def hash_check(self, password, hashed):
218 def hash_check(self, password, hashed):
219 """
219 """
220 Checks matching password with it's hashed value.
220 Checks matching password with it's hashed value.
221
221
222 :param password: password
222 :param password: password
223 :param hashed: password in hashed form
223 :param hashed: password in hashed form
224 """
224 """
225 self._assert_bytes(password)
225 self._assert_bytes(password)
226 return hashlib.md5(password).hexdigest() == hashed
226 return hashlib.md5(password).hexdigest() == hashed
227
227
228
228
229 def crypto_backend():
229 def crypto_backend():
230 """
230 """
231 Return the matching crypto backend.
231 Return the matching crypto backend.
232
232
233 Selection is based on if we run tests or not, we pick md5 backend to run
233 Selection is based on if we run tests or not, we pick md5 backend to run
234 tests faster since BCRYPT is expensive to calculate
234 tests faster since BCRYPT is expensive to calculate
235 """
235 """
236 if rhodecode.is_test:
236 if rhodecode.is_test:
237 RhodeCodeCrypto = _RhodeCodeCryptoMd5()
237 RhodeCodeCrypto = _RhodeCodeCryptoMd5()
238 else:
238 else:
239 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
239 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
240
240
241 return RhodeCodeCrypto
241 return RhodeCodeCrypto
242
242
243
243
244 def get_crypt_password(password):
244 def get_crypt_password(password):
245 """
245 """
246 Create the hash of `password` with the active crypto backend.
246 Create the hash of `password` with the active crypto backend.
247
247
248 :param password: The cleartext password.
248 :param password: The cleartext password.
249 :type password: unicode
249 :type password: unicode
250 """
250 """
251 password = safe_str(password)
251 password = safe_str(password)
252 return crypto_backend().hash_create(password)
252 return crypto_backend().hash_create(password)
253
253
254
254
255 def check_password(password, hashed):
255 def check_password(password, hashed):
256 """
256 """
257 Check if the value in `password` matches the hash in `hashed`.
257 Check if the value in `password` matches the hash in `hashed`.
258
258
259 :param password: The cleartext password.
259 :param password: The cleartext password.
260 :type password: unicode
260 :type password: unicode
261
261
262 :param hashed: The expected hashed version of the password.
262 :param hashed: The expected hashed version of the password.
263 :type hashed: The hash has to be passed in in text representation.
263 :type hashed: The hash has to be passed in in text representation.
264 """
264 """
265 password = safe_str(password)
265 password = safe_str(password)
266 return crypto_backend().hash_check(password, hashed)
266 return crypto_backend().hash_check(password, hashed)
267
267
268
268
269 def generate_auth_token(data, salt=None):
269 def generate_auth_token(data, salt=None):
270 """
270 """
271 Generates API KEY from given string
271 Generates API KEY from given string
272 """
272 """
273
273
274 if salt is None:
274 if salt is None:
275 salt = os.urandom(16)
275 salt = os.urandom(16)
276 return hashlib.sha1(safe_str(data) + salt).hexdigest()
276 return hashlib.sha1(safe_str(data) + salt).hexdigest()
277
277
278
278
279 class CookieStoreWrapper(object):
279 class CookieStoreWrapper(object):
280
280
281 def __init__(self, cookie_store):
281 def __init__(self, cookie_store):
282 self.cookie_store = cookie_store
282 self.cookie_store = cookie_store
283
283
284 def __repr__(self):
284 def __repr__(self):
285 return 'CookieStore<%s>' % (self.cookie_store)
285 return 'CookieStore<%s>' % (self.cookie_store)
286
286
287 def get(self, key, other=None):
287 def get(self, key, other=None):
288 if isinstance(self.cookie_store, dict):
288 if isinstance(self.cookie_store, dict):
289 return self.cookie_store.get(key, other)
289 return self.cookie_store.get(key, other)
290 elif isinstance(self.cookie_store, AuthUser):
290 elif isinstance(self.cookie_store, AuthUser):
291 return self.cookie_store.__dict__.get(key, other)
291 return self.cookie_store.__dict__.get(key, other)
292
292
293
293
294 def _cached_perms_data(user_id, scope, user_is_admin,
294 def _cached_perms_data(user_id, scope, user_is_admin,
295 user_inherit_default_permissions, explicit, algo):
295 user_inherit_default_permissions, explicit, algo):
296
296
297 permissions = PermissionCalculator(
297 permissions = PermissionCalculator(
298 user_id, scope, user_is_admin, user_inherit_default_permissions,
298 user_id, scope, user_is_admin, user_inherit_default_permissions,
299 explicit, algo)
299 explicit, algo)
300 return permissions.calculate()
300 return permissions.calculate()
301
301
302 class PermOrigin:
302 class PermOrigin:
303 ADMIN = 'superadmin'
303 ADMIN = 'superadmin'
304
304
305 REPO_USER = 'user:%s'
305 REPO_USER = 'user:%s'
306 REPO_USERGROUP = 'usergroup:%s'
306 REPO_USERGROUP = 'usergroup:%s'
307 REPO_OWNER = 'repo.owner'
307 REPO_OWNER = 'repo.owner'
308 REPO_DEFAULT = 'repo.default'
308 REPO_DEFAULT = 'repo.default'
309 REPO_PRIVATE = 'repo.private'
309 REPO_PRIVATE = 'repo.private'
310
310
311 REPOGROUP_USER = 'user:%s'
311 REPOGROUP_USER = 'user:%s'
312 REPOGROUP_USERGROUP = 'usergroup:%s'
312 REPOGROUP_USERGROUP = 'usergroup:%s'
313 REPOGROUP_OWNER = 'group.owner'
313 REPOGROUP_OWNER = 'group.owner'
314 REPOGROUP_DEFAULT = 'group.default'
314 REPOGROUP_DEFAULT = 'group.default'
315
315
316 USERGROUP_USER = 'user:%s'
316 USERGROUP_USER = 'user:%s'
317 USERGROUP_USERGROUP = 'usergroup:%s'
317 USERGROUP_USERGROUP = 'usergroup:%s'
318 USERGROUP_OWNER = 'usergroup.owner'
318 USERGROUP_OWNER = 'usergroup.owner'
319 USERGROUP_DEFAULT = 'usergroup.default'
319 USERGROUP_DEFAULT = 'usergroup.default'
320
320
321
321
322 class PermOriginDict(dict):
322 class PermOriginDict(dict):
323 """
323 """
324 A special dict used for tracking permissions along with their origins.
324 A special dict used for tracking permissions along with their origins.
325
325
326 `__setitem__` has been overridden to expect a tuple(perm, origin)
326 `__setitem__` has been overridden to expect a tuple(perm, origin)
327 `__getitem__` will return only the perm
327 `__getitem__` will return only the perm
328 `.perm_origin_stack` will return the stack of (perm, origin) set per key
328 `.perm_origin_stack` will return the stack of (perm, origin) set per key
329
329
330 >>> perms = PermOriginDict()
330 >>> perms = PermOriginDict()
331 >>> perms['resource'] = 'read', 'default'
331 >>> perms['resource'] = 'read', 'default'
332 >>> perms['resource']
332 >>> perms['resource']
333 'read'
333 'read'
334 >>> perms['resource'] = 'write', 'admin'
334 >>> perms['resource'] = 'write', 'admin'
335 >>> perms['resource']
335 >>> perms['resource']
336 'write'
336 'write'
337 >>> perms.perm_origin_stack
337 >>> perms.perm_origin_stack
338 {'resource': [('read', 'default'), ('write', 'admin')]}
338 {'resource': [('read', 'default'), ('write', 'admin')]}
339 """
339 """
340
340
341
341
342 def __init__(self, *args, **kw):
342 def __init__(self, *args, **kw):
343 dict.__init__(self, *args, **kw)
343 dict.__init__(self, *args, **kw)
344 self.perm_origin_stack = {}
344 self.perm_origin_stack = {}
345
345
346 def __setitem__(self, key, (perm, origin)):
346 def __setitem__(self, key, (perm, origin)):
347 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
347 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
348 dict.__setitem__(self, key, perm)
348 dict.__setitem__(self, key, perm)
349
349
350
350
351 class PermissionCalculator(object):
351 class PermissionCalculator(object):
352
352
353 def __init__(
353 def __init__(
354 self, user_id, scope, user_is_admin,
354 self, user_id, scope, user_is_admin,
355 user_inherit_default_permissions, explicit, algo):
355 user_inherit_default_permissions, explicit, algo):
356 self.user_id = user_id
356 self.user_id = user_id
357 self.user_is_admin = user_is_admin
357 self.user_is_admin = user_is_admin
358 self.inherit_default_permissions = user_inherit_default_permissions
358 self.inherit_default_permissions = user_inherit_default_permissions
359 self.explicit = explicit
359 self.explicit = explicit
360 self.algo = algo
360 self.algo = algo
361
361
362 scope = scope or {}
362 scope = scope or {}
363 self.scope_repo_id = scope.get('repo_id')
363 self.scope_repo_id = scope.get('repo_id')
364 self.scope_repo_group_id = scope.get('repo_group_id')
364 self.scope_repo_group_id = scope.get('repo_group_id')
365 self.scope_user_group_id = scope.get('user_group_id')
365 self.scope_user_group_id = scope.get('user_group_id')
366
366
367 self.default_user_id = User.get_default_user(cache=True).user_id
367 self.default_user_id = User.get_default_user(cache=True).user_id
368
368
369 self.permissions_repositories = PermOriginDict()
369 self.permissions_repositories = PermOriginDict()
370 self.permissions_repository_groups = PermOriginDict()
370 self.permissions_repository_groups = PermOriginDict()
371 self.permissions_user_groups = PermOriginDict()
371 self.permissions_user_groups = PermOriginDict()
372 self.permissions_global = set()
372 self.permissions_global = set()
373
373
374 self.default_repo_perms = Permission.get_default_repo_perms(
374 self.default_repo_perms = Permission.get_default_repo_perms(
375 self.default_user_id, self.scope_repo_id)
375 self.default_user_id, self.scope_repo_id)
376 self.default_repo_groups_perms = Permission.get_default_group_perms(
376 self.default_repo_groups_perms = Permission.get_default_group_perms(
377 self.default_user_id, self.scope_repo_group_id)
377 self.default_user_id, self.scope_repo_group_id)
378 self.default_user_group_perms = \
378 self.default_user_group_perms = \
379 Permission.get_default_user_group_perms(
379 Permission.get_default_user_group_perms(
380 self.default_user_id, self.scope_user_group_id)
380 self.default_user_id, self.scope_user_group_id)
381
381
382 def calculate(self):
382 def calculate(self):
383 if self.user_is_admin:
383 if self.user_is_admin:
384 return self._admin_permissions()
384 return self._admin_permissions()
385
385
386 self._calculate_global_default_permissions()
386 self._calculate_global_default_permissions()
387 self._calculate_global_permissions()
387 self._calculate_global_permissions()
388 self._calculate_default_permissions()
388 self._calculate_default_permissions()
389 self._calculate_repository_permissions()
389 self._calculate_repository_permissions()
390 self._calculate_repository_group_permissions()
390 self._calculate_repository_group_permissions()
391 self._calculate_user_group_permissions()
391 self._calculate_user_group_permissions()
392 return self._permission_structure()
392 return self._permission_structure()
393
393
394 def _admin_permissions(self):
394 def _admin_permissions(self):
395 """
395 """
396 admin user have all default rights for repositories
396 admin user have all default rights for repositories
397 and groups set to admin
397 and groups set to admin
398 """
398 """
399 self.permissions_global.add('hg.admin')
399 self.permissions_global.add('hg.admin')
400 self.permissions_global.add('hg.create.write_on_repogroup.true')
400 self.permissions_global.add('hg.create.write_on_repogroup.true')
401
401
402 # repositories
402 # repositories
403 for perm in self.default_repo_perms:
403 for perm in self.default_repo_perms:
404 r_k = perm.UserRepoToPerm.repository.repo_name
404 r_k = perm.UserRepoToPerm.repository.repo_name
405 p = 'repository.admin'
405 p = 'repository.admin'
406 self.permissions_repositories[r_k] = p, PermOrigin.ADMIN
406 self.permissions_repositories[r_k] = p, PermOrigin.ADMIN
407
407
408 # repository groups
408 # repository groups
409 for perm in self.default_repo_groups_perms:
409 for perm in self.default_repo_groups_perms:
410 rg_k = perm.UserRepoGroupToPerm.group.group_name
410 rg_k = perm.UserRepoGroupToPerm.group.group_name
411 p = 'group.admin'
411 p = 'group.admin'
412 self.permissions_repository_groups[rg_k] = p, PermOrigin.ADMIN
412 self.permissions_repository_groups[rg_k] = p, PermOrigin.ADMIN
413
413
414 # user groups
414 # user groups
415 for perm in self.default_user_group_perms:
415 for perm in self.default_user_group_perms:
416 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
416 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
417 p = 'usergroup.admin'
417 p = 'usergroup.admin'
418 self.permissions_user_groups[u_k] = p, PermOrigin.ADMIN
418 self.permissions_user_groups[u_k] = p, PermOrigin.ADMIN
419
419
420 return self._permission_structure()
420 return self._permission_structure()
421
421
422 def _calculate_global_default_permissions(self):
422 def _calculate_global_default_permissions(self):
423 """
423 """
424 global permissions taken from the default user
424 global permissions taken from the default user
425 """
425 """
426 default_global_perms = UserToPerm.query()\
426 default_global_perms = UserToPerm.query()\
427 .filter(UserToPerm.user_id == self.default_user_id)\
427 .filter(UserToPerm.user_id == self.default_user_id)\
428 .options(joinedload(UserToPerm.permission))
428 .options(joinedload(UserToPerm.permission))
429
429
430 for perm in default_global_perms:
430 for perm in default_global_perms:
431 self.permissions_global.add(perm.permission.permission_name)
431 self.permissions_global.add(perm.permission.permission_name)
432
432
433 def _calculate_global_permissions(self):
433 def _calculate_global_permissions(self):
434 """
434 """
435 Set global system permissions with user permissions or permissions
435 Set global system permissions with user permissions or permissions
436 taken from the user groups of the current user.
436 taken from the user groups of the current user.
437
437
438 The permissions include repo creating, repo group creating, forking
438 The permissions include repo creating, repo group creating, forking
439 etc.
439 etc.
440 """
440 """
441
441
442 # now we read the defined permissions and overwrite what we have set
442 # now we read the defined permissions and overwrite what we have set
443 # before those can be configured from groups or users explicitly.
443 # before those can be configured from groups or users explicitly.
444
444
445 # TODO: johbo: This seems to be out of sync, find out the reason
445 # TODO: johbo: This seems to be out of sync, find out the reason
446 # for the comment below and update it.
446 # for the comment below and update it.
447
447
448 # In case we want to extend this list we should be always in sync with
448 # In case we want to extend this list we should be always in sync with
449 # User.DEFAULT_USER_PERMISSIONS definitions
449 # User.DEFAULT_USER_PERMISSIONS definitions
450 _configurable = frozenset([
450 _configurable = frozenset([
451 'hg.fork.none', 'hg.fork.repository',
451 'hg.fork.none', 'hg.fork.repository',
452 'hg.create.none', 'hg.create.repository',
452 'hg.create.none', 'hg.create.repository',
453 'hg.usergroup.create.false', 'hg.usergroup.create.true',
453 'hg.usergroup.create.false', 'hg.usergroup.create.true',
454 'hg.repogroup.create.false', 'hg.repogroup.create.true',
454 'hg.repogroup.create.false', 'hg.repogroup.create.true',
455 'hg.create.write_on_repogroup.false',
455 'hg.create.write_on_repogroup.false',
456 'hg.create.write_on_repogroup.true',
456 'hg.create.write_on_repogroup.true',
457 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
457 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
458 ])
458 ])
459
459
460 # USER GROUPS comes first user group global permissions
460 # USER GROUPS comes first user group global permissions
461 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
461 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
462 .options(joinedload(UserGroupToPerm.permission))\
462 .options(joinedload(UserGroupToPerm.permission))\
463 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
463 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
464 UserGroupMember.users_group_id))\
464 UserGroupMember.users_group_id))\
465 .filter(UserGroupMember.user_id == self.user_id)\
465 .filter(UserGroupMember.user_id == self.user_id)\
466 .order_by(UserGroupToPerm.users_group_id)\
466 .order_by(UserGroupToPerm.users_group_id)\
467 .all()
467 .all()
468
468
469 # need to group here by groups since user can be in more than
469 # need to group here by groups since user can be in more than
470 # one group, so we get all groups
470 # one group, so we get all groups
471 _explicit_grouped_perms = [
471 _explicit_grouped_perms = [
472 [x, list(y)] for x, y in
472 [x, list(y)] for x, y in
473 itertools.groupby(user_perms_from_users_groups,
473 itertools.groupby(user_perms_from_users_groups,
474 lambda _x: _x.users_group)]
474 lambda _x: _x.users_group)]
475
475
476 for gr, perms in _explicit_grouped_perms:
476 for gr, perms in _explicit_grouped_perms:
477 # since user can be in multiple groups iterate over them and
477 # since user can be in multiple groups iterate over them and
478 # select the lowest permissions first (more explicit)
478 # select the lowest permissions first (more explicit)
479 # TODO: marcink: do this^^
479 # TODO: marcink: do this^^
480
480
481 # group doesn't inherit default permissions so we actually set them
481 # group doesn't inherit default permissions so we actually set them
482 if not gr.inherit_default_permissions:
482 if not gr.inherit_default_permissions:
483 # NEED TO IGNORE all previously set configurable permissions
483 # NEED TO IGNORE all previously set configurable permissions
484 # and replace them with explicitly set from this user
484 # and replace them with explicitly set from this user
485 # group permissions
485 # group permissions
486 self.permissions_global = self.permissions_global.difference(
486 self.permissions_global = self.permissions_global.difference(
487 _configurable)
487 _configurable)
488 for perm in perms:
488 for perm in perms:
489 self.permissions_global.add(perm.permission.permission_name)
489 self.permissions_global.add(perm.permission.permission_name)
490
490
491 # user explicit global permissions
491 # user explicit global permissions
492 user_perms = Session().query(UserToPerm)\
492 user_perms = Session().query(UserToPerm)\
493 .options(joinedload(UserToPerm.permission))\
493 .options(joinedload(UserToPerm.permission))\
494 .filter(UserToPerm.user_id == self.user_id).all()
494 .filter(UserToPerm.user_id == self.user_id).all()
495
495
496 if not self.inherit_default_permissions:
496 if not self.inherit_default_permissions:
497 # NEED TO IGNORE all configurable permissions and
497 # NEED TO IGNORE all configurable permissions and
498 # replace them with explicitly set from this user permissions
498 # replace them with explicitly set from this user permissions
499 self.permissions_global = self.permissions_global.difference(
499 self.permissions_global = self.permissions_global.difference(
500 _configurable)
500 _configurable)
501 for perm in user_perms:
501 for perm in user_perms:
502 self.permissions_global.add(perm.permission.permission_name)
502 self.permissions_global.add(perm.permission.permission_name)
503
503
504 def _calculate_default_permissions(self):
504 def _calculate_default_permissions(self):
505 """
505 """
506 Set default user permissions for repositories, repository groups
506 Set default user permissions for repositories, repository groups
507 taken from the default user.
507 taken from the default user.
508
508
509 Calculate inheritance of object permissions based on what we have now
509 Calculate inheritance of object permissions based on what we have now
510 in GLOBAL permissions. We check if .false is in GLOBAL since this is
510 in GLOBAL permissions. We check if .false is in GLOBAL since this is
511 explicitly set. Inherit is the opposite of .false being there.
511 explicitly set. Inherit is the opposite of .false being there.
512
512
513 .. note::
513 .. note::
514
514
515 the syntax is little bit odd but what we need to check here is
515 the syntax is little bit odd but what we need to check here is
516 the opposite of .false permission being in the list so even for
516 the opposite of .false permission being in the list so even for
517 inconsistent state when both .true/.false is there
517 inconsistent state when both .true/.false is there
518 .false is more important
518 .false is more important
519
519
520 """
520 """
521 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
521 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
522 in self.permissions_global)
522 in self.permissions_global)
523
523
524 # defaults for repositories, taken from `default` user permissions
524 # defaults for repositories, taken from `default` user permissions
525 # on given repo
525 # on given repo
526 for perm in self.default_repo_perms:
526 for perm in self.default_repo_perms:
527 r_k = perm.UserRepoToPerm.repository.repo_name
527 r_k = perm.UserRepoToPerm.repository.repo_name
528 o = PermOrigin.REPO_DEFAULT
528 o = PermOrigin.REPO_DEFAULT
529 if perm.Repository.private and not (
529 if perm.Repository.private and not (
530 perm.Repository.user_id == self.user_id):
530 perm.Repository.user_id == self.user_id):
531 # disable defaults for private repos,
531 # disable defaults for private repos,
532 p = 'repository.none'
532 p = 'repository.none'
533 o = PermOrigin.REPO_PRIVATE
533 o = PermOrigin.REPO_PRIVATE
534 elif perm.Repository.user_id == self.user_id:
534 elif perm.Repository.user_id == self.user_id:
535 # set admin if owner
535 # set admin if owner
536 p = 'repository.admin'
536 p = 'repository.admin'
537 o = PermOrigin.REPO_OWNER
537 o = PermOrigin.REPO_OWNER
538 else:
538 else:
539 p = perm.Permission.permission_name
539 p = perm.Permission.permission_name
540 # if we decide this user isn't inheriting permissions from
540 # if we decide this user isn't inheriting permissions from
541 # default user we set him to .none so only explicit
541 # default user we set him to .none so only explicit
542 # permissions work
542 # permissions work
543 if not user_inherit_object_permissions:
543 if not user_inherit_object_permissions:
544 p = 'repository.none'
544 p = 'repository.none'
545 self.permissions_repositories[r_k] = p, o
545 self.permissions_repositories[r_k] = p, o
546
546
547 # defaults for repository groups taken from `default` user permission
547 # defaults for repository groups taken from `default` user permission
548 # on given group
548 # on given group
549 for perm in self.default_repo_groups_perms:
549 for perm in self.default_repo_groups_perms:
550 rg_k = perm.UserRepoGroupToPerm.group.group_name
550 rg_k = perm.UserRepoGroupToPerm.group.group_name
551 o = PermOrigin.REPOGROUP_DEFAULT
551 o = PermOrigin.REPOGROUP_DEFAULT
552 if perm.RepoGroup.user_id == self.user_id:
552 if perm.RepoGroup.user_id == self.user_id:
553 # set admin if owner
553 # set admin if owner
554 p = 'group.admin'
554 p = 'group.admin'
555 o = PermOrigin.REPOGROUP_OWNER
555 o = PermOrigin.REPOGROUP_OWNER
556 else:
556 else:
557 p = perm.Permission.permission_name
557 p = perm.Permission.permission_name
558
558
559 # if we decide this user isn't inheriting permissions from default
559 # if we decide this user isn't inheriting permissions from default
560 # user we set him to .none so only explicit permissions work
560 # user we set him to .none so only explicit permissions work
561 if not user_inherit_object_permissions:
561 if not user_inherit_object_permissions:
562 p = 'group.none'
562 p = 'group.none'
563 self.permissions_repository_groups[rg_k] = p, o
563 self.permissions_repository_groups[rg_k] = p, o
564
564
565 # defaults for user groups taken from `default` user permission
565 # defaults for user groups taken from `default` user permission
566 # on given user group
566 # on given user group
567 for perm in self.default_user_group_perms:
567 for perm in self.default_user_group_perms:
568 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
568 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
569 p = perm.Permission.permission_name
569 p = perm.Permission.permission_name
570 o = PermOrigin.USERGROUP_DEFAULT
570 o = PermOrigin.USERGROUP_DEFAULT
571 # if we decide this user isn't inheriting permissions from default
571 # if we decide this user isn't inheriting permissions from default
572 # user we set him to .none so only explicit permissions work
572 # user we set him to .none so only explicit permissions work
573 if not user_inherit_object_permissions:
573 if not user_inherit_object_permissions:
574 p = 'usergroup.none'
574 p = 'usergroup.none'
575 self.permissions_user_groups[u_k] = p, o
575 self.permissions_user_groups[u_k] = p, o
576
576
577 def _calculate_repository_permissions(self):
577 def _calculate_repository_permissions(self):
578 """
578 """
579 Repository permissions for the current user.
579 Repository permissions for the current user.
580
580
581 Check if the user is part of user groups for this repository and
581 Check if the user is part of user groups for this repository and
582 fill in the permission from it. `_choose_permission` decides of which
582 fill in the permission from it. `_choose_permission` decides of which
583 permission should be selected based on selected method.
583 permission should be selected based on selected method.
584 """
584 """
585
585
586 # user group for repositories permissions
586 # user group for repositories permissions
587 user_repo_perms_from_user_group = Permission\
587 user_repo_perms_from_user_group = Permission\
588 .get_default_repo_perms_from_user_group(
588 .get_default_repo_perms_from_user_group(
589 self.user_id, self.scope_repo_id)
589 self.user_id, self.scope_repo_id)
590
590
591 multiple_counter = collections.defaultdict(int)
591 multiple_counter = collections.defaultdict(int)
592 for perm in user_repo_perms_from_user_group:
592 for perm in user_repo_perms_from_user_group:
593 r_k = perm.UserGroupRepoToPerm.repository.repo_name
593 r_k = perm.UserGroupRepoToPerm.repository.repo_name
594 ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name
594 ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name
595 multiple_counter[r_k] += 1
595 multiple_counter[r_k] += 1
596 p = perm.Permission.permission_name
596 p = perm.Permission.permission_name
597 o = PermOrigin.REPO_USERGROUP % ug_k
597 o = PermOrigin.REPO_USERGROUP % ug_k
598
598
599 if perm.Repository.user_id == self.user_id:
599 if perm.Repository.user_id == self.user_id:
600 # set admin if owner
600 # set admin if owner
601 p = 'repository.admin'
601 p = 'repository.admin'
602 o = PermOrigin.REPO_OWNER
602 o = PermOrigin.REPO_OWNER
603 else:
603 else:
604 if multiple_counter[r_k] > 1:
604 if multiple_counter[r_k] > 1:
605 cur_perm = self.permissions_repositories[r_k]
605 cur_perm = self.permissions_repositories[r_k]
606 p = self._choose_permission(p, cur_perm)
606 p = self._choose_permission(p, cur_perm)
607 self.permissions_repositories[r_k] = p, o
607 self.permissions_repositories[r_k] = p, o
608
608
609 # user explicit permissions for repositories, overrides any specified
609 # user explicit permissions for repositories, overrides any specified
610 # by the group permission
610 # by the group permission
611 user_repo_perms = Permission.get_default_repo_perms(
611 user_repo_perms = Permission.get_default_repo_perms(
612 self.user_id, self.scope_repo_id)
612 self.user_id, self.scope_repo_id)
613 for perm in user_repo_perms:
613 for perm in user_repo_perms:
614 r_k = perm.UserRepoToPerm.repository.repo_name
614 r_k = perm.UserRepoToPerm.repository.repo_name
615 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
615 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
616 # set admin if owner
616 # set admin if owner
617 if perm.Repository.user_id == self.user_id:
617 if perm.Repository.user_id == self.user_id:
618 p = 'repository.admin'
618 p = 'repository.admin'
619 o = PermOrigin.REPO_OWNER
619 o = PermOrigin.REPO_OWNER
620 else:
620 else:
621 p = perm.Permission.permission_name
621 p = perm.Permission.permission_name
622 if not self.explicit:
622 if not self.explicit:
623 cur_perm = self.permissions_repositories.get(
623 cur_perm = self.permissions_repositories.get(
624 r_k, 'repository.none')
624 r_k, 'repository.none')
625 p = self._choose_permission(p, cur_perm)
625 p = self._choose_permission(p, cur_perm)
626 self.permissions_repositories[r_k] = p, o
626 self.permissions_repositories[r_k] = p, o
627
627
628 def _calculate_repository_group_permissions(self):
628 def _calculate_repository_group_permissions(self):
629 """
629 """
630 Repository group permissions for the current user.
630 Repository group permissions for the current user.
631
631
632 Check if the user is part of user groups for repository groups and
632 Check if the user is part of user groups for repository groups and
633 fill in the permissions from it. `_choose_permmission` decides of which
633 fill in the permissions from it. `_choose_permmission` decides of which
634 permission should be selected based on selected method.
634 permission should be selected based on selected method.
635 """
635 """
636 # user group for repo groups permissions
636 # user group for repo groups permissions
637 user_repo_group_perms_from_user_group = Permission\
637 user_repo_group_perms_from_user_group = Permission\
638 .get_default_group_perms_from_user_group(
638 .get_default_group_perms_from_user_group(
639 self.user_id, self.scope_repo_group_id)
639 self.user_id, self.scope_repo_group_id)
640
640
641 multiple_counter = collections.defaultdict(int)
641 multiple_counter = collections.defaultdict(int)
642 for perm in user_repo_group_perms_from_user_group:
642 for perm in user_repo_group_perms_from_user_group:
643 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
643 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
644 ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name
644 ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name
645 o = PermOrigin.REPOGROUP_USERGROUP % ug_k
645 o = PermOrigin.REPOGROUP_USERGROUP % ug_k
646 multiple_counter[g_k] += 1
646 multiple_counter[g_k] += 1
647 p = perm.Permission.permission_name
647 p = perm.Permission.permission_name
648 if perm.RepoGroup.user_id == self.user_id:
648 if perm.RepoGroup.user_id == self.user_id:
649 # set admin if owner
649 # set admin if owner
650 p = 'group.admin'
650 p = 'group.admin'
651 o = PermOrigin.REPOGROUP_OWNER
651 o = PermOrigin.REPOGROUP_OWNER
652 else:
652 else:
653 if multiple_counter[g_k] > 1:
653 if multiple_counter[g_k] > 1:
654 cur_perm = self.permissions_repository_groups[g_k]
654 cur_perm = self.permissions_repository_groups[g_k]
655 p = self._choose_permission(p, cur_perm)
655 p = self._choose_permission(p, cur_perm)
656 self.permissions_repository_groups[g_k] = p, o
656 self.permissions_repository_groups[g_k] = p, o
657
657
658 # user explicit permissions for repository groups
658 # user explicit permissions for repository groups
659 user_repo_groups_perms = Permission.get_default_group_perms(
659 user_repo_groups_perms = Permission.get_default_group_perms(
660 self.user_id, self.scope_repo_group_id)
660 self.user_id, self.scope_repo_group_id)
661 for perm in user_repo_groups_perms:
661 for perm in user_repo_groups_perms:
662 rg_k = perm.UserRepoGroupToPerm.group.group_name
662 rg_k = perm.UserRepoGroupToPerm.group.group_name
663 u_k = perm.UserRepoGroupToPerm.user.username
663 u_k = perm.UserRepoGroupToPerm.user.username
664 o = PermOrigin.REPOGROUP_USER % u_k
664 o = PermOrigin.REPOGROUP_USER % u_k
665
665
666 if perm.RepoGroup.user_id == self.user_id:
666 if perm.RepoGroup.user_id == self.user_id:
667 # set admin if owner
667 # set admin if owner
668 p = 'group.admin'
668 p = 'group.admin'
669 o = PermOrigin.REPOGROUP_OWNER
669 o = PermOrigin.REPOGROUP_OWNER
670 else:
670 else:
671 p = perm.Permission.permission_name
671 p = perm.Permission.permission_name
672 if not self.explicit:
672 if not self.explicit:
673 cur_perm = self.permissions_repository_groups.get(
673 cur_perm = self.permissions_repository_groups.get(
674 rg_k, 'group.none')
674 rg_k, 'group.none')
675 p = self._choose_permission(p, cur_perm)
675 p = self._choose_permission(p, cur_perm)
676 self.permissions_repository_groups[rg_k] = p, o
676 self.permissions_repository_groups[rg_k] = p, o
677
677
678 def _calculate_user_group_permissions(self):
678 def _calculate_user_group_permissions(self):
679 """
679 """
680 User group permissions for the current user.
680 User group permissions for the current user.
681 """
681 """
682 # user group for user group permissions
682 # user group for user group permissions
683 user_group_from_user_group = Permission\
683 user_group_from_user_group = Permission\
684 .get_default_user_group_perms_from_user_group(
684 .get_default_user_group_perms_from_user_group(
685 self.user_id, self.scope_repo_group_id)
685 self.user_id, self.scope_repo_group_id)
686
686
687 multiple_counter = collections.defaultdict(int)
687 multiple_counter = collections.defaultdict(int)
688 for perm in user_group_from_user_group:
688 for perm in user_group_from_user_group:
689 g_k = perm.UserGroupUserGroupToPerm\
689 g_k = perm.UserGroupUserGroupToPerm\
690 .target_user_group.users_group_name
690 .target_user_group.users_group_name
691 u_k = perm.UserGroupUserGroupToPerm\
691 u_k = perm.UserGroupUserGroupToPerm\
692 .user_group.users_group_name
692 .user_group.users_group_name
693 o = PermOrigin.USERGROUP_USERGROUP % u_k
693 o = PermOrigin.USERGROUP_USERGROUP % u_k
694 multiple_counter[g_k] += 1
694 multiple_counter[g_k] += 1
695 p = perm.Permission.permission_name
695 p = perm.Permission.permission_name
696 if multiple_counter[g_k] > 1:
696 if multiple_counter[g_k] > 1:
697 cur_perm = self.permissions_user_groups[g_k]
697 cur_perm = self.permissions_user_groups[g_k]
698 p = self._choose_permission(p, cur_perm)
698 p = self._choose_permission(p, cur_perm)
699 self.permissions_user_groups[g_k] = p, o
699 self.permissions_user_groups[g_k] = p, o
700
700
701 # user explicit permission for user groups
701 # user explicit permission for user groups
702 user_user_groups_perms = Permission.get_default_user_group_perms(
702 user_user_groups_perms = Permission.get_default_user_group_perms(
703 self.user_id, self.scope_user_group_id)
703 self.user_id, self.scope_user_group_id)
704 for perm in user_user_groups_perms:
704 for perm in user_user_groups_perms:
705 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
705 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
706 u_k = perm.UserUserGroupToPerm.user.username
706 u_k = perm.UserUserGroupToPerm.user.username
707 p = perm.Permission.permission_name
707 p = perm.Permission.permission_name
708 o = PermOrigin.USERGROUP_USER % u_k
708 o = PermOrigin.USERGROUP_USER % u_k
709 if not self.explicit:
709 if not self.explicit:
710 cur_perm = self.permissions_user_groups.get(
710 cur_perm = self.permissions_user_groups.get(
711 ug_k, 'usergroup.none')
711 ug_k, 'usergroup.none')
712 p = self._choose_permission(p, cur_perm)
712 p = self._choose_permission(p, cur_perm)
713 self.permissions_user_groups[ug_k] = p, o
713 self.permissions_user_groups[ug_k] = p, o
714
714
715 def _choose_permission(self, new_perm, cur_perm):
715 def _choose_permission(self, new_perm, cur_perm):
716 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
716 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
717 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
717 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
718 if self.algo == 'higherwin':
718 if self.algo == 'higherwin':
719 if new_perm_val > cur_perm_val:
719 if new_perm_val > cur_perm_val:
720 return new_perm
720 return new_perm
721 return cur_perm
721 return cur_perm
722 elif self.algo == 'lowerwin':
722 elif self.algo == 'lowerwin':
723 if new_perm_val < cur_perm_val:
723 if new_perm_val < cur_perm_val:
724 return new_perm
724 return new_perm
725 return cur_perm
725 return cur_perm
726
726
727 def _permission_structure(self):
727 def _permission_structure(self):
728 return {
728 return {
729 'global': self.permissions_global,
729 'global': self.permissions_global,
730 'repositories': self.permissions_repositories,
730 'repositories': self.permissions_repositories,
731 'repositories_groups': self.permissions_repository_groups,
731 'repositories_groups': self.permissions_repository_groups,
732 'user_groups': self.permissions_user_groups,
732 'user_groups': self.permissions_user_groups,
733 }
733 }
734
734
735
735
736 def allowed_auth_token_access(controller_name, whitelist=None, auth_token=None):
736 def allowed_auth_token_access(controller_name, whitelist=None, auth_token=None):
737 """
737 """
738 Check if given controller_name is in whitelist of auth token access
738 Check if given controller_name is in whitelist of auth token access
739 """
739 """
740 if not whitelist:
740 if not whitelist:
741 from rhodecode import CONFIG
741 from rhodecode import CONFIG
742 whitelist = aslist(
742 whitelist = aslist(
743 CONFIG.get('api_access_controllers_whitelist'), sep=',')
743 CONFIG.get('api_access_controllers_whitelist'), sep=',')
744 log.debug(
744 log.debug(
745 'Allowed controllers for AUTH TOKEN access: %s' % (whitelist,))
745 'Allowed controllers for AUTH TOKEN access: %s' % (whitelist,))
746
746
747 auth_token_access_valid = False
747 auth_token_access_valid = False
748 for entry in whitelist:
748 for entry in whitelist:
749 if fnmatch.fnmatch(controller_name, entry):
749 if fnmatch.fnmatch(controller_name, entry):
750 auth_token_access_valid = True
750 auth_token_access_valid = True
751 break
751 break
752
752
753 if auth_token_access_valid:
753 if auth_token_access_valid:
754 log.debug('controller:%s matches entry in whitelist'
754 log.debug('controller:%s matches entry in whitelist'
755 % (controller_name,))
755 % (controller_name,))
756 else:
756 else:
757 msg = ('controller: %s does *NOT* match any entry in whitelist'
757 msg = ('controller: %s does *NOT* match any entry in whitelist'
758 % (controller_name,))
758 % (controller_name,))
759 if auth_token:
759 if auth_token:
760 # if we use auth token key and don't have access it's a warning
760 # if we use auth token key and don't have access it's a warning
761 log.warning(msg)
761 log.warning(msg)
762 else:
762 else:
763 log.debug(msg)
763 log.debug(msg)
764
764
765 return auth_token_access_valid
765 return auth_token_access_valid
766
766
767
767
768 class AuthUser(object):
768 class AuthUser(object):
769 """
769 """
770 A simple object that handles all attributes of user in RhodeCode
770 A simple object that handles all attributes of user in RhodeCode
771
771
772 It does lookup based on API key,given user, or user present in session
772 It does lookup based on API key,given user, or user present in session
773 Then it fills all required information for such user. It also checks if
773 Then it fills all required information for such user. It also checks if
774 anonymous access is enabled and if so, it returns default user as logged in
774 anonymous access is enabled and if so, it returns default user as logged in
775 """
775 """
776 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
776 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
777
777
778 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
778 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
779
779
780 self.user_id = user_id
780 self.user_id = user_id
781 self._api_key = api_key
781 self._api_key = api_key
782
782
783 self.api_key = None
783 self.api_key = None
784 self.feed_token = ''
784 self.feed_token = ''
785 self.username = username
785 self.username = username
786 self.ip_addr = ip_addr
786 self.ip_addr = ip_addr
787 self.name = ''
787 self.name = ''
788 self.lastname = ''
788 self.lastname = ''
789 self.email = ''
789 self.email = ''
790 self.is_authenticated = False
790 self.is_authenticated = False
791 self.admin = False
791 self.admin = False
792 self.inherit_default_permissions = False
792 self.inherit_default_permissions = False
793 self.password = ''
793 self.password = ''
794
794
795 self.anonymous_user = None # propagated on propagate_data
795 self.anonymous_user = None # propagated on propagate_data
796 self.propagate_data()
796 self.propagate_data()
797 self._instance = None
797 self._instance = None
798 self._permissions_scoped_cache = {} # used to bind scoped calculation
798 self._permissions_scoped_cache = {} # used to bind scoped calculation
799
799
800 @LazyProperty
800 @LazyProperty
801 def permissions(self):
801 def permissions(self):
802 return self.get_perms(user=self, cache=False)
802 return self.get_perms(user=self, cache=False)
803
803
804 def permissions_with_scope(self, scope):
804 def permissions_with_scope(self, scope):
805 """
805 """
806 Call the get_perms function with scoped data. The scope in that function
806 Call the get_perms function with scoped data. The scope in that function
807 narrows the SQL calls to the given ID of objects resulting in fetching
807 narrows the SQL calls to the given ID of objects resulting in fetching
808 Just particular permission we want to obtain. If scope is an empty dict
808 Just particular permission we want to obtain. If scope is an empty dict
809 then it basically narrows the scope to GLOBAL permissions only.
809 then it basically narrows the scope to GLOBAL permissions only.
810
810
811 :param scope: dict
811 :param scope: dict
812 """
812 """
813 if 'repo_name' in scope:
813 if 'repo_name' in scope:
814 obj = Repository.get_by_repo_name(scope['repo_name'])
814 obj = Repository.get_by_repo_name(scope['repo_name'])
815 if obj:
815 if obj:
816 scope['repo_id'] = obj.repo_id
816 scope['repo_id'] = obj.repo_id
817 _scope = {
817 _scope = {
818 'repo_id': -1,
818 'repo_id': -1,
819 'user_group_id': -1,
819 'user_group_id': -1,
820 'repo_group_id': -1,
820 'repo_group_id': -1,
821 }
821 }
822 _scope.update(scope)
822 _scope.update(scope)
823 cache_key = "_".join(map(safe_str, reduce(lambda a, b: a+b,
823 cache_key = "_".join(map(safe_str, reduce(lambda a, b: a+b,
824 _scope.items())))
824 _scope.items())))
825 if cache_key not in self._permissions_scoped_cache:
825 if cache_key not in self._permissions_scoped_cache:
826 # store in cache to mimic how the @LazyProperty works,
826 # store in cache to mimic how the @LazyProperty works,
827 # the difference here is that we use the unique key calculated
827 # the difference here is that we use the unique key calculated
828 # from params and values
828 # from params and values
829 res = self.get_perms(user=self, cache=False, scope=_scope)
829 res = self.get_perms(user=self, cache=False, scope=_scope)
830 self._permissions_scoped_cache[cache_key] = res
830 self._permissions_scoped_cache[cache_key] = res
831 return self._permissions_scoped_cache[cache_key]
831 return self._permissions_scoped_cache[cache_key]
832
832
833 @property
833 @property
834 def auth_tokens(self):
834 def auth_tokens(self):
835 return self.get_auth_tokens()
835 return self.get_auth_tokens()
836
836
837 def get_instance(self):
837 def get_instance(self):
838 return User.get(self.user_id)
838 return User.get(self.user_id)
839
839
840 def update_lastactivity(self):
840 def update_lastactivity(self):
841 if self.user_id:
841 if self.user_id:
842 User.get(self.user_id).update_lastactivity()
842 User.get(self.user_id).update_lastactivity()
843
843
844 def propagate_data(self):
844 def propagate_data(self):
845 """
845 """
846 Fills in user data and propagates values to this instance. Maps fetched
846 Fills in user data and propagates values to this instance. Maps fetched
847 user attributes to this class instance attributes
847 user attributes to this class instance attributes
848 """
848 """
849
849
850 user_model = UserModel()
850 user_model = UserModel()
851 anon_user = self.anonymous_user = User.get_default_user(cache=True)
851 anon_user = self.anonymous_user = User.get_default_user(cache=True)
852 is_user_loaded = False
852 is_user_loaded = False
853
853
854 # lookup by userid
854 # lookup by userid
855 if self.user_id is not None and self.user_id != anon_user.user_id:
855 if self.user_id is not None and self.user_id != anon_user.user_id:
856 log.debug('Trying Auth User lookup by USER ID %s' % self.user_id)
856 log.debug('Trying Auth User lookup by USER ID %s' % self.user_id)
857 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
857 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
858
858
859 # try go get user by api key
859 # try go get user by api key
860 elif self._api_key and self._api_key != anon_user.api_key:
860 elif self._api_key and self._api_key != anon_user.api_key:
861 log.debug('Trying Auth User lookup by API KEY %s' % self._api_key)
861 log.debug('Trying Auth User lookup by API KEY %s' % self._api_key)
862 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
862 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
863
863
864 # lookup by username
864 # lookup by username
865 elif self.username:
865 elif self.username:
866 log.debug('Trying Auth User lookup by USER NAME %s' % self.username)
866 log.debug('Trying Auth User lookup by USER NAME %s' % self.username)
867 is_user_loaded = user_model.fill_data(self, username=self.username)
867 is_user_loaded = user_model.fill_data(self, username=self.username)
868 else:
868 else:
869 log.debug('No data in %s that could been used to log in' % self)
869 log.debug('No data in %s that could been used to log in' % self)
870
870
871 if not is_user_loaded:
871 if not is_user_loaded:
872 log.debug('Failed to load user. Fallback to default user')
872 log.debug('Failed to load user. Fallback to default user')
873 # if we cannot authenticate user try anonymous
873 # if we cannot authenticate user try anonymous
874 if anon_user.active:
874 if anon_user.active:
875 user_model.fill_data(self, user_id=anon_user.user_id)
875 user_model.fill_data(self, user_id=anon_user.user_id)
876 # then we set this user is logged in
876 # then we set this user is logged in
877 self.is_authenticated = True
877 self.is_authenticated = True
878 else:
878 else:
879 # in case of disabled anonymous user we reset some of the
879 # in case of disabled anonymous user we reset some of the
880 # parameters so such user is "corrupted", skipping the fill_data
880 # parameters so such user is "corrupted", skipping the fill_data
881 for attr in ['user_id', 'username', 'admin', 'active']:
881 for attr in ['user_id', 'username', 'admin', 'active']:
882 setattr(self, attr, None)
882 setattr(self, attr, None)
883 self.is_authenticated = False
883 self.is_authenticated = False
884
884
885 if not self.username:
885 if not self.username:
886 self.username = 'None'
886 self.username = 'None'
887
887
888 log.debug('Auth User is now %s' % self)
888 log.debug('Auth User is now %s' % self)
889
889
890 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
890 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
891 cache=False):
891 cache=False):
892 """
892 """
893 Fills user permission attribute with permissions taken from database
893 Fills user permission attribute with permissions taken from database
894 works for permissions given for repositories, and for permissions that
894 works for permissions given for repositories, and for permissions that
895 are granted to groups
895 are granted to groups
896
896
897 :param user: instance of User object from database
897 :param user: instance of User object from database
898 :param explicit: In case there are permissions both for user and a group
898 :param explicit: In case there are permissions both for user and a group
899 that user is part of, explicit flag will defiine if user will
899 that user is part of, explicit flag will defiine if user will
900 explicitly override permissions from group, if it's False it will
900 explicitly override permissions from group, if it's False it will
901 make decision based on the algo
901 make decision based on the algo
902 :param algo: algorithm to decide what permission should be choose if
902 :param algo: algorithm to decide what permission should be choose if
903 it's multiple defined, eg user in two different groups. It also
903 it's multiple defined, eg user in two different groups. It also
904 decides if explicit flag is turned off how to specify the permission
904 decides if explicit flag is turned off how to specify the permission
905 for case when user is in a group + have defined separate permission
905 for case when user is in a group + have defined separate permission
906 """
906 """
907 user_id = user.user_id
907 user_id = user.user_id
908 user_is_admin = user.is_admin
908 user_is_admin = user.is_admin
909
909
910 # inheritance of global permissions like create repo/fork repo etc
910 # inheritance of global permissions like create repo/fork repo etc
911 user_inherit_default_permissions = user.inherit_default_permissions
911 user_inherit_default_permissions = user.inherit_default_permissions
912
912
913 log.debug('Computing PERMISSION tree for scope %s' % (scope, ))
913 log.debug('Computing PERMISSION tree for scope %s' % (scope, ))
914 compute = caches.conditional_cache(
914 compute = caches.conditional_cache(
915 'short_term', 'cache_desc',
915 'short_term', 'cache_desc',
916 condition=cache, func=_cached_perms_data)
916 condition=cache, func=_cached_perms_data)
917 result = compute(user_id, scope, user_is_admin,
917 result = compute(user_id, scope, user_is_admin,
918 user_inherit_default_permissions, explicit, algo)
918 user_inherit_default_permissions, explicit, algo)
919
919
920 result_repr = []
920 result_repr = []
921 for k in result:
921 for k in result:
922 result_repr.append((k, len(result[k])))
922 result_repr.append((k, len(result[k])))
923
923
924 log.debug('PERMISSION tree computed %s' % (result_repr,))
924 log.debug('PERMISSION tree computed %s' % (result_repr,))
925 return result
925 return result
926
926
927 def get_auth_tokens(self):
927 def get_auth_tokens(self):
928 auth_tokens = [self.api_key]
928 auth_tokens = [self.api_key]
929 for api_key in UserApiKeys.query()\
929 for api_key in UserApiKeys.query()\
930 .filter(UserApiKeys.user_id == self.user_id)\
930 .filter(UserApiKeys.user_id == self.user_id)\
931 .filter(or_(UserApiKeys.expires == -1,
931 .filter(or_(UserApiKeys.expires == -1,
932 UserApiKeys.expires >= time.time())).all():
932 UserApiKeys.expires >= time.time())).all():
933 auth_tokens.append(api_key.api_key)
933 auth_tokens.append(api_key.api_key)
934
934
935 return auth_tokens
935 return auth_tokens
936
936
937 @property
937 @property
938 def is_default(self):
938 def is_default(self):
939 return self.username == User.DEFAULT_USER
939 return self.username == User.DEFAULT_USER
940
940
941 @property
941 @property
942 def is_admin(self):
942 def is_admin(self):
943 return self.admin
943 return self.admin
944
944
945 @property
945 @property
946 def is_user_object(self):
946 def is_user_object(self):
947 return self.user_id is not None
947 return self.user_id is not None
948
948
949 @property
949 @property
950 def repositories_admin(self):
950 def repositories_admin(self):
951 """
951 """
952 Returns list of repositories you're an admin of
952 Returns list of repositories you're an admin of
953 """
953 """
954 return [x[0] for x in self.permissions['repositories'].iteritems()
954 return [x[0] for x in self.permissions['repositories'].iteritems()
955 if x[1] == 'repository.admin']
955 if x[1] == 'repository.admin']
956
956
957 @property
957 @property
958 def repository_groups_admin(self):
958 def repository_groups_admin(self):
959 """
959 """
960 Returns list of repository groups you're an admin of
960 Returns list of repository groups you're an admin of
961 """
961 """
962 return [x[0]
962 return [x[0]
963 for x in self.permissions['repositories_groups'].iteritems()
963 for x in self.permissions['repositories_groups'].iteritems()
964 if x[1] == 'group.admin']
964 if x[1] == 'group.admin']
965
965
966 @property
966 @property
967 def user_groups_admin(self):
967 def user_groups_admin(self):
968 """
968 """
969 Returns list of user groups you're an admin of
969 Returns list of user groups you're an admin of
970 """
970 """
971 return [x[0] for x in self.permissions['user_groups'].iteritems()
971 return [x[0] for x in self.permissions['user_groups'].iteritems()
972 if x[1] == 'usergroup.admin']
972 if x[1] == 'usergroup.admin']
973
973
974 @property
974 @property
975 def ip_allowed(self):
975 def ip_allowed(self):
976 """
976 """
977 Checks if ip_addr used in constructor is allowed from defined list of
977 Checks if ip_addr used in constructor is allowed from defined list of
978 allowed ip_addresses for user
978 allowed ip_addresses for user
979
979
980 :returns: boolean, True if ip is in allowed ip range
980 :returns: boolean, True if ip is in allowed ip range
981 """
981 """
982 # check IP
982 # check IP
983 inherit = self.inherit_default_permissions
983 inherit = self.inherit_default_permissions
984 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
984 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
985 inherit_from_default=inherit)
985 inherit_from_default=inherit)
986 @property
987 def personal_repo_group(self):
988 return RepoGroup.get_user_personal_repo_group(self.user_id)
986
989
987 @classmethod
990 @classmethod
988 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
991 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
989 allowed_ips = AuthUser.get_allowed_ips(
992 allowed_ips = AuthUser.get_allowed_ips(
990 user_id, cache=True, inherit_from_default=inherit_from_default)
993 user_id, cache=True, inherit_from_default=inherit_from_default)
991 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
994 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
992 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
995 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
993 return True
996 return True
994 else:
997 else:
995 log.info('Access for IP:%s forbidden, '
998 log.info('Access for IP:%s forbidden, '
996 'not in %s' % (ip_addr, allowed_ips))
999 'not in %s' % (ip_addr, allowed_ips))
997 return False
1000 return False
998
1001
999 def __repr__(self):
1002 def __repr__(self):
1000 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1003 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1001 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1004 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1002
1005
1003 def set_authenticated(self, authenticated=True):
1006 def set_authenticated(self, authenticated=True):
1004 if self.user_id != self.anonymous_user.user_id:
1007 if self.user_id != self.anonymous_user.user_id:
1005 self.is_authenticated = authenticated
1008 self.is_authenticated = authenticated
1006
1009
1007 def get_cookie_store(self):
1010 def get_cookie_store(self):
1008 return {
1011 return {
1009 'username': self.username,
1012 'username': self.username,
1010 'password': md5(self.password),
1013 'password': md5(self.password),
1011 'user_id': self.user_id,
1014 'user_id': self.user_id,
1012 'is_authenticated': self.is_authenticated
1015 'is_authenticated': self.is_authenticated
1013 }
1016 }
1014
1017
1015 @classmethod
1018 @classmethod
1016 def from_cookie_store(cls, cookie_store):
1019 def from_cookie_store(cls, cookie_store):
1017 """
1020 """
1018 Creates AuthUser from a cookie store
1021 Creates AuthUser from a cookie store
1019
1022
1020 :param cls:
1023 :param cls:
1021 :param cookie_store:
1024 :param cookie_store:
1022 """
1025 """
1023 user_id = cookie_store.get('user_id')
1026 user_id = cookie_store.get('user_id')
1024 username = cookie_store.get('username')
1027 username = cookie_store.get('username')
1025 api_key = cookie_store.get('api_key')
1028 api_key = cookie_store.get('api_key')
1026 return AuthUser(user_id, api_key, username)
1029 return AuthUser(user_id, api_key, username)
1027
1030
1028 @classmethod
1031 @classmethod
1029 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1032 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1030 _set = set()
1033 _set = set()
1031
1034
1032 if inherit_from_default:
1035 if inherit_from_default:
1033 default_ips = UserIpMap.query().filter(
1036 default_ips = UserIpMap.query().filter(
1034 UserIpMap.user == User.get_default_user(cache=True))
1037 UserIpMap.user == User.get_default_user(cache=True))
1035 if cache:
1038 if cache:
1036 default_ips = default_ips.options(FromCache("sql_cache_short",
1039 default_ips = default_ips.options(FromCache("sql_cache_short",
1037 "get_user_ips_default"))
1040 "get_user_ips_default"))
1038
1041
1039 # populate from default user
1042 # populate from default user
1040 for ip in default_ips:
1043 for ip in default_ips:
1041 try:
1044 try:
1042 _set.add(ip.ip_addr)
1045 _set.add(ip.ip_addr)
1043 except ObjectDeletedError:
1046 except ObjectDeletedError:
1044 # since we use heavy caching sometimes it happens that
1047 # since we use heavy caching sometimes it happens that
1045 # we get deleted objects here, we just skip them
1048 # we get deleted objects here, we just skip them
1046 pass
1049 pass
1047
1050
1048 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1051 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1049 if cache:
1052 if cache:
1050 user_ips = user_ips.options(FromCache("sql_cache_short",
1053 user_ips = user_ips.options(FromCache("sql_cache_short",
1051 "get_user_ips_%s" % user_id))
1054 "get_user_ips_%s" % user_id))
1052
1055
1053 for ip in user_ips:
1056 for ip in user_ips:
1054 try:
1057 try:
1055 _set.add(ip.ip_addr)
1058 _set.add(ip.ip_addr)
1056 except ObjectDeletedError:
1059 except ObjectDeletedError:
1057 # since we use heavy caching sometimes it happens that we get
1060 # since we use heavy caching sometimes it happens that we get
1058 # deleted objects here, we just skip them
1061 # deleted objects here, we just skip them
1059 pass
1062 pass
1060 return _set or set(['0.0.0.0/0', '::/0'])
1063 return _set or set(['0.0.0.0/0', '::/0'])
1061
1064
1062
1065
1063 def set_available_permissions(config):
1066 def set_available_permissions(config):
1064 """
1067 """
1065 This function will propagate pylons globals with all available defined
1068 This function will propagate pylons globals with all available defined
1066 permission given in db. We don't want to check each time from db for new
1069 permission given in db. We don't want to check each time from db for new
1067 permissions since adding a new permission also requires application restart
1070 permissions since adding a new permission also requires application restart
1068 ie. to decorate new views with the newly created permission
1071 ie. to decorate new views with the newly created permission
1069
1072
1070 :param config: current pylons config instance
1073 :param config: current pylons config instance
1071
1074
1072 """
1075 """
1073 log.info('getting information about all available permissions')
1076 log.info('getting information about all available permissions')
1074 try:
1077 try:
1075 sa = meta.Session
1078 sa = meta.Session
1076 all_perms = sa.query(Permission).all()
1079 all_perms = sa.query(Permission).all()
1077 config['available_permissions'] = [x.permission_name for x in all_perms]
1080 config['available_permissions'] = [x.permission_name for x in all_perms]
1078 except Exception:
1081 except Exception:
1079 log.error(traceback.format_exc())
1082 log.error(traceback.format_exc())
1080 finally:
1083 finally:
1081 meta.Session.remove()
1084 meta.Session.remove()
1082
1085
1083
1086
1084 def get_csrf_token(session=None, force_new=False, save_if_missing=True):
1087 def get_csrf_token(session=None, force_new=False, save_if_missing=True):
1085 """
1088 """
1086 Return the current authentication token, creating one if one doesn't
1089 Return the current authentication token, creating one if one doesn't
1087 already exist and the save_if_missing flag is present.
1090 already exist and the save_if_missing flag is present.
1088
1091
1089 :param session: pass in the pylons session, else we use the global ones
1092 :param session: pass in the pylons session, else we use the global ones
1090 :param force_new: force to re-generate the token and store it in session
1093 :param force_new: force to re-generate the token and store it in session
1091 :param save_if_missing: save the newly generated token if it's missing in
1094 :param save_if_missing: save the newly generated token if it's missing in
1092 session
1095 session
1093 """
1096 """
1094 if not session:
1097 if not session:
1095 from pylons import session
1098 from pylons import session
1096
1099
1097 if (csrf_token_key not in session and save_if_missing) or force_new:
1100 if (csrf_token_key not in session and save_if_missing) or force_new:
1098 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1101 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1099 session[csrf_token_key] = token
1102 session[csrf_token_key] = token
1100 if hasattr(session, 'save'):
1103 if hasattr(session, 'save'):
1101 session.save()
1104 session.save()
1102 return session.get(csrf_token_key)
1105 return session.get(csrf_token_key)
1103
1106
1104
1107
1105 # CHECK DECORATORS
1108 # CHECK DECORATORS
1106 class CSRFRequired(object):
1109 class CSRFRequired(object):
1107 """
1110 """
1108 Decorator for authenticating a form
1111 Decorator for authenticating a form
1109
1112
1110 This decorator uses an authorization token stored in the client's
1113 This decorator uses an authorization token stored in the client's
1111 session for prevention of certain Cross-site request forgery (CSRF)
1114 session for prevention of certain Cross-site request forgery (CSRF)
1112 attacks (See
1115 attacks (See
1113 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1116 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1114 information).
1117 information).
1115
1118
1116 For use with the ``webhelpers.secure_form`` helper functions.
1119 For use with the ``webhelpers.secure_form`` helper functions.
1117
1120
1118 """
1121 """
1119 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1122 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1120 except_methods=None):
1123 except_methods=None):
1121 self.token = token
1124 self.token = token
1122 self.header = header
1125 self.header = header
1123 self.except_methods = except_methods or []
1126 self.except_methods = except_methods or []
1124
1127
1125 def __call__(self, func):
1128 def __call__(self, func):
1126 return get_cython_compat_decorator(self.__wrapper, func)
1129 return get_cython_compat_decorator(self.__wrapper, func)
1127
1130
1128 def _get_csrf(self, _request):
1131 def _get_csrf(self, _request):
1129 return _request.POST.get(self.token, _request.headers.get(self.header))
1132 return _request.POST.get(self.token, _request.headers.get(self.header))
1130
1133
1131 def check_csrf(self, _request, cur_token):
1134 def check_csrf(self, _request, cur_token):
1132 supplied_token = self._get_csrf(_request)
1135 supplied_token = self._get_csrf(_request)
1133 return supplied_token and supplied_token == cur_token
1136 return supplied_token and supplied_token == cur_token
1134
1137
1135 def __wrapper(self, func, *fargs, **fkwargs):
1138 def __wrapper(self, func, *fargs, **fkwargs):
1136 if request.method in self.except_methods:
1139 if request.method in self.except_methods:
1137 return func(*fargs, **fkwargs)
1140 return func(*fargs, **fkwargs)
1138
1141
1139 cur_token = get_csrf_token(save_if_missing=False)
1142 cur_token = get_csrf_token(save_if_missing=False)
1140 if self.check_csrf(request, cur_token):
1143 if self.check_csrf(request, cur_token):
1141 if request.POST.get(self.token):
1144 if request.POST.get(self.token):
1142 del request.POST[self.token]
1145 del request.POST[self.token]
1143 return func(*fargs, **fkwargs)
1146 return func(*fargs, **fkwargs)
1144 else:
1147 else:
1145 reason = 'token-missing'
1148 reason = 'token-missing'
1146 supplied_token = self._get_csrf(request)
1149 supplied_token = self._get_csrf(request)
1147 if supplied_token and cur_token != supplied_token:
1150 if supplied_token and cur_token != supplied_token:
1148 reason = 'token-mismatch [%s:%s]' % (cur_token or ''[:6],
1151 reason = 'token-mismatch [%s:%s]' % (cur_token or ''[:6],
1149 supplied_token or ''[:6])
1152 supplied_token or ''[:6])
1150
1153
1151 csrf_message = \
1154 csrf_message = \
1152 ("Cross-site request forgery detected, request denied. See "
1155 ("Cross-site request forgery detected, request denied. See "
1153 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1156 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1154 "more information.")
1157 "more information.")
1155 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1158 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1156 'REMOTE_ADDR:%s, HEADERS:%s' % (
1159 'REMOTE_ADDR:%s, HEADERS:%s' % (
1157 request, reason, request.remote_addr, request.headers))
1160 request, reason, request.remote_addr, request.headers))
1158
1161
1159 abort(403, detail=csrf_message)
1162 abort(403, detail=csrf_message)
1160
1163
1161
1164
1162 class LoginRequired(object):
1165 class LoginRequired(object):
1163 """
1166 """
1164 Must be logged in to execute this function else
1167 Must be logged in to execute this function else
1165 redirect to login page
1168 redirect to login page
1166
1169
1167 :param api_access: if enabled this checks only for valid auth token
1170 :param api_access: if enabled this checks only for valid auth token
1168 and grants access based on valid token
1171 and grants access based on valid token
1169 """
1172 """
1170 def __init__(self, auth_token_access=False):
1173 def __init__(self, auth_token_access=False):
1171 self.auth_token_access = auth_token_access
1174 self.auth_token_access = auth_token_access
1172
1175
1173 def __call__(self, func):
1176 def __call__(self, func):
1174 return get_cython_compat_decorator(self.__wrapper, func)
1177 return get_cython_compat_decorator(self.__wrapper, func)
1175
1178
1176 def __wrapper(self, func, *fargs, **fkwargs):
1179 def __wrapper(self, func, *fargs, **fkwargs):
1177 from rhodecode.lib import helpers as h
1180 from rhodecode.lib import helpers as h
1178 cls = fargs[0]
1181 cls = fargs[0]
1179 user = cls._rhodecode_user
1182 user = cls._rhodecode_user
1180 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1183 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1181 log.debug('Starting login restriction checks for user: %s' % (user,))
1184 log.debug('Starting login restriction checks for user: %s' % (user,))
1182 # check if our IP is allowed
1185 # check if our IP is allowed
1183 ip_access_valid = True
1186 ip_access_valid = True
1184 if not user.ip_allowed:
1187 if not user.ip_allowed:
1185 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1188 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1186 category='warning')
1189 category='warning')
1187 ip_access_valid = False
1190 ip_access_valid = False
1188
1191
1189 # check if we used an APIKEY and it's a valid one
1192 # check if we used an APIKEY and it's a valid one
1190 # defined whitelist of controllers which API access will be enabled
1193 # defined whitelist of controllers which API access will be enabled
1191 _auth_token = request.GET.get(
1194 _auth_token = request.GET.get(
1192 'auth_token', '') or request.GET.get('api_key', '')
1195 'auth_token', '') or request.GET.get('api_key', '')
1193 auth_token_access_valid = allowed_auth_token_access(
1196 auth_token_access_valid = allowed_auth_token_access(
1194 loc, auth_token=_auth_token)
1197 loc, auth_token=_auth_token)
1195
1198
1196 # explicit controller is enabled or API is in our whitelist
1199 # explicit controller is enabled or API is in our whitelist
1197 if self.auth_token_access or auth_token_access_valid:
1200 if self.auth_token_access or auth_token_access_valid:
1198 log.debug('Checking AUTH TOKEN access for %s' % (cls,))
1201 log.debug('Checking AUTH TOKEN access for %s' % (cls,))
1199
1202
1200 if _auth_token and _auth_token in user.auth_tokens:
1203 if _auth_token and _auth_token in user.auth_tokens:
1201 auth_token_access_valid = True
1204 auth_token_access_valid = True
1202 log.debug('AUTH TOKEN ****%s is VALID' % (_auth_token[-4:],))
1205 log.debug('AUTH TOKEN ****%s is VALID' % (_auth_token[-4:],))
1203 else:
1206 else:
1204 auth_token_access_valid = False
1207 auth_token_access_valid = False
1205 if not _auth_token:
1208 if not _auth_token:
1206 log.debug("AUTH TOKEN *NOT* present in request")
1209 log.debug("AUTH TOKEN *NOT* present in request")
1207 else:
1210 else:
1208 log.warning(
1211 log.warning(
1209 "AUTH TOKEN ****%s *NOT* valid" % _auth_token[-4:])
1212 "AUTH TOKEN ****%s *NOT* valid" % _auth_token[-4:])
1210
1213
1211 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
1214 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
1212 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1215 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1213 else 'AUTH_TOKEN_AUTH'
1216 else 'AUTH_TOKEN_AUTH'
1214
1217
1215 if ip_access_valid and (
1218 if ip_access_valid and (
1216 user.is_authenticated or auth_token_access_valid):
1219 user.is_authenticated or auth_token_access_valid):
1217 log.info(
1220 log.info(
1218 'user %s authenticating with:%s IS authenticated on func %s'
1221 'user %s authenticating with:%s IS authenticated on func %s'
1219 % (user, reason, loc))
1222 % (user, reason, loc))
1220
1223
1221 # update user data to check last activity
1224 # update user data to check last activity
1222 user.update_lastactivity()
1225 user.update_lastactivity()
1223 Session().commit()
1226 Session().commit()
1224 return func(*fargs, **fkwargs)
1227 return func(*fargs, **fkwargs)
1225 else:
1228 else:
1226 log.warning(
1229 log.warning(
1227 'user %s authenticating with:%s NOT authenticated on '
1230 'user %s authenticating with:%s NOT authenticated on '
1228 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s'
1231 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s'
1229 % (user, reason, loc, ip_access_valid,
1232 % (user, reason, loc, ip_access_valid,
1230 auth_token_access_valid))
1233 auth_token_access_valid))
1231 # we preserve the get PARAM
1234 # we preserve the get PARAM
1232 came_from = request.path_qs
1235 came_from = request.path_qs
1233
1236
1234 log.debug('redirecting to login page with %s' % (came_from,))
1237 log.debug('redirecting to login page with %s' % (came_from,))
1235 return redirect(
1238 return redirect(
1236 h.route_path('login', _query={'came_from': came_from}))
1239 h.route_path('login', _query={'came_from': came_from}))
1237
1240
1238
1241
1239 class NotAnonymous(object):
1242 class NotAnonymous(object):
1240 """
1243 """
1241 Must be logged in to execute this function else
1244 Must be logged in to execute this function else
1242 redirect to login page"""
1245 redirect to login page"""
1243
1246
1244 def __call__(self, func):
1247 def __call__(self, func):
1245 return get_cython_compat_decorator(self.__wrapper, func)
1248 return get_cython_compat_decorator(self.__wrapper, func)
1246
1249
1247 def __wrapper(self, func, *fargs, **fkwargs):
1250 def __wrapper(self, func, *fargs, **fkwargs):
1248 cls = fargs[0]
1251 cls = fargs[0]
1249 self.user = cls._rhodecode_user
1252 self.user = cls._rhodecode_user
1250
1253
1251 log.debug('Checking if user is not anonymous @%s' % cls)
1254 log.debug('Checking if user is not anonymous @%s' % cls)
1252
1255
1253 anonymous = self.user.username == User.DEFAULT_USER
1256 anonymous = self.user.username == User.DEFAULT_USER
1254
1257
1255 if anonymous:
1258 if anonymous:
1256 came_from = request.path_qs
1259 came_from = request.path_qs
1257
1260
1258 import rhodecode.lib.helpers as h
1261 import rhodecode.lib.helpers as h
1259 h.flash(_('You need to be a registered user to '
1262 h.flash(_('You need to be a registered user to '
1260 'perform this action'),
1263 'perform this action'),
1261 category='warning')
1264 category='warning')
1262 return redirect(
1265 return redirect(
1263 h.route_path('login', _query={'came_from': came_from}))
1266 h.route_path('login', _query={'came_from': came_from}))
1264 else:
1267 else:
1265 return func(*fargs, **fkwargs)
1268 return func(*fargs, **fkwargs)
1266
1269
1267
1270
1268 class XHRRequired(object):
1271 class XHRRequired(object):
1269 def __call__(self, func):
1272 def __call__(self, func):
1270 return get_cython_compat_decorator(self.__wrapper, func)
1273 return get_cython_compat_decorator(self.__wrapper, func)
1271
1274
1272 def __wrapper(self, func, *fargs, **fkwargs):
1275 def __wrapper(self, func, *fargs, **fkwargs):
1273 log.debug('Checking if request is XMLHttpRequest (XHR)')
1276 log.debug('Checking if request is XMLHttpRequest (XHR)')
1274 xhr_message = 'This is not a valid XMLHttpRequest (XHR) request'
1277 xhr_message = 'This is not a valid XMLHttpRequest (XHR) request'
1275 if not request.is_xhr:
1278 if not request.is_xhr:
1276 abort(400, detail=xhr_message)
1279 abort(400, detail=xhr_message)
1277
1280
1278 return func(*fargs, **fkwargs)
1281 return func(*fargs, **fkwargs)
1279
1282
1280
1283
1281 class HasAcceptedRepoType(object):
1284 class HasAcceptedRepoType(object):
1282 """
1285 """
1283 Check if requested repo is within given repo type aliases
1286 Check if requested repo is within given repo type aliases
1284
1287
1285 TODO: anderson: not sure where to put this decorator
1288 TODO: anderson: not sure where to put this decorator
1286 """
1289 """
1287
1290
1288 def __init__(self, *repo_type_list):
1291 def __init__(self, *repo_type_list):
1289 self.repo_type_list = set(repo_type_list)
1292 self.repo_type_list = set(repo_type_list)
1290
1293
1291 def __call__(self, func):
1294 def __call__(self, func):
1292 return get_cython_compat_decorator(self.__wrapper, func)
1295 return get_cython_compat_decorator(self.__wrapper, func)
1293
1296
1294 def __wrapper(self, func, *fargs, **fkwargs):
1297 def __wrapper(self, func, *fargs, **fkwargs):
1295 cls = fargs[0]
1298 cls = fargs[0]
1296 rhodecode_repo = cls.rhodecode_repo
1299 rhodecode_repo = cls.rhodecode_repo
1297
1300
1298 log.debug('%s checking repo type for %s in %s',
1301 log.debug('%s checking repo type for %s in %s',
1299 self.__class__.__name__,
1302 self.__class__.__name__,
1300 rhodecode_repo.alias, self.repo_type_list)
1303 rhodecode_repo.alias, self.repo_type_list)
1301
1304
1302 if rhodecode_repo.alias in self.repo_type_list:
1305 if rhodecode_repo.alias in self.repo_type_list:
1303 return func(*fargs, **fkwargs)
1306 return func(*fargs, **fkwargs)
1304 else:
1307 else:
1305 import rhodecode.lib.helpers as h
1308 import rhodecode.lib.helpers as h
1306 h.flash(h.literal(
1309 h.flash(h.literal(
1307 _('Action not supported for %s.' % rhodecode_repo.alias)),
1310 _('Action not supported for %s.' % rhodecode_repo.alias)),
1308 category='warning')
1311 category='warning')
1309 return redirect(
1312 return redirect(
1310 url('summary_home', repo_name=cls.rhodecode_db_repo.repo_name))
1313 url('summary_home', repo_name=cls.rhodecode_db_repo.repo_name))
1311
1314
1312
1315
1313 class PermsDecorator(object):
1316 class PermsDecorator(object):
1314 """
1317 """
1315 Base class for controller decorators, we extract the current user from
1318 Base class for controller decorators, we extract the current user from
1316 the class itself, which has it stored in base controllers
1319 the class itself, which has it stored in base controllers
1317 """
1320 """
1318
1321
1319 def __init__(self, *required_perms):
1322 def __init__(self, *required_perms):
1320 self.required_perms = set(required_perms)
1323 self.required_perms = set(required_perms)
1321
1324
1322 def __call__(self, func):
1325 def __call__(self, func):
1323 return get_cython_compat_decorator(self.__wrapper, func)
1326 return get_cython_compat_decorator(self.__wrapper, func)
1324
1327
1325 def __wrapper(self, func, *fargs, **fkwargs):
1328 def __wrapper(self, func, *fargs, **fkwargs):
1326 cls = fargs[0]
1329 cls = fargs[0]
1327 _user = cls._rhodecode_user
1330 _user = cls._rhodecode_user
1328
1331
1329 log.debug('checking %s permissions %s for %s %s',
1332 log.debug('checking %s permissions %s for %s %s',
1330 self.__class__.__name__, self.required_perms, cls, _user)
1333 self.__class__.__name__, self.required_perms, cls, _user)
1331
1334
1332 if self.check_permissions(_user):
1335 if self.check_permissions(_user):
1333 log.debug('Permission granted for %s %s', cls, _user)
1336 log.debug('Permission granted for %s %s', cls, _user)
1334 return func(*fargs, **fkwargs)
1337 return func(*fargs, **fkwargs)
1335
1338
1336 else:
1339 else:
1337 log.debug('Permission denied for %s %s', cls, _user)
1340 log.debug('Permission denied for %s %s', cls, _user)
1338 anonymous = _user.username == User.DEFAULT_USER
1341 anonymous = _user.username == User.DEFAULT_USER
1339
1342
1340 if anonymous:
1343 if anonymous:
1341 came_from = request.path_qs
1344 came_from = request.path_qs
1342
1345
1343 import rhodecode.lib.helpers as h
1346 import rhodecode.lib.helpers as h
1344 h.flash(_('You need to be signed in to view this page'),
1347 h.flash(_('You need to be signed in to view this page'),
1345 category='warning')
1348 category='warning')
1346 return redirect(
1349 return redirect(
1347 h.route_path('login', _query={'came_from': came_from}))
1350 h.route_path('login', _query={'came_from': came_from}))
1348
1351
1349 else:
1352 else:
1350 # redirect with forbidden ret code
1353 # redirect with forbidden ret code
1351 return abort(403)
1354 return abort(403)
1352
1355
1353 def check_permissions(self, user):
1356 def check_permissions(self, user):
1354 """Dummy function for overriding"""
1357 """Dummy function for overriding"""
1355 raise NotImplementedError(
1358 raise NotImplementedError(
1356 'You have to write this function in child class')
1359 'You have to write this function in child class')
1357
1360
1358
1361
1359 class HasPermissionAllDecorator(PermsDecorator):
1362 class HasPermissionAllDecorator(PermsDecorator):
1360 """
1363 """
1361 Checks for access permission for all given predicates. All of them
1364 Checks for access permission for all given predicates. All of them
1362 have to be meet in order to fulfill the request
1365 have to be meet in order to fulfill the request
1363 """
1366 """
1364
1367
1365 def check_permissions(self, user):
1368 def check_permissions(self, user):
1366 perms = user.permissions_with_scope({})
1369 perms = user.permissions_with_scope({})
1367 if self.required_perms.issubset(perms['global']):
1370 if self.required_perms.issubset(perms['global']):
1368 return True
1371 return True
1369 return False
1372 return False
1370
1373
1371
1374
1372 class HasPermissionAnyDecorator(PermsDecorator):
1375 class HasPermissionAnyDecorator(PermsDecorator):
1373 """
1376 """
1374 Checks for access permission for any of given predicates. In order to
1377 Checks for access permission for any of given predicates. In order to
1375 fulfill the request any of predicates must be meet
1378 fulfill the request any of predicates must be meet
1376 """
1379 """
1377
1380
1378 def check_permissions(self, user):
1381 def check_permissions(self, user):
1379 perms = user.permissions_with_scope({})
1382 perms = user.permissions_with_scope({})
1380 if self.required_perms.intersection(perms['global']):
1383 if self.required_perms.intersection(perms['global']):
1381 return True
1384 return True
1382 return False
1385 return False
1383
1386
1384
1387
1385 class HasRepoPermissionAllDecorator(PermsDecorator):
1388 class HasRepoPermissionAllDecorator(PermsDecorator):
1386 """
1389 """
1387 Checks for access permission for all given predicates for specific
1390 Checks for access permission for all given predicates for specific
1388 repository. All of them have to be meet in order to fulfill the request
1391 repository. All of them have to be meet in order to fulfill the request
1389 """
1392 """
1390
1393
1391 def check_permissions(self, user):
1394 def check_permissions(self, user):
1392 perms = user.permissions
1395 perms = user.permissions
1393 repo_name = get_repo_slug(request)
1396 repo_name = get_repo_slug(request)
1394 try:
1397 try:
1395 user_perms = set([perms['repositories'][repo_name]])
1398 user_perms = set([perms['repositories'][repo_name]])
1396 except KeyError:
1399 except KeyError:
1397 return False
1400 return False
1398 if self.required_perms.issubset(user_perms):
1401 if self.required_perms.issubset(user_perms):
1399 return True
1402 return True
1400 return False
1403 return False
1401
1404
1402
1405
1403 class HasRepoPermissionAnyDecorator(PermsDecorator):
1406 class HasRepoPermissionAnyDecorator(PermsDecorator):
1404 """
1407 """
1405 Checks for access permission for any of given predicates for specific
1408 Checks for access permission for any of given predicates for specific
1406 repository. In order to fulfill the request any of predicates must be meet
1409 repository. In order to fulfill the request any of predicates must be meet
1407 """
1410 """
1408
1411
1409 def check_permissions(self, user):
1412 def check_permissions(self, user):
1410 perms = user.permissions
1413 perms = user.permissions
1411 repo_name = get_repo_slug(request)
1414 repo_name = get_repo_slug(request)
1412 try:
1415 try:
1413 user_perms = set([perms['repositories'][repo_name]])
1416 user_perms = set([perms['repositories'][repo_name]])
1414 except KeyError:
1417 except KeyError:
1415 return False
1418 return False
1416
1419
1417 if self.required_perms.intersection(user_perms):
1420 if self.required_perms.intersection(user_perms):
1418 return True
1421 return True
1419 return False
1422 return False
1420
1423
1421
1424
1422 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1425 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1423 """
1426 """
1424 Checks for access permission for all given predicates for specific
1427 Checks for access permission for all given predicates for specific
1425 repository group. All of them have to be meet in order to
1428 repository group. All of them have to be meet in order to
1426 fulfill the request
1429 fulfill the request
1427 """
1430 """
1428
1431
1429 def check_permissions(self, user):
1432 def check_permissions(self, user):
1430 perms = user.permissions
1433 perms = user.permissions
1431 group_name = get_repo_group_slug(request)
1434 group_name = get_repo_group_slug(request)
1432 try:
1435 try:
1433 user_perms = set([perms['repositories_groups'][group_name]])
1436 user_perms = set([perms['repositories_groups'][group_name]])
1434 except KeyError:
1437 except KeyError:
1435 return False
1438 return False
1436
1439
1437 if self.required_perms.issubset(user_perms):
1440 if self.required_perms.issubset(user_perms):
1438 return True
1441 return True
1439 return False
1442 return False
1440
1443
1441
1444
1442 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1445 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1443 """
1446 """
1444 Checks for access permission for any of given predicates for specific
1447 Checks for access permission for any of given predicates for specific
1445 repository group. In order to fulfill the request any
1448 repository group. In order to fulfill the request any
1446 of predicates must be met
1449 of predicates must be met
1447 """
1450 """
1448
1451
1449 def check_permissions(self, user):
1452 def check_permissions(self, user):
1450 perms = user.permissions
1453 perms = user.permissions
1451 group_name = get_repo_group_slug(request)
1454 group_name = get_repo_group_slug(request)
1452 try:
1455 try:
1453 user_perms = set([perms['repositories_groups'][group_name]])
1456 user_perms = set([perms['repositories_groups'][group_name]])
1454 except KeyError:
1457 except KeyError:
1455 return False
1458 return False
1456
1459
1457 if self.required_perms.intersection(user_perms):
1460 if self.required_perms.intersection(user_perms):
1458 return True
1461 return True
1459 return False
1462 return False
1460
1463
1461
1464
1462 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1465 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1463 """
1466 """
1464 Checks for access permission for all given predicates for specific
1467 Checks for access permission for all given predicates for specific
1465 user group. All of them have to be meet in order to fulfill the request
1468 user group. All of them have to be meet in order to fulfill the request
1466 """
1469 """
1467
1470
1468 def check_permissions(self, user):
1471 def check_permissions(self, user):
1469 perms = user.permissions
1472 perms = user.permissions
1470 group_name = get_user_group_slug(request)
1473 group_name = get_user_group_slug(request)
1471 try:
1474 try:
1472 user_perms = set([perms['user_groups'][group_name]])
1475 user_perms = set([perms['user_groups'][group_name]])
1473 except KeyError:
1476 except KeyError:
1474 return False
1477 return False
1475
1478
1476 if self.required_perms.issubset(user_perms):
1479 if self.required_perms.issubset(user_perms):
1477 return True
1480 return True
1478 return False
1481 return False
1479
1482
1480
1483
1481 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1484 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1482 """
1485 """
1483 Checks for access permission for any of given predicates for specific
1486 Checks for access permission for any of given predicates for specific
1484 user group. In order to fulfill the request any of predicates must be meet
1487 user group. In order to fulfill the request any of predicates must be meet
1485 """
1488 """
1486
1489
1487 def check_permissions(self, user):
1490 def check_permissions(self, user):
1488 perms = user.permissions
1491 perms = user.permissions
1489 group_name = get_user_group_slug(request)
1492 group_name = get_user_group_slug(request)
1490 try:
1493 try:
1491 user_perms = set([perms['user_groups'][group_name]])
1494 user_perms = set([perms['user_groups'][group_name]])
1492 except KeyError:
1495 except KeyError:
1493 return False
1496 return False
1494
1497
1495 if self.required_perms.intersection(user_perms):
1498 if self.required_perms.intersection(user_perms):
1496 return True
1499 return True
1497 return False
1500 return False
1498
1501
1499
1502
1500 # CHECK FUNCTIONS
1503 # CHECK FUNCTIONS
1501 class PermsFunction(object):
1504 class PermsFunction(object):
1502 """Base function for other check functions"""
1505 """Base function for other check functions"""
1503
1506
1504 def __init__(self, *perms):
1507 def __init__(self, *perms):
1505 self.required_perms = set(perms)
1508 self.required_perms = set(perms)
1506 self.repo_name = None
1509 self.repo_name = None
1507 self.repo_group_name = None
1510 self.repo_group_name = None
1508 self.user_group_name = None
1511 self.user_group_name = None
1509
1512
1510 def __bool__(self):
1513 def __bool__(self):
1511 frame = inspect.currentframe()
1514 frame = inspect.currentframe()
1512 stack_trace = traceback.format_stack(frame)
1515 stack_trace = traceback.format_stack(frame)
1513 log.error('Checking bool value on a class instance of perm '
1516 log.error('Checking bool value on a class instance of perm '
1514 'function is not allowed: %s' % ''.join(stack_trace))
1517 'function is not allowed: %s' % ''.join(stack_trace))
1515 # rather than throwing errors, here we always return False so if by
1518 # rather than throwing errors, here we always return False so if by
1516 # accident someone checks truth for just an instance it will always end
1519 # accident someone checks truth for just an instance it will always end
1517 # up in returning False
1520 # up in returning False
1518 return False
1521 return False
1519 __nonzero__ = __bool__
1522 __nonzero__ = __bool__
1520
1523
1521 def __call__(self, check_location='', user=None):
1524 def __call__(self, check_location='', user=None):
1522 if not user:
1525 if not user:
1523 log.debug('Using user attribute from global request')
1526 log.debug('Using user attribute from global request')
1524 # TODO: remove this someday,put as user as attribute here
1527 # TODO: remove this someday,put as user as attribute here
1525 user = request.user
1528 user = request.user
1526
1529
1527 # init auth user if not already given
1530 # init auth user if not already given
1528 if not isinstance(user, AuthUser):
1531 if not isinstance(user, AuthUser):
1529 log.debug('Wrapping user %s into AuthUser', user)
1532 log.debug('Wrapping user %s into AuthUser', user)
1530 user = AuthUser(user.user_id)
1533 user = AuthUser(user.user_id)
1531
1534
1532 cls_name = self.__class__.__name__
1535 cls_name = self.__class__.__name__
1533 check_scope = self._get_check_scope(cls_name)
1536 check_scope = self._get_check_scope(cls_name)
1534 check_location = check_location or 'unspecified location'
1537 check_location = check_location or 'unspecified location'
1535
1538
1536 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1539 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1537 self.required_perms, user, check_scope, check_location)
1540 self.required_perms, user, check_scope, check_location)
1538 if not user:
1541 if not user:
1539 log.warning('Empty user given for permission check')
1542 log.warning('Empty user given for permission check')
1540 return False
1543 return False
1541
1544
1542 if self.check_permissions(user):
1545 if self.check_permissions(user):
1543 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1546 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1544 check_scope, user, check_location)
1547 check_scope, user, check_location)
1545 return True
1548 return True
1546
1549
1547 else:
1550 else:
1548 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1551 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1549 check_scope, user, check_location)
1552 check_scope, user, check_location)
1550 return False
1553 return False
1551
1554
1552 def _get_check_scope(self, cls_name):
1555 def _get_check_scope(self, cls_name):
1553 return {
1556 return {
1554 'HasPermissionAll': 'GLOBAL',
1557 'HasPermissionAll': 'GLOBAL',
1555 'HasPermissionAny': 'GLOBAL',
1558 'HasPermissionAny': 'GLOBAL',
1556 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1559 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1557 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1560 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1558 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
1561 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
1559 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
1562 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
1560 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
1563 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
1561 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
1564 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
1562 }.get(cls_name, '?:%s' % cls_name)
1565 }.get(cls_name, '?:%s' % cls_name)
1563
1566
1564 def check_permissions(self, user):
1567 def check_permissions(self, user):
1565 """Dummy function for overriding"""
1568 """Dummy function for overriding"""
1566 raise Exception('You have to write this function in child class')
1569 raise Exception('You have to write this function in child class')
1567
1570
1568
1571
1569 class HasPermissionAll(PermsFunction):
1572 class HasPermissionAll(PermsFunction):
1570 def check_permissions(self, user):
1573 def check_permissions(self, user):
1571 perms = user.permissions_with_scope({})
1574 perms = user.permissions_with_scope({})
1572 if self.required_perms.issubset(perms.get('global')):
1575 if self.required_perms.issubset(perms.get('global')):
1573 return True
1576 return True
1574 return False
1577 return False
1575
1578
1576
1579
1577 class HasPermissionAny(PermsFunction):
1580 class HasPermissionAny(PermsFunction):
1578 def check_permissions(self, user):
1581 def check_permissions(self, user):
1579 perms = user.permissions_with_scope({})
1582 perms = user.permissions_with_scope({})
1580 if self.required_perms.intersection(perms.get('global')):
1583 if self.required_perms.intersection(perms.get('global')):
1581 return True
1584 return True
1582 return False
1585 return False
1583
1586
1584
1587
1585 class HasRepoPermissionAll(PermsFunction):
1588 class HasRepoPermissionAll(PermsFunction):
1586 def __call__(self, repo_name=None, check_location='', user=None):
1589 def __call__(self, repo_name=None, check_location='', user=None):
1587 self.repo_name = repo_name
1590 self.repo_name = repo_name
1588 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1591 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1589
1592
1590 def check_permissions(self, user):
1593 def check_permissions(self, user):
1591 if not self.repo_name:
1594 if not self.repo_name:
1592 self.repo_name = get_repo_slug(request)
1595 self.repo_name = get_repo_slug(request)
1593
1596
1594 perms = user.permissions
1597 perms = user.permissions
1595 try:
1598 try:
1596 user_perms = set([perms['repositories'][self.repo_name]])
1599 user_perms = set([perms['repositories'][self.repo_name]])
1597 except KeyError:
1600 except KeyError:
1598 return False
1601 return False
1599 if self.required_perms.issubset(user_perms):
1602 if self.required_perms.issubset(user_perms):
1600 return True
1603 return True
1601 return False
1604 return False
1602
1605
1603
1606
1604 class HasRepoPermissionAny(PermsFunction):
1607 class HasRepoPermissionAny(PermsFunction):
1605 def __call__(self, repo_name=None, check_location='', user=None):
1608 def __call__(self, repo_name=None, check_location='', user=None):
1606 self.repo_name = repo_name
1609 self.repo_name = repo_name
1607 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1610 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1608
1611
1609 def check_permissions(self, user):
1612 def check_permissions(self, user):
1610 if not self.repo_name:
1613 if not self.repo_name:
1611 self.repo_name = get_repo_slug(request)
1614 self.repo_name = get_repo_slug(request)
1612
1615
1613 perms = user.permissions
1616 perms = user.permissions
1614 try:
1617 try:
1615 user_perms = set([perms['repositories'][self.repo_name]])
1618 user_perms = set([perms['repositories'][self.repo_name]])
1616 except KeyError:
1619 except KeyError:
1617 return False
1620 return False
1618 if self.required_perms.intersection(user_perms):
1621 if self.required_perms.intersection(user_perms):
1619 return True
1622 return True
1620 return False
1623 return False
1621
1624
1622
1625
1623 class HasRepoGroupPermissionAny(PermsFunction):
1626 class HasRepoGroupPermissionAny(PermsFunction):
1624 def __call__(self, group_name=None, check_location='', user=None):
1627 def __call__(self, group_name=None, check_location='', user=None):
1625 self.repo_group_name = group_name
1628 self.repo_group_name = group_name
1626 return super(HasRepoGroupPermissionAny, self).__call__(
1629 return super(HasRepoGroupPermissionAny, self).__call__(
1627 check_location, user)
1630 check_location, user)
1628
1631
1629 def check_permissions(self, user):
1632 def check_permissions(self, user):
1630 perms = user.permissions
1633 perms = user.permissions
1631 try:
1634 try:
1632 user_perms = set(
1635 user_perms = set(
1633 [perms['repositories_groups'][self.repo_group_name]])
1636 [perms['repositories_groups'][self.repo_group_name]])
1634 except KeyError:
1637 except KeyError:
1635 return False
1638 return False
1636 if self.required_perms.intersection(user_perms):
1639 if self.required_perms.intersection(user_perms):
1637 return True
1640 return True
1638 return False
1641 return False
1639
1642
1640
1643
1641 class HasRepoGroupPermissionAll(PermsFunction):
1644 class HasRepoGroupPermissionAll(PermsFunction):
1642 def __call__(self, group_name=None, check_location='', user=None):
1645 def __call__(self, group_name=None, check_location='', user=None):
1643 self.repo_group_name = group_name
1646 self.repo_group_name = group_name
1644 return super(HasRepoGroupPermissionAll, self).__call__(
1647 return super(HasRepoGroupPermissionAll, self).__call__(
1645 check_location, user)
1648 check_location, user)
1646
1649
1647 def check_permissions(self, user):
1650 def check_permissions(self, user):
1648 perms = user.permissions
1651 perms = user.permissions
1649 try:
1652 try:
1650 user_perms = set(
1653 user_perms = set(
1651 [perms['repositories_groups'][self.repo_group_name]])
1654 [perms['repositories_groups'][self.repo_group_name]])
1652 except KeyError:
1655 except KeyError:
1653 return False
1656 return False
1654 if self.required_perms.issubset(user_perms):
1657 if self.required_perms.issubset(user_perms):
1655 return True
1658 return True
1656 return False
1659 return False
1657
1660
1658
1661
1659 class HasUserGroupPermissionAny(PermsFunction):
1662 class HasUserGroupPermissionAny(PermsFunction):
1660 def __call__(self, user_group_name=None, check_location='', user=None):
1663 def __call__(self, user_group_name=None, check_location='', user=None):
1661 self.user_group_name = user_group_name
1664 self.user_group_name = user_group_name
1662 return super(HasUserGroupPermissionAny, self).__call__(
1665 return super(HasUserGroupPermissionAny, self).__call__(
1663 check_location, user)
1666 check_location, user)
1664
1667
1665 def check_permissions(self, user):
1668 def check_permissions(self, user):
1666 perms = user.permissions
1669 perms = user.permissions
1667 try:
1670 try:
1668 user_perms = set([perms['user_groups'][self.user_group_name]])
1671 user_perms = set([perms['user_groups'][self.user_group_name]])
1669 except KeyError:
1672 except KeyError:
1670 return False
1673 return False
1671 if self.required_perms.intersection(user_perms):
1674 if self.required_perms.intersection(user_perms):
1672 return True
1675 return True
1673 return False
1676 return False
1674
1677
1675
1678
1676 class HasUserGroupPermissionAll(PermsFunction):
1679 class HasUserGroupPermissionAll(PermsFunction):
1677 def __call__(self, user_group_name=None, check_location='', user=None):
1680 def __call__(self, user_group_name=None, check_location='', user=None):
1678 self.user_group_name = user_group_name
1681 self.user_group_name = user_group_name
1679 return super(HasUserGroupPermissionAll, self).__call__(
1682 return super(HasUserGroupPermissionAll, self).__call__(
1680 check_location, user)
1683 check_location, user)
1681
1684
1682 def check_permissions(self, user):
1685 def check_permissions(self, user):
1683 perms = user.permissions
1686 perms = user.permissions
1684 try:
1687 try:
1685 user_perms = set([perms['user_groups'][self.user_group_name]])
1688 user_perms = set([perms['user_groups'][self.user_group_name]])
1686 except KeyError:
1689 except KeyError:
1687 return False
1690 return False
1688 if self.required_perms.issubset(user_perms):
1691 if self.required_perms.issubset(user_perms):
1689 return True
1692 return True
1690 return False
1693 return False
1691
1694
1692
1695
1693 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1696 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1694 class HasPermissionAnyMiddleware(object):
1697 class HasPermissionAnyMiddleware(object):
1695 def __init__(self, *perms):
1698 def __init__(self, *perms):
1696 self.required_perms = set(perms)
1699 self.required_perms = set(perms)
1697
1700
1698 def __call__(self, user, repo_name):
1701 def __call__(self, user, repo_name):
1699 # repo_name MUST be unicode, since we handle keys in permission
1702 # repo_name MUST be unicode, since we handle keys in permission
1700 # dict by unicode
1703 # dict by unicode
1701 repo_name = safe_unicode(repo_name)
1704 repo_name = safe_unicode(repo_name)
1702 user = AuthUser(user.user_id)
1705 user = AuthUser(user.user_id)
1703 log.debug(
1706 log.debug(
1704 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
1707 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
1705 self.required_perms, user, repo_name)
1708 self.required_perms, user, repo_name)
1706
1709
1707 if self.check_permissions(user, repo_name):
1710 if self.check_permissions(user, repo_name):
1708 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
1711 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
1709 repo_name, user, 'PermissionMiddleware')
1712 repo_name, user, 'PermissionMiddleware')
1710 return True
1713 return True
1711
1714
1712 else:
1715 else:
1713 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
1716 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
1714 repo_name, user, 'PermissionMiddleware')
1717 repo_name, user, 'PermissionMiddleware')
1715 return False
1718 return False
1716
1719
1717 def check_permissions(self, user, repo_name):
1720 def check_permissions(self, user, repo_name):
1718 perms = user.permissions_with_scope({'repo_name': repo_name})
1721 perms = user.permissions_with_scope({'repo_name': repo_name})
1719
1722
1720 try:
1723 try:
1721 user_perms = set([perms['repositories'][repo_name]])
1724 user_perms = set([perms['repositories'][repo_name]])
1722 except Exception:
1725 except Exception:
1723 log.exception('Error while accessing user permissions')
1726 log.exception('Error while accessing user permissions')
1724 return False
1727 return False
1725
1728
1726 if self.required_perms.intersection(user_perms):
1729 if self.required_perms.intersection(user_perms):
1727 return True
1730 return True
1728 return False
1731 return False
1729
1732
1730
1733
1731 # SPECIAL VERSION TO HANDLE API AUTH
1734 # SPECIAL VERSION TO HANDLE API AUTH
1732 class _BaseApiPerm(object):
1735 class _BaseApiPerm(object):
1733 def __init__(self, *perms):
1736 def __init__(self, *perms):
1734 self.required_perms = set(perms)
1737 self.required_perms = set(perms)
1735
1738
1736 def __call__(self, check_location=None, user=None, repo_name=None,
1739 def __call__(self, check_location=None, user=None, repo_name=None,
1737 group_name=None, user_group_name=None):
1740 group_name=None, user_group_name=None):
1738 cls_name = self.__class__.__name__
1741 cls_name = self.__class__.__name__
1739 check_scope = 'global:%s' % (self.required_perms,)
1742 check_scope = 'global:%s' % (self.required_perms,)
1740 if repo_name:
1743 if repo_name:
1741 check_scope += ', repo_name:%s' % (repo_name,)
1744 check_scope += ', repo_name:%s' % (repo_name,)
1742
1745
1743 if group_name:
1746 if group_name:
1744 check_scope += ', repo_group_name:%s' % (group_name,)
1747 check_scope += ', repo_group_name:%s' % (group_name,)
1745
1748
1746 if user_group_name:
1749 if user_group_name:
1747 check_scope += ', user_group_name:%s' % (user_group_name,)
1750 check_scope += ', user_group_name:%s' % (user_group_name,)
1748
1751
1749 log.debug(
1752 log.debug(
1750 'checking cls:%s %s %s @ %s'
1753 'checking cls:%s %s %s @ %s'
1751 % (cls_name, self.required_perms, check_scope, check_location))
1754 % (cls_name, self.required_perms, check_scope, check_location))
1752 if not user:
1755 if not user:
1753 log.debug('Empty User passed into arguments')
1756 log.debug('Empty User passed into arguments')
1754 return False
1757 return False
1755
1758
1756 # process user
1759 # process user
1757 if not isinstance(user, AuthUser):
1760 if not isinstance(user, AuthUser):
1758 user = AuthUser(user.user_id)
1761 user = AuthUser(user.user_id)
1759 if not check_location:
1762 if not check_location:
1760 check_location = 'unspecified'
1763 check_location = 'unspecified'
1761 if self.check_permissions(user.permissions, repo_name, group_name,
1764 if self.check_permissions(user.permissions, repo_name, group_name,
1762 user_group_name):
1765 user_group_name):
1763 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1766 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1764 check_scope, user, check_location)
1767 check_scope, user, check_location)
1765 return True
1768 return True
1766
1769
1767 else:
1770 else:
1768 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1771 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1769 check_scope, user, check_location)
1772 check_scope, user, check_location)
1770 return False
1773 return False
1771
1774
1772 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1775 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1773 user_group_name=None):
1776 user_group_name=None):
1774 """
1777 """
1775 implement in child class should return True if permissions are ok,
1778 implement in child class should return True if permissions are ok,
1776 False otherwise
1779 False otherwise
1777
1780
1778 :param perm_defs: dict with permission definitions
1781 :param perm_defs: dict with permission definitions
1779 :param repo_name: repo name
1782 :param repo_name: repo name
1780 """
1783 """
1781 raise NotImplementedError()
1784 raise NotImplementedError()
1782
1785
1783
1786
1784 class HasPermissionAllApi(_BaseApiPerm):
1787 class HasPermissionAllApi(_BaseApiPerm):
1785 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1788 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1786 user_group_name=None):
1789 user_group_name=None):
1787 if self.required_perms.issubset(perm_defs.get('global')):
1790 if self.required_perms.issubset(perm_defs.get('global')):
1788 return True
1791 return True
1789 return False
1792 return False
1790
1793
1791
1794
1792 class HasPermissionAnyApi(_BaseApiPerm):
1795 class HasPermissionAnyApi(_BaseApiPerm):
1793 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1796 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1794 user_group_name=None):
1797 user_group_name=None):
1795 if self.required_perms.intersection(perm_defs.get('global')):
1798 if self.required_perms.intersection(perm_defs.get('global')):
1796 return True
1799 return True
1797 return False
1800 return False
1798
1801
1799
1802
1800 class HasRepoPermissionAllApi(_BaseApiPerm):
1803 class HasRepoPermissionAllApi(_BaseApiPerm):
1801 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1804 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1802 user_group_name=None):
1805 user_group_name=None):
1803 try:
1806 try:
1804 _user_perms = set([perm_defs['repositories'][repo_name]])
1807 _user_perms = set([perm_defs['repositories'][repo_name]])
1805 except KeyError:
1808 except KeyError:
1806 log.warning(traceback.format_exc())
1809 log.warning(traceback.format_exc())
1807 return False
1810 return False
1808 if self.required_perms.issubset(_user_perms):
1811 if self.required_perms.issubset(_user_perms):
1809 return True
1812 return True
1810 return False
1813 return False
1811
1814
1812
1815
1813 class HasRepoPermissionAnyApi(_BaseApiPerm):
1816 class HasRepoPermissionAnyApi(_BaseApiPerm):
1814 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1817 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1815 user_group_name=None):
1818 user_group_name=None):
1816 try:
1819 try:
1817 _user_perms = set([perm_defs['repositories'][repo_name]])
1820 _user_perms = set([perm_defs['repositories'][repo_name]])
1818 except KeyError:
1821 except KeyError:
1819 log.warning(traceback.format_exc())
1822 log.warning(traceback.format_exc())
1820 return False
1823 return False
1821 if self.required_perms.intersection(_user_perms):
1824 if self.required_perms.intersection(_user_perms):
1822 return True
1825 return True
1823 return False
1826 return False
1824
1827
1825
1828
1826 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
1829 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
1827 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1830 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1828 user_group_name=None):
1831 user_group_name=None):
1829 try:
1832 try:
1830 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1833 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1831 except KeyError:
1834 except KeyError:
1832 log.warning(traceback.format_exc())
1835 log.warning(traceback.format_exc())
1833 return False
1836 return False
1834 if self.required_perms.intersection(_user_perms):
1837 if self.required_perms.intersection(_user_perms):
1835 return True
1838 return True
1836 return False
1839 return False
1837
1840
1838
1841
1839 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
1842 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
1840 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1843 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1841 user_group_name=None):
1844 user_group_name=None):
1842 try:
1845 try:
1843 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1846 _user_perms = set([perm_defs['repositories_groups'][group_name]])
1844 except KeyError:
1847 except KeyError:
1845 log.warning(traceback.format_exc())
1848 log.warning(traceback.format_exc())
1846 return False
1849 return False
1847 if self.required_perms.issubset(_user_perms):
1850 if self.required_perms.issubset(_user_perms):
1848 return True
1851 return True
1849 return False
1852 return False
1850
1853
1851
1854
1852 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
1855 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
1853 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1856 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
1854 user_group_name=None):
1857 user_group_name=None):
1855 try:
1858 try:
1856 _user_perms = set([perm_defs['user_groups'][user_group_name]])
1859 _user_perms = set([perm_defs['user_groups'][user_group_name]])
1857 except KeyError:
1860 except KeyError:
1858 log.warning(traceback.format_exc())
1861 log.warning(traceback.format_exc())
1859 return False
1862 return False
1860 if self.required_perms.intersection(_user_perms):
1863 if self.required_perms.intersection(_user_perms):
1861 return True
1864 return True
1862 return False
1865 return False
1863
1866
1864
1867
1865 def check_ip_access(source_ip, allowed_ips=None):
1868 def check_ip_access(source_ip, allowed_ips=None):
1866 """
1869 """
1867 Checks if source_ip is a subnet of any of allowed_ips.
1870 Checks if source_ip is a subnet of any of allowed_ips.
1868
1871
1869 :param source_ip:
1872 :param source_ip:
1870 :param allowed_ips: list of allowed ips together with mask
1873 :param allowed_ips: list of allowed ips together with mask
1871 """
1874 """
1872 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
1875 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
1873 source_ip_address = ipaddress.ip_address(source_ip)
1876 source_ip_address = ipaddress.ip_address(source_ip)
1874 if isinstance(allowed_ips, (tuple, list, set)):
1877 if isinstance(allowed_ips, (tuple, list, set)):
1875 for ip in allowed_ips:
1878 for ip in allowed_ips:
1876 try:
1879 try:
1877 network_address = ipaddress.ip_network(ip, strict=False)
1880 network_address = ipaddress.ip_network(ip, strict=False)
1878 if source_ip_address in network_address:
1881 if source_ip_address in network_address:
1879 log.debug('IP %s is network %s' %
1882 log.debug('IP %s is network %s' %
1880 (source_ip_address, network_address))
1883 (source_ip_address, network_address))
1881 return True
1884 return True
1882 # for any case we cannot determine the IP, don't crash just
1885 # for any case we cannot determine the IP, don't crash just
1883 # skip it and log as error, we want to say forbidden still when
1886 # skip it and log as error, we want to say forbidden still when
1884 # sending bad IP
1887 # sending bad IP
1885 except Exception:
1888 except Exception:
1886 log.error(traceback.format_exc())
1889 log.error(traceback.format_exc())
1887 continue
1890 continue
1888 return False
1891 return False
1889
1892
1890
1893
1891 def get_cython_compat_decorator(wrapper, func):
1894 def get_cython_compat_decorator(wrapper, func):
1892 """
1895 """
1893 Creates a cython compatible decorator. The previously used
1896 Creates a cython compatible decorator. The previously used
1894 decorator.decorator() function seems to be incompatible with cython.
1897 decorator.decorator() function seems to be incompatible with cython.
1895
1898
1896 :param wrapper: __wrapper method of the decorator class
1899 :param wrapper: __wrapper method of the decorator class
1897 :param func: decorated function
1900 :param func: decorated function
1898 """
1901 """
1899 @wraps(func)
1902 @wraps(func)
1900 def local_wrapper(*args, **kwds):
1903 def local_wrapper(*args, **kwds):
1901 return wrapper(func, *args, **kwds)
1904 return wrapper(func, *args, **kwds)
1902 local_wrapper.__wrapped__ = func
1905 local_wrapper.__wrapped__ = func
1903 return local_wrapper
1906 return local_wrapper
@@ -1,936 +1,936 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2016 RhodeCode GmbH
3 # Copyright (C) 2011-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21
21
22 """
22 """
23 Some simple helper functions
23 Some simple helper functions
24 """
24 """
25
25
26
26
27 import collections
27 import collections
28 import datetime
28 import datetime
29 import dateutil.relativedelta
29 import dateutil.relativedelta
30 import hashlib
30 import hashlib
31 import logging
31 import logging
32 import re
32 import re
33 import sys
33 import sys
34 import time
34 import time
35 import threading
35 import threading
36 import urllib
36 import urllib
37 import urlobject
37 import urlobject
38 import uuid
38 import uuid
39
39
40 import pygments.lexers
40 import pygments.lexers
41 import sqlalchemy
41 import sqlalchemy
42 import sqlalchemy.engine.url
42 import sqlalchemy.engine.url
43 import webob
43 import webob
44 import routes.util
44 import routes.util
45
45
46 import rhodecode
46 import rhodecode
47
47
48
48
49 def md5(s):
49 def md5(s):
50 return hashlib.md5(s).hexdigest()
50 return hashlib.md5(s).hexdigest()
51
51
52
52
53 def md5_safe(s):
53 def md5_safe(s):
54 return md5(safe_str(s))
54 return md5(safe_str(s))
55
55
56
56
57 def __get_lem(extra_mapping=None):
57 def __get_lem(extra_mapping=None):
58 """
58 """
59 Get language extension map based on what's inside pygments lexers
59 Get language extension map based on what's inside pygments lexers
60 """
60 """
61 d = collections.defaultdict(lambda: [])
61 d = collections.defaultdict(lambda: [])
62
62
63 def __clean(s):
63 def __clean(s):
64 s = s.lstrip('*')
64 s = s.lstrip('*')
65 s = s.lstrip('.')
65 s = s.lstrip('.')
66
66
67 if s.find('[') != -1:
67 if s.find('[') != -1:
68 exts = []
68 exts = []
69 start, stop = s.find('['), s.find(']')
69 start, stop = s.find('['), s.find(']')
70
70
71 for suffix in s[start + 1:stop]:
71 for suffix in s[start + 1:stop]:
72 exts.append(s[:s.find('[')] + suffix)
72 exts.append(s[:s.find('[')] + suffix)
73 return [e.lower() for e in exts]
73 return [e.lower() for e in exts]
74 else:
74 else:
75 return [s.lower()]
75 return [s.lower()]
76
76
77 for lx, t in sorted(pygments.lexers.LEXERS.items()):
77 for lx, t in sorted(pygments.lexers.LEXERS.items()):
78 m = map(__clean, t[-2])
78 m = map(__clean, t[-2])
79 if m:
79 if m:
80 m = reduce(lambda x, y: x + y, m)
80 m = reduce(lambda x, y: x + y, m)
81 for ext in m:
81 for ext in m:
82 desc = lx.replace('Lexer', '')
82 desc = lx.replace('Lexer', '')
83 d[ext].append(desc)
83 d[ext].append(desc)
84
84
85 data = dict(d)
85 data = dict(d)
86
86
87 extra_mapping = extra_mapping or {}
87 extra_mapping = extra_mapping or {}
88 if extra_mapping:
88 if extra_mapping:
89 for k, v in extra_mapping.items():
89 for k, v in extra_mapping.items():
90 if k not in data:
90 if k not in data:
91 # register new mapping2lexer
91 # register new mapping2lexer
92 data[k] = [v]
92 data[k] = [v]
93
93
94 return data
94 return data
95
95
96
96
97 def str2bool(_str):
97 def str2bool(_str):
98 """
98 """
99 returs True/False value from given string, it tries to translate the
99 returns True/False value from given string, it tries to translate the
100 string into boolean
100 string into boolean
101
101
102 :param _str: string value to translate into boolean
102 :param _str: string value to translate into boolean
103 :rtype: boolean
103 :rtype: boolean
104 :returns: boolean from given string
104 :returns: boolean from given string
105 """
105 """
106 if _str is None:
106 if _str is None:
107 return False
107 return False
108 if _str in (True, False):
108 if _str in (True, False):
109 return _str
109 return _str
110 _str = str(_str).strip().lower()
110 _str = str(_str).strip().lower()
111 return _str in ('t', 'true', 'y', 'yes', 'on', '1')
111 return _str in ('t', 'true', 'y', 'yes', 'on', '1')
112
112
113
113
114 def aslist(obj, sep=None, strip=True):
114 def aslist(obj, sep=None, strip=True):
115 """
115 """
116 Returns given string separated by sep as list
116 Returns given string separated by sep as list
117
117
118 :param obj:
118 :param obj:
119 :param sep:
119 :param sep:
120 :param strip:
120 :param strip:
121 """
121 """
122 if isinstance(obj, (basestring,)):
122 if isinstance(obj, (basestring,)):
123 lst = obj.split(sep)
123 lst = obj.split(sep)
124 if strip:
124 if strip:
125 lst = [v.strip() for v in lst]
125 lst = [v.strip() for v in lst]
126 return lst
126 return lst
127 elif isinstance(obj, (list, tuple)):
127 elif isinstance(obj, (list, tuple)):
128 return obj
128 return obj
129 elif obj is None:
129 elif obj is None:
130 return []
130 return []
131 else:
131 else:
132 return [obj]
132 return [obj]
133
133
134
134
135 def convert_line_endings(line, mode):
135 def convert_line_endings(line, mode):
136 """
136 """
137 Converts a given line "line end" accordingly to given mode
137 Converts a given line "line end" accordingly to given mode
138
138
139 Available modes are::
139 Available modes are::
140 0 - Unix
140 0 - Unix
141 1 - Mac
141 1 - Mac
142 2 - DOS
142 2 - DOS
143
143
144 :param line: given line to convert
144 :param line: given line to convert
145 :param mode: mode to convert to
145 :param mode: mode to convert to
146 :rtype: str
146 :rtype: str
147 :return: converted line according to mode
147 :return: converted line according to mode
148 """
148 """
149 if mode == 0:
149 if mode == 0:
150 line = line.replace('\r\n', '\n')
150 line = line.replace('\r\n', '\n')
151 line = line.replace('\r', '\n')
151 line = line.replace('\r', '\n')
152 elif mode == 1:
152 elif mode == 1:
153 line = line.replace('\r\n', '\r')
153 line = line.replace('\r\n', '\r')
154 line = line.replace('\n', '\r')
154 line = line.replace('\n', '\r')
155 elif mode == 2:
155 elif mode == 2:
156 line = re.sub('\r(?!\n)|(?<!\r)\n', '\r\n', line)
156 line = re.sub('\r(?!\n)|(?<!\r)\n', '\r\n', line)
157 return line
157 return line
158
158
159
159
160 def detect_mode(line, default):
160 def detect_mode(line, default):
161 """
161 """
162 Detects line break for given line, if line break couldn't be found
162 Detects line break for given line, if line break couldn't be found
163 given default value is returned
163 given default value is returned
164
164
165 :param line: str line
165 :param line: str line
166 :param default: default
166 :param default: default
167 :rtype: int
167 :rtype: int
168 :return: value of line end on of 0 - Unix, 1 - Mac, 2 - DOS
168 :return: value of line end on of 0 - Unix, 1 - Mac, 2 - DOS
169 """
169 """
170 if line.endswith('\r\n'):
170 if line.endswith('\r\n'):
171 return 2
171 return 2
172 elif line.endswith('\n'):
172 elif line.endswith('\n'):
173 return 0
173 return 0
174 elif line.endswith('\r'):
174 elif line.endswith('\r'):
175 return 1
175 return 1
176 else:
176 else:
177 return default
177 return default
178
178
179
179
180 def safe_int(val, default=None):
180 def safe_int(val, default=None):
181 """
181 """
182 Returns int() of val if val is not convertable to int use default
182 Returns int() of val if val is not convertable to int use default
183 instead
183 instead
184
184
185 :param val:
185 :param val:
186 :param default:
186 :param default:
187 """
187 """
188
188
189 try:
189 try:
190 val = int(val)
190 val = int(val)
191 except (ValueError, TypeError):
191 except (ValueError, TypeError):
192 val = default
192 val = default
193
193
194 return val
194 return val
195
195
196
196
197 def safe_unicode(str_, from_encoding=None):
197 def safe_unicode(str_, from_encoding=None):
198 """
198 """
199 safe unicode function. Does few trick to turn str_ into unicode
199 safe unicode function. Does few trick to turn str_ into unicode
200
200
201 In case of UnicodeDecode error, we try to return it with encoding detected
201 In case of UnicodeDecode error, we try to return it with encoding detected
202 by chardet library if it fails fallback to unicode with errors replaced
202 by chardet library if it fails fallback to unicode with errors replaced
203
203
204 :param str_: string to decode
204 :param str_: string to decode
205 :rtype: unicode
205 :rtype: unicode
206 :returns: unicode object
206 :returns: unicode object
207 """
207 """
208 if isinstance(str_, unicode):
208 if isinstance(str_, unicode):
209 return str_
209 return str_
210
210
211 if not from_encoding:
211 if not from_encoding:
212 DEFAULT_ENCODINGS = aslist(rhodecode.CONFIG.get('default_encoding',
212 DEFAULT_ENCODINGS = aslist(rhodecode.CONFIG.get('default_encoding',
213 'utf8'), sep=',')
213 'utf8'), sep=',')
214 from_encoding = DEFAULT_ENCODINGS
214 from_encoding = DEFAULT_ENCODINGS
215
215
216 if not isinstance(from_encoding, (list, tuple)):
216 if not isinstance(from_encoding, (list, tuple)):
217 from_encoding = [from_encoding]
217 from_encoding = [from_encoding]
218
218
219 try:
219 try:
220 return unicode(str_)
220 return unicode(str_)
221 except UnicodeDecodeError:
221 except UnicodeDecodeError:
222 pass
222 pass
223
223
224 for enc in from_encoding:
224 for enc in from_encoding:
225 try:
225 try:
226 return unicode(str_, enc)
226 return unicode(str_, enc)
227 except UnicodeDecodeError:
227 except UnicodeDecodeError:
228 pass
228 pass
229
229
230 try:
230 try:
231 import chardet
231 import chardet
232 encoding = chardet.detect(str_)['encoding']
232 encoding = chardet.detect(str_)['encoding']
233 if encoding is None:
233 if encoding is None:
234 raise Exception()
234 raise Exception()
235 return str_.decode(encoding)
235 return str_.decode(encoding)
236 except (ImportError, UnicodeDecodeError, Exception):
236 except (ImportError, UnicodeDecodeError, Exception):
237 return unicode(str_, from_encoding[0], 'replace')
237 return unicode(str_, from_encoding[0], 'replace')
238
238
239
239
240 def safe_str(unicode_, to_encoding=None):
240 def safe_str(unicode_, to_encoding=None):
241 """
241 """
242 safe str function. Does few trick to turn unicode_ into string
242 safe str function. Does few trick to turn unicode_ into string
243
243
244 In case of UnicodeEncodeError, we try to return it with encoding detected
244 In case of UnicodeEncodeError, we try to return it with encoding detected
245 by chardet library if it fails fallback to string with errors replaced
245 by chardet library if it fails fallback to string with errors replaced
246
246
247 :param unicode_: unicode to encode
247 :param unicode_: unicode to encode
248 :rtype: str
248 :rtype: str
249 :returns: str object
249 :returns: str object
250 """
250 """
251
251
252 # if it's not basestr cast to str
252 # if it's not basestr cast to str
253 if not isinstance(unicode_, basestring):
253 if not isinstance(unicode_, basestring):
254 return str(unicode_)
254 return str(unicode_)
255
255
256 if isinstance(unicode_, str):
256 if isinstance(unicode_, str):
257 return unicode_
257 return unicode_
258
258
259 if not to_encoding:
259 if not to_encoding:
260 DEFAULT_ENCODINGS = aslist(rhodecode.CONFIG.get('default_encoding',
260 DEFAULT_ENCODINGS = aslist(rhodecode.CONFIG.get('default_encoding',
261 'utf8'), sep=',')
261 'utf8'), sep=',')
262 to_encoding = DEFAULT_ENCODINGS
262 to_encoding = DEFAULT_ENCODINGS
263
263
264 if not isinstance(to_encoding, (list, tuple)):
264 if not isinstance(to_encoding, (list, tuple)):
265 to_encoding = [to_encoding]
265 to_encoding = [to_encoding]
266
266
267 for enc in to_encoding:
267 for enc in to_encoding:
268 try:
268 try:
269 return unicode_.encode(enc)
269 return unicode_.encode(enc)
270 except UnicodeEncodeError:
270 except UnicodeEncodeError:
271 pass
271 pass
272
272
273 try:
273 try:
274 import chardet
274 import chardet
275 encoding = chardet.detect(unicode_)['encoding']
275 encoding = chardet.detect(unicode_)['encoding']
276 if encoding is None:
276 if encoding is None:
277 raise UnicodeEncodeError()
277 raise UnicodeEncodeError()
278
278
279 return unicode_.encode(encoding)
279 return unicode_.encode(encoding)
280 except (ImportError, UnicodeEncodeError):
280 except (ImportError, UnicodeEncodeError):
281 return unicode_.encode(to_encoding[0], 'replace')
281 return unicode_.encode(to_encoding[0], 'replace')
282
282
283
283
284 def remove_suffix(s, suffix):
284 def remove_suffix(s, suffix):
285 if s.endswith(suffix):
285 if s.endswith(suffix):
286 s = s[:-1 * len(suffix)]
286 s = s[:-1 * len(suffix)]
287 return s
287 return s
288
288
289
289
290 def remove_prefix(s, prefix):
290 def remove_prefix(s, prefix):
291 if s.startswith(prefix):
291 if s.startswith(prefix):
292 s = s[len(prefix):]
292 s = s[len(prefix):]
293 return s
293 return s
294
294
295
295
296 def find_calling_context(ignore_modules=None):
296 def find_calling_context(ignore_modules=None):
297 """
297 """
298 Look through the calling stack and return the frame which called
298 Look through the calling stack and return the frame which called
299 this function and is part of core module ( ie. rhodecode.* )
299 this function and is part of core module ( ie. rhodecode.* )
300
300
301 :param ignore_modules: list of modules to ignore eg. ['rhodecode.lib']
301 :param ignore_modules: list of modules to ignore eg. ['rhodecode.lib']
302 """
302 """
303
303
304 ignore_modules = ignore_modules or []
304 ignore_modules = ignore_modules or []
305
305
306 f = sys._getframe(2)
306 f = sys._getframe(2)
307 while f.f_back is not None:
307 while f.f_back is not None:
308 name = f.f_globals.get('__name__')
308 name = f.f_globals.get('__name__')
309 if name and name.startswith(__name__.split('.')[0]):
309 if name and name.startswith(__name__.split('.')[0]):
310 if name not in ignore_modules:
310 if name not in ignore_modules:
311 return f
311 return f
312 f = f.f_back
312 f = f.f_back
313 return None
313 return None
314
314
315
315
316 def engine_from_config(configuration, prefix='sqlalchemy.', **kwargs):
316 def engine_from_config(configuration, prefix='sqlalchemy.', **kwargs):
317 """Custom engine_from_config functions."""
317 """Custom engine_from_config functions."""
318 log = logging.getLogger('sqlalchemy.engine')
318 log = logging.getLogger('sqlalchemy.engine')
319 engine = sqlalchemy.engine_from_config(configuration, prefix, **kwargs)
319 engine = sqlalchemy.engine_from_config(configuration, prefix, **kwargs)
320
320
321 def color_sql(sql):
321 def color_sql(sql):
322 color_seq = '\033[1;33m' # This is yellow: code 33
322 color_seq = '\033[1;33m' # This is yellow: code 33
323 normal = '\x1b[0m'
323 normal = '\x1b[0m'
324 return ''.join([color_seq, sql, normal])
324 return ''.join([color_seq, sql, normal])
325
325
326 if configuration['debug']:
326 if configuration['debug']:
327 # attach events only for debug configuration
327 # attach events only for debug configuration
328
328
329 def before_cursor_execute(conn, cursor, statement,
329 def before_cursor_execute(conn, cursor, statement,
330 parameters, context, executemany):
330 parameters, context, executemany):
331 setattr(conn, 'query_start_time', time.time())
331 setattr(conn, 'query_start_time', time.time())
332 log.info(color_sql(">>>>> STARTING QUERY >>>>>"))
332 log.info(color_sql(">>>>> STARTING QUERY >>>>>"))
333 calling_context = find_calling_context(ignore_modules=[
333 calling_context = find_calling_context(ignore_modules=[
334 'rhodecode.lib.caching_query',
334 'rhodecode.lib.caching_query',
335 'rhodecode.model.settings',
335 'rhodecode.model.settings',
336 ])
336 ])
337 if calling_context:
337 if calling_context:
338 log.info(color_sql('call context %s:%s' % (
338 log.info(color_sql('call context %s:%s' % (
339 calling_context.f_code.co_filename,
339 calling_context.f_code.co_filename,
340 calling_context.f_lineno,
340 calling_context.f_lineno,
341 )))
341 )))
342
342
343 def after_cursor_execute(conn, cursor, statement,
343 def after_cursor_execute(conn, cursor, statement,
344 parameters, context, executemany):
344 parameters, context, executemany):
345 delattr(conn, 'query_start_time')
345 delattr(conn, 'query_start_time')
346
346
347 sqlalchemy.event.listen(engine, "before_cursor_execute",
347 sqlalchemy.event.listen(engine, "before_cursor_execute",
348 before_cursor_execute)
348 before_cursor_execute)
349 sqlalchemy.event.listen(engine, "after_cursor_execute",
349 sqlalchemy.event.listen(engine, "after_cursor_execute",
350 after_cursor_execute)
350 after_cursor_execute)
351
351
352 return engine
352 return engine
353
353
354
354
355 def get_encryption_key(config):
355 def get_encryption_key(config):
356 secret = config.get('rhodecode.encrypted_values.secret')
356 secret = config.get('rhodecode.encrypted_values.secret')
357 default = config['beaker.session.secret']
357 default = config['beaker.session.secret']
358 return secret or default
358 return secret or default
359
359
360
360
361 def age(prevdate, now=None, show_short_version=False, show_suffix=True,
361 def age(prevdate, now=None, show_short_version=False, show_suffix=True,
362 short_format=False):
362 short_format=False):
363 """
363 """
364 Turns a datetime into an age string.
364 Turns a datetime into an age string.
365 If show_short_version is True, this generates a shorter string with
365 If show_short_version is True, this generates a shorter string with
366 an approximate age; ex. '1 day ago', rather than '1 day and 23 hours ago'.
366 an approximate age; ex. '1 day ago', rather than '1 day and 23 hours ago'.
367
367
368 * IMPORTANT*
368 * IMPORTANT*
369 Code of this function is written in special way so it's easier to
369 Code of this function is written in special way so it's easier to
370 backport it to javascript. If you mean to update it, please also update
370 backport it to javascript. If you mean to update it, please also update
371 `jquery.timeago-extension.js` file
371 `jquery.timeago-extension.js` file
372
372
373 :param prevdate: datetime object
373 :param prevdate: datetime object
374 :param now: get current time, if not define we use
374 :param now: get current time, if not define we use
375 `datetime.datetime.now()`
375 `datetime.datetime.now()`
376 :param show_short_version: if it should approximate the date and
376 :param show_short_version: if it should approximate the date and
377 return a shorter string
377 return a shorter string
378 :param show_suffix:
378 :param show_suffix:
379 :param short_format: show short format, eg 2D instead of 2 days
379 :param short_format: show short format, eg 2D instead of 2 days
380 :rtype: unicode
380 :rtype: unicode
381 :returns: unicode words describing age
381 :returns: unicode words describing age
382 """
382 """
383 from pylons.i18n.translation import _, ungettext
383 from pylons.i18n.translation import _, ungettext
384
384
385 def _get_relative_delta(now, prevdate):
385 def _get_relative_delta(now, prevdate):
386 base = dateutil.relativedelta.relativedelta(now, prevdate)
386 base = dateutil.relativedelta.relativedelta(now, prevdate)
387 return {
387 return {
388 'year': base.years,
388 'year': base.years,
389 'month': base.months,
389 'month': base.months,
390 'day': base.days,
390 'day': base.days,
391 'hour': base.hours,
391 'hour': base.hours,
392 'minute': base.minutes,
392 'minute': base.minutes,
393 'second': base.seconds,
393 'second': base.seconds,
394 }
394 }
395
395
396 def _is_leap_year(year):
396 def _is_leap_year(year):
397 return year % 4 == 0 and (year % 100 != 0 or year % 400 == 0)
397 return year % 4 == 0 and (year % 100 != 0 or year % 400 == 0)
398
398
399 def get_month(prevdate):
399 def get_month(prevdate):
400 return prevdate.month
400 return prevdate.month
401
401
402 def get_year(prevdate):
402 def get_year(prevdate):
403 return prevdate.year
403 return prevdate.year
404
404
405 now = now or datetime.datetime.now()
405 now = now or datetime.datetime.now()
406 order = ['year', 'month', 'day', 'hour', 'minute', 'second']
406 order = ['year', 'month', 'day', 'hour', 'minute', 'second']
407 deltas = {}
407 deltas = {}
408 future = False
408 future = False
409
409
410 if prevdate > now:
410 if prevdate > now:
411 now_old = now
411 now_old = now
412 now = prevdate
412 now = prevdate
413 prevdate = now_old
413 prevdate = now_old
414 future = True
414 future = True
415 if future:
415 if future:
416 prevdate = prevdate.replace(microsecond=0)
416 prevdate = prevdate.replace(microsecond=0)
417 # Get date parts deltas
417 # Get date parts deltas
418 for part in order:
418 for part in order:
419 rel_delta = _get_relative_delta(now, prevdate)
419 rel_delta = _get_relative_delta(now, prevdate)
420 deltas[part] = rel_delta[part]
420 deltas[part] = rel_delta[part]
421
421
422 # Fix negative offsets (there is 1 second between 10:59:59 and 11:00:00,
422 # Fix negative offsets (there is 1 second between 10:59:59 and 11:00:00,
423 # not 1 hour, -59 minutes and -59 seconds)
423 # not 1 hour, -59 minutes and -59 seconds)
424 offsets = [[5, 60], [4, 60], [3, 24]]
424 offsets = [[5, 60], [4, 60], [3, 24]]
425 for element in offsets: # seconds, minutes, hours
425 for element in offsets: # seconds, minutes, hours
426 num = element[0]
426 num = element[0]
427 length = element[1]
427 length = element[1]
428
428
429 part = order[num]
429 part = order[num]
430 carry_part = order[num - 1]
430 carry_part = order[num - 1]
431
431
432 if deltas[part] < 0:
432 if deltas[part] < 0:
433 deltas[part] += length
433 deltas[part] += length
434 deltas[carry_part] -= 1
434 deltas[carry_part] -= 1
435
435
436 # Same thing for days except that the increment depends on the (variable)
436 # Same thing for days except that the increment depends on the (variable)
437 # number of days in the month
437 # number of days in the month
438 month_lengths = [31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]
438 month_lengths = [31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31]
439 if deltas['day'] < 0:
439 if deltas['day'] < 0:
440 if get_month(prevdate) == 2 and _is_leap_year(get_year(prevdate)):
440 if get_month(prevdate) == 2 and _is_leap_year(get_year(prevdate)):
441 deltas['day'] += 29
441 deltas['day'] += 29
442 else:
442 else:
443 deltas['day'] += month_lengths[get_month(prevdate) - 1]
443 deltas['day'] += month_lengths[get_month(prevdate) - 1]
444
444
445 deltas['month'] -= 1
445 deltas['month'] -= 1
446
446
447 if deltas['month'] < 0:
447 if deltas['month'] < 0:
448 deltas['month'] += 12
448 deltas['month'] += 12
449 deltas['year'] -= 1
449 deltas['year'] -= 1
450
450
451 # Format the result
451 # Format the result
452 if short_format:
452 if short_format:
453 fmt_funcs = {
453 fmt_funcs = {
454 'year': lambda d: u'%dy' % d,
454 'year': lambda d: u'%dy' % d,
455 'month': lambda d: u'%dm' % d,
455 'month': lambda d: u'%dm' % d,
456 'day': lambda d: u'%dd' % d,
456 'day': lambda d: u'%dd' % d,
457 'hour': lambda d: u'%dh' % d,
457 'hour': lambda d: u'%dh' % d,
458 'minute': lambda d: u'%dmin' % d,
458 'minute': lambda d: u'%dmin' % d,
459 'second': lambda d: u'%dsec' % d,
459 'second': lambda d: u'%dsec' % d,
460 }
460 }
461 else:
461 else:
462 fmt_funcs = {
462 fmt_funcs = {
463 'year': lambda d: ungettext(u'%d year', '%d years', d) % d,
463 'year': lambda d: ungettext(u'%d year', '%d years', d) % d,
464 'month': lambda d: ungettext(u'%d month', '%d months', d) % d,
464 'month': lambda d: ungettext(u'%d month', '%d months', d) % d,
465 'day': lambda d: ungettext(u'%d day', '%d days', d) % d,
465 'day': lambda d: ungettext(u'%d day', '%d days', d) % d,
466 'hour': lambda d: ungettext(u'%d hour', '%d hours', d) % d,
466 'hour': lambda d: ungettext(u'%d hour', '%d hours', d) % d,
467 'minute': lambda d: ungettext(u'%d minute', '%d minutes', d) % d,
467 'minute': lambda d: ungettext(u'%d minute', '%d minutes', d) % d,
468 'second': lambda d: ungettext(u'%d second', '%d seconds', d) % d,
468 'second': lambda d: ungettext(u'%d second', '%d seconds', d) % d,
469 }
469 }
470
470
471 i = 0
471 i = 0
472 for part in order:
472 for part in order:
473 value = deltas[part]
473 value = deltas[part]
474 if value != 0:
474 if value != 0:
475
475
476 if i < 5:
476 if i < 5:
477 sub_part = order[i + 1]
477 sub_part = order[i + 1]
478 sub_value = deltas[sub_part]
478 sub_value = deltas[sub_part]
479 else:
479 else:
480 sub_value = 0
480 sub_value = 0
481
481
482 if sub_value == 0 or show_short_version:
482 if sub_value == 0 or show_short_version:
483 _val = fmt_funcs[part](value)
483 _val = fmt_funcs[part](value)
484 if future:
484 if future:
485 if show_suffix:
485 if show_suffix:
486 return _(u'in %s') % _val
486 return _(u'in %s') % _val
487 else:
487 else:
488 return _val
488 return _val
489
489
490 else:
490 else:
491 if show_suffix:
491 if show_suffix:
492 return _(u'%s ago') % _val
492 return _(u'%s ago') % _val
493 else:
493 else:
494 return _val
494 return _val
495
495
496 val = fmt_funcs[part](value)
496 val = fmt_funcs[part](value)
497 val_detail = fmt_funcs[sub_part](sub_value)
497 val_detail = fmt_funcs[sub_part](sub_value)
498
498
499 if short_format:
499 if short_format:
500 datetime_tmpl = u'%s, %s'
500 datetime_tmpl = u'%s, %s'
501 if show_suffix:
501 if show_suffix:
502 datetime_tmpl = _(u'%s, %s ago')
502 datetime_tmpl = _(u'%s, %s ago')
503 if future:
503 if future:
504 datetime_tmpl = _(u'in %s, %s')
504 datetime_tmpl = _(u'in %s, %s')
505 else:
505 else:
506 datetime_tmpl = _(u'%s and %s')
506 datetime_tmpl = _(u'%s and %s')
507 if show_suffix:
507 if show_suffix:
508 datetime_tmpl = _(u'%s and %s ago')
508 datetime_tmpl = _(u'%s and %s ago')
509 if future:
509 if future:
510 datetime_tmpl = _(u'in %s and %s')
510 datetime_tmpl = _(u'in %s and %s')
511
511
512 return datetime_tmpl % (val, val_detail)
512 return datetime_tmpl % (val, val_detail)
513 i += 1
513 i += 1
514 return _(u'just now')
514 return _(u'just now')
515
515
516
516
517 def uri_filter(uri):
517 def uri_filter(uri):
518 """
518 """
519 Removes user:password from given url string
519 Removes user:password from given url string
520
520
521 :param uri:
521 :param uri:
522 :rtype: unicode
522 :rtype: unicode
523 :returns: filtered list of strings
523 :returns: filtered list of strings
524 """
524 """
525 if not uri:
525 if not uri:
526 return ''
526 return ''
527
527
528 proto = ''
528 proto = ''
529
529
530 for pat in ('https://', 'http://'):
530 for pat in ('https://', 'http://'):
531 if uri.startswith(pat):
531 if uri.startswith(pat):
532 uri = uri[len(pat):]
532 uri = uri[len(pat):]
533 proto = pat
533 proto = pat
534 break
534 break
535
535
536 # remove passwords and username
536 # remove passwords and username
537 uri = uri[uri.find('@') + 1:]
537 uri = uri[uri.find('@') + 1:]
538
538
539 # get the port
539 # get the port
540 cred_pos = uri.find(':')
540 cred_pos = uri.find(':')
541 if cred_pos == -1:
541 if cred_pos == -1:
542 host, port = uri, None
542 host, port = uri, None
543 else:
543 else:
544 host, port = uri[:cred_pos], uri[cred_pos + 1:]
544 host, port = uri[:cred_pos], uri[cred_pos + 1:]
545
545
546 return filter(None, [proto, host, port])
546 return filter(None, [proto, host, port])
547
547
548
548
549 def credentials_filter(uri):
549 def credentials_filter(uri):
550 """
550 """
551 Returns a url with removed credentials
551 Returns a url with removed credentials
552
552
553 :param uri:
553 :param uri:
554 """
554 """
555
555
556 uri = uri_filter(uri)
556 uri = uri_filter(uri)
557 # check if we have port
557 # check if we have port
558 if len(uri) > 2 and uri[2]:
558 if len(uri) > 2 and uri[2]:
559 uri[2] = ':' + uri[2]
559 uri[2] = ':' + uri[2]
560
560
561 return ''.join(uri)
561 return ''.join(uri)
562
562
563
563
564 def get_clone_url(uri_tmpl, qualifed_home_url, repo_name, repo_id, **override):
564 def get_clone_url(uri_tmpl, qualifed_home_url, repo_name, repo_id, **override):
565 parsed_url = urlobject.URLObject(qualifed_home_url)
565 parsed_url = urlobject.URLObject(qualifed_home_url)
566 decoded_path = safe_unicode(urllib.unquote(parsed_url.path.rstrip('/')))
566 decoded_path = safe_unicode(urllib.unquote(parsed_url.path.rstrip('/')))
567 args = {
567 args = {
568 'scheme': parsed_url.scheme,
568 'scheme': parsed_url.scheme,
569 'user': '',
569 'user': '',
570 # path if we use proxy-prefix
570 # path if we use proxy-prefix
571 'netloc': parsed_url.netloc+decoded_path,
571 'netloc': parsed_url.netloc+decoded_path,
572 'prefix': decoded_path,
572 'prefix': decoded_path,
573 'repo': repo_name,
573 'repo': repo_name,
574 'repoid': str(repo_id)
574 'repoid': str(repo_id)
575 }
575 }
576 args.update(override)
576 args.update(override)
577 args['user'] = urllib.quote(safe_str(args['user']))
577 args['user'] = urllib.quote(safe_str(args['user']))
578
578
579 for k, v in args.items():
579 for k, v in args.items():
580 uri_tmpl = uri_tmpl.replace('{%s}' % k, v)
580 uri_tmpl = uri_tmpl.replace('{%s}' % k, v)
581
581
582 # remove leading @ sign if it's present. Case of empty user
582 # remove leading @ sign if it's present. Case of empty user
583 url_obj = urlobject.URLObject(uri_tmpl)
583 url_obj = urlobject.URLObject(uri_tmpl)
584 url = url_obj.with_netloc(url_obj.netloc.lstrip('@'))
584 url = url_obj.with_netloc(url_obj.netloc.lstrip('@'))
585
585
586 return safe_unicode(url)
586 return safe_unicode(url)
587
587
588
588
589 def get_commit_safe(repo, commit_id=None, commit_idx=None, pre_load=None):
589 def get_commit_safe(repo, commit_id=None, commit_idx=None, pre_load=None):
590 """
590 """
591 Safe version of get_commit if this commit doesn't exists for a
591 Safe version of get_commit if this commit doesn't exists for a
592 repository it returns a Dummy one instead
592 repository it returns a Dummy one instead
593
593
594 :param repo: repository instance
594 :param repo: repository instance
595 :param commit_id: commit id as str
595 :param commit_id: commit id as str
596 :param pre_load: optional list of commit attributes to load
596 :param pre_load: optional list of commit attributes to load
597 """
597 """
598 # TODO(skreft): remove these circular imports
598 # TODO(skreft): remove these circular imports
599 from rhodecode.lib.vcs.backends.base import BaseRepository, EmptyCommit
599 from rhodecode.lib.vcs.backends.base import BaseRepository, EmptyCommit
600 from rhodecode.lib.vcs.exceptions import RepositoryError
600 from rhodecode.lib.vcs.exceptions import RepositoryError
601 if not isinstance(repo, BaseRepository):
601 if not isinstance(repo, BaseRepository):
602 raise Exception('You must pass an Repository '
602 raise Exception('You must pass an Repository '
603 'object as first argument got %s', type(repo))
603 'object as first argument got %s', type(repo))
604
604
605 try:
605 try:
606 commit = repo.get_commit(
606 commit = repo.get_commit(
607 commit_id=commit_id, commit_idx=commit_idx, pre_load=pre_load)
607 commit_id=commit_id, commit_idx=commit_idx, pre_load=pre_load)
608 except (RepositoryError, LookupError):
608 except (RepositoryError, LookupError):
609 commit = EmptyCommit()
609 commit = EmptyCommit()
610 return commit
610 return commit
611
611
612
612
613 def datetime_to_time(dt):
613 def datetime_to_time(dt):
614 if dt:
614 if dt:
615 return time.mktime(dt.timetuple())
615 return time.mktime(dt.timetuple())
616
616
617
617
618 def time_to_datetime(tm):
618 def time_to_datetime(tm):
619 if tm:
619 if tm:
620 if isinstance(tm, basestring):
620 if isinstance(tm, basestring):
621 try:
621 try:
622 tm = float(tm)
622 tm = float(tm)
623 except ValueError:
623 except ValueError:
624 return
624 return
625 return datetime.datetime.fromtimestamp(tm)
625 return datetime.datetime.fromtimestamp(tm)
626
626
627
627
628 def time_to_utcdatetime(tm):
628 def time_to_utcdatetime(tm):
629 if tm:
629 if tm:
630 if isinstance(tm, basestring):
630 if isinstance(tm, basestring):
631 try:
631 try:
632 tm = float(tm)
632 tm = float(tm)
633 except ValueError:
633 except ValueError:
634 return
634 return
635 return datetime.datetime.utcfromtimestamp(tm)
635 return datetime.datetime.utcfromtimestamp(tm)
636
636
637
637
638 MENTIONS_REGEX = re.compile(
638 MENTIONS_REGEX = re.compile(
639 # ^@ or @ without any special chars in front
639 # ^@ or @ without any special chars in front
640 r'(?:^@|[^a-zA-Z0-9\-\_\.]@)'
640 r'(?:^@|[^a-zA-Z0-9\-\_\.]@)'
641 # main body starts with letter, then can be . - _
641 # main body starts with letter, then can be . - _
642 r'([a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+)',
642 r'([a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+)',
643 re.VERBOSE | re.MULTILINE)
643 re.VERBOSE | re.MULTILINE)
644
644
645
645
646 def extract_mentioned_users(s):
646 def extract_mentioned_users(s):
647 """
647 """
648 Returns unique usernames from given string s that have @mention
648 Returns unique usernames from given string s that have @mention
649
649
650 :param s: string to get mentions
650 :param s: string to get mentions
651 """
651 """
652 usrs = set()
652 usrs = set()
653 for username in MENTIONS_REGEX.findall(s):
653 for username in MENTIONS_REGEX.findall(s):
654 usrs.add(username)
654 usrs.add(username)
655
655
656 return sorted(list(usrs), key=lambda k: k.lower())
656 return sorted(list(usrs), key=lambda k: k.lower())
657
657
658
658
659 class AttributeDict(dict):
659 class AttributeDict(dict):
660 def __getattr__(self, attr):
660 def __getattr__(self, attr):
661 return self.get(attr, None)
661 return self.get(attr, None)
662 __setattr__ = dict.__setitem__
662 __setattr__ = dict.__setitem__
663 __delattr__ = dict.__delitem__
663 __delattr__ = dict.__delitem__
664
664
665
665
666 def fix_PATH(os_=None):
666 def fix_PATH(os_=None):
667 """
667 """
668 Get current active python path, and append it to PATH variable to fix
668 Get current active python path, and append it to PATH variable to fix
669 issues of subprocess calls and different python versions
669 issues of subprocess calls and different python versions
670 """
670 """
671 if os_ is None:
671 if os_ is None:
672 import os
672 import os
673 else:
673 else:
674 os = os_
674 os = os_
675
675
676 cur_path = os.path.split(sys.executable)[0]
676 cur_path = os.path.split(sys.executable)[0]
677 if not os.environ['PATH'].startswith(cur_path):
677 if not os.environ['PATH'].startswith(cur_path):
678 os.environ['PATH'] = '%s:%s' % (cur_path, os.environ['PATH'])
678 os.environ['PATH'] = '%s:%s' % (cur_path, os.environ['PATH'])
679
679
680
680
681 def obfuscate_url_pw(engine):
681 def obfuscate_url_pw(engine):
682 _url = engine or ''
682 _url = engine or ''
683 try:
683 try:
684 _url = sqlalchemy.engine.url.make_url(engine)
684 _url = sqlalchemy.engine.url.make_url(engine)
685 if _url.password:
685 if _url.password:
686 _url.password = 'XXXXX'
686 _url.password = 'XXXXX'
687 except Exception:
687 except Exception:
688 pass
688 pass
689 return unicode(_url)
689 return unicode(_url)
690
690
691
691
692 def get_server_url(environ):
692 def get_server_url(environ):
693 req = webob.Request(environ)
693 req = webob.Request(environ)
694 return req.host_url + req.script_name
694 return req.host_url + req.script_name
695
695
696
696
697 def unique_id(hexlen=32):
697 def unique_id(hexlen=32):
698 alphabet = "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjklmnpqrstuvwxyz"
698 alphabet = "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjklmnpqrstuvwxyz"
699 return suuid(truncate_to=hexlen, alphabet=alphabet)
699 return suuid(truncate_to=hexlen, alphabet=alphabet)
700
700
701
701
702 def suuid(url=None, truncate_to=22, alphabet=None):
702 def suuid(url=None, truncate_to=22, alphabet=None):
703 """
703 """
704 Generate and return a short URL safe UUID.
704 Generate and return a short URL safe UUID.
705
705
706 If the url parameter is provided, set the namespace to the provided
706 If the url parameter is provided, set the namespace to the provided
707 URL and generate a UUID.
707 URL and generate a UUID.
708
708
709 :param url to get the uuid for
709 :param url to get the uuid for
710 :truncate_to: truncate the basic 22 UUID to shorter version
710 :truncate_to: truncate the basic 22 UUID to shorter version
711
711
712 The IDs won't be universally unique any longer, but the probability of
712 The IDs won't be universally unique any longer, but the probability of
713 a collision will still be very low.
713 a collision will still be very low.
714 """
714 """
715 # Define our alphabet.
715 # Define our alphabet.
716 _ALPHABET = alphabet or "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"
716 _ALPHABET = alphabet or "23456789ABCDEFGHJKLMNPQRSTUVWXYZ"
717
717
718 # If no URL is given, generate a random UUID.
718 # If no URL is given, generate a random UUID.
719 if url is None:
719 if url is None:
720 unique_id = uuid.uuid4().int
720 unique_id = uuid.uuid4().int
721 else:
721 else:
722 unique_id = uuid.uuid3(uuid.NAMESPACE_URL, url).int
722 unique_id = uuid.uuid3(uuid.NAMESPACE_URL, url).int
723
723
724 alphabet_length = len(_ALPHABET)
724 alphabet_length = len(_ALPHABET)
725 output = []
725 output = []
726 while unique_id > 0:
726 while unique_id > 0:
727 digit = unique_id % alphabet_length
727 digit = unique_id % alphabet_length
728 output.append(_ALPHABET[digit])
728 output.append(_ALPHABET[digit])
729 unique_id = int(unique_id / alphabet_length)
729 unique_id = int(unique_id / alphabet_length)
730 return "".join(output)[:truncate_to]
730 return "".join(output)[:truncate_to]
731
731
732
732
733 def get_current_rhodecode_user():
733 def get_current_rhodecode_user():
734 """
734 """
735 Gets rhodecode user from threadlocal tmpl_context variable if it's
735 Gets rhodecode user from threadlocal tmpl_context variable if it's
736 defined, else returns None.
736 defined, else returns None.
737 """
737 """
738 from pylons import tmpl_context as c
738 from pylons import tmpl_context as c
739 if hasattr(c, 'rhodecode_user'):
739 if hasattr(c, 'rhodecode_user'):
740 return c.rhodecode_user
740 return c.rhodecode_user
741
741
742 return None
742 return None
743
743
744
744
745 def action_logger_generic(action, namespace=''):
745 def action_logger_generic(action, namespace=''):
746 """
746 """
747 A generic logger for actions useful to the system overview, tries to find
747 A generic logger for actions useful to the system overview, tries to find
748 an acting user for the context of the call otherwise reports unknown user
748 an acting user for the context of the call otherwise reports unknown user
749
749
750 :param action: logging message eg 'comment 5 deleted'
750 :param action: logging message eg 'comment 5 deleted'
751 :param type: string
751 :param type: string
752
752
753 :param namespace: namespace of the logging message eg. 'repo.comments'
753 :param namespace: namespace of the logging message eg. 'repo.comments'
754 :param type: string
754 :param type: string
755
755
756 """
756 """
757
757
758 logger_name = 'rhodecode.actions'
758 logger_name = 'rhodecode.actions'
759
759
760 if namespace:
760 if namespace:
761 logger_name += '.' + namespace
761 logger_name += '.' + namespace
762
762
763 log = logging.getLogger(logger_name)
763 log = logging.getLogger(logger_name)
764
764
765 # get a user if we can
765 # get a user if we can
766 user = get_current_rhodecode_user()
766 user = get_current_rhodecode_user()
767
767
768 logfunc = log.info
768 logfunc = log.info
769
769
770 if not user:
770 if not user:
771 user = '<unknown user>'
771 user = '<unknown user>'
772 logfunc = log.warning
772 logfunc = log.warning
773
773
774 logfunc('Logging action by {}: {}'.format(user, action))
774 logfunc('Logging action by {}: {}'.format(user, action))
775
775
776
776
777 def escape_split(text, sep=',', maxsplit=-1):
777 def escape_split(text, sep=',', maxsplit=-1):
778 r"""
778 r"""
779 Allows for escaping of the separator: e.g. arg='foo\, bar'
779 Allows for escaping of the separator: e.g. arg='foo\, bar'
780
780
781 It should be noted that the way bash et. al. do command line parsing, those
781 It should be noted that the way bash et. al. do command line parsing, those
782 single quotes are required.
782 single quotes are required.
783 """
783 """
784 escaped_sep = r'\%s' % sep
784 escaped_sep = r'\%s' % sep
785
785
786 if escaped_sep not in text:
786 if escaped_sep not in text:
787 return text.split(sep, maxsplit)
787 return text.split(sep, maxsplit)
788
788
789 before, _mid, after = text.partition(escaped_sep)
789 before, _mid, after = text.partition(escaped_sep)
790 startlist = before.split(sep, maxsplit) # a regular split is fine here
790 startlist = before.split(sep, maxsplit) # a regular split is fine here
791 unfinished = startlist[-1]
791 unfinished = startlist[-1]
792 startlist = startlist[:-1]
792 startlist = startlist[:-1]
793
793
794 # recurse because there may be more escaped separators
794 # recurse because there may be more escaped separators
795 endlist = escape_split(after, sep, maxsplit)
795 endlist = escape_split(after, sep, maxsplit)
796
796
797 # finish building the escaped value. we use endlist[0] becaue the first
797 # finish building the escaped value. we use endlist[0] becaue the first
798 # part of the string sent in recursion is the rest of the escaped value.
798 # part of the string sent in recursion is the rest of the escaped value.
799 unfinished += sep + endlist[0]
799 unfinished += sep + endlist[0]
800
800
801 return startlist + [unfinished] + endlist[1:] # put together all the parts
801 return startlist + [unfinished] + endlist[1:] # put together all the parts
802
802
803
803
804 class OptionalAttr(object):
804 class OptionalAttr(object):
805 """
805 """
806 Special Optional Option that defines other attribute. Example::
806 Special Optional Option that defines other attribute. Example::
807
807
808 def test(apiuser, userid=Optional(OAttr('apiuser')):
808 def test(apiuser, userid=Optional(OAttr('apiuser')):
809 user = Optional.extract(userid)
809 user = Optional.extract(userid)
810 # calls
810 # calls
811
811
812 """
812 """
813
813
814 def __init__(self, attr_name):
814 def __init__(self, attr_name):
815 self.attr_name = attr_name
815 self.attr_name = attr_name
816
816
817 def __repr__(self):
817 def __repr__(self):
818 return '<OptionalAttr:%s>' % self.attr_name
818 return '<OptionalAttr:%s>' % self.attr_name
819
819
820 def __call__(self):
820 def __call__(self):
821 return self
821 return self
822
822
823
823
824 # alias
824 # alias
825 OAttr = OptionalAttr
825 OAttr = OptionalAttr
826
826
827
827
828 class Optional(object):
828 class Optional(object):
829 """
829 """
830 Defines an optional parameter::
830 Defines an optional parameter::
831
831
832 param = param.getval() if isinstance(param, Optional) else param
832 param = param.getval() if isinstance(param, Optional) else param
833 param = param() if isinstance(param, Optional) else param
833 param = param() if isinstance(param, Optional) else param
834
834
835 is equivalent of::
835 is equivalent of::
836
836
837 param = Optional.extract(param)
837 param = Optional.extract(param)
838
838
839 """
839 """
840
840
841 def __init__(self, type_):
841 def __init__(self, type_):
842 self.type_ = type_
842 self.type_ = type_
843
843
844 def __repr__(self):
844 def __repr__(self):
845 return '<Optional:%s>' % self.type_.__repr__()
845 return '<Optional:%s>' % self.type_.__repr__()
846
846
847 def __call__(self):
847 def __call__(self):
848 return self.getval()
848 return self.getval()
849
849
850 def getval(self):
850 def getval(self):
851 """
851 """
852 returns value from this Optional instance
852 returns value from this Optional instance
853 """
853 """
854 if isinstance(self.type_, OAttr):
854 if isinstance(self.type_, OAttr):
855 # use params name
855 # use params name
856 return self.type_.attr_name
856 return self.type_.attr_name
857 return self.type_
857 return self.type_
858
858
859 @classmethod
859 @classmethod
860 def extract(cls, val):
860 def extract(cls, val):
861 """
861 """
862 Extracts value from Optional() instance
862 Extracts value from Optional() instance
863
863
864 :param val:
864 :param val:
865 :return: original value if it's not Optional instance else
865 :return: original value if it's not Optional instance else
866 value of instance
866 value of instance
867 """
867 """
868 if isinstance(val, cls):
868 if isinstance(val, cls):
869 return val.getval()
869 return val.getval()
870 return val
870 return val
871
871
872
872
873 def get_routes_generator_for_server_url(server_url):
873 def get_routes_generator_for_server_url(server_url):
874 parsed_url = urlobject.URLObject(server_url)
874 parsed_url = urlobject.URLObject(server_url)
875 netloc = safe_str(parsed_url.netloc)
875 netloc = safe_str(parsed_url.netloc)
876 script_name = safe_str(parsed_url.path)
876 script_name = safe_str(parsed_url.path)
877
877
878 if ':' in netloc:
878 if ':' in netloc:
879 server_name, server_port = netloc.split(':')
879 server_name, server_port = netloc.split(':')
880 else:
880 else:
881 server_name = netloc
881 server_name = netloc
882 server_port = (parsed_url.scheme == 'https' and '443' or '80')
882 server_port = (parsed_url.scheme == 'https' and '443' or '80')
883
883
884 environ = {
884 environ = {
885 'REQUEST_METHOD': 'GET',
885 'REQUEST_METHOD': 'GET',
886 'PATH_INFO': '/',
886 'PATH_INFO': '/',
887 'SERVER_NAME': server_name,
887 'SERVER_NAME': server_name,
888 'SERVER_PORT': server_port,
888 'SERVER_PORT': server_port,
889 'SCRIPT_NAME': script_name,
889 'SCRIPT_NAME': script_name,
890 }
890 }
891 if parsed_url.scheme == 'https':
891 if parsed_url.scheme == 'https':
892 environ['HTTPS'] = 'on'
892 environ['HTTPS'] = 'on'
893 environ['wsgi.url_scheme'] = 'https'
893 environ['wsgi.url_scheme'] = 'https'
894
894
895 return routes.util.URLGenerator(rhodecode.CONFIG['routes.map'], environ)
895 return routes.util.URLGenerator(rhodecode.CONFIG['routes.map'], environ)
896
896
897
897
898 def glob2re(pat):
898 def glob2re(pat):
899 """
899 """
900 Translate a shell PATTERN to a regular expression.
900 Translate a shell PATTERN to a regular expression.
901
901
902 There is no way to quote meta-characters.
902 There is no way to quote meta-characters.
903 """
903 """
904
904
905 i, n = 0, len(pat)
905 i, n = 0, len(pat)
906 res = ''
906 res = ''
907 while i < n:
907 while i < n:
908 c = pat[i]
908 c = pat[i]
909 i = i+1
909 i = i+1
910 if c == '*':
910 if c == '*':
911 #res = res + '.*'
911 #res = res + '.*'
912 res = res + '[^/]*'
912 res = res + '[^/]*'
913 elif c == '?':
913 elif c == '?':
914 #res = res + '.'
914 #res = res + '.'
915 res = res + '[^/]'
915 res = res + '[^/]'
916 elif c == '[':
916 elif c == '[':
917 j = i
917 j = i
918 if j < n and pat[j] == '!':
918 if j < n and pat[j] == '!':
919 j = j+1
919 j = j+1
920 if j < n and pat[j] == ']':
920 if j < n and pat[j] == ']':
921 j = j+1
921 j = j+1
922 while j < n and pat[j] != ']':
922 while j < n and pat[j] != ']':
923 j = j+1
923 j = j+1
924 if j >= n:
924 if j >= n:
925 res = res + '\\['
925 res = res + '\\['
926 else:
926 else:
927 stuff = pat[i:j].replace('\\','\\\\')
927 stuff = pat[i:j].replace('\\','\\\\')
928 i = j+1
928 i = j+1
929 if stuff[0] == '!':
929 if stuff[0] == '!':
930 stuff = '^' + stuff[1:]
930 stuff = '^' + stuff[1:]
931 elif stuff[0] == '^':
931 elif stuff[0] == '^':
932 stuff = '\\' + stuff
932 stuff = '\\' + stuff
933 res = '%s[%s]' % (res, stuff)
933 res = '%s[%s]' % (res, stuff)
934 else:
934 else:
935 res = res + re.escape(c)
935 res = res + re.escape(c)
936 return res + '\Z(?ms)'
936 return res + '\Z(?ms)'
@@ -1,3693 +1,3701 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 Database Models for RhodeCode Enterprise
22 Database Models for RhodeCode Enterprise
23 """
23 """
24
24
25 import re
25 import re
26 import os
26 import os
27 import time
27 import time
28 import hashlib
28 import hashlib
29 import logging
29 import logging
30 import datetime
30 import datetime
31 import warnings
31 import warnings
32 import ipaddress
32 import ipaddress
33 import functools
33 import functools
34 import traceback
34 import traceback
35 import collections
35 import collections
36
36
37
37
38 from sqlalchemy import *
38 from sqlalchemy import *
39 from sqlalchemy.ext.declarative import declared_attr
39 from sqlalchemy.ext.declarative import declared_attr
40 from sqlalchemy.ext.hybrid import hybrid_property
40 from sqlalchemy.ext.hybrid import hybrid_property
41 from sqlalchemy.orm import (
41 from sqlalchemy.orm import (
42 relationship, joinedload, class_mapper, validates, aliased)
42 relationship, joinedload, class_mapper, validates, aliased)
43 from sqlalchemy.sql.expression import true
43 from sqlalchemy.sql.expression import true
44 from beaker.cache import cache_region
44 from beaker.cache import cache_region
45 from webob.exc import HTTPNotFound
45 from webob.exc import HTTPNotFound
46 from zope.cachedescriptors.property import Lazy as LazyProperty
46 from zope.cachedescriptors.property import Lazy as LazyProperty
47
47
48 from pylons import url
48 from pylons import url
49 from pylons.i18n.translation import lazy_ugettext as _
49 from pylons.i18n.translation import lazy_ugettext as _
50
50
51 from rhodecode.lib.vcs import get_vcs_instance
51 from rhodecode.lib.vcs import get_vcs_instance
52 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
52 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
53 from rhodecode.lib.utils2 import (
53 from rhodecode.lib.utils2 import (
54 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
54 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
55 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
55 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
56 glob2re)
56 glob2re)
57 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType
57 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType
58 from rhodecode.lib.ext_json import json
58 from rhodecode.lib.ext_json import json
59 from rhodecode.lib.caching_query import FromCache
59 from rhodecode.lib.caching_query import FromCache
60 from rhodecode.lib.encrypt import AESCipher
60 from rhodecode.lib.encrypt import AESCipher
61
61
62 from rhodecode.model.meta import Base, Session
62 from rhodecode.model.meta import Base, Session
63
63
64 URL_SEP = '/'
64 URL_SEP = '/'
65 log = logging.getLogger(__name__)
65 log = logging.getLogger(__name__)
66
66
67 # =============================================================================
67 # =============================================================================
68 # BASE CLASSES
68 # BASE CLASSES
69 # =============================================================================
69 # =============================================================================
70
70
71 # this is propagated from .ini file rhodecode.encrypted_values.secret or
71 # this is propagated from .ini file rhodecode.encrypted_values.secret or
72 # beaker.session.secret if first is not set.
72 # beaker.session.secret if first is not set.
73 # and initialized at environment.py
73 # and initialized at environment.py
74 ENCRYPTION_KEY = None
74 ENCRYPTION_KEY = None
75
75
76 # used to sort permissions by types, '#' used here is not allowed to be in
76 # used to sort permissions by types, '#' used here is not allowed to be in
77 # usernames, and it's very early in sorted string.printable table.
77 # usernames, and it's very early in sorted string.printable table.
78 PERMISSION_TYPE_SORT = {
78 PERMISSION_TYPE_SORT = {
79 'admin': '####',
79 'admin': '####',
80 'write': '###',
80 'write': '###',
81 'read': '##',
81 'read': '##',
82 'none': '#',
82 'none': '#',
83 }
83 }
84
84
85
85
86 def display_sort(obj):
86 def display_sort(obj):
87 """
87 """
88 Sort function used to sort permissions in .permissions() function of
88 Sort function used to sort permissions in .permissions() function of
89 Repository, RepoGroup, UserGroup. Also it put the default user in front
89 Repository, RepoGroup, UserGroup. Also it put the default user in front
90 of all other resources
90 of all other resources
91 """
91 """
92
92
93 if obj.username == User.DEFAULT_USER:
93 if obj.username == User.DEFAULT_USER:
94 return '#####'
94 return '#####'
95 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
95 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
96 return prefix + obj.username
96 return prefix + obj.username
97
97
98
98
99 def _hash_key(k):
99 def _hash_key(k):
100 return md5_safe(k)
100 return md5_safe(k)
101
101
102
102
103 class EncryptedTextValue(TypeDecorator):
103 class EncryptedTextValue(TypeDecorator):
104 """
104 """
105 Special column for encrypted long text data, use like::
105 Special column for encrypted long text data, use like::
106
106
107 value = Column("encrypted_value", EncryptedValue(), nullable=False)
107 value = Column("encrypted_value", EncryptedValue(), nullable=False)
108
108
109 This column is intelligent so if value is in unencrypted form it return
109 This column is intelligent so if value is in unencrypted form it return
110 unencrypted form, but on save it always encrypts
110 unencrypted form, but on save it always encrypts
111 """
111 """
112 impl = Text
112 impl = Text
113
113
114 def process_bind_param(self, value, dialect):
114 def process_bind_param(self, value, dialect):
115 if not value:
115 if not value:
116 return value
116 return value
117 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
117 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
118 # protect against double encrypting if someone manually starts
118 # protect against double encrypting if someone manually starts
119 # doing
119 # doing
120 raise ValueError('value needs to be in unencrypted format, ie. '
120 raise ValueError('value needs to be in unencrypted format, ie. '
121 'not starting with enc$aes')
121 'not starting with enc$aes')
122 return 'enc$aes_hmac$%s' % AESCipher(
122 return 'enc$aes_hmac$%s' % AESCipher(
123 ENCRYPTION_KEY, hmac=True).encrypt(value)
123 ENCRYPTION_KEY, hmac=True).encrypt(value)
124
124
125 def process_result_value(self, value, dialect):
125 def process_result_value(self, value, dialect):
126 import rhodecode
126 import rhodecode
127
127
128 if not value:
128 if not value:
129 return value
129 return value
130
130
131 parts = value.split('$', 3)
131 parts = value.split('$', 3)
132 if not len(parts) == 3:
132 if not len(parts) == 3:
133 # probably not encrypted values
133 # probably not encrypted values
134 return value
134 return value
135 else:
135 else:
136 if parts[0] != 'enc':
136 if parts[0] != 'enc':
137 # parts ok but without our header ?
137 # parts ok but without our header ?
138 return value
138 return value
139 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
139 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
140 'rhodecode.encrypted_values.strict') or True)
140 'rhodecode.encrypted_values.strict') or True)
141 # at that stage we know it's our encryption
141 # at that stage we know it's our encryption
142 if parts[1] == 'aes':
142 if parts[1] == 'aes':
143 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
143 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
144 elif parts[1] == 'aes_hmac':
144 elif parts[1] == 'aes_hmac':
145 decrypted_data = AESCipher(
145 decrypted_data = AESCipher(
146 ENCRYPTION_KEY, hmac=True,
146 ENCRYPTION_KEY, hmac=True,
147 strict_verification=enc_strict_mode).decrypt(parts[2])
147 strict_verification=enc_strict_mode).decrypt(parts[2])
148 else:
148 else:
149 raise ValueError(
149 raise ValueError(
150 'Encryption type part is wrong, must be `aes` '
150 'Encryption type part is wrong, must be `aes` '
151 'or `aes_hmac`, got `%s` instead' % (parts[1]))
151 'or `aes_hmac`, got `%s` instead' % (parts[1]))
152 return decrypted_data
152 return decrypted_data
153
153
154
154
155 class BaseModel(object):
155 class BaseModel(object):
156 """
156 """
157 Base Model for all classes
157 Base Model for all classes
158 """
158 """
159
159
160 @classmethod
160 @classmethod
161 def _get_keys(cls):
161 def _get_keys(cls):
162 """return column names for this model """
162 """return column names for this model """
163 return class_mapper(cls).c.keys()
163 return class_mapper(cls).c.keys()
164
164
165 def get_dict(self):
165 def get_dict(self):
166 """
166 """
167 return dict with keys and values corresponding
167 return dict with keys and values corresponding
168 to this model data """
168 to this model data """
169
169
170 d = {}
170 d = {}
171 for k in self._get_keys():
171 for k in self._get_keys():
172 d[k] = getattr(self, k)
172 d[k] = getattr(self, k)
173
173
174 # also use __json__() if present to get additional fields
174 # also use __json__() if present to get additional fields
175 _json_attr = getattr(self, '__json__', None)
175 _json_attr = getattr(self, '__json__', None)
176 if _json_attr:
176 if _json_attr:
177 # update with attributes from __json__
177 # update with attributes from __json__
178 if callable(_json_attr):
178 if callable(_json_attr):
179 _json_attr = _json_attr()
179 _json_attr = _json_attr()
180 for k, val in _json_attr.iteritems():
180 for k, val in _json_attr.iteritems():
181 d[k] = val
181 d[k] = val
182 return d
182 return d
183
183
184 def get_appstruct(self):
184 def get_appstruct(self):
185 """return list with keys and values tuples corresponding
185 """return list with keys and values tuples corresponding
186 to this model data """
186 to this model data """
187
187
188 l = []
188 l = []
189 for k in self._get_keys():
189 for k in self._get_keys():
190 l.append((k, getattr(self, k),))
190 l.append((k, getattr(self, k),))
191 return l
191 return l
192
192
193 def populate_obj(self, populate_dict):
193 def populate_obj(self, populate_dict):
194 """populate model with data from given populate_dict"""
194 """populate model with data from given populate_dict"""
195
195
196 for k in self._get_keys():
196 for k in self._get_keys():
197 if k in populate_dict:
197 if k in populate_dict:
198 setattr(self, k, populate_dict[k])
198 setattr(self, k, populate_dict[k])
199
199
200 @classmethod
200 @classmethod
201 def query(cls):
201 def query(cls):
202 return Session().query(cls)
202 return Session().query(cls)
203
203
204 @classmethod
204 @classmethod
205 def get(cls, id_):
205 def get(cls, id_):
206 if id_:
206 if id_:
207 return cls.query().get(id_)
207 return cls.query().get(id_)
208
208
209 @classmethod
209 @classmethod
210 def get_or_404(cls, id_):
210 def get_or_404(cls, id_):
211 try:
211 try:
212 id_ = int(id_)
212 id_ = int(id_)
213 except (TypeError, ValueError):
213 except (TypeError, ValueError):
214 raise HTTPNotFound
214 raise HTTPNotFound
215
215
216 res = cls.query().get(id_)
216 res = cls.query().get(id_)
217 if not res:
217 if not res:
218 raise HTTPNotFound
218 raise HTTPNotFound
219 return res
219 return res
220
220
221 @classmethod
221 @classmethod
222 def getAll(cls):
222 def getAll(cls):
223 # deprecated and left for backward compatibility
223 # deprecated and left for backward compatibility
224 return cls.get_all()
224 return cls.get_all()
225
225
226 @classmethod
226 @classmethod
227 def get_all(cls):
227 def get_all(cls):
228 return cls.query().all()
228 return cls.query().all()
229
229
230 @classmethod
230 @classmethod
231 def delete(cls, id_):
231 def delete(cls, id_):
232 obj = cls.query().get(id_)
232 obj = cls.query().get(id_)
233 Session().delete(obj)
233 Session().delete(obj)
234
234
235 @classmethod
235 @classmethod
236 def identity_cache(cls, session, attr_name, value):
236 def identity_cache(cls, session, attr_name, value):
237 exist_in_session = []
237 exist_in_session = []
238 for (item_cls, pkey), instance in session.identity_map.items():
238 for (item_cls, pkey), instance in session.identity_map.items():
239 if cls == item_cls and getattr(instance, attr_name) == value:
239 if cls == item_cls and getattr(instance, attr_name) == value:
240 exist_in_session.append(instance)
240 exist_in_session.append(instance)
241 if exist_in_session:
241 if exist_in_session:
242 if len(exist_in_session) == 1:
242 if len(exist_in_session) == 1:
243 return exist_in_session[0]
243 return exist_in_session[0]
244 log.exception(
244 log.exception(
245 'multiple objects with attr %s and '
245 'multiple objects with attr %s and '
246 'value %s found with same name: %r',
246 'value %s found with same name: %r',
247 attr_name, value, exist_in_session)
247 attr_name, value, exist_in_session)
248
248
249 def __repr__(self):
249 def __repr__(self):
250 if hasattr(self, '__unicode__'):
250 if hasattr(self, '__unicode__'):
251 # python repr needs to return str
251 # python repr needs to return str
252 try:
252 try:
253 return safe_str(self.__unicode__())
253 return safe_str(self.__unicode__())
254 except UnicodeDecodeError:
254 except UnicodeDecodeError:
255 pass
255 pass
256 return '<DB:%s>' % (self.__class__.__name__)
256 return '<DB:%s>' % (self.__class__.__name__)
257
257
258
258
259 class RhodeCodeSetting(Base, BaseModel):
259 class RhodeCodeSetting(Base, BaseModel):
260 __tablename__ = 'rhodecode_settings'
260 __tablename__ = 'rhodecode_settings'
261 __table_args__ = (
261 __table_args__ = (
262 UniqueConstraint('app_settings_name'),
262 UniqueConstraint('app_settings_name'),
263 {'extend_existing': True, 'mysql_engine': 'InnoDB',
263 {'extend_existing': True, 'mysql_engine': 'InnoDB',
264 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
264 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
265 )
265 )
266
266
267 SETTINGS_TYPES = {
267 SETTINGS_TYPES = {
268 'str': safe_str,
268 'str': safe_str,
269 'int': safe_int,
269 'int': safe_int,
270 'unicode': safe_unicode,
270 'unicode': safe_unicode,
271 'bool': str2bool,
271 'bool': str2bool,
272 'list': functools.partial(aslist, sep=',')
272 'list': functools.partial(aslist, sep=',')
273 }
273 }
274 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
274 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
275 GLOBAL_CONF_KEY = 'app_settings'
275 GLOBAL_CONF_KEY = 'app_settings'
276
276
277 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
277 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
278 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
278 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
279 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
279 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
280 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
280 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
281
281
282 def __init__(self, key='', val='', type='unicode'):
282 def __init__(self, key='', val='', type='unicode'):
283 self.app_settings_name = key
283 self.app_settings_name = key
284 self.app_settings_type = type
284 self.app_settings_type = type
285 self.app_settings_value = val
285 self.app_settings_value = val
286
286
287 @validates('_app_settings_value')
287 @validates('_app_settings_value')
288 def validate_settings_value(self, key, val):
288 def validate_settings_value(self, key, val):
289 assert type(val) == unicode
289 assert type(val) == unicode
290 return val
290 return val
291
291
292 @hybrid_property
292 @hybrid_property
293 def app_settings_value(self):
293 def app_settings_value(self):
294 v = self._app_settings_value
294 v = self._app_settings_value
295 _type = self.app_settings_type
295 _type = self.app_settings_type
296 if _type:
296 if _type:
297 _type = self.app_settings_type.split('.')[0]
297 _type = self.app_settings_type.split('.')[0]
298 # decode the encrypted value
298 # decode the encrypted value
299 if 'encrypted' in self.app_settings_type:
299 if 'encrypted' in self.app_settings_type:
300 cipher = EncryptedTextValue()
300 cipher = EncryptedTextValue()
301 v = safe_unicode(cipher.process_result_value(v, None))
301 v = safe_unicode(cipher.process_result_value(v, None))
302
302
303 converter = self.SETTINGS_TYPES.get(_type) or \
303 converter = self.SETTINGS_TYPES.get(_type) or \
304 self.SETTINGS_TYPES['unicode']
304 self.SETTINGS_TYPES['unicode']
305 return converter(v)
305 return converter(v)
306
306
307 @app_settings_value.setter
307 @app_settings_value.setter
308 def app_settings_value(self, val):
308 def app_settings_value(self, val):
309 """
309 """
310 Setter that will always make sure we use unicode in app_settings_value
310 Setter that will always make sure we use unicode in app_settings_value
311
311
312 :param val:
312 :param val:
313 """
313 """
314 val = safe_unicode(val)
314 val = safe_unicode(val)
315 # encode the encrypted value
315 # encode the encrypted value
316 if 'encrypted' in self.app_settings_type:
316 if 'encrypted' in self.app_settings_type:
317 cipher = EncryptedTextValue()
317 cipher = EncryptedTextValue()
318 val = safe_unicode(cipher.process_bind_param(val, None))
318 val = safe_unicode(cipher.process_bind_param(val, None))
319 self._app_settings_value = val
319 self._app_settings_value = val
320
320
321 @hybrid_property
321 @hybrid_property
322 def app_settings_type(self):
322 def app_settings_type(self):
323 return self._app_settings_type
323 return self._app_settings_type
324
324
325 @app_settings_type.setter
325 @app_settings_type.setter
326 def app_settings_type(self, val):
326 def app_settings_type(self, val):
327 if val.split('.')[0] not in self.SETTINGS_TYPES:
327 if val.split('.')[0] not in self.SETTINGS_TYPES:
328 raise Exception('type must be one of %s got %s'
328 raise Exception('type must be one of %s got %s'
329 % (self.SETTINGS_TYPES.keys(), val))
329 % (self.SETTINGS_TYPES.keys(), val))
330 self._app_settings_type = val
330 self._app_settings_type = val
331
331
332 def __unicode__(self):
332 def __unicode__(self):
333 return u"<%s('%s:%s[%s]')>" % (
333 return u"<%s('%s:%s[%s]')>" % (
334 self.__class__.__name__,
334 self.__class__.__name__,
335 self.app_settings_name, self.app_settings_value,
335 self.app_settings_name, self.app_settings_value,
336 self.app_settings_type
336 self.app_settings_type
337 )
337 )
338
338
339
339
340 class RhodeCodeUi(Base, BaseModel):
340 class RhodeCodeUi(Base, BaseModel):
341 __tablename__ = 'rhodecode_ui'
341 __tablename__ = 'rhodecode_ui'
342 __table_args__ = (
342 __table_args__ = (
343 UniqueConstraint('ui_key'),
343 UniqueConstraint('ui_key'),
344 {'extend_existing': True, 'mysql_engine': 'InnoDB',
344 {'extend_existing': True, 'mysql_engine': 'InnoDB',
345 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
345 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
346 )
346 )
347
347
348 HOOK_REPO_SIZE = 'changegroup.repo_size'
348 HOOK_REPO_SIZE = 'changegroup.repo_size'
349 # HG
349 # HG
350 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
350 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
351 HOOK_PULL = 'outgoing.pull_logger'
351 HOOK_PULL = 'outgoing.pull_logger'
352 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
352 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
353 HOOK_PUSH = 'changegroup.push_logger'
353 HOOK_PUSH = 'changegroup.push_logger'
354
354
355 # TODO: johbo: Unify way how hooks are configured for git and hg,
355 # TODO: johbo: Unify way how hooks are configured for git and hg,
356 # git part is currently hardcoded.
356 # git part is currently hardcoded.
357
357
358 # SVN PATTERNS
358 # SVN PATTERNS
359 SVN_BRANCH_ID = 'vcs_svn_branch'
359 SVN_BRANCH_ID = 'vcs_svn_branch'
360 SVN_TAG_ID = 'vcs_svn_tag'
360 SVN_TAG_ID = 'vcs_svn_tag'
361
361
362 ui_id = Column(
362 ui_id = Column(
363 "ui_id", Integer(), nullable=False, unique=True, default=None,
363 "ui_id", Integer(), nullable=False, unique=True, default=None,
364 primary_key=True)
364 primary_key=True)
365 ui_section = Column(
365 ui_section = Column(
366 "ui_section", String(255), nullable=True, unique=None, default=None)
366 "ui_section", String(255), nullable=True, unique=None, default=None)
367 ui_key = Column(
367 ui_key = Column(
368 "ui_key", String(255), nullable=True, unique=None, default=None)
368 "ui_key", String(255), nullable=True, unique=None, default=None)
369 ui_value = Column(
369 ui_value = Column(
370 "ui_value", String(255), nullable=True, unique=None, default=None)
370 "ui_value", String(255), nullable=True, unique=None, default=None)
371 ui_active = Column(
371 ui_active = Column(
372 "ui_active", Boolean(), nullable=True, unique=None, default=True)
372 "ui_active", Boolean(), nullable=True, unique=None, default=True)
373
373
374 def __repr__(self):
374 def __repr__(self):
375 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
375 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
376 self.ui_key, self.ui_value)
376 self.ui_key, self.ui_value)
377
377
378
378
379 class RepoRhodeCodeSetting(Base, BaseModel):
379 class RepoRhodeCodeSetting(Base, BaseModel):
380 __tablename__ = 'repo_rhodecode_settings'
380 __tablename__ = 'repo_rhodecode_settings'
381 __table_args__ = (
381 __table_args__ = (
382 UniqueConstraint(
382 UniqueConstraint(
383 'app_settings_name', 'repository_id',
383 'app_settings_name', 'repository_id',
384 name='uq_repo_rhodecode_setting_name_repo_id'),
384 name='uq_repo_rhodecode_setting_name_repo_id'),
385 {'extend_existing': True, 'mysql_engine': 'InnoDB',
385 {'extend_existing': True, 'mysql_engine': 'InnoDB',
386 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
386 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
387 )
387 )
388
388
389 repository_id = Column(
389 repository_id = Column(
390 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
390 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
391 nullable=False)
391 nullable=False)
392 app_settings_id = Column(
392 app_settings_id = Column(
393 "app_settings_id", Integer(), nullable=False, unique=True,
393 "app_settings_id", Integer(), nullable=False, unique=True,
394 default=None, primary_key=True)
394 default=None, primary_key=True)
395 app_settings_name = Column(
395 app_settings_name = Column(
396 "app_settings_name", String(255), nullable=True, unique=None,
396 "app_settings_name", String(255), nullable=True, unique=None,
397 default=None)
397 default=None)
398 _app_settings_value = Column(
398 _app_settings_value = Column(
399 "app_settings_value", String(4096), nullable=True, unique=None,
399 "app_settings_value", String(4096), nullable=True, unique=None,
400 default=None)
400 default=None)
401 _app_settings_type = Column(
401 _app_settings_type = Column(
402 "app_settings_type", String(255), nullable=True, unique=None,
402 "app_settings_type", String(255), nullable=True, unique=None,
403 default=None)
403 default=None)
404
404
405 repository = relationship('Repository')
405 repository = relationship('Repository')
406
406
407 def __init__(self, repository_id, key='', val='', type='unicode'):
407 def __init__(self, repository_id, key='', val='', type='unicode'):
408 self.repository_id = repository_id
408 self.repository_id = repository_id
409 self.app_settings_name = key
409 self.app_settings_name = key
410 self.app_settings_type = type
410 self.app_settings_type = type
411 self.app_settings_value = val
411 self.app_settings_value = val
412
412
413 @validates('_app_settings_value')
413 @validates('_app_settings_value')
414 def validate_settings_value(self, key, val):
414 def validate_settings_value(self, key, val):
415 assert type(val) == unicode
415 assert type(val) == unicode
416 return val
416 return val
417
417
418 @hybrid_property
418 @hybrid_property
419 def app_settings_value(self):
419 def app_settings_value(self):
420 v = self._app_settings_value
420 v = self._app_settings_value
421 type_ = self.app_settings_type
421 type_ = self.app_settings_type
422 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
422 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
423 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
423 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
424 return converter(v)
424 return converter(v)
425
425
426 @app_settings_value.setter
426 @app_settings_value.setter
427 def app_settings_value(self, val):
427 def app_settings_value(self, val):
428 """
428 """
429 Setter that will always make sure we use unicode in app_settings_value
429 Setter that will always make sure we use unicode in app_settings_value
430
430
431 :param val:
431 :param val:
432 """
432 """
433 self._app_settings_value = safe_unicode(val)
433 self._app_settings_value = safe_unicode(val)
434
434
435 @hybrid_property
435 @hybrid_property
436 def app_settings_type(self):
436 def app_settings_type(self):
437 return self._app_settings_type
437 return self._app_settings_type
438
438
439 @app_settings_type.setter
439 @app_settings_type.setter
440 def app_settings_type(self, val):
440 def app_settings_type(self, val):
441 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
441 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
442 if val not in SETTINGS_TYPES:
442 if val not in SETTINGS_TYPES:
443 raise Exception('type must be one of %s got %s'
443 raise Exception('type must be one of %s got %s'
444 % (SETTINGS_TYPES.keys(), val))
444 % (SETTINGS_TYPES.keys(), val))
445 self._app_settings_type = val
445 self._app_settings_type = val
446
446
447 def __unicode__(self):
447 def __unicode__(self):
448 return u"<%s('%s:%s:%s[%s]')>" % (
448 return u"<%s('%s:%s:%s[%s]')>" % (
449 self.__class__.__name__, self.repository.repo_name,
449 self.__class__.__name__, self.repository.repo_name,
450 self.app_settings_name, self.app_settings_value,
450 self.app_settings_name, self.app_settings_value,
451 self.app_settings_type
451 self.app_settings_type
452 )
452 )
453
453
454
454
455 class RepoRhodeCodeUi(Base, BaseModel):
455 class RepoRhodeCodeUi(Base, BaseModel):
456 __tablename__ = 'repo_rhodecode_ui'
456 __tablename__ = 'repo_rhodecode_ui'
457 __table_args__ = (
457 __table_args__ = (
458 UniqueConstraint(
458 UniqueConstraint(
459 'repository_id', 'ui_section', 'ui_key',
459 'repository_id', 'ui_section', 'ui_key',
460 name='uq_repo_rhodecode_ui_repository_id_section_key'),
460 name='uq_repo_rhodecode_ui_repository_id_section_key'),
461 {'extend_existing': True, 'mysql_engine': 'InnoDB',
461 {'extend_existing': True, 'mysql_engine': 'InnoDB',
462 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
462 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
463 )
463 )
464
464
465 repository_id = Column(
465 repository_id = Column(
466 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
466 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
467 nullable=False)
467 nullable=False)
468 ui_id = Column(
468 ui_id = Column(
469 "ui_id", Integer(), nullable=False, unique=True, default=None,
469 "ui_id", Integer(), nullable=False, unique=True, default=None,
470 primary_key=True)
470 primary_key=True)
471 ui_section = Column(
471 ui_section = Column(
472 "ui_section", String(255), nullable=True, unique=None, default=None)
472 "ui_section", String(255), nullable=True, unique=None, default=None)
473 ui_key = Column(
473 ui_key = Column(
474 "ui_key", String(255), nullable=True, unique=None, default=None)
474 "ui_key", String(255), nullable=True, unique=None, default=None)
475 ui_value = Column(
475 ui_value = Column(
476 "ui_value", String(255), nullable=True, unique=None, default=None)
476 "ui_value", String(255), nullable=True, unique=None, default=None)
477 ui_active = Column(
477 ui_active = Column(
478 "ui_active", Boolean(), nullable=True, unique=None, default=True)
478 "ui_active", Boolean(), nullable=True, unique=None, default=True)
479
479
480 repository = relationship('Repository')
480 repository = relationship('Repository')
481
481
482 def __repr__(self):
482 def __repr__(self):
483 return '<%s[%s:%s]%s=>%s]>' % (
483 return '<%s[%s:%s]%s=>%s]>' % (
484 self.__class__.__name__, self.repository.repo_name,
484 self.__class__.__name__, self.repository.repo_name,
485 self.ui_section, self.ui_key, self.ui_value)
485 self.ui_section, self.ui_key, self.ui_value)
486
486
487
487
488 class User(Base, BaseModel):
488 class User(Base, BaseModel):
489 __tablename__ = 'users'
489 __tablename__ = 'users'
490 __table_args__ = (
490 __table_args__ = (
491 UniqueConstraint('username'), UniqueConstraint('email'),
491 UniqueConstraint('username'), UniqueConstraint('email'),
492 Index('u_username_idx', 'username'),
492 Index('u_username_idx', 'username'),
493 Index('u_email_idx', 'email'),
493 Index('u_email_idx', 'email'),
494 {'extend_existing': True, 'mysql_engine': 'InnoDB',
494 {'extend_existing': True, 'mysql_engine': 'InnoDB',
495 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
495 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
496 )
496 )
497 DEFAULT_USER = 'default'
497 DEFAULT_USER = 'default'
498 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
498 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
499 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
499 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
500
500
501 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
501 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
502 username = Column("username", String(255), nullable=True, unique=None, default=None)
502 username = Column("username", String(255), nullable=True, unique=None, default=None)
503 password = Column("password", String(255), nullable=True, unique=None, default=None)
503 password = Column("password", String(255), nullable=True, unique=None, default=None)
504 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
504 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
505 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
505 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
506 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
506 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
507 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
507 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
508 _email = Column("email", String(255), nullable=True, unique=None, default=None)
508 _email = Column("email", String(255), nullable=True, unique=None, default=None)
509 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
509 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
510 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
510 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
511 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
511 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
512 api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
512 api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
513 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
513 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
514 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
514 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
515 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
515 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
516
516
517 user_log = relationship('UserLog')
517 user_log = relationship('UserLog')
518 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
518 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
519
519
520 repositories = relationship('Repository')
520 repositories = relationship('Repository')
521 repository_groups = relationship('RepoGroup')
521 repository_groups = relationship('RepoGroup')
522 user_groups = relationship('UserGroup')
522 user_groups = relationship('UserGroup')
523
523
524 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
524 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
525 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
525 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
526
526
527 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
527 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
528 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
528 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
529 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
529 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
530
530
531 group_member = relationship('UserGroupMember', cascade='all')
531 group_member = relationship('UserGroupMember', cascade='all')
532
532
533 notifications = relationship('UserNotification', cascade='all')
533 notifications = relationship('UserNotification', cascade='all')
534 # notifications assigned to this user
534 # notifications assigned to this user
535 user_created_notifications = relationship('Notification', cascade='all')
535 user_created_notifications = relationship('Notification', cascade='all')
536 # comments created by this user
536 # comments created by this user
537 user_comments = relationship('ChangesetComment', cascade='all')
537 user_comments = relationship('ChangesetComment', cascade='all')
538 # user profile extra info
538 # user profile extra info
539 user_emails = relationship('UserEmailMap', cascade='all')
539 user_emails = relationship('UserEmailMap', cascade='all')
540 user_ip_map = relationship('UserIpMap', cascade='all')
540 user_ip_map = relationship('UserIpMap', cascade='all')
541 user_auth_tokens = relationship('UserApiKeys', cascade='all')
541 user_auth_tokens = relationship('UserApiKeys', cascade='all')
542 # gists
542 # gists
543 user_gists = relationship('Gist', cascade='all')
543 user_gists = relationship('Gist', cascade='all')
544 # user pull requests
544 # user pull requests
545 user_pull_requests = relationship('PullRequest', cascade='all')
545 user_pull_requests = relationship('PullRequest', cascade='all')
546 # external identities
546 # external identities
547 extenal_identities = relationship(
547 extenal_identities = relationship(
548 'ExternalIdentity',
548 'ExternalIdentity',
549 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
549 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
550 cascade='all')
550 cascade='all')
551
551
552 def __unicode__(self):
552 def __unicode__(self):
553 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
553 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
554 self.user_id, self.username)
554 self.user_id, self.username)
555
555
556 @hybrid_property
556 @hybrid_property
557 def email(self):
557 def email(self):
558 return self._email
558 return self._email
559
559
560 @email.setter
560 @email.setter
561 def email(self, val):
561 def email(self, val):
562 self._email = val.lower() if val else None
562 self._email = val.lower() if val else None
563
563
564 @property
564 @property
565 def firstname(self):
565 def firstname(self):
566 # alias for future
566 # alias for future
567 return self.name
567 return self.name
568
568
569 @property
569 @property
570 def emails(self):
570 def emails(self):
571 other = UserEmailMap.query().filter(UserEmailMap.user==self).all()
571 other = UserEmailMap.query().filter(UserEmailMap.user==self).all()
572 return [self.email] + [x.email for x in other]
572 return [self.email] + [x.email for x in other]
573
573
574 @property
574 @property
575 def auth_tokens(self):
575 def auth_tokens(self):
576 return [self.api_key] + [x.api_key for x in self.extra_auth_tokens]
576 return [self.api_key] + [x.api_key for x in self.extra_auth_tokens]
577
577
578 @property
578 @property
579 def extra_auth_tokens(self):
579 def extra_auth_tokens(self):
580 return UserApiKeys.query().filter(UserApiKeys.user == self).all()
580 return UserApiKeys.query().filter(UserApiKeys.user == self).all()
581
581
582 @property
582 @property
583 def feed_token(self):
583 def feed_token(self):
584 feed_tokens = UserApiKeys.query()\
584 feed_tokens = UserApiKeys.query()\
585 .filter(UserApiKeys.user == self)\
585 .filter(UserApiKeys.user == self)\
586 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)\
586 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)\
587 .all()
587 .all()
588 if feed_tokens:
588 if feed_tokens:
589 return feed_tokens[0].api_key
589 return feed_tokens[0].api_key
590 else:
590 else:
591 # use the main token so we don't end up with nothing...
591 # use the main token so we don't end up with nothing...
592 return self.api_key
592 return self.api_key
593
593
594 @classmethod
594 @classmethod
595 def extra_valid_auth_tokens(cls, user, role=None):
595 def extra_valid_auth_tokens(cls, user, role=None):
596 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
596 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
597 .filter(or_(UserApiKeys.expires == -1,
597 .filter(or_(UserApiKeys.expires == -1,
598 UserApiKeys.expires >= time.time()))
598 UserApiKeys.expires >= time.time()))
599 if role:
599 if role:
600 tokens = tokens.filter(or_(UserApiKeys.role == role,
600 tokens = tokens.filter(or_(UserApiKeys.role == role,
601 UserApiKeys.role == UserApiKeys.ROLE_ALL))
601 UserApiKeys.role == UserApiKeys.ROLE_ALL))
602 return tokens.all()
602 return tokens.all()
603
603
604 @property
604 @property
605 def ip_addresses(self):
605 def ip_addresses(self):
606 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
606 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
607 return [x.ip_addr for x in ret]
607 return [x.ip_addr for x in ret]
608
608
609 @property
609 @property
610 def username_and_name(self):
610 def username_and_name(self):
611 return '%s (%s %s)' % (self.username, self.firstname, self.lastname)
611 return '%s (%s %s)' % (self.username, self.firstname, self.lastname)
612
612
613 @property
613 @property
614 def username_or_name_or_email(self):
614 def username_or_name_or_email(self):
615 full_name = self.full_name if self.full_name is not ' ' else None
615 full_name = self.full_name if self.full_name is not ' ' else None
616 return self.username or full_name or self.email
616 return self.username or full_name or self.email
617
617
618 @property
618 @property
619 def full_name(self):
619 def full_name(self):
620 return '%s %s' % (self.firstname, self.lastname)
620 return '%s %s' % (self.firstname, self.lastname)
621
621
622 @property
622 @property
623 def full_name_or_username(self):
623 def full_name_or_username(self):
624 return ('%s %s' % (self.firstname, self.lastname)
624 return ('%s %s' % (self.firstname, self.lastname)
625 if (self.firstname and self.lastname) else self.username)
625 if (self.firstname and self.lastname) else self.username)
626
626
627 @property
627 @property
628 def full_contact(self):
628 def full_contact(self):
629 return '%s %s <%s>' % (self.firstname, self.lastname, self.email)
629 return '%s %s <%s>' % (self.firstname, self.lastname, self.email)
630
630
631 @property
631 @property
632 def short_contact(self):
632 def short_contact(self):
633 return '%s %s' % (self.firstname, self.lastname)
633 return '%s %s' % (self.firstname, self.lastname)
634
634
635 @property
635 @property
636 def is_admin(self):
636 def is_admin(self):
637 return self.admin
637 return self.admin
638
638
639 @property
639 @property
640 def AuthUser(self):
640 def AuthUser(self):
641 """
641 """
642 Returns instance of AuthUser for this user
642 Returns instance of AuthUser for this user
643 """
643 """
644 from rhodecode.lib.auth import AuthUser
644 from rhodecode.lib.auth import AuthUser
645 return AuthUser(user_id=self.user_id, api_key=self.api_key,
645 return AuthUser(user_id=self.user_id, api_key=self.api_key,
646 username=self.username)
646 username=self.username)
647
647
648 @hybrid_property
648 @hybrid_property
649 def user_data(self):
649 def user_data(self):
650 if not self._user_data:
650 if not self._user_data:
651 return {}
651 return {}
652
652
653 try:
653 try:
654 return json.loads(self._user_data)
654 return json.loads(self._user_data)
655 except TypeError:
655 except TypeError:
656 return {}
656 return {}
657
657
658 @user_data.setter
658 @user_data.setter
659 def user_data(self, val):
659 def user_data(self, val):
660 if not isinstance(val, dict):
660 if not isinstance(val, dict):
661 raise Exception('user_data must be dict, got %s' % type(val))
661 raise Exception('user_data must be dict, got %s' % type(val))
662 try:
662 try:
663 self._user_data = json.dumps(val)
663 self._user_data = json.dumps(val)
664 except Exception:
664 except Exception:
665 log.error(traceback.format_exc())
665 log.error(traceback.format_exc())
666
666
667 @classmethod
667 @classmethod
668 def get_by_username(cls, username, case_insensitive=False,
668 def get_by_username(cls, username, case_insensitive=False,
669 cache=False, identity_cache=False):
669 cache=False, identity_cache=False):
670 session = Session()
670 session = Session()
671
671
672 if case_insensitive:
672 if case_insensitive:
673 q = cls.query().filter(
673 q = cls.query().filter(
674 func.lower(cls.username) == func.lower(username))
674 func.lower(cls.username) == func.lower(username))
675 else:
675 else:
676 q = cls.query().filter(cls.username == username)
676 q = cls.query().filter(cls.username == username)
677
677
678 if cache:
678 if cache:
679 if identity_cache:
679 if identity_cache:
680 val = cls.identity_cache(session, 'username', username)
680 val = cls.identity_cache(session, 'username', username)
681 if val:
681 if val:
682 return val
682 return val
683 else:
683 else:
684 q = q.options(
684 q = q.options(
685 FromCache("sql_cache_short",
685 FromCache("sql_cache_short",
686 "get_user_by_name_%s" % _hash_key(username)))
686 "get_user_by_name_%s" % _hash_key(username)))
687
687
688 return q.scalar()
688 return q.scalar()
689
689
690 @classmethod
690 @classmethod
691 def get_by_auth_token(cls, auth_token, cache=False, fallback=True):
691 def get_by_auth_token(cls, auth_token, cache=False, fallback=True):
692 q = cls.query().filter(cls.api_key == auth_token)
692 q = cls.query().filter(cls.api_key == auth_token)
693
693
694 if cache:
694 if cache:
695 q = q.options(FromCache("sql_cache_short",
695 q = q.options(FromCache("sql_cache_short",
696 "get_auth_token_%s" % auth_token))
696 "get_auth_token_%s" % auth_token))
697 res = q.scalar()
697 res = q.scalar()
698
698
699 if fallback and not res:
699 if fallback and not res:
700 #fallback to additional keys
700 #fallback to additional keys
701 _res = UserApiKeys.query()\
701 _res = UserApiKeys.query()\
702 .filter(UserApiKeys.api_key == auth_token)\
702 .filter(UserApiKeys.api_key == auth_token)\
703 .filter(or_(UserApiKeys.expires == -1,
703 .filter(or_(UserApiKeys.expires == -1,
704 UserApiKeys.expires >= time.time()))\
704 UserApiKeys.expires >= time.time()))\
705 .first()
705 .first()
706 if _res:
706 if _res:
707 res = _res.user
707 res = _res.user
708 return res
708 return res
709
709
710 @classmethod
710 @classmethod
711 def get_by_email(cls, email, case_insensitive=False, cache=False):
711 def get_by_email(cls, email, case_insensitive=False, cache=False):
712
712
713 if case_insensitive:
713 if case_insensitive:
714 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
714 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
715
715
716 else:
716 else:
717 q = cls.query().filter(cls.email == email)
717 q = cls.query().filter(cls.email == email)
718
718
719 if cache:
719 if cache:
720 q = q.options(FromCache("sql_cache_short",
720 q = q.options(FromCache("sql_cache_short",
721 "get_email_key_%s" % _hash_key(email)))
721 "get_email_key_%s" % _hash_key(email)))
722
722
723 ret = q.scalar()
723 ret = q.scalar()
724 if ret is None:
724 if ret is None:
725 q = UserEmailMap.query()
725 q = UserEmailMap.query()
726 # try fetching in alternate email map
726 # try fetching in alternate email map
727 if case_insensitive:
727 if case_insensitive:
728 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
728 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
729 else:
729 else:
730 q = q.filter(UserEmailMap.email == email)
730 q = q.filter(UserEmailMap.email == email)
731 q = q.options(joinedload(UserEmailMap.user))
731 q = q.options(joinedload(UserEmailMap.user))
732 if cache:
732 if cache:
733 q = q.options(FromCache("sql_cache_short",
733 q = q.options(FromCache("sql_cache_short",
734 "get_email_map_key_%s" % email))
734 "get_email_map_key_%s" % email))
735 ret = getattr(q.scalar(), 'user', None)
735 ret = getattr(q.scalar(), 'user', None)
736
736
737 return ret
737 return ret
738
738
739 @classmethod
739 @classmethod
740 def get_from_cs_author(cls, author):
740 def get_from_cs_author(cls, author):
741 """
741 """
742 Tries to get User objects out of commit author string
742 Tries to get User objects out of commit author string
743
743
744 :param author:
744 :param author:
745 """
745 """
746 from rhodecode.lib.helpers import email, author_name
746 from rhodecode.lib.helpers import email, author_name
747 # Valid email in the attribute passed, see if they're in the system
747 # Valid email in the attribute passed, see if they're in the system
748 _email = email(author)
748 _email = email(author)
749 if _email:
749 if _email:
750 user = cls.get_by_email(_email, case_insensitive=True)
750 user = cls.get_by_email(_email, case_insensitive=True)
751 if user:
751 if user:
752 return user
752 return user
753 # Maybe we can match by username?
753 # Maybe we can match by username?
754 _author = author_name(author)
754 _author = author_name(author)
755 user = cls.get_by_username(_author, case_insensitive=True)
755 user = cls.get_by_username(_author, case_insensitive=True)
756 if user:
756 if user:
757 return user
757 return user
758
758
759 def update_userdata(self, **kwargs):
759 def update_userdata(self, **kwargs):
760 usr = self
760 usr = self
761 old = usr.user_data
761 old = usr.user_data
762 old.update(**kwargs)
762 old.update(**kwargs)
763 usr.user_data = old
763 usr.user_data = old
764 Session().add(usr)
764 Session().add(usr)
765 log.debug('updated userdata with ', kwargs)
765 log.debug('updated userdata with ', kwargs)
766
766
767 def update_lastlogin(self):
767 def update_lastlogin(self):
768 """Update user lastlogin"""
768 """Update user lastlogin"""
769 self.last_login = datetime.datetime.now()
769 self.last_login = datetime.datetime.now()
770 Session().add(self)
770 Session().add(self)
771 log.debug('updated user %s lastlogin', self.username)
771 log.debug('updated user %s lastlogin', self.username)
772
772
773 def update_lastactivity(self):
773 def update_lastactivity(self):
774 """Update user lastactivity"""
774 """Update user lastactivity"""
775 usr = self
775 usr = self
776 old = usr.user_data
776 old = usr.user_data
777 old.update({'last_activity': time.time()})
777 old.update({'last_activity': time.time()})
778 usr.user_data = old
778 usr.user_data = old
779 Session().add(usr)
779 Session().add(usr)
780 log.debug('updated user %s lastactivity', usr.username)
780 log.debug('updated user %s lastactivity', usr.username)
781
781
782 def update_password(self, new_password, change_api_key=False):
782 def update_password(self, new_password, change_api_key=False):
783 from rhodecode.lib.auth import get_crypt_password,generate_auth_token
783 from rhodecode.lib.auth import get_crypt_password,generate_auth_token
784
784
785 self.password = get_crypt_password(new_password)
785 self.password = get_crypt_password(new_password)
786 if change_api_key:
786 if change_api_key:
787 self.api_key = generate_auth_token(self.username)
787 self.api_key = generate_auth_token(self.username)
788 Session().add(self)
788 Session().add(self)
789
789
790 @classmethod
790 @classmethod
791 def get_first_super_admin(cls):
791 def get_first_super_admin(cls):
792 user = User.query().filter(User.admin == true()).first()
792 user = User.query().filter(User.admin == true()).first()
793 if user is None:
793 if user is None:
794 raise Exception('FATAL: Missing administrative account!')
794 raise Exception('FATAL: Missing administrative account!')
795 return user
795 return user
796
796
797 @classmethod
797 @classmethod
798 def get_all_super_admins(cls):
798 def get_all_super_admins(cls):
799 """
799 """
800 Returns all admin accounts sorted by username
800 Returns all admin accounts sorted by username
801 """
801 """
802 return User.query().filter(User.admin == true())\
802 return User.query().filter(User.admin == true())\
803 .order_by(User.username.asc()).all()
803 .order_by(User.username.asc()).all()
804
804
805 @classmethod
805 @classmethod
806 def get_default_user(cls, cache=False):
806 def get_default_user(cls, cache=False):
807 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
807 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
808 if user is None:
808 if user is None:
809 raise Exception('FATAL: Missing default account!')
809 raise Exception('FATAL: Missing default account!')
810 return user
810 return user
811
811
812 def _get_default_perms(self, user, suffix=''):
812 def _get_default_perms(self, user, suffix=''):
813 from rhodecode.model.permission import PermissionModel
813 from rhodecode.model.permission import PermissionModel
814 return PermissionModel().get_default_perms(user.user_perms, suffix)
814 return PermissionModel().get_default_perms(user.user_perms, suffix)
815
815
816 def get_default_perms(self, suffix=''):
816 def get_default_perms(self, suffix=''):
817 return self._get_default_perms(self, suffix)
817 return self._get_default_perms(self, suffix)
818
818
819 def get_api_data(self, include_secrets=False, details='full'):
819 def get_api_data(self, include_secrets=False, details='full'):
820 """
820 """
821 Common function for generating user related data for API
821 Common function for generating user related data for API
822
822
823 :param include_secrets: By default secrets in the API data will be replaced
823 :param include_secrets: By default secrets in the API data will be replaced
824 by a placeholder value to prevent exposing this data by accident. In case
824 by a placeholder value to prevent exposing this data by accident. In case
825 this data shall be exposed, set this flag to ``True``.
825 this data shall be exposed, set this flag to ``True``.
826
826
827 :param details: details can be 'basic|full' basic gives only a subset of
827 :param details: details can be 'basic|full' basic gives only a subset of
828 the available user information that includes user_id, name and emails.
828 the available user information that includes user_id, name and emails.
829 """
829 """
830 user = self
830 user = self
831 user_data = self.user_data
831 user_data = self.user_data
832 data = {
832 data = {
833 'user_id': user.user_id,
833 'user_id': user.user_id,
834 'username': user.username,
834 'username': user.username,
835 'firstname': user.name,
835 'firstname': user.name,
836 'lastname': user.lastname,
836 'lastname': user.lastname,
837 'email': user.email,
837 'email': user.email,
838 'emails': user.emails,
838 'emails': user.emails,
839 }
839 }
840 if details == 'basic':
840 if details == 'basic':
841 return data
841 return data
842
842
843 api_key_length = 40
843 api_key_length = 40
844 api_key_replacement = '*' * api_key_length
844 api_key_replacement = '*' * api_key_length
845
845
846 extras = {
846 extras = {
847 'api_key': api_key_replacement,
847 'api_key': api_key_replacement,
848 'api_keys': [api_key_replacement],
848 'api_keys': [api_key_replacement],
849 'active': user.active,
849 'active': user.active,
850 'admin': user.admin,
850 'admin': user.admin,
851 'extern_type': user.extern_type,
851 'extern_type': user.extern_type,
852 'extern_name': user.extern_name,
852 'extern_name': user.extern_name,
853 'last_login': user.last_login,
853 'last_login': user.last_login,
854 'ip_addresses': user.ip_addresses,
854 'ip_addresses': user.ip_addresses,
855 'language': user_data.get('language')
855 'language': user_data.get('language')
856 }
856 }
857 data.update(extras)
857 data.update(extras)
858
858
859 if include_secrets:
859 if include_secrets:
860 data['api_key'] = user.api_key
860 data['api_key'] = user.api_key
861 data['api_keys'] = user.auth_tokens
861 data['api_keys'] = user.auth_tokens
862 return data
862 return data
863
863
864 def __json__(self):
864 def __json__(self):
865 data = {
865 data = {
866 'full_name': self.full_name,
866 'full_name': self.full_name,
867 'full_name_or_username': self.full_name_or_username,
867 'full_name_or_username': self.full_name_or_username,
868 'short_contact': self.short_contact,
868 'short_contact': self.short_contact,
869 'full_contact': self.full_contact,
869 'full_contact': self.full_contact,
870 }
870 }
871 data.update(self.get_api_data())
871 data.update(self.get_api_data())
872 return data
872 return data
873
873
874
874
875 class UserApiKeys(Base, BaseModel):
875 class UserApiKeys(Base, BaseModel):
876 __tablename__ = 'user_api_keys'
876 __tablename__ = 'user_api_keys'
877 __table_args__ = (
877 __table_args__ = (
878 Index('uak_api_key_idx', 'api_key'),
878 Index('uak_api_key_idx', 'api_key'),
879 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
879 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
880 UniqueConstraint('api_key'),
880 UniqueConstraint('api_key'),
881 {'extend_existing': True, 'mysql_engine': 'InnoDB',
881 {'extend_existing': True, 'mysql_engine': 'InnoDB',
882 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
882 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
883 )
883 )
884 __mapper_args__ = {}
884 __mapper_args__ = {}
885
885
886 # ApiKey role
886 # ApiKey role
887 ROLE_ALL = 'token_role_all'
887 ROLE_ALL = 'token_role_all'
888 ROLE_HTTP = 'token_role_http'
888 ROLE_HTTP = 'token_role_http'
889 ROLE_VCS = 'token_role_vcs'
889 ROLE_VCS = 'token_role_vcs'
890 ROLE_API = 'token_role_api'
890 ROLE_API = 'token_role_api'
891 ROLE_FEED = 'token_role_feed'
891 ROLE_FEED = 'token_role_feed'
892 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
892 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
893
893
894 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
894 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
895 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
895 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
896 api_key = Column("api_key", String(255), nullable=False, unique=True)
896 api_key = Column("api_key", String(255), nullable=False, unique=True)
897 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
897 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
898 expires = Column('expires', Float(53), nullable=False)
898 expires = Column('expires', Float(53), nullable=False)
899 role = Column('role', String(255), nullable=True)
899 role = Column('role', String(255), nullable=True)
900 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
900 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
901
901
902 user = relationship('User', lazy='joined')
902 user = relationship('User', lazy='joined')
903
903
904 @classmethod
904 @classmethod
905 def _get_role_name(cls, role):
905 def _get_role_name(cls, role):
906 return {
906 return {
907 cls.ROLE_ALL: _('all'),
907 cls.ROLE_ALL: _('all'),
908 cls.ROLE_HTTP: _('http/web interface'),
908 cls.ROLE_HTTP: _('http/web interface'),
909 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
909 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
910 cls.ROLE_API: _('api calls'),
910 cls.ROLE_API: _('api calls'),
911 cls.ROLE_FEED: _('feed access'),
911 cls.ROLE_FEED: _('feed access'),
912 }.get(role, role)
912 }.get(role, role)
913
913
914 @property
914 @property
915 def expired(self):
915 def expired(self):
916 if self.expires == -1:
916 if self.expires == -1:
917 return False
917 return False
918 return time.time() > self.expires
918 return time.time() > self.expires
919
919
920 @property
920 @property
921 def role_humanized(self):
921 def role_humanized(self):
922 return self._get_role_name(self.role)
922 return self._get_role_name(self.role)
923
923
924
924
925 class UserEmailMap(Base, BaseModel):
925 class UserEmailMap(Base, BaseModel):
926 __tablename__ = 'user_email_map'
926 __tablename__ = 'user_email_map'
927 __table_args__ = (
927 __table_args__ = (
928 Index('uem_email_idx', 'email'),
928 Index('uem_email_idx', 'email'),
929 UniqueConstraint('email'),
929 UniqueConstraint('email'),
930 {'extend_existing': True, 'mysql_engine': 'InnoDB',
930 {'extend_existing': True, 'mysql_engine': 'InnoDB',
931 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
931 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
932 )
932 )
933 __mapper_args__ = {}
933 __mapper_args__ = {}
934
934
935 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
935 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
936 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
936 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
937 _email = Column("email", String(255), nullable=True, unique=False, default=None)
937 _email = Column("email", String(255), nullable=True, unique=False, default=None)
938 user = relationship('User', lazy='joined')
938 user = relationship('User', lazy='joined')
939
939
940 @validates('_email')
940 @validates('_email')
941 def validate_email(self, key, email):
941 def validate_email(self, key, email):
942 # check if this email is not main one
942 # check if this email is not main one
943 main_email = Session().query(User).filter(User.email == email).scalar()
943 main_email = Session().query(User).filter(User.email == email).scalar()
944 if main_email is not None:
944 if main_email is not None:
945 raise AttributeError('email %s is present is user table' % email)
945 raise AttributeError('email %s is present is user table' % email)
946 return email
946 return email
947
947
948 @hybrid_property
948 @hybrid_property
949 def email(self):
949 def email(self):
950 return self._email
950 return self._email
951
951
952 @email.setter
952 @email.setter
953 def email(self, val):
953 def email(self, val):
954 self._email = val.lower() if val else None
954 self._email = val.lower() if val else None
955
955
956
956
957 class UserIpMap(Base, BaseModel):
957 class UserIpMap(Base, BaseModel):
958 __tablename__ = 'user_ip_map'
958 __tablename__ = 'user_ip_map'
959 __table_args__ = (
959 __table_args__ = (
960 UniqueConstraint('user_id', 'ip_addr'),
960 UniqueConstraint('user_id', 'ip_addr'),
961 {'extend_existing': True, 'mysql_engine': 'InnoDB',
961 {'extend_existing': True, 'mysql_engine': 'InnoDB',
962 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
962 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
963 )
963 )
964 __mapper_args__ = {}
964 __mapper_args__ = {}
965
965
966 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
966 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
967 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
967 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
968 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
968 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
969 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
969 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
970 description = Column("description", String(10000), nullable=True, unique=None, default=None)
970 description = Column("description", String(10000), nullable=True, unique=None, default=None)
971 user = relationship('User', lazy='joined')
971 user = relationship('User', lazy='joined')
972
972
973 @classmethod
973 @classmethod
974 def _get_ip_range(cls, ip_addr):
974 def _get_ip_range(cls, ip_addr):
975 net = ipaddress.ip_network(ip_addr, strict=False)
975 net = ipaddress.ip_network(ip_addr, strict=False)
976 return [str(net.network_address), str(net.broadcast_address)]
976 return [str(net.network_address), str(net.broadcast_address)]
977
977
978 def __json__(self):
978 def __json__(self):
979 return {
979 return {
980 'ip_addr': self.ip_addr,
980 'ip_addr': self.ip_addr,
981 'ip_range': self._get_ip_range(self.ip_addr),
981 'ip_range': self._get_ip_range(self.ip_addr),
982 }
982 }
983
983
984 def __unicode__(self):
984 def __unicode__(self):
985 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
985 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
986 self.user_id, self.ip_addr)
986 self.user_id, self.ip_addr)
987
987
988 class UserLog(Base, BaseModel):
988 class UserLog(Base, BaseModel):
989 __tablename__ = 'user_logs'
989 __tablename__ = 'user_logs'
990 __table_args__ = (
990 __table_args__ = (
991 {'extend_existing': True, 'mysql_engine': 'InnoDB',
991 {'extend_existing': True, 'mysql_engine': 'InnoDB',
992 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
992 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
993 )
993 )
994 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
994 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
995 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
995 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
996 username = Column("username", String(255), nullable=True, unique=None, default=None)
996 username = Column("username", String(255), nullable=True, unique=None, default=None)
997 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True)
997 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True)
998 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
998 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
999 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
999 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1000 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1000 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1001 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1001 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1002
1002
1003 def __unicode__(self):
1003 def __unicode__(self):
1004 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1004 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1005 self.repository_name,
1005 self.repository_name,
1006 self.action)
1006 self.action)
1007
1007
1008 @property
1008 @property
1009 def action_as_day(self):
1009 def action_as_day(self):
1010 return datetime.date(*self.action_date.timetuple()[:3])
1010 return datetime.date(*self.action_date.timetuple()[:3])
1011
1011
1012 user = relationship('User')
1012 user = relationship('User')
1013 repository = relationship('Repository', cascade='')
1013 repository = relationship('Repository', cascade='')
1014
1014
1015
1015
1016 class UserGroup(Base, BaseModel):
1016 class UserGroup(Base, BaseModel):
1017 __tablename__ = 'users_groups'
1017 __tablename__ = 'users_groups'
1018 __table_args__ = (
1018 __table_args__ = (
1019 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1019 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1020 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1020 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1021 )
1021 )
1022
1022
1023 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1023 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1024 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1024 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1025 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1025 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1026 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1026 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1027 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1027 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1028 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1028 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1029 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1029 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1030 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1030 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1031
1031
1032 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1032 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1033 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1033 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1034 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1034 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1035 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1035 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1036 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1036 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1037 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1037 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1038
1038
1039 user = relationship('User')
1039 user = relationship('User')
1040
1040
1041 @hybrid_property
1041 @hybrid_property
1042 def group_data(self):
1042 def group_data(self):
1043 if not self._group_data:
1043 if not self._group_data:
1044 return {}
1044 return {}
1045
1045
1046 try:
1046 try:
1047 return json.loads(self._group_data)
1047 return json.loads(self._group_data)
1048 except TypeError:
1048 except TypeError:
1049 return {}
1049 return {}
1050
1050
1051 @group_data.setter
1051 @group_data.setter
1052 def group_data(self, val):
1052 def group_data(self, val):
1053 try:
1053 try:
1054 self._group_data = json.dumps(val)
1054 self._group_data = json.dumps(val)
1055 except Exception:
1055 except Exception:
1056 log.error(traceback.format_exc())
1056 log.error(traceback.format_exc())
1057
1057
1058 def __unicode__(self):
1058 def __unicode__(self):
1059 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1059 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1060 self.users_group_id,
1060 self.users_group_id,
1061 self.users_group_name)
1061 self.users_group_name)
1062
1062
1063 @classmethod
1063 @classmethod
1064 def get_by_group_name(cls, group_name, cache=False,
1064 def get_by_group_name(cls, group_name, cache=False,
1065 case_insensitive=False):
1065 case_insensitive=False):
1066 if case_insensitive:
1066 if case_insensitive:
1067 q = cls.query().filter(func.lower(cls.users_group_name) ==
1067 q = cls.query().filter(func.lower(cls.users_group_name) ==
1068 func.lower(group_name))
1068 func.lower(group_name))
1069
1069
1070 else:
1070 else:
1071 q = cls.query().filter(cls.users_group_name == group_name)
1071 q = cls.query().filter(cls.users_group_name == group_name)
1072 if cache:
1072 if cache:
1073 q = q.options(FromCache(
1073 q = q.options(FromCache(
1074 "sql_cache_short",
1074 "sql_cache_short",
1075 "get_group_%s" % _hash_key(group_name)))
1075 "get_group_%s" % _hash_key(group_name)))
1076 return q.scalar()
1076 return q.scalar()
1077
1077
1078 @classmethod
1078 @classmethod
1079 def get(cls, user_group_id, cache=False):
1079 def get(cls, user_group_id, cache=False):
1080 user_group = cls.query()
1080 user_group = cls.query()
1081 if cache:
1081 if cache:
1082 user_group = user_group.options(FromCache("sql_cache_short",
1082 user_group = user_group.options(FromCache("sql_cache_short",
1083 "get_users_group_%s" % user_group_id))
1083 "get_users_group_%s" % user_group_id))
1084 return user_group.get(user_group_id)
1084 return user_group.get(user_group_id)
1085
1085
1086 def permissions(self, with_admins=True, with_owner=True):
1086 def permissions(self, with_admins=True, with_owner=True):
1087 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1087 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1088 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1088 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1089 joinedload(UserUserGroupToPerm.user),
1089 joinedload(UserUserGroupToPerm.user),
1090 joinedload(UserUserGroupToPerm.permission),)
1090 joinedload(UserUserGroupToPerm.permission),)
1091
1091
1092 # get owners and admins and permissions. We do a trick of re-writing
1092 # get owners and admins and permissions. We do a trick of re-writing
1093 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1093 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1094 # has a global reference and changing one object propagates to all
1094 # has a global reference and changing one object propagates to all
1095 # others. This means if admin is also an owner admin_row that change
1095 # others. This means if admin is also an owner admin_row that change
1096 # would propagate to both objects
1096 # would propagate to both objects
1097 perm_rows = []
1097 perm_rows = []
1098 for _usr in q.all():
1098 for _usr in q.all():
1099 usr = AttributeDict(_usr.user.get_dict())
1099 usr = AttributeDict(_usr.user.get_dict())
1100 usr.permission = _usr.permission.permission_name
1100 usr.permission = _usr.permission.permission_name
1101 perm_rows.append(usr)
1101 perm_rows.append(usr)
1102
1102
1103 # filter the perm rows by 'default' first and then sort them by
1103 # filter the perm rows by 'default' first and then sort them by
1104 # admin,write,read,none permissions sorted again alphabetically in
1104 # admin,write,read,none permissions sorted again alphabetically in
1105 # each group
1105 # each group
1106 perm_rows = sorted(perm_rows, key=display_sort)
1106 perm_rows = sorted(perm_rows, key=display_sort)
1107
1107
1108 _admin_perm = 'usergroup.admin'
1108 _admin_perm = 'usergroup.admin'
1109 owner_row = []
1109 owner_row = []
1110 if with_owner:
1110 if with_owner:
1111 usr = AttributeDict(self.user.get_dict())
1111 usr = AttributeDict(self.user.get_dict())
1112 usr.owner_row = True
1112 usr.owner_row = True
1113 usr.permission = _admin_perm
1113 usr.permission = _admin_perm
1114 owner_row.append(usr)
1114 owner_row.append(usr)
1115
1115
1116 super_admin_rows = []
1116 super_admin_rows = []
1117 if with_admins:
1117 if with_admins:
1118 for usr in User.get_all_super_admins():
1118 for usr in User.get_all_super_admins():
1119 # if this admin is also owner, don't double the record
1119 # if this admin is also owner, don't double the record
1120 if usr.user_id == owner_row[0].user_id:
1120 if usr.user_id == owner_row[0].user_id:
1121 owner_row[0].admin_row = True
1121 owner_row[0].admin_row = True
1122 else:
1122 else:
1123 usr = AttributeDict(usr.get_dict())
1123 usr = AttributeDict(usr.get_dict())
1124 usr.admin_row = True
1124 usr.admin_row = True
1125 usr.permission = _admin_perm
1125 usr.permission = _admin_perm
1126 super_admin_rows.append(usr)
1126 super_admin_rows.append(usr)
1127
1127
1128 return super_admin_rows + owner_row + perm_rows
1128 return super_admin_rows + owner_row + perm_rows
1129
1129
1130 def permission_user_groups(self):
1130 def permission_user_groups(self):
1131 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1131 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1132 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1132 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1133 joinedload(UserGroupUserGroupToPerm.target_user_group),
1133 joinedload(UserGroupUserGroupToPerm.target_user_group),
1134 joinedload(UserGroupUserGroupToPerm.permission),)
1134 joinedload(UserGroupUserGroupToPerm.permission),)
1135
1135
1136 perm_rows = []
1136 perm_rows = []
1137 for _user_group in q.all():
1137 for _user_group in q.all():
1138 usr = AttributeDict(_user_group.user_group.get_dict())
1138 usr = AttributeDict(_user_group.user_group.get_dict())
1139 usr.permission = _user_group.permission.permission_name
1139 usr.permission = _user_group.permission.permission_name
1140 perm_rows.append(usr)
1140 perm_rows.append(usr)
1141
1141
1142 return perm_rows
1142 return perm_rows
1143
1143
1144 def _get_default_perms(self, user_group, suffix=''):
1144 def _get_default_perms(self, user_group, suffix=''):
1145 from rhodecode.model.permission import PermissionModel
1145 from rhodecode.model.permission import PermissionModel
1146 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1146 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1147
1147
1148 def get_default_perms(self, suffix=''):
1148 def get_default_perms(self, suffix=''):
1149 return self._get_default_perms(self, suffix)
1149 return self._get_default_perms(self, suffix)
1150
1150
1151 def get_api_data(self, with_group_members=True, include_secrets=False):
1151 def get_api_data(self, with_group_members=True, include_secrets=False):
1152 """
1152 """
1153 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1153 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1154 basically forwarded.
1154 basically forwarded.
1155
1155
1156 """
1156 """
1157 user_group = self
1157 user_group = self
1158
1158
1159 data = {
1159 data = {
1160 'users_group_id': user_group.users_group_id,
1160 'users_group_id': user_group.users_group_id,
1161 'group_name': user_group.users_group_name,
1161 'group_name': user_group.users_group_name,
1162 'group_description': user_group.user_group_description,
1162 'group_description': user_group.user_group_description,
1163 'active': user_group.users_group_active,
1163 'active': user_group.users_group_active,
1164 'owner': user_group.user.username,
1164 'owner': user_group.user.username,
1165 }
1165 }
1166 if with_group_members:
1166 if with_group_members:
1167 users = []
1167 users = []
1168 for user in user_group.members:
1168 for user in user_group.members:
1169 user = user.user
1169 user = user.user
1170 users.append(user.get_api_data(include_secrets=include_secrets))
1170 users.append(user.get_api_data(include_secrets=include_secrets))
1171 data['users'] = users
1171 data['users'] = users
1172
1172
1173 return data
1173 return data
1174
1174
1175
1175
1176 class UserGroupMember(Base, BaseModel):
1176 class UserGroupMember(Base, BaseModel):
1177 __tablename__ = 'users_groups_members'
1177 __tablename__ = 'users_groups_members'
1178 __table_args__ = (
1178 __table_args__ = (
1179 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1179 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1180 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1180 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1181 )
1181 )
1182
1182
1183 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1183 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1184 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1184 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1185 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1185 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1186
1186
1187 user = relationship('User', lazy='joined')
1187 user = relationship('User', lazy='joined')
1188 users_group = relationship('UserGroup')
1188 users_group = relationship('UserGroup')
1189
1189
1190 def __init__(self, gr_id='', u_id=''):
1190 def __init__(self, gr_id='', u_id=''):
1191 self.users_group_id = gr_id
1191 self.users_group_id = gr_id
1192 self.user_id = u_id
1192 self.user_id = u_id
1193
1193
1194
1194
1195 class RepositoryField(Base, BaseModel):
1195 class RepositoryField(Base, BaseModel):
1196 __tablename__ = 'repositories_fields'
1196 __tablename__ = 'repositories_fields'
1197 __table_args__ = (
1197 __table_args__ = (
1198 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1198 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1199 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1199 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1200 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1200 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1201 )
1201 )
1202 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1202 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1203
1203
1204 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1204 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1205 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1205 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1206 field_key = Column("field_key", String(250))
1206 field_key = Column("field_key", String(250))
1207 field_label = Column("field_label", String(1024), nullable=False)
1207 field_label = Column("field_label", String(1024), nullable=False)
1208 field_value = Column("field_value", String(10000), nullable=False)
1208 field_value = Column("field_value", String(10000), nullable=False)
1209 field_desc = Column("field_desc", String(1024), nullable=False)
1209 field_desc = Column("field_desc", String(1024), nullable=False)
1210 field_type = Column("field_type", String(255), nullable=False, unique=None)
1210 field_type = Column("field_type", String(255), nullable=False, unique=None)
1211 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1211 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1212
1212
1213 repository = relationship('Repository')
1213 repository = relationship('Repository')
1214
1214
1215 @property
1215 @property
1216 def field_key_prefixed(self):
1216 def field_key_prefixed(self):
1217 return 'ex_%s' % self.field_key
1217 return 'ex_%s' % self.field_key
1218
1218
1219 @classmethod
1219 @classmethod
1220 def un_prefix_key(cls, key):
1220 def un_prefix_key(cls, key):
1221 if key.startswith(cls.PREFIX):
1221 if key.startswith(cls.PREFIX):
1222 return key[len(cls.PREFIX):]
1222 return key[len(cls.PREFIX):]
1223 return key
1223 return key
1224
1224
1225 @classmethod
1225 @classmethod
1226 def get_by_key_name(cls, key, repo):
1226 def get_by_key_name(cls, key, repo):
1227 row = cls.query()\
1227 row = cls.query()\
1228 .filter(cls.repository == repo)\
1228 .filter(cls.repository == repo)\
1229 .filter(cls.field_key == key).scalar()
1229 .filter(cls.field_key == key).scalar()
1230 return row
1230 return row
1231
1231
1232
1232
1233 class Repository(Base, BaseModel):
1233 class Repository(Base, BaseModel):
1234 __tablename__ = 'repositories'
1234 __tablename__ = 'repositories'
1235 __table_args__ = (
1235 __table_args__ = (
1236 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1236 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1237 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1237 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1238 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1238 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1239 )
1239 )
1240 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1240 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1241 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1241 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1242
1242
1243 STATE_CREATED = 'repo_state_created'
1243 STATE_CREATED = 'repo_state_created'
1244 STATE_PENDING = 'repo_state_pending'
1244 STATE_PENDING = 'repo_state_pending'
1245 STATE_ERROR = 'repo_state_error'
1245 STATE_ERROR = 'repo_state_error'
1246
1246
1247 LOCK_AUTOMATIC = 'lock_auto'
1247 LOCK_AUTOMATIC = 'lock_auto'
1248 LOCK_API = 'lock_api'
1248 LOCK_API = 'lock_api'
1249 LOCK_WEB = 'lock_web'
1249 LOCK_WEB = 'lock_web'
1250 LOCK_PULL = 'lock_pull'
1250 LOCK_PULL = 'lock_pull'
1251
1251
1252 NAME_SEP = URL_SEP
1252 NAME_SEP = URL_SEP
1253
1253
1254 repo_id = Column(
1254 repo_id = Column(
1255 "repo_id", Integer(), nullable=False, unique=True, default=None,
1255 "repo_id", Integer(), nullable=False, unique=True, default=None,
1256 primary_key=True)
1256 primary_key=True)
1257 _repo_name = Column(
1257 _repo_name = Column(
1258 "repo_name", Text(), nullable=False, default=None)
1258 "repo_name", Text(), nullable=False, default=None)
1259 _repo_name_hash = Column(
1259 _repo_name_hash = Column(
1260 "repo_name_hash", String(255), nullable=False, unique=True)
1260 "repo_name_hash", String(255), nullable=False, unique=True)
1261 repo_state = Column("repo_state", String(255), nullable=True)
1261 repo_state = Column("repo_state", String(255), nullable=True)
1262
1262
1263 clone_uri = Column(
1263 clone_uri = Column(
1264 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1264 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1265 default=None)
1265 default=None)
1266 repo_type = Column(
1266 repo_type = Column(
1267 "repo_type", String(255), nullable=False, unique=False, default=None)
1267 "repo_type", String(255), nullable=False, unique=False, default=None)
1268 user_id = Column(
1268 user_id = Column(
1269 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1269 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1270 unique=False, default=None)
1270 unique=False, default=None)
1271 private = Column(
1271 private = Column(
1272 "private", Boolean(), nullable=True, unique=None, default=None)
1272 "private", Boolean(), nullable=True, unique=None, default=None)
1273 enable_statistics = Column(
1273 enable_statistics = Column(
1274 "statistics", Boolean(), nullable=True, unique=None, default=True)
1274 "statistics", Boolean(), nullable=True, unique=None, default=True)
1275 enable_downloads = Column(
1275 enable_downloads = Column(
1276 "downloads", Boolean(), nullable=True, unique=None, default=True)
1276 "downloads", Boolean(), nullable=True, unique=None, default=True)
1277 description = Column(
1277 description = Column(
1278 "description", String(10000), nullable=True, unique=None, default=None)
1278 "description", String(10000), nullable=True, unique=None, default=None)
1279 created_on = Column(
1279 created_on = Column(
1280 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1280 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1281 default=datetime.datetime.now)
1281 default=datetime.datetime.now)
1282 updated_on = Column(
1282 updated_on = Column(
1283 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1283 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1284 default=datetime.datetime.now)
1284 default=datetime.datetime.now)
1285 _landing_revision = Column(
1285 _landing_revision = Column(
1286 "landing_revision", String(255), nullable=False, unique=False,
1286 "landing_revision", String(255), nullable=False, unique=False,
1287 default=None)
1287 default=None)
1288 enable_locking = Column(
1288 enable_locking = Column(
1289 "enable_locking", Boolean(), nullable=False, unique=None,
1289 "enable_locking", Boolean(), nullable=False, unique=None,
1290 default=False)
1290 default=False)
1291 _locked = Column(
1291 _locked = Column(
1292 "locked", String(255), nullable=True, unique=False, default=None)
1292 "locked", String(255), nullable=True, unique=False, default=None)
1293 _changeset_cache = Column(
1293 _changeset_cache = Column(
1294 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1294 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1295
1295
1296 fork_id = Column(
1296 fork_id = Column(
1297 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1297 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1298 nullable=True, unique=False, default=None)
1298 nullable=True, unique=False, default=None)
1299 group_id = Column(
1299 group_id = Column(
1300 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1300 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1301 unique=False, default=None)
1301 unique=False, default=None)
1302
1302
1303 user = relationship('User', lazy='joined')
1303 user = relationship('User', lazy='joined')
1304 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1304 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1305 group = relationship('RepoGroup', lazy='joined')
1305 group = relationship('RepoGroup', lazy='joined')
1306 repo_to_perm = relationship(
1306 repo_to_perm = relationship(
1307 'UserRepoToPerm', cascade='all',
1307 'UserRepoToPerm', cascade='all',
1308 order_by='UserRepoToPerm.repo_to_perm_id')
1308 order_by='UserRepoToPerm.repo_to_perm_id')
1309 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1309 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1310 stats = relationship('Statistics', cascade='all', uselist=False)
1310 stats = relationship('Statistics', cascade='all', uselist=False)
1311
1311
1312 followers = relationship(
1312 followers = relationship(
1313 'UserFollowing',
1313 'UserFollowing',
1314 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1314 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1315 cascade='all')
1315 cascade='all')
1316 extra_fields = relationship(
1316 extra_fields = relationship(
1317 'RepositoryField', cascade="all, delete, delete-orphan")
1317 'RepositoryField', cascade="all, delete, delete-orphan")
1318 logs = relationship('UserLog')
1318 logs = relationship('UserLog')
1319 comments = relationship(
1319 comments = relationship(
1320 'ChangesetComment', cascade="all, delete, delete-orphan")
1320 'ChangesetComment', cascade="all, delete, delete-orphan")
1321 pull_requests_source = relationship(
1321 pull_requests_source = relationship(
1322 'PullRequest',
1322 'PullRequest',
1323 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1323 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1324 cascade="all, delete, delete-orphan")
1324 cascade="all, delete, delete-orphan")
1325 pull_requests_target = relationship(
1325 pull_requests_target = relationship(
1326 'PullRequest',
1326 'PullRequest',
1327 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1327 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1328 cascade="all, delete, delete-orphan")
1328 cascade="all, delete, delete-orphan")
1329 ui = relationship('RepoRhodeCodeUi', cascade="all")
1329 ui = relationship('RepoRhodeCodeUi', cascade="all")
1330 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1330 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1331 integrations = relationship('Integration',
1331 integrations = relationship('Integration',
1332 cascade="all, delete, delete-orphan")
1332 cascade="all, delete, delete-orphan")
1333
1333
1334 def __unicode__(self):
1334 def __unicode__(self):
1335 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1335 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1336 safe_unicode(self.repo_name))
1336 safe_unicode(self.repo_name))
1337
1337
1338 @hybrid_property
1338 @hybrid_property
1339 def landing_rev(self):
1339 def landing_rev(self):
1340 # always should return [rev_type, rev]
1340 # always should return [rev_type, rev]
1341 if self._landing_revision:
1341 if self._landing_revision:
1342 _rev_info = self._landing_revision.split(':')
1342 _rev_info = self._landing_revision.split(':')
1343 if len(_rev_info) < 2:
1343 if len(_rev_info) < 2:
1344 _rev_info.insert(0, 'rev')
1344 _rev_info.insert(0, 'rev')
1345 return [_rev_info[0], _rev_info[1]]
1345 return [_rev_info[0], _rev_info[1]]
1346 return [None, None]
1346 return [None, None]
1347
1347
1348 @landing_rev.setter
1348 @landing_rev.setter
1349 def landing_rev(self, val):
1349 def landing_rev(self, val):
1350 if ':' not in val:
1350 if ':' not in val:
1351 raise ValueError('value must be delimited with `:` and consist '
1351 raise ValueError('value must be delimited with `:` and consist '
1352 'of <rev_type>:<rev>, got %s instead' % val)
1352 'of <rev_type>:<rev>, got %s instead' % val)
1353 self._landing_revision = val
1353 self._landing_revision = val
1354
1354
1355 @hybrid_property
1355 @hybrid_property
1356 def locked(self):
1356 def locked(self):
1357 if self._locked:
1357 if self._locked:
1358 user_id, timelocked, reason = self._locked.split(':')
1358 user_id, timelocked, reason = self._locked.split(':')
1359 lock_values = int(user_id), timelocked, reason
1359 lock_values = int(user_id), timelocked, reason
1360 else:
1360 else:
1361 lock_values = [None, None, None]
1361 lock_values = [None, None, None]
1362 return lock_values
1362 return lock_values
1363
1363
1364 @locked.setter
1364 @locked.setter
1365 def locked(self, val):
1365 def locked(self, val):
1366 if val and isinstance(val, (list, tuple)):
1366 if val and isinstance(val, (list, tuple)):
1367 self._locked = ':'.join(map(str, val))
1367 self._locked = ':'.join(map(str, val))
1368 else:
1368 else:
1369 self._locked = None
1369 self._locked = None
1370
1370
1371 @hybrid_property
1371 @hybrid_property
1372 def changeset_cache(self):
1372 def changeset_cache(self):
1373 from rhodecode.lib.vcs.backends.base import EmptyCommit
1373 from rhodecode.lib.vcs.backends.base import EmptyCommit
1374 dummy = EmptyCommit().__json__()
1374 dummy = EmptyCommit().__json__()
1375 if not self._changeset_cache:
1375 if not self._changeset_cache:
1376 return dummy
1376 return dummy
1377 try:
1377 try:
1378 return json.loads(self._changeset_cache)
1378 return json.loads(self._changeset_cache)
1379 except TypeError:
1379 except TypeError:
1380 return dummy
1380 return dummy
1381 except Exception:
1381 except Exception:
1382 log.error(traceback.format_exc())
1382 log.error(traceback.format_exc())
1383 return dummy
1383 return dummy
1384
1384
1385 @changeset_cache.setter
1385 @changeset_cache.setter
1386 def changeset_cache(self, val):
1386 def changeset_cache(self, val):
1387 try:
1387 try:
1388 self._changeset_cache = json.dumps(val)
1388 self._changeset_cache = json.dumps(val)
1389 except Exception:
1389 except Exception:
1390 log.error(traceback.format_exc())
1390 log.error(traceback.format_exc())
1391
1391
1392 @hybrid_property
1392 @hybrid_property
1393 def repo_name(self):
1393 def repo_name(self):
1394 return self._repo_name
1394 return self._repo_name
1395
1395
1396 @repo_name.setter
1396 @repo_name.setter
1397 def repo_name(self, value):
1397 def repo_name(self, value):
1398 self._repo_name = value
1398 self._repo_name = value
1399 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1399 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1400
1400
1401 @classmethod
1401 @classmethod
1402 def normalize_repo_name(cls, repo_name):
1402 def normalize_repo_name(cls, repo_name):
1403 """
1403 """
1404 Normalizes os specific repo_name to the format internally stored inside
1404 Normalizes os specific repo_name to the format internally stored inside
1405 database using URL_SEP
1405 database using URL_SEP
1406
1406
1407 :param cls:
1407 :param cls:
1408 :param repo_name:
1408 :param repo_name:
1409 """
1409 """
1410 return cls.NAME_SEP.join(repo_name.split(os.sep))
1410 return cls.NAME_SEP.join(repo_name.split(os.sep))
1411
1411
1412 @classmethod
1412 @classmethod
1413 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1413 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1414 session = Session()
1414 session = Session()
1415 q = session.query(cls).filter(cls.repo_name == repo_name)
1415 q = session.query(cls).filter(cls.repo_name == repo_name)
1416
1416
1417 if cache:
1417 if cache:
1418 if identity_cache:
1418 if identity_cache:
1419 val = cls.identity_cache(session, 'repo_name', repo_name)
1419 val = cls.identity_cache(session, 'repo_name', repo_name)
1420 if val:
1420 if val:
1421 return val
1421 return val
1422 else:
1422 else:
1423 q = q.options(
1423 q = q.options(
1424 FromCache("sql_cache_short",
1424 FromCache("sql_cache_short",
1425 "get_repo_by_name_%s" % _hash_key(repo_name)))
1425 "get_repo_by_name_%s" % _hash_key(repo_name)))
1426
1426
1427 return q.scalar()
1427 return q.scalar()
1428
1428
1429 @classmethod
1429 @classmethod
1430 def get_by_full_path(cls, repo_full_path):
1430 def get_by_full_path(cls, repo_full_path):
1431 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1431 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1432 repo_name = cls.normalize_repo_name(repo_name)
1432 repo_name = cls.normalize_repo_name(repo_name)
1433 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1433 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1434
1434
1435 @classmethod
1435 @classmethod
1436 def get_repo_forks(cls, repo_id):
1436 def get_repo_forks(cls, repo_id):
1437 return cls.query().filter(Repository.fork_id == repo_id)
1437 return cls.query().filter(Repository.fork_id == repo_id)
1438
1438
1439 @classmethod
1439 @classmethod
1440 def base_path(cls):
1440 def base_path(cls):
1441 """
1441 """
1442 Returns base path when all repos are stored
1442 Returns base path when all repos are stored
1443
1443
1444 :param cls:
1444 :param cls:
1445 """
1445 """
1446 q = Session().query(RhodeCodeUi)\
1446 q = Session().query(RhodeCodeUi)\
1447 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1447 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1448 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1448 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1449 return q.one().ui_value
1449 return q.one().ui_value
1450
1450
1451 @classmethod
1451 @classmethod
1452 def is_valid(cls, repo_name):
1452 def is_valid(cls, repo_name):
1453 """
1453 """
1454 returns True if given repo name is a valid filesystem repository
1454 returns True if given repo name is a valid filesystem repository
1455
1455
1456 :param cls:
1456 :param cls:
1457 :param repo_name:
1457 :param repo_name:
1458 """
1458 """
1459 from rhodecode.lib.utils import is_valid_repo
1459 from rhodecode.lib.utils import is_valid_repo
1460
1460
1461 return is_valid_repo(repo_name, cls.base_path())
1461 return is_valid_repo(repo_name, cls.base_path())
1462
1462
1463 @classmethod
1463 @classmethod
1464 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1464 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1465 case_insensitive=True):
1465 case_insensitive=True):
1466 q = Repository.query()
1466 q = Repository.query()
1467
1467
1468 if not isinstance(user_id, Optional):
1468 if not isinstance(user_id, Optional):
1469 q = q.filter(Repository.user_id == user_id)
1469 q = q.filter(Repository.user_id == user_id)
1470
1470
1471 if not isinstance(group_id, Optional):
1471 if not isinstance(group_id, Optional):
1472 q = q.filter(Repository.group_id == group_id)
1472 q = q.filter(Repository.group_id == group_id)
1473
1473
1474 if case_insensitive:
1474 if case_insensitive:
1475 q = q.order_by(func.lower(Repository.repo_name))
1475 q = q.order_by(func.lower(Repository.repo_name))
1476 else:
1476 else:
1477 q = q.order_by(Repository.repo_name)
1477 q = q.order_by(Repository.repo_name)
1478 return q.all()
1478 return q.all()
1479
1479
1480 @property
1480 @property
1481 def forks(self):
1481 def forks(self):
1482 """
1482 """
1483 Return forks of this repo
1483 Return forks of this repo
1484 """
1484 """
1485 return Repository.get_repo_forks(self.repo_id)
1485 return Repository.get_repo_forks(self.repo_id)
1486
1486
1487 @property
1487 @property
1488 def parent(self):
1488 def parent(self):
1489 """
1489 """
1490 Returns fork parent
1490 Returns fork parent
1491 """
1491 """
1492 return self.fork
1492 return self.fork
1493
1493
1494 @property
1494 @property
1495 def just_name(self):
1495 def just_name(self):
1496 return self.repo_name.split(self.NAME_SEP)[-1]
1496 return self.repo_name.split(self.NAME_SEP)[-1]
1497
1497
1498 @property
1498 @property
1499 def groups_with_parents(self):
1499 def groups_with_parents(self):
1500 groups = []
1500 groups = []
1501 if self.group is None:
1501 if self.group is None:
1502 return groups
1502 return groups
1503
1503
1504 cur_gr = self.group
1504 cur_gr = self.group
1505 groups.insert(0, cur_gr)
1505 groups.insert(0, cur_gr)
1506 while 1:
1506 while 1:
1507 gr = getattr(cur_gr, 'parent_group', None)
1507 gr = getattr(cur_gr, 'parent_group', None)
1508 cur_gr = cur_gr.parent_group
1508 cur_gr = cur_gr.parent_group
1509 if gr is None:
1509 if gr is None:
1510 break
1510 break
1511 groups.insert(0, gr)
1511 groups.insert(0, gr)
1512
1512
1513 return groups
1513 return groups
1514
1514
1515 @property
1515 @property
1516 def groups_and_repo(self):
1516 def groups_and_repo(self):
1517 return self.groups_with_parents, self
1517 return self.groups_with_parents, self
1518
1518
1519 @LazyProperty
1519 @LazyProperty
1520 def repo_path(self):
1520 def repo_path(self):
1521 """
1521 """
1522 Returns base full path for that repository means where it actually
1522 Returns base full path for that repository means where it actually
1523 exists on a filesystem
1523 exists on a filesystem
1524 """
1524 """
1525 q = Session().query(RhodeCodeUi).filter(
1525 q = Session().query(RhodeCodeUi).filter(
1526 RhodeCodeUi.ui_key == self.NAME_SEP)
1526 RhodeCodeUi.ui_key == self.NAME_SEP)
1527 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1527 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1528 return q.one().ui_value
1528 return q.one().ui_value
1529
1529
1530 @property
1530 @property
1531 def repo_full_path(self):
1531 def repo_full_path(self):
1532 p = [self.repo_path]
1532 p = [self.repo_path]
1533 # we need to split the name by / since this is how we store the
1533 # we need to split the name by / since this is how we store the
1534 # names in the database, but that eventually needs to be converted
1534 # names in the database, but that eventually needs to be converted
1535 # into a valid system path
1535 # into a valid system path
1536 p += self.repo_name.split(self.NAME_SEP)
1536 p += self.repo_name.split(self.NAME_SEP)
1537 return os.path.join(*map(safe_unicode, p))
1537 return os.path.join(*map(safe_unicode, p))
1538
1538
1539 @property
1539 @property
1540 def cache_keys(self):
1540 def cache_keys(self):
1541 """
1541 """
1542 Returns associated cache keys for that repo
1542 Returns associated cache keys for that repo
1543 """
1543 """
1544 return CacheKey.query()\
1544 return CacheKey.query()\
1545 .filter(CacheKey.cache_args == self.repo_name)\
1545 .filter(CacheKey.cache_args == self.repo_name)\
1546 .order_by(CacheKey.cache_key)\
1546 .order_by(CacheKey.cache_key)\
1547 .all()
1547 .all()
1548
1548
1549 def get_new_name(self, repo_name):
1549 def get_new_name(self, repo_name):
1550 """
1550 """
1551 returns new full repository name based on assigned group and new new
1551 returns new full repository name based on assigned group and new new
1552
1552
1553 :param group_name:
1553 :param group_name:
1554 """
1554 """
1555 path_prefix = self.group.full_path_splitted if self.group else []
1555 path_prefix = self.group.full_path_splitted if self.group else []
1556 return self.NAME_SEP.join(path_prefix + [repo_name])
1556 return self.NAME_SEP.join(path_prefix + [repo_name])
1557
1557
1558 @property
1558 @property
1559 def _config(self):
1559 def _config(self):
1560 """
1560 """
1561 Returns db based config object.
1561 Returns db based config object.
1562 """
1562 """
1563 from rhodecode.lib.utils import make_db_config
1563 from rhodecode.lib.utils import make_db_config
1564 return make_db_config(clear_session=False, repo=self)
1564 return make_db_config(clear_session=False, repo=self)
1565
1565
1566 def permissions(self, with_admins=True, with_owner=True):
1566 def permissions(self, with_admins=True, with_owner=True):
1567 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1567 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1568 q = q.options(joinedload(UserRepoToPerm.repository),
1568 q = q.options(joinedload(UserRepoToPerm.repository),
1569 joinedload(UserRepoToPerm.user),
1569 joinedload(UserRepoToPerm.user),
1570 joinedload(UserRepoToPerm.permission),)
1570 joinedload(UserRepoToPerm.permission),)
1571
1571
1572 # get owners and admins and permissions. We do a trick of re-writing
1572 # get owners and admins and permissions. We do a trick of re-writing
1573 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1573 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1574 # has a global reference and changing one object propagates to all
1574 # has a global reference and changing one object propagates to all
1575 # others. This means if admin is also an owner admin_row that change
1575 # others. This means if admin is also an owner admin_row that change
1576 # would propagate to both objects
1576 # would propagate to both objects
1577 perm_rows = []
1577 perm_rows = []
1578 for _usr in q.all():
1578 for _usr in q.all():
1579 usr = AttributeDict(_usr.user.get_dict())
1579 usr = AttributeDict(_usr.user.get_dict())
1580 usr.permission = _usr.permission.permission_name
1580 usr.permission = _usr.permission.permission_name
1581 perm_rows.append(usr)
1581 perm_rows.append(usr)
1582
1582
1583 # filter the perm rows by 'default' first and then sort them by
1583 # filter the perm rows by 'default' first and then sort them by
1584 # admin,write,read,none permissions sorted again alphabetically in
1584 # admin,write,read,none permissions sorted again alphabetically in
1585 # each group
1585 # each group
1586 perm_rows = sorted(perm_rows, key=display_sort)
1586 perm_rows = sorted(perm_rows, key=display_sort)
1587
1587
1588 _admin_perm = 'repository.admin'
1588 _admin_perm = 'repository.admin'
1589 owner_row = []
1589 owner_row = []
1590 if with_owner:
1590 if with_owner:
1591 usr = AttributeDict(self.user.get_dict())
1591 usr = AttributeDict(self.user.get_dict())
1592 usr.owner_row = True
1592 usr.owner_row = True
1593 usr.permission = _admin_perm
1593 usr.permission = _admin_perm
1594 owner_row.append(usr)
1594 owner_row.append(usr)
1595
1595
1596 super_admin_rows = []
1596 super_admin_rows = []
1597 if with_admins:
1597 if with_admins:
1598 for usr in User.get_all_super_admins():
1598 for usr in User.get_all_super_admins():
1599 # if this admin is also owner, don't double the record
1599 # if this admin is also owner, don't double the record
1600 if usr.user_id == owner_row[0].user_id:
1600 if usr.user_id == owner_row[0].user_id:
1601 owner_row[0].admin_row = True
1601 owner_row[0].admin_row = True
1602 else:
1602 else:
1603 usr = AttributeDict(usr.get_dict())
1603 usr = AttributeDict(usr.get_dict())
1604 usr.admin_row = True
1604 usr.admin_row = True
1605 usr.permission = _admin_perm
1605 usr.permission = _admin_perm
1606 super_admin_rows.append(usr)
1606 super_admin_rows.append(usr)
1607
1607
1608 return super_admin_rows + owner_row + perm_rows
1608 return super_admin_rows + owner_row + perm_rows
1609
1609
1610 def permission_user_groups(self):
1610 def permission_user_groups(self):
1611 q = UserGroupRepoToPerm.query().filter(
1611 q = UserGroupRepoToPerm.query().filter(
1612 UserGroupRepoToPerm.repository == self)
1612 UserGroupRepoToPerm.repository == self)
1613 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1613 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1614 joinedload(UserGroupRepoToPerm.users_group),
1614 joinedload(UserGroupRepoToPerm.users_group),
1615 joinedload(UserGroupRepoToPerm.permission),)
1615 joinedload(UserGroupRepoToPerm.permission),)
1616
1616
1617 perm_rows = []
1617 perm_rows = []
1618 for _user_group in q.all():
1618 for _user_group in q.all():
1619 usr = AttributeDict(_user_group.users_group.get_dict())
1619 usr = AttributeDict(_user_group.users_group.get_dict())
1620 usr.permission = _user_group.permission.permission_name
1620 usr.permission = _user_group.permission.permission_name
1621 perm_rows.append(usr)
1621 perm_rows.append(usr)
1622
1622
1623 return perm_rows
1623 return perm_rows
1624
1624
1625 def get_api_data(self, include_secrets=False):
1625 def get_api_data(self, include_secrets=False):
1626 """
1626 """
1627 Common function for generating repo api data
1627 Common function for generating repo api data
1628
1628
1629 :param include_secrets: See :meth:`User.get_api_data`.
1629 :param include_secrets: See :meth:`User.get_api_data`.
1630
1630
1631 """
1631 """
1632 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1632 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1633 # move this methods on models level.
1633 # move this methods on models level.
1634 from rhodecode.model.settings import SettingsModel
1634 from rhodecode.model.settings import SettingsModel
1635
1635
1636 repo = self
1636 repo = self
1637 _user_id, _time, _reason = self.locked
1637 _user_id, _time, _reason = self.locked
1638
1638
1639 data = {
1639 data = {
1640 'repo_id': repo.repo_id,
1640 'repo_id': repo.repo_id,
1641 'repo_name': repo.repo_name,
1641 'repo_name': repo.repo_name,
1642 'repo_type': repo.repo_type,
1642 'repo_type': repo.repo_type,
1643 'clone_uri': repo.clone_uri or '',
1643 'clone_uri': repo.clone_uri or '',
1644 'url': url('summary_home', repo_name=self.repo_name, qualified=True),
1644 'url': url('summary_home', repo_name=self.repo_name, qualified=True),
1645 'private': repo.private,
1645 'private': repo.private,
1646 'created_on': repo.created_on,
1646 'created_on': repo.created_on,
1647 'description': repo.description,
1647 'description': repo.description,
1648 'landing_rev': repo.landing_rev,
1648 'landing_rev': repo.landing_rev,
1649 'owner': repo.user.username,
1649 'owner': repo.user.username,
1650 'fork_of': repo.fork.repo_name if repo.fork else None,
1650 'fork_of': repo.fork.repo_name if repo.fork else None,
1651 'enable_statistics': repo.enable_statistics,
1651 'enable_statistics': repo.enable_statistics,
1652 'enable_locking': repo.enable_locking,
1652 'enable_locking': repo.enable_locking,
1653 'enable_downloads': repo.enable_downloads,
1653 'enable_downloads': repo.enable_downloads,
1654 'last_changeset': repo.changeset_cache,
1654 'last_changeset': repo.changeset_cache,
1655 'locked_by': User.get(_user_id).get_api_data(
1655 'locked_by': User.get(_user_id).get_api_data(
1656 include_secrets=include_secrets) if _user_id else None,
1656 include_secrets=include_secrets) if _user_id else None,
1657 'locked_date': time_to_datetime(_time) if _time else None,
1657 'locked_date': time_to_datetime(_time) if _time else None,
1658 'lock_reason': _reason if _reason else None,
1658 'lock_reason': _reason if _reason else None,
1659 }
1659 }
1660
1660
1661 # TODO: mikhail: should be per-repo settings here
1661 # TODO: mikhail: should be per-repo settings here
1662 rc_config = SettingsModel().get_all_settings()
1662 rc_config = SettingsModel().get_all_settings()
1663 repository_fields = str2bool(
1663 repository_fields = str2bool(
1664 rc_config.get('rhodecode_repository_fields'))
1664 rc_config.get('rhodecode_repository_fields'))
1665 if repository_fields:
1665 if repository_fields:
1666 for f in self.extra_fields:
1666 for f in self.extra_fields:
1667 data[f.field_key_prefixed] = f.field_value
1667 data[f.field_key_prefixed] = f.field_value
1668
1668
1669 return data
1669 return data
1670
1670
1671 @classmethod
1671 @classmethod
1672 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
1672 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
1673 if not lock_time:
1673 if not lock_time:
1674 lock_time = time.time()
1674 lock_time = time.time()
1675 if not lock_reason:
1675 if not lock_reason:
1676 lock_reason = cls.LOCK_AUTOMATIC
1676 lock_reason = cls.LOCK_AUTOMATIC
1677 repo.locked = [user_id, lock_time, lock_reason]
1677 repo.locked = [user_id, lock_time, lock_reason]
1678 Session().add(repo)
1678 Session().add(repo)
1679 Session().commit()
1679 Session().commit()
1680
1680
1681 @classmethod
1681 @classmethod
1682 def unlock(cls, repo):
1682 def unlock(cls, repo):
1683 repo.locked = None
1683 repo.locked = None
1684 Session().add(repo)
1684 Session().add(repo)
1685 Session().commit()
1685 Session().commit()
1686
1686
1687 @classmethod
1687 @classmethod
1688 def getlock(cls, repo):
1688 def getlock(cls, repo):
1689 return repo.locked
1689 return repo.locked
1690
1690
1691 def is_user_lock(self, user_id):
1691 def is_user_lock(self, user_id):
1692 if self.lock[0]:
1692 if self.lock[0]:
1693 lock_user_id = safe_int(self.lock[0])
1693 lock_user_id = safe_int(self.lock[0])
1694 user_id = safe_int(user_id)
1694 user_id = safe_int(user_id)
1695 # both are ints, and they are equal
1695 # both are ints, and they are equal
1696 return all([lock_user_id, user_id]) and lock_user_id == user_id
1696 return all([lock_user_id, user_id]) and lock_user_id == user_id
1697
1697
1698 return False
1698 return False
1699
1699
1700 def get_locking_state(self, action, user_id, only_when_enabled=True):
1700 def get_locking_state(self, action, user_id, only_when_enabled=True):
1701 """
1701 """
1702 Checks locking on this repository, if locking is enabled and lock is
1702 Checks locking on this repository, if locking is enabled and lock is
1703 present returns a tuple of make_lock, locked, locked_by.
1703 present returns a tuple of make_lock, locked, locked_by.
1704 make_lock can have 3 states None (do nothing) True, make lock
1704 make_lock can have 3 states None (do nothing) True, make lock
1705 False release lock, This value is later propagated to hooks, which
1705 False release lock, This value is later propagated to hooks, which
1706 do the locking. Think about this as signals passed to hooks what to do.
1706 do the locking. Think about this as signals passed to hooks what to do.
1707
1707
1708 """
1708 """
1709 # TODO: johbo: This is part of the business logic and should be moved
1709 # TODO: johbo: This is part of the business logic and should be moved
1710 # into the RepositoryModel.
1710 # into the RepositoryModel.
1711
1711
1712 if action not in ('push', 'pull'):
1712 if action not in ('push', 'pull'):
1713 raise ValueError("Invalid action value: %s" % repr(action))
1713 raise ValueError("Invalid action value: %s" % repr(action))
1714
1714
1715 # defines if locked error should be thrown to user
1715 # defines if locked error should be thrown to user
1716 currently_locked = False
1716 currently_locked = False
1717 # defines if new lock should be made, tri-state
1717 # defines if new lock should be made, tri-state
1718 make_lock = None
1718 make_lock = None
1719 repo = self
1719 repo = self
1720 user = User.get(user_id)
1720 user = User.get(user_id)
1721
1721
1722 lock_info = repo.locked
1722 lock_info = repo.locked
1723
1723
1724 if repo and (repo.enable_locking or not only_when_enabled):
1724 if repo and (repo.enable_locking or not only_when_enabled):
1725 if action == 'push':
1725 if action == 'push':
1726 # check if it's already locked !, if it is compare users
1726 # check if it's already locked !, if it is compare users
1727 locked_by_user_id = lock_info[0]
1727 locked_by_user_id = lock_info[0]
1728 if user.user_id == locked_by_user_id:
1728 if user.user_id == locked_by_user_id:
1729 log.debug(
1729 log.debug(
1730 'Got `push` action from user %s, now unlocking', user)
1730 'Got `push` action from user %s, now unlocking', user)
1731 # unlock if we have push from user who locked
1731 # unlock if we have push from user who locked
1732 make_lock = False
1732 make_lock = False
1733 else:
1733 else:
1734 # we're not the same user who locked, ban with
1734 # we're not the same user who locked, ban with
1735 # code defined in settings (default is 423 HTTP Locked) !
1735 # code defined in settings (default is 423 HTTP Locked) !
1736 log.debug('Repo %s is currently locked by %s', repo, user)
1736 log.debug('Repo %s is currently locked by %s', repo, user)
1737 currently_locked = True
1737 currently_locked = True
1738 elif action == 'pull':
1738 elif action == 'pull':
1739 # [0] user [1] date
1739 # [0] user [1] date
1740 if lock_info[0] and lock_info[1]:
1740 if lock_info[0] and lock_info[1]:
1741 log.debug('Repo %s is currently locked by %s', repo, user)
1741 log.debug('Repo %s is currently locked by %s', repo, user)
1742 currently_locked = True
1742 currently_locked = True
1743 else:
1743 else:
1744 log.debug('Setting lock on repo %s by %s', repo, user)
1744 log.debug('Setting lock on repo %s by %s', repo, user)
1745 make_lock = True
1745 make_lock = True
1746
1746
1747 else:
1747 else:
1748 log.debug('Repository %s do not have locking enabled', repo)
1748 log.debug('Repository %s do not have locking enabled', repo)
1749
1749
1750 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
1750 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
1751 make_lock, currently_locked, lock_info)
1751 make_lock, currently_locked, lock_info)
1752
1752
1753 from rhodecode.lib.auth import HasRepoPermissionAny
1753 from rhodecode.lib.auth import HasRepoPermissionAny
1754 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
1754 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
1755 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
1755 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
1756 # if we don't have at least write permission we cannot make a lock
1756 # if we don't have at least write permission we cannot make a lock
1757 log.debug('lock state reset back to FALSE due to lack '
1757 log.debug('lock state reset back to FALSE due to lack '
1758 'of at least read permission')
1758 'of at least read permission')
1759 make_lock = False
1759 make_lock = False
1760
1760
1761 return make_lock, currently_locked, lock_info
1761 return make_lock, currently_locked, lock_info
1762
1762
1763 @property
1763 @property
1764 def last_db_change(self):
1764 def last_db_change(self):
1765 return self.updated_on
1765 return self.updated_on
1766
1766
1767 @property
1767 @property
1768 def clone_uri_hidden(self):
1768 def clone_uri_hidden(self):
1769 clone_uri = self.clone_uri
1769 clone_uri = self.clone_uri
1770 if clone_uri:
1770 if clone_uri:
1771 import urlobject
1771 import urlobject
1772 url_obj = urlobject.URLObject(clone_uri)
1772 url_obj = urlobject.URLObject(clone_uri)
1773 if url_obj.password:
1773 if url_obj.password:
1774 clone_uri = url_obj.with_password('*****')
1774 clone_uri = url_obj.with_password('*****')
1775 return clone_uri
1775 return clone_uri
1776
1776
1777 def clone_url(self, **override):
1777 def clone_url(self, **override):
1778 qualified_home_url = url('home', qualified=True)
1778 qualified_home_url = url('home', qualified=True)
1779
1779
1780 uri_tmpl = None
1780 uri_tmpl = None
1781 if 'with_id' in override:
1781 if 'with_id' in override:
1782 uri_tmpl = self.DEFAULT_CLONE_URI_ID
1782 uri_tmpl = self.DEFAULT_CLONE_URI_ID
1783 del override['with_id']
1783 del override['with_id']
1784
1784
1785 if 'uri_tmpl' in override:
1785 if 'uri_tmpl' in override:
1786 uri_tmpl = override['uri_tmpl']
1786 uri_tmpl = override['uri_tmpl']
1787 del override['uri_tmpl']
1787 del override['uri_tmpl']
1788
1788
1789 # we didn't override our tmpl from **overrides
1789 # we didn't override our tmpl from **overrides
1790 if not uri_tmpl:
1790 if not uri_tmpl:
1791 uri_tmpl = self.DEFAULT_CLONE_URI
1791 uri_tmpl = self.DEFAULT_CLONE_URI
1792 try:
1792 try:
1793 from pylons import tmpl_context as c
1793 from pylons import tmpl_context as c
1794 uri_tmpl = c.clone_uri_tmpl
1794 uri_tmpl = c.clone_uri_tmpl
1795 except Exception:
1795 except Exception:
1796 # in any case if we call this outside of request context,
1796 # in any case if we call this outside of request context,
1797 # ie, not having tmpl_context set up
1797 # ie, not having tmpl_context set up
1798 pass
1798 pass
1799
1799
1800 return get_clone_url(uri_tmpl=uri_tmpl,
1800 return get_clone_url(uri_tmpl=uri_tmpl,
1801 qualifed_home_url=qualified_home_url,
1801 qualifed_home_url=qualified_home_url,
1802 repo_name=self.repo_name,
1802 repo_name=self.repo_name,
1803 repo_id=self.repo_id, **override)
1803 repo_id=self.repo_id, **override)
1804
1804
1805 def set_state(self, state):
1805 def set_state(self, state):
1806 self.repo_state = state
1806 self.repo_state = state
1807 Session().add(self)
1807 Session().add(self)
1808 #==========================================================================
1808 #==========================================================================
1809 # SCM PROPERTIES
1809 # SCM PROPERTIES
1810 #==========================================================================
1810 #==========================================================================
1811
1811
1812 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
1812 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
1813 return get_commit_safe(
1813 return get_commit_safe(
1814 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
1814 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
1815
1815
1816 def get_changeset(self, rev=None, pre_load=None):
1816 def get_changeset(self, rev=None, pre_load=None):
1817 warnings.warn("Use get_commit", DeprecationWarning)
1817 warnings.warn("Use get_commit", DeprecationWarning)
1818 commit_id = None
1818 commit_id = None
1819 commit_idx = None
1819 commit_idx = None
1820 if isinstance(rev, basestring):
1820 if isinstance(rev, basestring):
1821 commit_id = rev
1821 commit_id = rev
1822 else:
1822 else:
1823 commit_idx = rev
1823 commit_idx = rev
1824 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
1824 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
1825 pre_load=pre_load)
1825 pre_load=pre_load)
1826
1826
1827 def get_landing_commit(self):
1827 def get_landing_commit(self):
1828 """
1828 """
1829 Returns landing commit, or if that doesn't exist returns the tip
1829 Returns landing commit, or if that doesn't exist returns the tip
1830 """
1830 """
1831 _rev_type, _rev = self.landing_rev
1831 _rev_type, _rev = self.landing_rev
1832 commit = self.get_commit(_rev)
1832 commit = self.get_commit(_rev)
1833 if isinstance(commit, EmptyCommit):
1833 if isinstance(commit, EmptyCommit):
1834 return self.get_commit()
1834 return self.get_commit()
1835 return commit
1835 return commit
1836
1836
1837 def update_commit_cache(self, cs_cache=None, config=None):
1837 def update_commit_cache(self, cs_cache=None, config=None):
1838 """
1838 """
1839 Update cache of last changeset for repository, keys should be::
1839 Update cache of last changeset for repository, keys should be::
1840
1840
1841 short_id
1841 short_id
1842 raw_id
1842 raw_id
1843 revision
1843 revision
1844 parents
1844 parents
1845 message
1845 message
1846 date
1846 date
1847 author
1847 author
1848
1848
1849 :param cs_cache:
1849 :param cs_cache:
1850 """
1850 """
1851 from rhodecode.lib.vcs.backends.base import BaseChangeset
1851 from rhodecode.lib.vcs.backends.base import BaseChangeset
1852 if cs_cache is None:
1852 if cs_cache is None:
1853 # use no-cache version here
1853 # use no-cache version here
1854 scm_repo = self.scm_instance(cache=False, config=config)
1854 scm_repo = self.scm_instance(cache=False, config=config)
1855 if scm_repo:
1855 if scm_repo:
1856 cs_cache = scm_repo.get_commit(
1856 cs_cache = scm_repo.get_commit(
1857 pre_load=["author", "date", "message", "parents"])
1857 pre_load=["author", "date", "message", "parents"])
1858 else:
1858 else:
1859 cs_cache = EmptyCommit()
1859 cs_cache = EmptyCommit()
1860
1860
1861 if isinstance(cs_cache, BaseChangeset):
1861 if isinstance(cs_cache, BaseChangeset):
1862 cs_cache = cs_cache.__json__()
1862 cs_cache = cs_cache.__json__()
1863
1863
1864 def is_outdated(new_cs_cache):
1864 def is_outdated(new_cs_cache):
1865 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
1865 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
1866 new_cs_cache['revision'] != self.changeset_cache['revision']):
1866 new_cs_cache['revision'] != self.changeset_cache['revision']):
1867 return True
1867 return True
1868 return False
1868 return False
1869
1869
1870 # check if we have maybe already latest cached revision
1870 # check if we have maybe already latest cached revision
1871 if is_outdated(cs_cache) or not self.changeset_cache:
1871 if is_outdated(cs_cache) or not self.changeset_cache:
1872 _default = datetime.datetime.fromtimestamp(0)
1872 _default = datetime.datetime.fromtimestamp(0)
1873 last_change = cs_cache.get('date') or _default
1873 last_change = cs_cache.get('date') or _default
1874 log.debug('updated repo %s with new cs cache %s',
1874 log.debug('updated repo %s with new cs cache %s',
1875 self.repo_name, cs_cache)
1875 self.repo_name, cs_cache)
1876 self.updated_on = last_change
1876 self.updated_on = last_change
1877 self.changeset_cache = cs_cache
1877 self.changeset_cache = cs_cache
1878 Session().add(self)
1878 Session().add(self)
1879 Session().commit()
1879 Session().commit()
1880 else:
1880 else:
1881 log.debug('Skipping update_commit_cache for repo:`%s` '
1881 log.debug('Skipping update_commit_cache for repo:`%s` '
1882 'commit already with latest changes', self.repo_name)
1882 'commit already with latest changes', self.repo_name)
1883
1883
1884 @property
1884 @property
1885 def tip(self):
1885 def tip(self):
1886 return self.get_commit('tip')
1886 return self.get_commit('tip')
1887
1887
1888 @property
1888 @property
1889 def author(self):
1889 def author(self):
1890 return self.tip.author
1890 return self.tip.author
1891
1891
1892 @property
1892 @property
1893 def last_change(self):
1893 def last_change(self):
1894 return self.scm_instance().last_change
1894 return self.scm_instance().last_change
1895
1895
1896 def get_comments(self, revisions=None):
1896 def get_comments(self, revisions=None):
1897 """
1897 """
1898 Returns comments for this repository grouped by revisions
1898 Returns comments for this repository grouped by revisions
1899
1899
1900 :param revisions: filter query by revisions only
1900 :param revisions: filter query by revisions only
1901 """
1901 """
1902 cmts = ChangesetComment.query()\
1902 cmts = ChangesetComment.query()\
1903 .filter(ChangesetComment.repo == self)
1903 .filter(ChangesetComment.repo == self)
1904 if revisions:
1904 if revisions:
1905 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
1905 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
1906 grouped = collections.defaultdict(list)
1906 grouped = collections.defaultdict(list)
1907 for cmt in cmts.all():
1907 for cmt in cmts.all():
1908 grouped[cmt.revision].append(cmt)
1908 grouped[cmt.revision].append(cmt)
1909 return grouped
1909 return grouped
1910
1910
1911 def statuses(self, revisions=None):
1911 def statuses(self, revisions=None):
1912 """
1912 """
1913 Returns statuses for this repository
1913 Returns statuses for this repository
1914
1914
1915 :param revisions: list of revisions to get statuses for
1915 :param revisions: list of revisions to get statuses for
1916 """
1916 """
1917 statuses = ChangesetStatus.query()\
1917 statuses = ChangesetStatus.query()\
1918 .filter(ChangesetStatus.repo == self)\
1918 .filter(ChangesetStatus.repo == self)\
1919 .filter(ChangesetStatus.version == 0)
1919 .filter(ChangesetStatus.version == 0)
1920
1920
1921 if revisions:
1921 if revisions:
1922 # Try doing the filtering in chunks to avoid hitting limits
1922 # Try doing the filtering in chunks to avoid hitting limits
1923 size = 500
1923 size = 500
1924 status_results = []
1924 status_results = []
1925 for chunk in xrange(0, len(revisions), size):
1925 for chunk in xrange(0, len(revisions), size):
1926 status_results += statuses.filter(
1926 status_results += statuses.filter(
1927 ChangesetStatus.revision.in_(
1927 ChangesetStatus.revision.in_(
1928 revisions[chunk: chunk+size])
1928 revisions[chunk: chunk+size])
1929 ).all()
1929 ).all()
1930 else:
1930 else:
1931 status_results = statuses.all()
1931 status_results = statuses.all()
1932
1932
1933 grouped = {}
1933 grouped = {}
1934
1934
1935 # maybe we have open new pullrequest without a status?
1935 # maybe we have open new pullrequest without a status?
1936 stat = ChangesetStatus.STATUS_UNDER_REVIEW
1936 stat = ChangesetStatus.STATUS_UNDER_REVIEW
1937 status_lbl = ChangesetStatus.get_status_lbl(stat)
1937 status_lbl = ChangesetStatus.get_status_lbl(stat)
1938 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
1938 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
1939 for rev in pr.revisions:
1939 for rev in pr.revisions:
1940 pr_id = pr.pull_request_id
1940 pr_id = pr.pull_request_id
1941 pr_repo = pr.target_repo.repo_name
1941 pr_repo = pr.target_repo.repo_name
1942 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
1942 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
1943
1943
1944 for stat in status_results:
1944 for stat in status_results:
1945 pr_id = pr_repo = None
1945 pr_id = pr_repo = None
1946 if stat.pull_request:
1946 if stat.pull_request:
1947 pr_id = stat.pull_request.pull_request_id
1947 pr_id = stat.pull_request.pull_request_id
1948 pr_repo = stat.pull_request.target_repo.repo_name
1948 pr_repo = stat.pull_request.target_repo.repo_name
1949 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
1949 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
1950 pr_id, pr_repo]
1950 pr_id, pr_repo]
1951 return grouped
1951 return grouped
1952
1952
1953 # ==========================================================================
1953 # ==========================================================================
1954 # SCM CACHE INSTANCE
1954 # SCM CACHE INSTANCE
1955 # ==========================================================================
1955 # ==========================================================================
1956
1956
1957 def scm_instance(self, **kwargs):
1957 def scm_instance(self, **kwargs):
1958 import rhodecode
1958 import rhodecode
1959
1959
1960 # Passing a config will not hit the cache currently only used
1960 # Passing a config will not hit the cache currently only used
1961 # for repo2dbmapper
1961 # for repo2dbmapper
1962 config = kwargs.pop('config', None)
1962 config = kwargs.pop('config', None)
1963 cache = kwargs.pop('cache', None)
1963 cache = kwargs.pop('cache', None)
1964 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
1964 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
1965 # if cache is NOT defined use default global, else we have a full
1965 # if cache is NOT defined use default global, else we have a full
1966 # control over cache behaviour
1966 # control over cache behaviour
1967 if cache is None and full_cache and not config:
1967 if cache is None and full_cache and not config:
1968 return self._get_instance_cached()
1968 return self._get_instance_cached()
1969 return self._get_instance(cache=bool(cache), config=config)
1969 return self._get_instance(cache=bool(cache), config=config)
1970
1970
1971 def _get_instance_cached(self):
1971 def _get_instance_cached(self):
1972 @cache_region('long_term')
1972 @cache_region('long_term')
1973 def _get_repo(cache_key):
1973 def _get_repo(cache_key):
1974 return self._get_instance()
1974 return self._get_instance()
1975
1975
1976 invalidator_context = CacheKey.repo_context_cache(
1976 invalidator_context = CacheKey.repo_context_cache(
1977 _get_repo, self.repo_name, None, thread_scoped=True)
1977 _get_repo, self.repo_name, None, thread_scoped=True)
1978
1978
1979 with invalidator_context as context:
1979 with invalidator_context as context:
1980 context.invalidate()
1980 context.invalidate()
1981 repo = context.compute()
1981 repo = context.compute()
1982
1982
1983 return repo
1983 return repo
1984
1984
1985 def _get_instance(self, cache=True, config=None):
1985 def _get_instance(self, cache=True, config=None):
1986 config = config or self._config
1986 config = config or self._config
1987 custom_wire = {
1987 custom_wire = {
1988 'cache': cache # controls the vcs.remote cache
1988 'cache': cache # controls the vcs.remote cache
1989 }
1989 }
1990
1990
1991 repo = get_vcs_instance(
1991 repo = get_vcs_instance(
1992 repo_path=safe_str(self.repo_full_path),
1992 repo_path=safe_str(self.repo_full_path),
1993 config=config,
1993 config=config,
1994 with_wire=custom_wire,
1994 with_wire=custom_wire,
1995 create=False)
1995 create=False)
1996
1996
1997 return repo
1997 return repo
1998
1998
1999 def __json__(self):
1999 def __json__(self):
2000 return {'landing_rev': self.landing_rev}
2000 return {'landing_rev': self.landing_rev}
2001
2001
2002 def get_dict(self):
2002 def get_dict(self):
2003
2003
2004 # Since we transformed `repo_name` to a hybrid property, we need to
2004 # Since we transformed `repo_name` to a hybrid property, we need to
2005 # keep compatibility with the code which uses `repo_name` field.
2005 # keep compatibility with the code which uses `repo_name` field.
2006
2006
2007 result = super(Repository, self).get_dict()
2007 result = super(Repository, self).get_dict()
2008 result['repo_name'] = result.pop('_repo_name', None)
2008 result['repo_name'] = result.pop('_repo_name', None)
2009 return result
2009 return result
2010
2010
2011
2011
2012 class RepoGroup(Base, BaseModel):
2012 class RepoGroup(Base, BaseModel):
2013 __tablename__ = 'groups'
2013 __tablename__ = 'groups'
2014 __table_args__ = (
2014 __table_args__ = (
2015 UniqueConstraint('group_name', 'group_parent_id'),
2015 UniqueConstraint('group_name', 'group_parent_id'),
2016 CheckConstraint('group_id != group_parent_id'),
2016 CheckConstraint('group_id != group_parent_id'),
2017 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2017 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2018 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2018 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2019 )
2019 )
2020 __mapper_args__ = {'order_by': 'group_name'}
2020 __mapper_args__ = {'order_by': 'group_name'}
2021
2021
2022 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2022 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2023
2023
2024 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2024 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2025 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2025 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2026 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2026 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2027 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2027 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2028 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2028 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2029 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2029 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2030 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2030 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2031 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2031
2032
2032 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2033 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2033 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2034 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2034 parent_group = relationship('RepoGroup', remote_side=group_id)
2035 parent_group = relationship('RepoGroup', remote_side=group_id)
2035 user = relationship('User')
2036 user = relationship('User')
2036 integrations = relationship('Integration',
2037 integrations = relationship('Integration',
2037 cascade="all, delete, delete-orphan")
2038 cascade="all, delete, delete-orphan")
2038
2039
2039 def __init__(self, group_name='', parent_group=None):
2040 def __init__(self, group_name='', parent_group=None):
2040 self.group_name = group_name
2041 self.group_name = group_name
2041 self.parent_group = parent_group
2042 self.parent_group = parent_group
2042
2043
2043 def __unicode__(self):
2044 def __unicode__(self):
2044 return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,
2045 return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,
2045 self.group_name)
2046 self.group_name)
2046
2047
2047 @classmethod
2048 @classmethod
2048 def _generate_choice(cls, repo_group):
2049 def _generate_choice(cls, repo_group):
2049 from webhelpers.html import literal as _literal
2050 from webhelpers.html import literal as _literal
2050 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2051 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2051 return repo_group.group_id, _name(repo_group.full_path_splitted)
2052 return repo_group.group_id, _name(repo_group.full_path_splitted)
2052
2053
2053 @classmethod
2054 @classmethod
2054 def groups_choices(cls, groups=None, show_empty_group=True):
2055 def groups_choices(cls, groups=None, show_empty_group=True):
2055 if not groups:
2056 if not groups:
2056 groups = cls.query().all()
2057 groups = cls.query().all()
2057
2058
2058 repo_groups = []
2059 repo_groups = []
2059 if show_empty_group:
2060 if show_empty_group:
2060 repo_groups = [('-1', u'-- %s --' % _('No parent'))]
2061 repo_groups = [('-1', u'-- %s --' % _('No parent'))]
2061
2062
2062 repo_groups.extend([cls._generate_choice(x) for x in groups])
2063 repo_groups.extend([cls._generate_choice(x) for x in groups])
2063
2064
2064 repo_groups = sorted(
2065 repo_groups = sorted(
2065 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2066 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2066 return repo_groups
2067 return repo_groups
2067
2068
2068 @classmethod
2069 @classmethod
2069 def url_sep(cls):
2070 def url_sep(cls):
2070 return URL_SEP
2071 return URL_SEP
2071
2072
2072 @classmethod
2073 @classmethod
2073 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2074 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2074 if case_insensitive:
2075 if case_insensitive:
2075 gr = cls.query().filter(func.lower(cls.group_name)
2076 gr = cls.query().filter(func.lower(cls.group_name)
2076 == func.lower(group_name))
2077 == func.lower(group_name))
2077 else:
2078 else:
2078 gr = cls.query().filter(cls.group_name == group_name)
2079 gr = cls.query().filter(cls.group_name == group_name)
2079 if cache:
2080 if cache:
2080 gr = gr.options(FromCache(
2081 gr = gr.options(FromCache(
2081 "sql_cache_short",
2082 "sql_cache_short",
2082 "get_group_%s" % _hash_key(group_name)))
2083 "get_group_%s" % _hash_key(group_name)))
2083 return gr.scalar()
2084 return gr.scalar()
2084
2085
2085 @classmethod
2086 @classmethod
2087 def get_user_personal_repo_group(cls, user_id):
2088 user = User.get(user_id)
2089 return cls.query()\
2090 .filter(cls.personal == true())\
2091 .filter(cls.user == user).scalar()
2092
2093 @classmethod
2086 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2094 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2087 case_insensitive=True):
2095 case_insensitive=True):
2088 q = RepoGroup.query()
2096 q = RepoGroup.query()
2089
2097
2090 if not isinstance(user_id, Optional):
2098 if not isinstance(user_id, Optional):
2091 q = q.filter(RepoGroup.user_id == user_id)
2099 q = q.filter(RepoGroup.user_id == user_id)
2092
2100
2093 if not isinstance(group_id, Optional):
2101 if not isinstance(group_id, Optional):
2094 q = q.filter(RepoGroup.group_parent_id == group_id)
2102 q = q.filter(RepoGroup.group_parent_id == group_id)
2095
2103
2096 if case_insensitive:
2104 if case_insensitive:
2097 q = q.order_by(func.lower(RepoGroup.group_name))
2105 q = q.order_by(func.lower(RepoGroup.group_name))
2098 else:
2106 else:
2099 q = q.order_by(RepoGroup.group_name)
2107 q = q.order_by(RepoGroup.group_name)
2100 return q.all()
2108 return q.all()
2101
2109
2102 @property
2110 @property
2103 def parents(self):
2111 def parents(self):
2104 parents_recursion_limit = 10
2112 parents_recursion_limit = 10
2105 groups = []
2113 groups = []
2106 if self.parent_group is None:
2114 if self.parent_group is None:
2107 return groups
2115 return groups
2108 cur_gr = self.parent_group
2116 cur_gr = self.parent_group
2109 groups.insert(0, cur_gr)
2117 groups.insert(0, cur_gr)
2110 cnt = 0
2118 cnt = 0
2111 while 1:
2119 while 1:
2112 cnt += 1
2120 cnt += 1
2113 gr = getattr(cur_gr, 'parent_group', None)
2121 gr = getattr(cur_gr, 'parent_group', None)
2114 cur_gr = cur_gr.parent_group
2122 cur_gr = cur_gr.parent_group
2115 if gr is None:
2123 if gr is None:
2116 break
2124 break
2117 if cnt == parents_recursion_limit:
2125 if cnt == parents_recursion_limit:
2118 # this will prevent accidental infinit loops
2126 # this will prevent accidental infinit loops
2119 log.error(('more than %s parents found for group %s, stopping '
2127 log.error(('more than %s parents found for group %s, stopping '
2120 'recursive parent fetching' % (parents_recursion_limit, self)))
2128 'recursive parent fetching' % (parents_recursion_limit, self)))
2121 break
2129 break
2122
2130
2123 groups.insert(0, gr)
2131 groups.insert(0, gr)
2124 return groups
2132 return groups
2125
2133
2126 @property
2134 @property
2127 def children(self):
2135 def children(self):
2128 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2136 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2129
2137
2130 @property
2138 @property
2131 def name(self):
2139 def name(self):
2132 return self.group_name.split(RepoGroup.url_sep())[-1]
2140 return self.group_name.split(RepoGroup.url_sep())[-1]
2133
2141
2134 @property
2142 @property
2135 def full_path(self):
2143 def full_path(self):
2136 return self.group_name
2144 return self.group_name
2137
2145
2138 @property
2146 @property
2139 def full_path_splitted(self):
2147 def full_path_splitted(self):
2140 return self.group_name.split(RepoGroup.url_sep())
2148 return self.group_name.split(RepoGroup.url_sep())
2141
2149
2142 @property
2150 @property
2143 def repositories(self):
2151 def repositories(self):
2144 return Repository.query()\
2152 return Repository.query()\
2145 .filter(Repository.group == self)\
2153 .filter(Repository.group == self)\
2146 .order_by(Repository.repo_name)
2154 .order_by(Repository.repo_name)
2147
2155
2148 @property
2156 @property
2149 def repositories_recursive_count(self):
2157 def repositories_recursive_count(self):
2150 cnt = self.repositories.count()
2158 cnt = self.repositories.count()
2151
2159
2152 def children_count(group):
2160 def children_count(group):
2153 cnt = 0
2161 cnt = 0
2154 for child in group.children:
2162 for child in group.children:
2155 cnt += child.repositories.count()
2163 cnt += child.repositories.count()
2156 cnt += children_count(child)
2164 cnt += children_count(child)
2157 return cnt
2165 return cnt
2158
2166
2159 return cnt + children_count(self)
2167 return cnt + children_count(self)
2160
2168
2161 def _recursive_objects(self, include_repos=True):
2169 def _recursive_objects(self, include_repos=True):
2162 all_ = []
2170 all_ = []
2163
2171
2164 def _get_members(root_gr):
2172 def _get_members(root_gr):
2165 if include_repos:
2173 if include_repos:
2166 for r in root_gr.repositories:
2174 for r in root_gr.repositories:
2167 all_.append(r)
2175 all_.append(r)
2168 childs = root_gr.children.all()
2176 childs = root_gr.children.all()
2169 if childs:
2177 if childs:
2170 for gr in childs:
2178 for gr in childs:
2171 all_.append(gr)
2179 all_.append(gr)
2172 _get_members(gr)
2180 _get_members(gr)
2173
2181
2174 _get_members(self)
2182 _get_members(self)
2175 return [self] + all_
2183 return [self] + all_
2176
2184
2177 def recursive_groups_and_repos(self):
2185 def recursive_groups_and_repos(self):
2178 """
2186 """
2179 Recursive return all groups, with repositories in those groups
2187 Recursive return all groups, with repositories in those groups
2180 """
2188 """
2181 return self._recursive_objects()
2189 return self._recursive_objects()
2182
2190
2183 def recursive_groups(self):
2191 def recursive_groups(self):
2184 """
2192 """
2185 Returns all children groups for this group including children of children
2193 Returns all children groups for this group including children of children
2186 """
2194 """
2187 return self._recursive_objects(include_repos=False)
2195 return self._recursive_objects(include_repos=False)
2188
2196
2189 def get_new_name(self, group_name):
2197 def get_new_name(self, group_name):
2190 """
2198 """
2191 returns new full group name based on parent and new name
2199 returns new full group name based on parent and new name
2192
2200
2193 :param group_name:
2201 :param group_name:
2194 """
2202 """
2195 path_prefix = (self.parent_group.full_path_splitted if
2203 path_prefix = (self.parent_group.full_path_splitted if
2196 self.parent_group else [])
2204 self.parent_group else [])
2197 return RepoGroup.url_sep().join(path_prefix + [group_name])
2205 return RepoGroup.url_sep().join(path_prefix + [group_name])
2198
2206
2199 def permissions(self, with_admins=True, with_owner=True):
2207 def permissions(self, with_admins=True, with_owner=True):
2200 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2208 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2201 q = q.options(joinedload(UserRepoGroupToPerm.group),
2209 q = q.options(joinedload(UserRepoGroupToPerm.group),
2202 joinedload(UserRepoGroupToPerm.user),
2210 joinedload(UserRepoGroupToPerm.user),
2203 joinedload(UserRepoGroupToPerm.permission),)
2211 joinedload(UserRepoGroupToPerm.permission),)
2204
2212
2205 # get owners and admins and permissions. We do a trick of re-writing
2213 # get owners and admins and permissions. We do a trick of re-writing
2206 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2214 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2207 # has a global reference and changing one object propagates to all
2215 # has a global reference and changing one object propagates to all
2208 # others. This means if admin is also an owner admin_row that change
2216 # others. This means if admin is also an owner admin_row that change
2209 # would propagate to both objects
2217 # would propagate to both objects
2210 perm_rows = []
2218 perm_rows = []
2211 for _usr in q.all():
2219 for _usr in q.all():
2212 usr = AttributeDict(_usr.user.get_dict())
2220 usr = AttributeDict(_usr.user.get_dict())
2213 usr.permission = _usr.permission.permission_name
2221 usr.permission = _usr.permission.permission_name
2214 perm_rows.append(usr)
2222 perm_rows.append(usr)
2215
2223
2216 # filter the perm rows by 'default' first and then sort them by
2224 # filter the perm rows by 'default' first and then sort them by
2217 # admin,write,read,none permissions sorted again alphabetically in
2225 # admin,write,read,none permissions sorted again alphabetically in
2218 # each group
2226 # each group
2219 perm_rows = sorted(perm_rows, key=display_sort)
2227 perm_rows = sorted(perm_rows, key=display_sort)
2220
2228
2221 _admin_perm = 'group.admin'
2229 _admin_perm = 'group.admin'
2222 owner_row = []
2230 owner_row = []
2223 if with_owner:
2231 if with_owner:
2224 usr = AttributeDict(self.user.get_dict())
2232 usr = AttributeDict(self.user.get_dict())
2225 usr.owner_row = True
2233 usr.owner_row = True
2226 usr.permission = _admin_perm
2234 usr.permission = _admin_perm
2227 owner_row.append(usr)
2235 owner_row.append(usr)
2228
2236
2229 super_admin_rows = []
2237 super_admin_rows = []
2230 if with_admins:
2238 if with_admins:
2231 for usr in User.get_all_super_admins():
2239 for usr in User.get_all_super_admins():
2232 # if this admin is also owner, don't double the record
2240 # if this admin is also owner, don't double the record
2233 if usr.user_id == owner_row[0].user_id:
2241 if usr.user_id == owner_row[0].user_id:
2234 owner_row[0].admin_row = True
2242 owner_row[0].admin_row = True
2235 else:
2243 else:
2236 usr = AttributeDict(usr.get_dict())
2244 usr = AttributeDict(usr.get_dict())
2237 usr.admin_row = True
2245 usr.admin_row = True
2238 usr.permission = _admin_perm
2246 usr.permission = _admin_perm
2239 super_admin_rows.append(usr)
2247 super_admin_rows.append(usr)
2240
2248
2241 return super_admin_rows + owner_row + perm_rows
2249 return super_admin_rows + owner_row + perm_rows
2242
2250
2243 def permission_user_groups(self):
2251 def permission_user_groups(self):
2244 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2252 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2245 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2253 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2246 joinedload(UserGroupRepoGroupToPerm.users_group),
2254 joinedload(UserGroupRepoGroupToPerm.users_group),
2247 joinedload(UserGroupRepoGroupToPerm.permission),)
2255 joinedload(UserGroupRepoGroupToPerm.permission),)
2248
2256
2249 perm_rows = []
2257 perm_rows = []
2250 for _user_group in q.all():
2258 for _user_group in q.all():
2251 usr = AttributeDict(_user_group.users_group.get_dict())
2259 usr = AttributeDict(_user_group.users_group.get_dict())
2252 usr.permission = _user_group.permission.permission_name
2260 usr.permission = _user_group.permission.permission_name
2253 perm_rows.append(usr)
2261 perm_rows.append(usr)
2254
2262
2255 return perm_rows
2263 return perm_rows
2256
2264
2257 def get_api_data(self):
2265 def get_api_data(self):
2258 """
2266 """
2259 Common function for generating api data
2267 Common function for generating api data
2260
2268
2261 """
2269 """
2262 group = self
2270 group = self
2263 data = {
2271 data = {
2264 'group_id': group.group_id,
2272 'group_id': group.group_id,
2265 'group_name': group.group_name,
2273 'group_name': group.group_name,
2266 'group_description': group.group_description,
2274 'group_description': group.group_description,
2267 'parent_group': group.parent_group.group_name if group.parent_group else None,
2275 'parent_group': group.parent_group.group_name if group.parent_group else None,
2268 'repositories': [x.repo_name for x in group.repositories],
2276 'repositories': [x.repo_name for x in group.repositories],
2269 'owner': group.user.username,
2277 'owner': group.user.username,
2270 }
2278 }
2271 return data
2279 return data
2272
2280
2273
2281
2274 class Permission(Base, BaseModel):
2282 class Permission(Base, BaseModel):
2275 __tablename__ = 'permissions'
2283 __tablename__ = 'permissions'
2276 __table_args__ = (
2284 __table_args__ = (
2277 Index('p_perm_name_idx', 'permission_name'),
2285 Index('p_perm_name_idx', 'permission_name'),
2278 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2286 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2279 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2287 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2280 )
2288 )
2281 PERMS = [
2289 PERMS = [
2282 ('hg.admin', _('RhodeCode Super Administrator')),
2290 ('hg.admin', _('RhodeCode Super Administrator')),
2283
2291
2284 ('repository.none', _('Repository no access')),
2292 ('repository.none', _('Repository no access')),
2285 ('repository.read', _('Repository read access')),
2293 ('repository.read', _('Repository read access')),
2286 ('repository.write', _('Repository write access')),
2294 ('repository.write', _('Repository write access')),
2287 ('repository.admin', _('Repository admin access')),
2295 ('repository.admin', _('Repository admin access')),
2288
2296
2289 ('group.none', _('Repository group no access')),
2297 ('group.none', _('Repository group no access')),
2290 ('group.read', _('Repository group read access')),
2298 ('group.read', _('Repository group read access')),
2291 ('group.write', _('Repository group write access')),
2299 ('group.write', _('Repository group write access')),
2292 ('group.admin', _('Repository group admin access')),
2300 ('group.admin', _('Repository group admin access')),
2293
2301
2294 ('usergroup.none', _('User group no access')),
2302 ('usergroup.none', _('User group no access')),
2295 ('usergroup.read', _('User group read access')),
2303 ('usergroup.read', _('User group read access')),
2296 ('usergroup.write', _('User group write access')),
2304 ('usergroup.write', _('User group write access')),
2297 ('usergroup.admin', _('User group admin access')),
2305 ('usergroup.admin', _('User group admin access')),
2298
2306
2299 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2307 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2300 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2308 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2301
2309
2302 ('hg.usergroup.create.false', _('User Group creation disabled')),
2310 ('hg.usergroup.create.false', _('User Group creation disabled')),
2303 ('hg.usergroup.create.true', _('User Group creation enabled')),
2311 ('hg.usergroup.create.true', _('User Group creation enabled')),
2304
2312
2305 ('hg.create.none', _('Repository creation disabled')),
2313 ('hg.create.none', _('Repository creation disabled')),
2306 ('hg.create.repository', _('Repository creation enabled')),
2314 ('hg.create.repository', _('Repository creation enabled')),
2307 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2315 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2308 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2316 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2309
2317
2310 ('hg.fork.none', _('Repository forking disabled')),
2318 ('hg.fork.none', _('Repository forking disabled')),
2311 ('hg.fork.repository', _('Repository forking enabled')),
2319 ('hg.fork.repository', _('Repository forking enabled')),
2312
2320
2313 ('hg.register.none', _('Registration disabled')),
2321 ('hg.register.none', _('Registration disabled')),
2314 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2322 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2315 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2323 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2316
2324
2317 ('hg.password_reset.enabled', _('Password reset enabled')),
2325 ('hg.password_reset.enabled', _('Password reset enabled')),
2318 ('hg.password_reset.hidden', _('Password reset hidden')),
2326 ('hg.password_reset.hidden', _('Password reset hidden')),
2319 ('hg.password_reset.disabled', _('Password reset disabled')),
2327 ('hg.password_reset.disabled', _('Password reset disabled')),
2320
2328
2321 ('hg.extern_activate.manual', _('Manual activation of external account')),
2329 ('hg.extern_activate.manual', _('Manual activation of external account')),
2322 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2330 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2323
2331
2324 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2332 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2325 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2333 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2326 ]
2334 ]
2327
2335
2328 # definition of system default permissions for DEFAULT user
2336 # definition of system default permissions for DEFAULT user
2329 DEFAULT_USER_PERMISSIONS = [
2337 DEFAULT_USER_PERMISSIONS = [
2330 'repository.read',
2338 'repository.read',
2331 'group.read',
2339 'group.read',
2332 'usergroup.read',
2340 'usergroup.read',
2333 'hg.create.repository',
2341 'hg.create.repository',
2334 'hg.repogroup.create.false',
2342 'hg.repogroup.create.false',
2335 'hg.usergroup.create.false',
2343 'hg.usergroup.create.false',
2336 'hg.create.write_on_repogroup.true',
2344 'hg.create.write_on_repogroup.true',
2337 'hg.fork.repository',
2345 'hg.fork.repository',
2338 'hg.register.manual_activate',
2346 'hg.register.manual_activate',
2339 'hg.password_reset.enabled',
2347 'hg.password_reset.enabled',
2340 'hg.extern_activate.auto',
2348 'hg.extern_activate.auto',
2341 'hg.inherit_default_perms.true',
2349 'hg.inherit_default_perms.true',
2342 ]
2350 ]
2343
2351
2344 # defines which permissions are more important higher the more important
2352 # defines which permissions are more important higher the more important
2345 # Weight defines which permissions are more important.
2353 # Weight defines which permissions are more important.
2346 # The higher number the more important.
2354 # The higher number the more important.
2347 PERM_WEIGHTS = {
2355 PERM_WEIGHTS = {
2348 'repository.none': 0,
2356 'repository.none': 0,
2349 'repository.read': 1,
2357 'repository.read': 1,
2350 'repository.write': 3,
2358 'repository.write': 3,
2351 'repository.admin': 4,
2359 'repository.admin': 4,
2352
2360
2353 'group.none': 0,
2361 'group.none': 0,
2354 'group.read': 1,
2362 'group.read': 1,
2355 'group.write': 3,
2363 'group.write': 3,
2356 'group.admin': 4,
2364 'group.admin': 4,
2357
2365
2358 'usergroup.none': 0,
2366 'usergroup.none': 0,
2359 'usergroup.read': 1,
2367 'usergroup.read': 1,
2360 'usergroup.write': 3,
2368 'usergroup.write': 3,
2361 'usergroup.admin': 4,
2369 'usergroup.admin': 4,
2362
2370
2363 'hg.repogroup.create.false': 0,
2371 'hg.repogroup.create.false': 0,
2364 'hg.repogroup.create.true': 1,
2372 'hg.repogroup.create.true': 1,
2365
2373
2366 'hg.usergroup.create.false': 0,
2374 'hg.usergroup.create.false': 0,
2367 'hg.usergroup.create.true': 1,
2375 'hg.usergroup.create.true': 1,
2368
2376
2369 'hg.fork.none': 0,
2377 'hg.fork.none': 0,
2370 'hg.fork.repository': 1,
2378 'hg.fork.repository': 1,
2371 'hg.create.none': 0,
2379 'hg.create.none': 0,
2372 'hg.create.repository': 1
2380 'hg.create.repository': 1
2373 }
2381 }
2374
2382
2375 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2383 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2376 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2384 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2377 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2385 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2378
2386
2379 def __unicode__(self):
2387 def __unicode__(self):
2380 return u"<%s('%s:%s')>" % (
2388 return u"<%s('%s:%s')>" % (
2381 self.__class__.__name__, self.permission_id, self.permission_name
2389 self.__class__.__name__, self.permission_id, self.permission_name
2382 )
2390 )
2383
2391
2384 @classmethod
2392 @classmethod
2385 def get_by_key(cls, key):
2393 def get_by_key(cls, key):
2386 return cls.query().filter(cls.permission_name == key).scalar()
2394 return cls.query().filter(cls.permission_name == key).scalar()
2387
2395
2388 @classmethod
2396 @classmethod
2389 def get_default_repo_perms(cls, user_id, repo_id=None):
2397 def get_default_repo_perms(cls, user_id, repo_id=None):
2390 q = Session().query(UserRepoToPerm, Repository, Permission)\
2398 q = Session().query(UserRepoToPerm, Repository, Permission)\
2391 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2399 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2392 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2400 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2393 .filter(UserRepoToPerm.user_id == user_id)
2401 .filter(UserRepoToPerm.user_id == user_id)
2394 if repo_id:
2402 if repo_id:
2395 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2403 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2396 return q.all()
2404 return q.all()
2397
2405
2398 @classmethod
2406 @classmethod
2399 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2407 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2400 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2408 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2401 .join(
2409 .join(
2402 Permission,
2410 Permission,
2403 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2411 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2404 .join(
2412 .join(
2405 Repository,
2413 Repository,
2406 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2414 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2407 .join(
2415 .join(
2408 UserGroup,
2416 UserGroup,
2409 UserGroupRepoToPerm.users_group_id ==
2417 UserGroupRepoToPerm.users_group_id ==
2410 UserGroup.users_group_id)\
2418 UserGroup.users_group_id)\
2411 .join(
2419 .join(
2412 UserGroupMember,
2420 UserGroupMember,
2413 UserGroupRepoToPerm.users_group_id ==
2421 UserGroupRepoToPerm.users_group_id ==
2414 UserGroupMember.users_group_id)\
2422 UserGroupMember.users_group_id)\
2415 .filter(
2423 .filter(
2416 UserGroupMember.user_id == user_id,
2424 UserGroupMember.user_id == user_id,
2417 UserGroup.users_group_active == true())
2425 UserGroup.users_group_active == true())
2418 if repo_id:
2426 if repo_id:
2419 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2427 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2420 return q.all()
2428 return q.all()
2421
2429
2422 @classmethod
2430 @classmethod
2423 def get_default_group_perms(cls, user_id, repo_group_id=None):
2431 def get_default_group_perms(cls, user_id, repo_group_id=None):
2424 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2432 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2425 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2433 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2426 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2434 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2427 .filter(UserRepoGroupToPerm.user_id == user_id)
2435 .filter(UserRepoGroupToPerm.user_id == user_id)
2428 if repo_group_id:
2436 if repo_group_id:
2429 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2437 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2430 return q.all()
2438 return q.all()
2431
2439
2432 @classmethod
2440 @classmethod
2433 def get_default_group_perms_from_user_group(
2441 def get_default_group_perms_from_user_group(
2434 cls, user_id, repo_group_id=None):
2442 cls, user_id, repo_group_id=None):
2435 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2443 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2436 .join(
2444 .join(
2437 Permission,
2445 Permission,
2438 UserGroupRepoGroupToPerm.permission_id ==
2446 UserGroupRepoGroupToPerm.permission_id ==
2439 Permission.permission_id)\
2447 Permission.permission_id)\
2440 .join(
2448 .join(
2441 RepoGroup,
2449 RepoGroup,
2442 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2450 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2443 .join(
2451 .join(
2444 UserGroup,
2452 UserGroup,
2445 UserGroupRepoGroupToPerm.users_group_id ==
2453 UserGroupRepoGroupToPerm.users_group_id ==
2446 UserGroup.users_group_id)\
2454 UserGroup.users_group_id)\
2447 .join(
2455 .join(
2448 UserGroupMember,
2456 UserGroupMember,
2449 UserGroupRepoGroupToPerm.users_group_id ==
2457 UserGroupRepoGroupToPerm.users_group_id ==
2450 UserGroupMember.users_group_id)\
2458 UserGroupMember.users_group_id)\
2451 .filter(
2459 .filter(
2452 UserGroupMember.user_id == user_id,
2460 UserGroupMember.user_id == user_id,
2453 UserGroup.users_group_active == true())
2461 UserGroup.users_group_active == true())
2454 if repo_group_id:
2462 if repo_group_id:
2455 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2463 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2456 return q.all()
2464 return q.all()
2457
2465
2458 @classmethod
2466 @classmethod
2459 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2467 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2460 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2468 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2461 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2469 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2462 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2470 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2463 .filter(UserUserGroupToPerm.user_id == user_id)
2471 .filter(UserUserGroupToPerm.user_id == user_id)
2464 if user_group_id:
2472 if user_group_id:
2465 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2473 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2466 return q.all()
2474 return q.all()
2467
2475
2468 @classmethod
2476 @classmethod
2469 def get_default_user_group_perms_from_user_group(
2477 def get_default_user_group_perms_from_user_group(
2470 cls, user_id, user_group_id=None):
2478 cls, user_id, user_group_id=None):
2471 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2479 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2472 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2480 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2473 .join(
2481 .join(
2474 Permission,
2482 Permission,
2475 UserGroupUserGroupToPerm.permission_id ==
2483 UserGroupUserGroupToPerm.permission_id ==
2476 Permission.permission_id)\
2484 Permission.permission_id)\
2477 .join(
2485 .join(
2478 TargetUserGroup,
2486 TargetUserGroup,
2479 UserGroupUserGroupToPerm.target_user_group_id ==
2487 UserGroupUserGroupToPerm.target_user_group_id ==
2480 TargetUserGroup.users_group_id)\
2488 TargetUserGroup.users_group_id)\
2481 .join(
2489 .join(
2482 UserGroup,
2490 UserGroup,
2483 UserGroupUserGroupToPerm.user_group_id ==
2491 UserGroupUserGroupToPerm.user_group_id ==
2484 UserGroup.users_group_id)\
2492 UserGroup.users_group_id)\
2485 .join(
2493 .join(
2486 UserGroupMember,
2494 UserGroupMember,
2487 UserGroupUserGroupToPerm.user_group_id ==
2495 UserGroupUserGroupToPerm.user_group_id ==
2488 UserGroupMember.users_group_id)\
2496 UserGroupMember.users_group_id)\
2489 .filter(
2497 .filter(
2490 UserGroupMember.user_id == user_id,
2498 UserGroupMember.user_id == user_id,
2491 UserGroup.users_group_active == true())
2499 UserGroup.users_group_active == true())
2492 if user_group_id:
2500 if user_group_id:
2493 q = q.filter(
2501 q = q.filter(
2494 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2502 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2495
2503
2496 return q.all()
2504 return q.all()
2497
2505
2498
2506
2499 class UserRepoToPerm(Base, BaseModel):
2507 class UserRepoToPerm(Base, BaseModel):
2500 __tablename__ = 'repo_to_perm'
2508 __tablename__ = 'repo_to_perm'
2501 __table_args__ = (
2509 __table_args__ = (
2502 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2510 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2503 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2511 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2504 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2512 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2505 )
2513 )
2506 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2514 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2507 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2515 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2508 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2516 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2509 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2517 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2510
2518
2511 user = relationship('User')
2519 user = relationship('User')
2512 repository = relationship('Repository')
2520 repository = relationship('Repository')
2513 permission = relationship('Permission')
2521 permission = relationship('Permission')
2514
2522
2515 @classmethod
2523 @classmethod
2516 def create(cls, user, repository, permission):
2524 def create(cls, user, repository, permission):
2517 n = cls()
2525 n = cls()
2518 n.user = user
2526 n.user = user
2519 n.repository = repository
2527 n.repository = repository
2520 n.permission = permission
2528 n.permission = permission
2521 Session().add(n)
2529 Session().add(n)
2522 return n
2530 return n
2523
2531
2524 def __unicode__(self):
2532 def __unicode__(self):
2525 return u'<%s => %s >' % (self.user, self.repository)
2533 return u'<%s => %s >' % (self.user, self.repository)
2526
2534
2527
2535
2528 class UserUserGroupToPerm(Base, BaseModel):
2536 class UserUserGroupToPerm(Base, BaseModel):
2529 __tablename__ = 'user_user_group_to_perm'
2537 __tablename__ = 'user_user_group_to_perm'
2530 __table_args__ = (
2538 __table_args__ = (
2531 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2539 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2532 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2540 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2533 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2541 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2534 )
2542 )
2535 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2543 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2536 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2544 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2537 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2545 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2538 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2546 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2539
2547
2540 user = relationship('User')
2548 user = relationship('User')
2541 user_group = relationship('UserGroup')
2549 user_group = relationship('UserGroup')
2542 permission = relationship('Permission')
2550 permission = relationship('Permission')
2543
2551
2544 @classmethod
2552 @classmethod
2545 def create(cls, user, user_group, permission):
2553 def create(cls, user, user_group, permission):
2546 n = cls()
2554 n = cls()
2547 n.user = user
2555 n.user = user
2548 n.user_group = user_group
2556 n.user_group = user_group
2549 n.permission = permission
2557 n.permission = permission
2550 Session().add(n)
2558 Session().add(n)
2551 return n
2559 return n
2552
2560
2553 def __unicode__(self):
2561 def __unicode__(self):
2554 return u'<%s => %s >' % (self.user, self.user_group)
2562 return u'<%s => %s >' % (self.user, self.user_group)
2555
2563
2556
2564
2557 class UserToPerm(Base, BaseModel):
2565 class UserToPerm(Base, BaseModel):
2558 __tablename__ = 'user_to_perm'
2566 __tablename__ = 'user_to_perm'
2559 __table_args__ = (
2567 __table_args__ = (
2560 UniqueConstraint('user_id', 'permission_id'),
2568 UniqueConstraint('user_id', 'permission_id'),
2561 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2569 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2562 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2570 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2563 )
2571 )
2564 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2572 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2565 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2573 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2566 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2574 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2567
2575
2568 user = relationship('User')
2576 user = relationship('User')
2569 permission = relationship('Permission', lazy='joined')
2577 permission = relationship('Permission', lazy='joined')
2570
2578
2571 def __unicode__(self):
2579 def __unicode__(self):
2572 return u'<%s => %s >' % (self.user, self.permission)
2580 return u'<%s => %s >' % (self.user, self.permission)
2573
2581
2574
2582
2575 class UserGroupRepoToPerm(Base, BaseModel):
2583 class UserGroupRepoToPerm(Base, BaseModel):
2576 __tablename__ = 'users_group_repo_to_perm'
2584 __tablename__ = 'users_group_repo_to_perm'
2577 __table_args__ = (
2585 __table_args__ = (
2578 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2586 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2579 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2587 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2580 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2588 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2581 )
2589 )
2582 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2590 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2583 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2591 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2584 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2592 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2585 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2593 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2586
2594
2587 users_group = relationship('UserGroup')
2595 users_group = relationship('UserGroup')
2588 permission = relationship('Permission')
2596 permission = relationship('Permission')
2589 repository = relationship('Repository')
2597 repository = relationship('Repository')
2590
2598
2591 @classmethod
2599 @classmethod
2592 def create(cls, users_group, repository, permission):
2600 def create(cls, users_group, repository, permission):
2593 n = cls()
2601 n = cls()
2594 n.users_group = users_group
2602 n.users_group = users_group
2595 n.repository = repository
2603 n.repository = repository
2596 n.permission = permission
2604 n.permission = permission
2597 Session().add(n)
2605 Session().add(n)
2598 return n
2606 return n
2599
2607
2600 def __unicode__(self):
2608 def __unicode__(self):
2601 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2609 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2602
2610
2603
2611
2604 class UserGroupUserGroupToPerm(Base, BaseModel):
2612 class UserGroupUserGroupToPerm(Base, BaseModel):
2605 __tablename__ = 'user_group_user_group_to_perm'
2613 __tablename__ = 'user_group_user_group_to_perm'
2606 __table_args__ = (
2614 __table_args__ = (
2607 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2615 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2608 CheckConstraint('target_user_group_id != user_group_id'),
2616 CheckConstraint('target_user_group_id != user_group_id'),
2609 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2617 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2610 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2618 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2611 )
2619 )
2612 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2620 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2613 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2621 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2614 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2622 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2615 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2623 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2616
2624
2617 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
2625 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
2618 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
2626 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
2619 permission = relationship('Permission')
2627 permission = relationship('Permission')
2620
2628
2621 @classmethod
2629 @classmethod
2622 def create(cls, target_user_group, user_group, permission):
2630 def create(cls, target_user_group, user_group, permission):
2623 n = cls()
2631 n = cls()
2624 n.target_user_group = target_user_group
2632 n.target_user_group = target_user_group
2625 n.user_group = user_group
2633 n.user_group = user_group
2626 n.permission = permission
2634 n.permission = permission
2627 Session().add(n)
2635 Session().add(n)
2628 return n
2636 return n
2629
2637
2630 def __unicode__(self):
2638 def __unicode__(self):
2631 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
2639 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
2632
2640
2633
2641
2634 class UserGroupToPerm(Base, BaseModel):
2642 class UserGroupToPerm(Base, BaseModel):
2635 __tablename__ = 'users_group_to_perm'
2643 __tablename__ = 'users_group_to_perm'
2636 __table_args__ = (
2644 __table_args__ = (
2637 UniqueConstraint('users_group_id', 'permission_id',),
2645 UniqueConstraint('users_group_id', 'permission_id',),
2638 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2646 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2639 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2647 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2640 )
2648 )
2641 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2649 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2642 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2650 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2643 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2651 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2644
2652
2645 users_group = relationship('UserGroup')
2653 users_group = relationship('UserGroup')
2646 permission = relationship('Permission')
2654 permission = relationship('Permission')
2647
2655
2648
2656
2649 class UserRepoGroupToPerm(Base, BaseModel):
2657 class UserRepoGroupToPerm(Base, BaseModel):
2650 __tablename__ = 'user_repo_group_to_perm'
2658 __tablename__ = 'user_repo_group_to_perm'
2651 __table_args__ = (
2659 __table_args__ = (
2652 UniqueConstraint('user_id', 'group_id', 'permission_id'),
2660 UniqueConstraint('user_id', 'group_id', 'permission_id'),
2653 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2661 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2654 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2662 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2655 )
2663 )
2656
2664
2657 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2665 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2658 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2666 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2659 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2667 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2660 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2668 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2661
2669
2662 user = relationship('User')
2670 user = relationship('User')
2663 group = relationship('RepoGroup')
2671 group = relationship('RepoGroup')
2664 permission = relationship('Permission')
2672 permission = relationship('Permission')
2665
2673
2666 @classmethod
2674 @classmethod
2667 def create(cls, user, repository_group, permission):
2675 def create(cls, user, repository_group, permission):
2668 n = cls()
2676 n = cls()
2669 n.user = user
2677 n.user = user
2670 n.group = repository_group
2678 n.group = repository_group
2671 n.permission = permission
2679 n.permission = permission
2672 Session().add(n)
2680 Session().add(n)
2673 return n
2681 return n
2674
2682
2675
2683
2676 class UserGroupRepoGroupToPerm(Base, BaseModel):
2684 class UserGroupRepoGroupToPerm(Base, BaseModel):
2677 __tablename__ = 'users_group_repo_group_to_perm'
2685 __tablename__ = 'users_group_repo_group_to_perm'
2678 __table_args__ = (
2686 __table_args__ = (
2679 UniqueConstraint('users_group_id', 'group_id'),
2687 UniqueConstraint('users_group_id', 'group_id'),
2680 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2688 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2681 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2689 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2682 )
2690 )
2683
2691
2684 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2692 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2685 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2693 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2686 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2694 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2687 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2695 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2688
2696
2689 users_group = relationship('UserGroup')
2697 users_group = relationship('UserGroup')
2690 permission = relationship('Permission')
2698 permission = relationship('Permission')
2691 group = relationship('RepoGroup')
2699 group = relationship('RepoGroup')
2692
2700
2693 @classmethod
2701 @classmethod
2694 def create(cls, user_group, repository_group, permission):
2702 def create(cls, user_group, repository_group, permission):
2695 n = cls()
2703 n = cls()
2696 n.users_group = user_group
2704 n.users_group = user_group
2697 n.group = repository_group
2705 n.group = repository_group
2698 n.permission = permission
2706 n.permission = permission
2699 Session().add(n)
2707 Session().add(n)
2700 return n
2708 return n
2701
2709
2702 def __unicode__(self):
2710 def __unicode__(self):
2703 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
2711 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
2704
2712
2705
2713
2706 class Statistics(Base, BaseModel):
2714 class Statistics(Base, BaseModel):
2707 __tablename__ = 'statistics'
2715 __tablename__ = 'statistics'
2708 __table_args__ = (
2716 __table_args__ = (
2709 UniqueConstraint('repository_id'),
2717 UniqueConstraint('repository_id'),
2710 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2718 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2711 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2719 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2712 )
2720 )
2713 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2721 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2714 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
2722 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
2715 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
2723 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
2716 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
2724 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
2717 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
2725 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
2718 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
2726 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
2719
2727
2720 repository = relationship('Repository', single_parent=True)
2728 repository = relationship('Repository', single_parent=True)
2721
2729
2722
2730
2723 class UserFollowing(Base, BaseModel):
2731 class UserFollowing(Base, BaseModel):
2724 __tablename__ = 'user_followings'
2732 __tablename__ = 'user_followings'
2725 __table_args__ = (
2733 __table_args__ = (
2726 UniqueConstraint('user_id', 'follows_repository_id'),
2734 UniqueConstraint('user_id', 'follows_repository_id'),
2727 UniqueConstraint('user_id', 'follows_user_id'),
2735 UniqueConstraint('user_id', 'follows_user_id'),
2728 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2736 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2729 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2737 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2730 )
2738 )
2731
2739
2732 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2740 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2733 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2741 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2734 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
2742 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
2735 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
2743 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
2736 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2744 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2737
2745
2738 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
2746 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
2739
2747
2740 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
2748 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
2741 follows_repository = relationship('Repository', order_by='Repository.repo_name')
2749 follows_repository = relationship('Repository', order_by='Repository.repo_name')
2742
2750
2743 @classmethod
2751 @classmethod
2744 def get_repo_followers(cls, repo_id):
2752 def get_repo_followers(cls, repo_id):
2745 return cls.query().filter(cls.follows_repo_id == repo_id)
2753 return cls.query().filter(cls.follows_repo_id == repo_id)
2746
2754
2747
2755
2748 class CacheKey(Base, BaseModel):
2756 class CacheKey(Base, BaseModel):
2749 __tablename__ = 'cache_invalidation'
2757 __tablename__ = 'cache_invalidation'
2750 __table_args__ = (
2758 __table_args__ = (
2751 UniqueConstraint('cache_key'),
2759 UniqueConstraint('cache_key'),
2752 Index('key_idx', 'cache_key'),
2760 Index('key_idx', 'cache_key'),
2753 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2761 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2754 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2762 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2755 )
2763 )
2756 CACHE_TYPE_ATOM = 'ATOM'
2764 CACHE_TYPE_ATOM = 'ATOM'
2757 CACHE_TYPE_RSS = 'RSS'
2765 CACHE_TYPE_RSS = 'RSS'
2758 CACHE_TYPE_README = 'README'
2766 CACHE_TYPE_README = 'README'
2759
2767
2760 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2768 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2761 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
2769 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
2762 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
2770 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
2763 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
2771 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
2764
2772
2765 def __init__(self, cache_key, cache_args=''):
2773 def __init__(self, cache_key, cache_args=''):
2766 self.cache_key = cache_key
2774 self.cache_key = cache_key
2767 self.cache_args = cache_args
2775 self.cache_args = cache_args
2768 self.cache_active = False
2776 self.cache_active = False
2769
2777
2770 def __unicode__(self):
2778 def __unicode__(self):
2771 return u"<%s('%s:%s[%s]')>" % (
2779 return u"<%s('%s:%s[%s]')>" % (
2772 self.__class__.__name__,
2780 self.__class__.__name__,
2773 self.cache_id, self.cache_key, self.cache_active)
2781 self.cache_id, self.cache_key, self.cache_active)
2774
2782
2775 def _cache_key_partition(self):
2783 def _cache_key_partition(self):
2776 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
2784 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
2777 return prefix, repo_name, suffix
2785 return prefix, repo_name, suffix
2778
2786
2779 def get_prefix(self):
2787 def get_prefix(self):
2780 """
2788 """
2781 Try to extract prefix from existing cache key. The key could consist
2789 Try to extract prefix from existing cache key. The key could consist
2782 of prefix, repo_name, suffix
2790 of prefix, repo_name, suffix
2783 """
2791 """
2784 # this returns prefix, repo_name, suffix
2792 # this returns prefix, repo_name, suffix
2785 return self._cache_key_partition()[0]
2793 return self._cache_key_partition()[0]
2786
2794
2787 def get_suffix(self):
2795 def get_suffix(self):
2788 """
2796 """
2789 get suffix that might have been used in _get_cache_key to
2797 get suffix that might have been used in _get_cache_key to
2790 generate self.cache_key. Only used for informational purposes
2798 generate self.cache_key. Only used for informational purposes
2791 in repo_edit.html.
2799 in repo_edit.html.
2792 """
2800 """
2793 # prefix, repo_name, suffix
2801 # prefix, repo_name, suffix
2794 return self._cache_key_partition()[2]
2802 return self._cache_key_partition()[2]
2795
2803
2796 @classmethod
2804 @classmethod
2797 def delete_all_cache(cls):
2805 def delete_all_cache(cls):
2798 """
2806 """
2799 Delete all cache keys from database.
2807 Delete all cache keys from database.
2800 Should only be run when all instances are down and all entries
2808 Should only be run when all instances are down and all entries
2801 thus stale.
2809 thus stale.
2802 """
2810 """
2803 cls.query().delete()
2811 cls.query().delete()
2804 Session().commit()
2812 Session().commit()
2805
2813
2806 @classmethod
2814 @classmethod
2807 def get_cache_key(cls, repo_name, cache_type):
2815 def get_cache_key(cls, repo_name, cache_type):
2808 """
2816 """
2809
2817
2810 Generate a cache key for this process of RhodeCode instance.
2818 Generate a cache key for this process of RhodeCode instance.
2811 Prefix most likely will be process id or maybe explicitly set
2819 Prefix most likely will be process id or maybe explicitly set
2812 instance_id from .ini file.
2820 instance_id from .ini file.
2813 """
2821 """
2814 import rhodecode
2822 import rhodecode
2815 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
2823 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
2816
2824
2817 repo_as_unicode = safe_unicode(repo_name)
2825 repo_as_unicode = safe_unicode(repo_name)
2818 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
2826 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
2819 if cache_type else repo_as_unicode
2827 if cache_type else repo_as_unicode
2820
2828
2821 return u'{}{}'.format(prefix, key)
2829 return u'{}{}'.format(prefix, key)
2822
2830
2823 @classmethod
2831 @classmethod
2824 def set_invalidate(cls, repo_name, delete=False):
2832 def set_invalidate(cls, repo_name, delete=False):
2825 """
2833 """
2826 Mark all caches of a repo as invalid in the database.
2834 Mark all caches of a repo as invalid in the database.
2827 """
2835 """
2828
2836
2829 try:
2837 try:
2830 qry = Session().query(cls).filter(cls.cache_args == repo_name)
2838 qry = Session().query(cls).filter(cls.cache_args == repo_name)
2831 if delete:
2839 if delete:
2832 log.debug('cache objects deleted for repo %s',
2840 log.debug('cache objects deleted for repo %s',
2833 safe_str(repo_name))
2841 safe_str(repo_name))
2834 qry.delete()
2842 qry.delete()
2835 else:
2843 else:
2836 log.debug('cache objects marked as invalid for repo %s',
2844 log.debug('cache objects marked as invalid for repo %s',
2837 safe_str(repo_name))
2845 safe_str(repo_name))
2838 qry.update({"cache_active": False})
2846 qry.update({"cache_active": False})
2839
2847
2840 Session().commit()
2848 Session().commit()
2841 except Exception:
2849 except Exception:
2842 log.exception(
2850 log.exception(
2843 'Cache key invalidation failed for repository %s',
2851 'Cache key invalidation failed for repository %s',
2844 safe_str(repo_name))
2852 safe_str(repo_name))
2845 Session().rollback()
2853 Session().rollback()
2846
2854
2847 @classmethod
2855 @classmethod
2848 def get_active_cache(cls, cache_key):
2856 def get_active_cache(cls, cache_key):
2849 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
2857 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
2850 if inv_obj:
2858 if inv_obj:
2851 return inv_obj
2859 return inv_obj
2852 return None
2860 return None
2853
2861
2854 @classmethod
2862 @classmethod
2855 def repo_context_cache(cls, compute_func, repo_name, cache_type,
2863 def repo_context_cache(cls, compute_func, repo_name, cache_type,
2856 thread_scoped=False):
2864 thread_scoped=False):
2857 """
2865 """
2858 @cache_region('long_term')
2866 @cache_region('long_term')
2859 def _heavy_calculation(cache_key):
2867 def _heavy_calculation(cache_key):
2860 return 'result'
2868 return 'result'
2861
2869
2862 cache_context = CacheKey.repo_context_cache(
2870 cache_context = CacheKey.repo_context_cache(
2863 _heavy_calculation, repo_name, cache_type)
2871 _heavy_calculation, repo_name, cache_type)
2864
2872
2865 with cache_context as context:
2873 with cache_context as context:
2866 context.invalidate()
2874 context.invalidate()
2867 computed = context.compute()
2875 computed = context.compute()
2868
2876
2869 assert computed == 'result'
2877 assert computed == 'result'
2870 """
2878 """
2871 from rhodecode.lib import caches
2879 from rhodecode.lib import caches
2872 return caches.InvalidationContext(
2880 return caches.InvalidationContext(
2873 compute_func, repo_name, cache_type, thread_scoped=thread_scoped)
2881 compute_func, repo_name, cache_type, thread_scoped=thread_scoped)
2874
2882
2875
2883
2876 class ChangesetComment(Base, BaseModel):
2884 class ChangesetComment(Base, BaseModel):
2877 __tablename__ = 'changeset_comments'
2885 __tablename__ = 'changeset_comments'
2878 __table_args__ = (
2886 __table_args__ = (
2879 Index('cc_revision_idx', 'revision'),
2887 Index('cc_revision_idx', 'revision'),
2880 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2888 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2881 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2889 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2882 )
2890 )
2883
2891
2884 COMMENT_OUTDATED = u'comment_outdated'
2892 COMMENT_OUTDATED = u'comment_outdated'
2885
2893
2886 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
2894 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
2887 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
2895 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
2888 revision = Column('revision', String(40), nullable=True)
2896 revision = Column('revision', String(40), nullable=True)
2889 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
2897 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
2890 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
2898 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
2891 line_no = Column('line_no', Unicode(10), nullable=True)
2899 line_no = Column('line_no', Unicode(10), nullable=True)
2892 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
2900 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
2893 f_path = Column('f_path', Unicode(1000), nullable=True)
2901 f_path = Column('f_path', Unicode(1000), nullable=True)
2894 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
2902 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
2895 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
2903 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
2896 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2904 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2897 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2905 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2898 renderer = Column('renderer', Unicode(64), nullable=True)
2906 renderer = Column('renderer', Unicode(64), nullable=True)
2899 display_state = Column('display_state', Unicode(128), nullable=True)
2907 display_state = Column('display_state', Unicode(128), nullable=True)
2900
2908
2901 author = relationship('User', lazy='joined')
2909 author = relationship('User', lazy='joined')
2902 repo = relationship('Repository')
2910 repo = relationship('Repository')
2903 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan")
2911 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan")
2904 pull_request = relationship('PullRequest', lazy='joined')
2912 pull_request = relationship('PullRequest', lazy='joined')
2905 pull_request_version = relationship('PullRequestVersion')
2913 pull_request_version = relationship('PullRequestVersion')
2906
2914
2907 @classmethod
2915 @classmethod
2908 def get_users(cls, revision=None, pull_request_id=None):
2916 def get_users(cls, revision=None, pull_request_id=None):
2909 """
2917 """
2910 Returns user associated with this ChangesetComment. ie those
2918 Returns user associated with this ChangesetComment. ie those
2911 who actually commented
2919 who actually commented
2912
2920
2913 :param cls:
2921 :param cls:
2914 :param revision:
2922 :param revision:
2915 """
2923 """
2916 q = Session().query(User)\
2924 q = Session().query(User)\
2917 .join(ChangesetComment.author)
2925 .join(ChangesetComment.author)
2918 if revision:
2926 if revision:
2919 q = q.filter(cls.revision == revision)
2927 q = q.filter(cls.revision == revision)
2920 elif pull_request_id:
2928 elif pull_request_id:
2921 q = q.filter(cls.pull_request_id == pull_request_id)
2929 q = q.filter(cls.pull_request_id == pull_request_id)
2922 return q.all()
2930 return q.all()
2923
2931
2924 def render(self, mentions=False):
2932 def render(self, mentions=False):
2925 from rhodecode.lib import helpers as h
2933 from rhodecode.lib import helpers as h
2926 return h.render(self.text, renderer=self.renderer, mentions=mentions)
2934 return h.render(self.text, renderer=self.renderer, mentions=mentions)
2927
2935
2928 def __repr__(self):
2936 def __repr__(self):
2929 if self.comment_id:
2937 if self.comment_id:
2930 return '<DB:ChangesetComment #%s>' % self.comment_id
2938 return '<DB:ChangesetComment #%s>' % self.comment_id
2931 else:
2939 else:
2932 return '<DB:ChangesetComment at %#x>' % id(self)
2940 return '<DB:ChangesetComment at %#x>' % id(self)
2933
2941
2934
2942
2935 class ChangesetStatus(Base, BaseModel):
2943 class ChangesetStatus(Base, BaseModel):
2936 __tablename__ = 'changeset_statuses'
2944 __tablename__ = 'changeset_statuses'
2937 __table_args__ = (
2945 __table_args__ = (
2938 Index('cs_revision_idx', 'revision'),
2946 Index('cs_revision_idx', 'revision'),
2939 Index('cs_version_idx', 'version'),
2947 Index('cs_version_idx', 'version'),
2940 UniqueConstraint('repo_id', 'revision', 'version'),
2948 UniqueConstraint('repo_id', 'revision', 'version'),
2941 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2949 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2942 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2950 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2943 )
2951 )
2944 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
2952 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
2945 STATUS_APPROVED = 'approved'
2953 STATUS_APPROVED = 'approved'
2946 STATUS_REJECTED = 'rejected'
2954 STATUS_REJECTED = 'rejected'
2947 STATUS_UNDER_REVIEW = 'under_review'
2955 STATUS_UNDER_REVIEW = 'under_review'
2948
2956
2949 STATUSES = [
2957 STATUSES = [
2950 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
2958 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
2951 (STATUS_APPROVED, _("Approved")),
2959 (STATUS_APPROVED, _("Approved")),
2952 (STATUS_REJECTED, _("Rejected")),
2960 (STATUS_REJECTED, _("Rejected")),
2953 (STATUS_UNDER_REVIEW, _("Under Review")),
2961 (STATUS_UNDER_REVIEW, _("Under Review")),
2954 ]
2962 ]
2955
2963
2956 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
2964 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
2957 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
2965 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
2958 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
2966 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
2959 revision = Column('revision', String(40), nullable=False)
2967 revision = Column('revision', String(40), nullable=False)
2960 status = Column('status', String(128), nullable=False, default=DEFAULT)
2968 status = Column('status', String(128), nullable=False, default=DEFAULT)
2961 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
2969 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
2962 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
2970 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
2963 version = Column('version', Integer(), nullable=False, default=0)
2971 version = Column('version', Integer(), nullable=False, default=0)
2964 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
2972 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
2965
2973
2966 author = relationship('User', lazy='joined')
2974 author = relationship('User', lazy='joined')
2967 repo = relationship('Repository')
2975 repo = relationship('Repository')
2968 comment = relationship('ChangesetComment', lazy='joined')
2976 comment = relationship('ChangesetComment', lazy='joined')
2969 pull_request = relationship('PullRequest', lazy='joined')
2977 pull_request = relationship('PullRequest', lazy='joined')
2970
2978
2971 def __unicode__(self):
2979 def __unicode__(self):
2972 return u"<%s('%s[%s]:%s')>" % (
2980 return u"<%s('%s[%s]:%s')>" % (
2973 self.__class__.__name__,
2981 self.__class__.__name__,
2974 self.status, self.version, self.author
2982 self.status, self.version, self.author
2975 )
2983 )
2976
2984
2977 @classmethod
2985 @classmethod
2978 def get_status_lbl(cls, value):
2986 def get_status_lbl(cls, value):
2979 return dict(cls.STATUSES).get(value)
2987 return dict(cls.STATUSES).get(value)
2980
2988
2981 @property
2989 @property
2982 def status_lbl(self):
2990 def status_lbl(self):
2983 return ChangesetStatus.get_status_lbl(self.status)
2991 return ChangesetStatus.get_status_lbl(self.status)
2984
2992
2985
2993
2986 class _PullRequestBase(BaseModel):
2994 class _PullRequestBase(BaseModel):
2987 """
2995 """
2988 Common attributes of pull request and version entries.
2996 Common attributes of pull request and version entries.
2989 """
2997 """
2990
2998
2991 # .status values
2999 # .status values
2992 STATUS_NEW = u'new'
3000 STATUS_NEW = u'new'
2993 STATUS_OPEN = u'open'
3001 STATUS_OPEN = u'open'
2994 STATUS_CLOSED = u'closed'
3002 STATUS_CLOSED = u'closed'
2995
3003
2996 title = Column('title', Unicode(255), nullable=True)
3004 title = Column('title', Unicode(255), nullable=True)
2997 description = Column(
3005 description = Column(
2998 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3006 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
2999 nullable=True)
3007 nullable=True)
3000 # new/open/closed status of pull request (not approve/reject/etc)
3008 # new/open/closed status of pull request (not approve/reject/etc)
3001 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3009 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3002 created_on = Column(
3010 created_on = Column(
3003 'created_on', DateTime(timezone=False), nullable=False,
3011 'created_on', DateTime(timezone=False), nullable=False,
3004 default=datetime.datetime.now)
3012 default=datetime.datetime.now)
3005 updated_on = Column(
3013 updated_on = Column(
3006 'updated_on', DateTime(timezone=False), nullable=False,
3014 'updated_on', DateTime(timezone=False), nullable=False,
3007 default=datetime.datetime.now)
3015 default=datetime.datetime.now)
3008
3016
3009 @declared_attr
3017 @declared_attr
3010 def user_id(cls):
3018 def user_id(cls):
3011 return Column(
3019 return Column(
3012 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3020 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3013 unique=None)
3021 unique=None)
3014
3022
3015 # 500 revisions max
3023 # 500 revisions max
3016 _revisions = Column(
3024 _revisions = Column(
3017 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3025 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3018
3026
3019 @declared_attr
3027 @declared_attr
3020 def source_repo_id(cls):
3028 def source_repo_id(cls):
3021 # TODO: dan: rename column to source_repo_id
3029 # TODO: dan: rename column to source_repo_id
3022 return Column(
3030 return Column(
3023 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3031 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3024 nullable=False)
3032 nullable=False)
3025
3033
3026 source_ref = Column('org_ref', Unicode(255), nullable=False)
3034 source_ref = Column('org_ref', Unicode(255), nullable=False)
3027
3035
3028 @declared_attr
3036 @declared_attr
3029 def target_repo_id(cls):
3037 def target_repo_id(cls):
3030 # TODO: dan: rename column to target_repo_id
3038 # TODO: dan: rename column to target_repo_id
3031 return Column(
3039 return Column(
3032 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3040 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3033 nullable=False)
3041 nullable=False)
3034
3042
3035 target_ref = Column('other_ref', Unicode(255), nullable=False)
3043 target_ref = Column('other_ref', Unicode(255), nullable=False)
3036 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3044 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3037
3045
3038 # TODO: dan: rename column to last_merge_source_rev
3046 # TODO: dan: rename column to last_merge_source_rev
3039 _last_merge_source_rev = Column(
3047 _last_merge_source_rev = Column(
3040 'last_merge_org_rev', String(40), nullable=True)
3048 'last_merge_org_rev', String(40), nullable=True)
3041 # TODO: dan: rename column to last_merge_target_rev
3049 # TODO: dan: rename column to last_merge_target_rev
3042 _last_merge_target_rev = Column(
3050 _last_merge_target_rev = Column(
3043 'last_merge_other_rev', String(40), nullable=True)
3051 'last_merge_other_rev', String(40), nullable=True)
3044 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3052 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3045 merge_rev = Column('merge_rev', String(40), nullable=True)
3053 merge_rev = Column('merge_rev', String(40), nullable=True)
3046
3054
3047 @hybrid_property
3055 @hybrid_property
3048 def revisions(self):
3056 def revisions(self):
3049 return self._revisions.split(':') if self._revisions else []
3057 return self._revisions.split(':') if self._revisions else []
3050
3058
3051 @revisions.setter
3059 @revisions.setter
3052 def revisions(self, val):
3060 def revisions(self, val):
3053 self._revisions = ':'.join(val)
3061 self._revisions = ':'.join(val)
3054
3062
3055 @declared_attr
3063 @declared_attr
3056 def author(cls):
3064 def author(cls):
3057 return relationship('User', lazy='joined')
3065 return relationship('User', lazy='joined')
3058
3066
3059 @declared_attr
3067 @declared_attr
3060 def source_repo(cls):
3068 def source_repo(cls):
3061 return relationship(
3069 return relationship(
3062 'Repository',
3070 'Repository',
3063 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3071 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3064
3072
3065 @property
3073 @property
3066 def source_ref_parts(self):
3074 def source_ref_parts(self):
3067 return self.unicode_to_reference(self.source_ref)
3075 return self.unicode_to_reference(self.source_ref)
3068
3076
3069 @declared_attr
3077 @declared_attr
3070 def target_repo(cls):
3078 def target_repo(cls):
3071 return relationship(
3079 return relationship(
3072 'Repository',
3080 'Repository',
3073 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3081 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3074
3082
3075 @property
3083 @property
3076 def target_ref_parts(self):
3084 def target_ref_parts(self):
3077 return self.unicode_to_reference(self.target_ref)
3085 return self.unicode_to_reference(self.target_ref)
3078
3086
3079 @property
3087 @property
3080 def shadow_merge_ref(self):
3088 def shadow_merge_ref(self):
3081 return self.unicode_to_reference(self._shadow_merge_ref)
3089 return self.unicode_to_reference(self._shadow_merge_ref)
3082
3090
3083 @shadow_merge_ref.setter
3091 @shadow_merge_ref.setter
3084 def shadow_merge_ref(self, ref):
3092 def shadow_merge_ref(self, ref):
3085 self._shadow_merge_ref = self.reference_to_unicode(ref)
3093 self._shadow_merge_ref = self.reference_to_unicode(ref)
3086
3094
3087 def unicode_to_reference(self, raw):
3095 def unicode_to_reference(self, raw):
3088 """
3096 """
3089 Convert a unicode (or string) to a reference object.
3097 Convert a unicode (or string) to a reference object.
3090 If unicode evaluates to False it returns None.
3098 If unicode evaluates to False it returns None.
3091 """
3099 """
3092 if raw:
3100 if raw:
3093 refs = raw.split(':')
3101 refs = raw.split(':')
3094 return Reference(*refs)
3102 return Reference(*refs)
3095 else:
3103 else:
3096 return None
3104 return None
3097
3105
3098 def reference_to_unicode(self, ref):
3106 def reference_to_unicode(self, ref):
3099 """
3107 """
3100 Convert a reference object to unicode.
3108 Convert a reference object to unicode.
3101 If reference is None it returns None.
3109 If reference is None it returns None.
3102 """
3110 """
3103 if ref:
3111 if ref:
3104 return u':'.join(ref)
3112 return u':'.join(ref)
3105 else:
3113 else:
3106 return None
3114 return None
3107
3115
3108
3116
3109 class PullRequest(Base, _PullRequestBase):
3117 class PullRequest(Base, _PullRequestBase):
3110 __tablename__ = 'pull_requests'
3118 __tablename__ = 'pull_requests'
3111 __table_args__ = (
3119 __table_args__ = (
3112 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3120 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3113 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3121 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3114 )
3122 )
3115
3123
3116 pull_request_id = Column(
3124 pull_request_id = Column(
3117 'pull_request_id', Integer(), nullable=False, primary_key=True)
3125 'pull_request_id', Integer(), nullable=False, primary_key=True)
3118
3126
3119 def __repr__(self):
3127 def __repr__(self):
3120 if self.pull_request_id:
3128 if self.pull_request_id:
3121 return '<DB:PullRequest #%s>' % self.pull_request_id
3129 return '<DB:PullRequest #%s>' % self.pull_request_id
3122 else:
3130 else:
3123 return '<DB:PullRequest at %#x>' % id(self)
3131 return '<DB:PullRequest at %#x>' % id(self)
3124
3132
3125 reviewers = relationship('PullRequestReviewers',
3133 reviewers = relationship('PullRequestReviewers',
3126 cascade="all, delete, delete-orphan")
3134 cascade="all, delete, delete-orphan")
3127 statuses = relationship('ChangesetStatus')
3135 statuses = relationship('ChangesetStatus')
3128 comments = relationship('ChangesetComment',
3136 comments = relationship('ChangesetComment',
3129 cascade="all, delete, delete-orphan")
3137 cascade="all, delete, delete-orphan")
3130 versions = relationship('PullRequestVersion',
3138 versions = relationship('PullRequestVersion',
3131 cascade="all, delete, delete-orphan")
3139 cascade="all, delete, delete-orphan")
3132
3140
3133 def is_closed(self):
3141 def is_closed(self):
3134 return self.status == self.STATUS_CLOSED
3142 return self.status == self.STATUS_CLOSED
3135
3143
3136 def get_api_data(self):
3144 def get_api_data(self):
3137 from rhodecode.model.pull_request import PullRequestModel
3145 from rhodecode.model.pull_request import PullRequestModel
3138 pull_request = self
3146 pull_request = self
3139 merge_status = PullRequestModel().merge_status(pull_request)
3147 merge_status = PullRequestModel().merge_status(pull_request)
3140
3148
3141 pull_request_url = url(
3149 pull_request_url = url(
3142 'pullrequest_show', repo_name=self.target_repo.repo_name,
3150 'pullrequest_show', repo_name=self.target_repo.repo_name,
3143 pull_request_id=self.pull_request_id, qualified=True)
3151 pull_request_id=self.pull_request_id, qualified=True)
3144
3152
3145 merge_data = {
3153 merge_data = {
3146 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3154 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3147 'reference': (
3155 'reference': (
3148 pull_request.shadow_merge_ref._asdict()
3156 pull_request.shadow_merge_ref._asdict()
3149 if pull_request.shadow_merge_ref else None),
3157 if pull_request.shadow_merge_ref else None),
3150 }
3158 }
3151
3159
3152 data = {
3160 data = {
3153 'pull_request_id': pull_request.pull_request_id,
3161 'pull_request_id': pull_request.pull_request_id,
3154 'url': pull_request_url,
3162 'url': pull_request_url,
3155 'title': pull_request.title,
3163 'title': pull_request.title,
3156 'description': pull_request.description,
3164 'description': pull_request.description,
3157 'status': pull_request.status,
3165 'status': pull_request.status,
3158 'created_on': pull_request.created_on,
3166 'created_on': pull_request.created_on,
3159 'updated_on': pull_request.updated_on,
3167 'updated_on': pull_request.updated_on,
3160 'commit_ids': pull_request.revisions,
3168 'commit_ids': pull_request.revisions,
3161 'review_status': pull_request.calculated_review_status(),
3169 'review_status': pull_request.calculated_review_status(),
3162 'mergeable': {
3170 'mergeable': {
3163 'status': merge_status[0],
3171 'status': merge_status[0],
3164 'message': unicode(merge_status[1]),
3172 'message': unicode(merge_status[1]),
3165 },
3173 },
3166 'source': {
3174 'source': {
3167 'clone_url': pull_request.source_repo.clone_url(),
3175 'clone_url': pull_request.source_repo.clone_url(),
3168 'repository': pull_request.source_repo.repo_name,
3176 'repository': pull_request.source_repo.repo_name,
3169 'reference': {
3177 'reference': {
3170 'name': pull_request.source_ref_parts.name,
3178 'name': pull_request.source_ref_parts.name,
3171 'type': pull_request.source_ref_parts.type,
3179 'type': pull_request.source_ref_parts.type,
3172 'commit_id': pull_request.source_ref_parts.commit_id,
3180 'commit_id': pull_request.source_ref_parts.commit_id,
3173 },
3181 },
3174 },
3182 },
3175 'target': {
3183 'target': {
3176 'clone_url': pull_request.target_repo.clone_url(),
3184 'clone_url': pull_request.target_repo.clone_url(),
3177 'repository': pull_request.target_repo.repo_name,
3185 'repository': pull_request.target_repo.repo_name,
3178 'reference': {
3186 'reference': {
3179 'name': pull_request.target_ref_parts.name,
3187 'name': pull_request.target_ref_parts.name,
3180 'type': pull_request.target_ref_parts.type,
3188 'type': pull_request.target_ref_parts.type,
3181 'commit_id': pull_request.target_ref_parts.commit_id,
3189 'commit_id': pull_request.target_ref_parts.commit_id,
3182 },
3190 },
3183 },
3191 },
3184 'merge': merge_data,
3192 'merge': merge_data,
3185 'author': pull_request.author.get_api_data(include_secrets=False,
3193 'author': pull_request.author.get_api_data(include_secrets=False,
3186 details='basic'),
3194 details='basic'),
3187 'reviewers': [
3195 'reviewers': [
3188 {
3196 {
3189 'user': reviewer.get_api_data(include_secrets=False,
3197 'user': reviewer.get_api_data(include_secrets=False,
3190 details='basic'),
3198 details='basic'),
3191 'reasons': reasons,
3199 'reasons': reasons,
3192 'review_status': st[0][1].status if st else 'not_reviewed',
3200 'review_status': st[0][1].status if st else 'not_reviewed',
3193 }
3201 }
3194 for reviewer, reasons, st in pull_request.reviewers_statuses()
3202 for reviewer, reasons, st in pull_request.reviewers_statuses()
3195 ]
3203 ]
3196 }
3204 }
3197
3205
3198 return data
3206 return data
3199
3207
3200 def __json__(self):
3208 def __json__(self):
3201 return {
3209 return {
3202 'revisions': self.revisions,
3210 'revisions': self.revisions,
3203 }
3211 }
3204
3212
3205 def calculated_review_status(self):
3213 def calculated_review_status(self):
3206 from rhodecode.model.changeset_status import ChangesetStatusModel
3214 from rhodecode.model.changeset_status import ChangesetStatusModel
3207 return ChangesetStatusModel().calculated_review_status(self)
3215 return ChangesetStatusModel().calculated_review_status(self)
3208
3216
3209 def reviewers_statuses(self):
3217 def reviewers_statuses(self):
3210 from rhodecode.model.changeset_status import ChangesetStatusModel
3218 from rhodecode.model.changeset_status import ChangesetStatusModel
3211 return ChangesetStatusModel().reviewers_statuses(self)
3219 return ChangesetStatusModel().reviewers_statuses(self)
3212
3220
3213
3221
3214 class PullRequestVersion(Base, _PullRequestBase):
3222 class PullRequestVersion(Base, _PullRequestBase):
3215 __tablename__ = 'pull_request_versions'
3223 __tablename__ = 'pull_request_versions'
3216 __table_args__ = (
3224 __table_args__ = (
3217 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3225 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3218 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3226 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3219 )
3227 )
3220
3228
3221 pull_request_version_id = Column(
3229 pull_request_version_id = Column(
3222 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3230 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3223 pull_request_id = Column(
3231 pull_request_id = Column(
3224 'pull_request_id', Integer(),
3232 'pull_request_id', Integer(),
3225 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3233 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3226 pull_request = relationship('PullRequest')
3234 pull_request = relationship('PullRequest')
3227
3235
3228 def __repr__(self):
3236 def __repr__(self):
3229 if self.pull_request_version_id:
3237 if self.pull_request_version_id:
3230 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3238 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3231 else:
3239 else:
3232 return '<DB:PullRequestVersion at %#x>' % id(self)
3240 return '<DB:PullRequestVersion at %#x>' % id(self)
3233
3241
3234
3242
3235 class PullRequestReviewers(Base, BaseModel):
3243 class PullRequestReviewers(Base, BaseModel):
3236 __tablename__ = 'pull_request_reviewers'
3244 __tablename__ = 'pull_request_reviewers'
3237 __table_args__ = (
3245 __table_args__ = (
3238 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3246 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3239 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3247 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3240 )
3248 )
3241
3249
3242 def __init__(self, user=None, pull_request=None, reasons=None):
3250 def __init__(self, user=None, pull_request=None, reasons=None):
3243 self.user = user
3251 self.user = user
3244 self.pull_request = pull_request
3252 self.pull_request = pull_request
3245 self.reasons = reasons or []
3253 self.reasons = reasons or []
3246
3254
3247 @hybrid_property
3255 @hybrid_property
3248 def reasons(self):
3256 def reasons(self):
3249 if not self._reasons:
3257 if not self._reasons:
3250 return []
3258 return []
3251 return self._reasons
3259 return self._reasons
3252
3260
3253 @reasons.setter
3261 @reasons.setter
3254 def reasons(self, val):
3262 def reasons(self, val):
3255 val = val or []
3263 val = val or []
3256 if any(not isinstance(x, basestring) for x in val):
3264 if any(not isinstance(x, basestring) for x in val):
3257 raise Exception('invalid reasons type, must be list of strings')
3265 raise Exception('invalid reasons type, must be list of strings')
3258 self._reasons = val
3266 self._reasons = val
3259
3267
3260 pull_requests_reviewers_id = Column(
3268 pull_requests_reviewers_id = Column(
3261 'pull_requests_reviewers_id', Integer(), nullable=False,
3269 'pull_requests_reviewers_id', Integer(), nullable=False,
3262 primary_key=True)
3270 primary_key=True)
3263 pull_request_id = Column(
3271 pull_request_id = Column(
3264 "pull_request_id", Integer(),
3272 "pull_request_id", Integer(),
3265 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3273 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3266 user_id = Column(
3274 user_id = Column(
3267 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3275 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3268 _reasons = Column(
3276 _reasons = Column(
3269 'reason', MutationList.as_mutable(
3277 'reason', MutationList.as_mutable(
3270 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3278 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3271
3279
3272 user = relationship('User')
3280 user = relationship('User')
3273 pull_request = relationship('PullRequest')
3281 pull_request = relationship('PullRequest')
3274
3282
3275
3283
3276 class Notification(Base, BaseModel):
3284 class Notification(Base, BaseModel):
3277 __tablename__ = 'notifications'
3285 __tablename__ = 'notifications'
3278 __table_args__ = (
3286 __table_args__ = (
3279 Index('notification_type_idx', 'type'),
3287 Index('notification_type_idx', 'type'),
3280 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3288 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3281 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3289 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3282 )
3290 )
3283
3291
3284 TYPE_CHANGESET_COMMENT = u'cs_comment'
3292 TYPE_CHANGESET_COMMENT = u'cs_comment'
3285 TYPE_MESSAGE = u'message'
3293 TYPE_MESSAGE = u'message'
3286 TYPE_MENTION = u'mention'
3294 TYPE_MENTION = u'mention'
3287 TYPE_REGISTRATION = u'registration'
3295 TYPE_REGISTRATION = u'registration'
3288 TYPE_PULL_REQUEST = u'pull_request'
3296 TYPE_PULL_REQUEST = u'pull_request'
3289 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3297 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3290
3298
3291 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3299 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3292 subject = Column('subject', Unicode(512), nullable=True)
3300 subject = Column('subject', Unicode(512), nullable=True)
3293 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3301 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3294 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3302 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3295 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3303 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3296 type_ = Column('type', Unicode(255))
3304 type_ = Column('type', Unicode(255))
3297
3305
3298 created_by_user = relationship('User')
3306 created_by_user = relationship('User')
3299 notifications_to_users = relationship('UserNotification', lazy='joined',
3307 notifications_to_users = relationship('UserNotification', lazy='joined',
3300 cascade="all, delete, delete-orphan")
3308 cascade="all, delete, delete-orphan")
3301
3309
3302 @property
3310 @property
3303 def recipients(self):
3311 def recipients(self):
3304 return [x.user for x in UserNotification.query()\
3312 return [x.user for x in UserNotification.query()\
3305 .filter(UserNotification.notification == self)\
3313 .filter(UserNotification.notification == self)\
3306 .order_by(UserNotification.user_id.asc()).all()]
3314 .order_by(UserNotification.user_id.asc()).all()]
3307
3315
3308 @classmethod
3316 @classmethod
3309 def create(cls, created_by, subject, body, recipients, type_=None):
3317 def create(cls, created_by, subject, body, recipients, type_=None):
3310 if type_ is None:
3318 if type_ is None:
3311 type_ = Notification.TYPE_MESSAGE
3319 type_ = Notification.TYPE_MESSAGE
3312
3320
3313 notification = cls()
3321 notification = cls()
3314 notification.created_by_user = created_by
3322 notification.created_by_user = created_by
3315 notification.subject = subject
3323 notification.subject = subject
3316 notification.body = body
3324 notification.body = body
3317 notification.type_ = type_
3325 notification.type_ = type_
3318 notification.created_on = datetime.datetime.now()
3326 notification.created_on = datetime.datetime.now()
3319
3327
3320 for u in recipients:
3328 for u in recipients:
3321 assoc = UserNotification()
3329 assoc = UserNotification()
3322 assoc.notification = notification
3330 assoc.notification = notification
3323
3331
3324 # if created_by is inside recipients mark his notification
3332 # if created_by is inside recipients mark his notification
3325 # as read
3333 # as read
3326 if u.user_id == created_by.user_id:
3334 if u.user_id == created_by.user_id:
3327 assoc.read = True
3335 assoc.read = True
3328
3336
3329 u.notifications.append(assoc)
3337 u.notifications.append(assoc)
3330 Session().add(notification)
3338 Session().add(notification)
3331
3339
3332 return notification
3340 return notification
3333
3341
3334 @property
3342 @property
3335 def description(self):
3343 def description(self):
3336 from rhodecode.model.notification import NotificationModel
3344 from rhodecode.model.notification import NotificationModel
3337 return NotificationModel().make_description(self)
3345 return NotificationModel().make_description(self)
3338
3346
3339
3347
3340 class UserNotification(Base, BaseModel):
3348 class UserNotification(Base, BaseModel):
3341 __tablename__ = 'user_to_notification'
3349 __tablename__ = 'user_to_notification'
3342 __table_args__ = (
3350 __table_args__ = (
3343 UniqueConstraint('user_id', 'notification_id'),
3351 UniqueConstraint('user_id', 'notification_id'),
3344 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3352 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3345 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3353 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3346 )
3354 )
3347 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3355 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3348 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3356 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3349 read = Column('read', Boolean, default=False)
3357 read = Column('read', Boolean, default=False)
3350 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3358 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3351
3359
3352 user = relationship('User', lazy="joined")
3360 user = relationship('User', lazy="joined")
3353 notification = relationship('Notification', lazy="joined",
3361 notification = relationship('Notification', lazy="joined",
3354 order_by=lambda: Notification.created_on.desc(),)
3362 order_by=lambda: Notification.created_on.desc(),)
3355
3363
3356 def mark_as_read(self):
3364 def mark_as_read(self):
3357 self.read = True
3365 self.read = True
3358 Session().add(self)
3366 Session().add(self)
3359
3367
3360
3368
3361 class Gist(Base, BaseModel):
3369 class Gist(Base, BaseModel):
3362 __tablename__ = 'gists'
3370 __tablename__ = 'gists'
3363 __table_args__ = (
3371 __table_args__ = (
3364 Index('g_gist_access_id_idx', 'gist_access_id'),
3372 Index('g_gist_access_id_idx', 'gist_access_id'),
3365 Index('g_created_on_idx', 'created_on'),
3373 Index('g_created_on_idx', 'created_on'),
3366 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3374 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3367 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3375 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3368 )
3376 )
3369 GIST_PUBLIC = u'public'
3377 GIST_PUBLIC = u'public'
3370 GIST_PRIVATE = u'private'
3378 GIST_PRIVATE = u'private'
3371 DEFAULT_FILENAME = u'gistfile1.txt'
3379 DEFAULT_FILENAME = u'gistfile1.txt'
3372
3380
3373 ACL_LEVEL_PUBLIC = u'acl_public'
3381 ACL_LEVEL_PUBLIC = u'acl_public'
3374 ACL_LEVEL_PRIVATE = u'acl_private'
3382 ACL_LEVEL_PRIVATE = u'acl_private'
3375
3383
3376 gist_id = Column('gist_id', Integer(), primary_key=True)
3384 gist_id = Column('gist_id', Integer(), primary_key=True)
3377 gist_access_id = Column('gist_access_id', Unicode(250))
3385 gist_access_id = Column('gist_access_id', Unicode(250))
3378 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3386 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3379 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3387 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3380 gist_expires = Column('gist_expires', Float(53), nullable=False)
3388 gist_expires = Column('gist_expires', Float(53), nullable=False)
3381 gist_type = Column('gist_type', Unicode(128), nullable=False)
3389 gist_type = Column('gist_type', Unicode(128), nullable=False)
3382 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3390 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3383 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3391 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3384 acl_level = Column('acl_level', Unicode(128), nullable=True)
3392 acl_level = Column('acl_level', Unicode(128), nullable=True)
3385
3393
3386 owner = relationship('User')
3394 owner = relationship('User')
3387
3395
3388 def __repr__(self):
3396 def __repr__(self):
3389 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3397 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3390
3398
3391 @classmethod
3399 @classmethod
3392 def get_or_404(cls, id_):
3400 def get_or_404(cls, id_):
3393 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3401 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3394 if not res:
3402 if not res:
3395 raise HTTPNotFound
3403 raise HTTPNotFound
3396 return res
3404 return res
3397
3405
3398 @classmethod
3406 @classmethod
3399 def get_by_access_id(cls, gist_access_id):
3407 def get_by_access_id(cls, gist_access_id):
3400 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3408 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3401
3409
3402 def gist_url(self):
3410 def gist_url(self):
3403 import rhodecode
3411 import rhodecode
3404 alias_url = rhodecode.CONFIG.get('gist_alias_url')
3412 alias_url = rhodecode.CONFIG.get('gist_alias_url')
3405 if alias_url:
3413 if alias_url:
3406 return alias_url.replace('{gistid}', self.gist_access_id)
3414 return alias_url.replace('{gistid}', self.gist_access_id)
3407
3415
3408 return url('gist', gist_id=self.gist_access_id, qualified=True)
3416 return url('gist', gist_id=self.gist_access_id, qualified=True)
3409
3417
3410 @classmethod
3418 @classmethod
3411 def base_path(cls):
3419 def base_path(cls):
3412 """
3420 """
3413 Returns base path when all gists are stored
3421 Returns base path when all gists are stored
3414
3422
3415 :param cls:
3423 :param cls:
3416 """
3424 """
3417 from rhodecode.model.gist import GIST_STORE_LOC
3425 from rhodecode.model.gist import GIST_STORE_LOC
3418 q = Session().query(RhodeCodeUi)\
3426 q = Session().query(RhodeCodeUi)\
3419 .filter(RhodeCodeUi.ui_key == URL_SEP)
3427 .filter(RhodeCodeUi.ui_key == URL_SEP)
3420 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3428 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3421 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
3429 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
3422
3430
3423 def get_api_data(self):
3431 def get_api_data(self):
3424 """
3432 """
3425 Common function for generating gist related data for API
3433 Common function for generating gist related data for API
3426 """
3434 """
3427 gist = self
3435 gist = self
3428 data = {
3436 data = {
3429 'gist_id': gist.gist_id,
3437 'gist_id': gist.gist_id,
3430 'type': gist.gist_type,
3438 'type': gist.gist_type,
3431 'access_id': gist.gist_access_id,
3439 'access_id': gist.gist_access_id,
3432 'description': gist.gist_description,
3440 'description': gist.gist_description,
3433 'url': gist.gist_url(),
3441 'url': gist.gist_url(),
3434 'expires': gist.gist_expires,
3442 'expires': gist.gist_expires,
3435 'created_on': gist.created_on,
3443 'created_on': gist.created_on,
3436 'modified_at': gist.modified_at,
3444 'modified_at': gist.modified_at,
3437 'content': None,
3445 'content': None,
3438 'acl_level': gist.acl_level,
3446 'acl_level': gist.acl_level,
3439 }
3447 }
3440 return data
3448 return data
3441
3449
3442 def __json__(self):
3450 def __json__(self):
3443 data = dict(
3451 data = dict(
3444 )
3452 )
3445 data.update(self.get_api_data())
3453 data.update(self.get_api_data())
3446 return data
3454 return data
3447 # SCM functions
3455 # SCM functions
3448
3456
3449 def scm_instance(self, **kwargs):
3457 def scm_instance(self, **kwargs):
3450 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
3458 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
3451 return get_vcs_instance(
3459 return get_vcs_instance(
3452 repo_path=safe_str(full_repo_path), create=False)
3460 repo_path=safe_str(full_repo_path), create=False)
3453
3461
3454
3462
3455 class DbMigrateVersion(Base, BaseModel):
3463 class DbMigrateVersion(Base, BaseModel):
3456 __tablename__ = 'db_migrate_version'
3464 __tablename__ = 'db_migrate_version'
3457 __table_args__ = (
3465 __table_args__ = (
3458 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3466 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3459 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3467 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3460 )
3468 )
3461 repository_id = Column('repository_id', String(250), primary_key=True)
3469 repository_id = Column('repository_id', String(250), primary_key=True)
3462 repository_path = Column('repository_path', Text)
3470 repository_path = Column('repository_path', Text)
3463 version = Column('version', Integer)
3471 version = Column('version', Integer)
3464
3472
3465
3473
3466 class ExternalIdentity(Base, BaseModel):
3474 class ExternalIdentity(Base, BaseModel):
3467 __tablename__ = 'external_identities'
3475 __tablename__ = 'external_identities'
3468 __table_args__ = (
3476 __table_args__ = (
3469 Index('local_user_id_idx', 'local_user_id'),
3477 Index('local_user_id_idx', 'local_user_id'),
3470 Index('external_id_idx', 'external_id'),
3478 Index('external_id_idx', 'external_id'),
3471 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3479 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3472 'mysql_charset': 'utf8'})
3480 'mysql_charset': 'utf8'})
3473
3481
3474 external_id = Column('external_id', Unicode(255), default=u'',
3482 external_id = Column('external_id', Unicode(255), default=u'',
3475 primary_key=True)
3483 primary_key=True)
3476 external_username = Column('external_username', Unicode(1024), default=u'')
3484 external_username = Column('external_username', Unicode(1024), default=u'')
3477 local_user_id = Column('local_user_id', Integer(),
3485 local_user_id = Column('local_user_id', Integer(),
3478 ForeignKey('users.user_id'), primary_key=True)
3486 ForeignKey('users.user_id'), primary_key=True)
3479 provider_name = Column('provider_name', Unicode(255), default=u'',
3487 provider_name = Column('provider_name', Unicode(255), default=u'',
3480 primary_key=True)
3488 primary_key=True)
3481 access_token = Column('access_token', String(1024), default=u'')
3489 access_token = Column('access_token', String(1024), default=u'')
3482 alt_token = Column('alt_token', String(1024), default=u'')
3490 alt_token = Column('alt_token', String(1024), default=u'')
3483 token_secret = Column('token_secret', String(1024), default=u'')
3491 token_secret = Column('token_secret', String(1024), default=u'')
3484
3492
3485 @classmethod
3493 @classmethod
3486 def by_external_id_and_provider(cls, external_id, provider_name,
3494 def by_external_id_and_provider(cls, external_id, provider_name,
3487 local_user_id=None):
3495 local_user_id=None):
3488 """
3496 """
3489 Returns ExternalIdentity instance based on search params
3497 Returns ExternalIdentity instance based on search params
3490
3498
3491 :param external_id:
3499 :param external_id:
3492 :param provider_name:
3500 :param provider_name:
3493 :return: ExternalIdentity
3501 :return: ExternalIdentity
3494 """
3502 """
3495 query = cls.query()
3503 query = cls.query()
3496 query = query.filter(cls.external_id == external_id)
3504 query = query.filter(cls.external_id == external_id)
3497 query = query.filter(cls.provider_name == provider_name)
3505 query = query.filter(cls.provider_name == provider_name)
3498 if local_user_id:
3506 if local_user_id:
3499 query = query.filter(cls.local_user_id == local_user_id)
3507 query = query.filter(cls.local_user_id == local_user_id)
3500 return query.first()
3508 return query.first()
3501
3509
3502 @classmethod
3510 @classmethod
3503 def user_by_external_id_and_provider(cls, external_id, provider_name):
3511 def user_by_external_id_and_provider(cls, external_id, provider_name):
3504 """
3512 """
3505 Returns User instance based on search params
3513 Returns User instance based on search params
3506
3514
3507 :param external_id:
3515 :param external_id:
3508 :param provider_name:
3516 :param provider_name:
3509 :return: User
3517 :return: User
3510 """
3518 """
3511 query = User.query()
3519 query = User.query()
3512 query = query.filter(cls.external_id == external_id)
3520 query = query.filter(cls.external_id == external_id)
3513 query = query.filter(cls.provider_name == provider_name)
3521 query = query.filter(cls.provider_name == provider_name)
3514 query = query.filter(User.user_id == cls.local_user_id)
3522 query = query.filter(User.user_id == cls.local_user_id)
3515 return query.first()
3523 return query.first()
3516
3524
3517 @classmethod
3525 @classmethod
3518 def by_local_user_id(cls, local_user_id):
3526 def by_local_user_id(cls, local_user_id):
3519 """
3527 """
3520 Returns all tokens for user
3528 Returns all tokens for user
3521
3529
3522 :param local_user_id:
3530 :param local_user_id:
3523 :return: ExternalIdentity
3531 :return: ExternalIdentity
3524 """
3532 """
3525 query = cls.query()
3533 query = cls.query()
3526 query = query.filter(cls.local_user_id == local_user_id)
3534 query = query.filter(cls.local_user_id == local_user_id)
3527 return query
3535 return query
3528
3536
3529
3537
3530 class Integration(Base, BaseModel):
3538 class Integration(Base, BaseModel):
3531 __tablename__ = 'integrations'
3539 __tablename__ = 'integrations'
3532 __table_args__ = (
3540 __table_args__ = (
3533 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3541 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3534 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3542 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3535 )
3543 )
3536
3544
3537 integration_id = Column('integration_id', Integer(), primary_key=True)
3545 integration_id = Column('integration_id', Integer(), primary_key=True)
3538 integration_type = Column('integration_type', String(255))
3546 integration_type = Column('integration_type', String(255))
3539 enabled = Column('enabled', Boolean(), nullable=False)
3547 enabled = Column('enabled', Boolean(), nullable=False)
3540 name = Column('name', String(255), nullable=False)
3548 name = Column('name', String(255), nullable=False)
3541 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
3549 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
3542 default=False)
3550 default=False)
3543
3551
3544 settings = Column(
3552 settings = Column(
3545 'settings_json', MutationObj.as_mutable(
3553 'settings_json', MutationObj.as_mutable(
3546 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3554 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3547 repo_id = Column(
3555 repo_id = Column(
3548 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
3556 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
3549 nullable=True, unique=None, default=None)
3557 nullable=True, unique=None, default=None)
3550 repo = relationship('Repository', lazy='joined')
3558 repo = relationship('Repository', lazy='joined')
3551
3559
3552 repo_group_id = Column(
3560 repo_group_id = Column(
3553 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
3561 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
3554 nullable=True, unique=None, default=None)
3562 nullable=True, unique=None, default=None)
3555 repo_group = relationship('RepoGroup', lazy='joined')
3563 repo_group = relationship('RepoGroup', lazy='joined')
3556
3564
3557 @property
3565 @property
3558 def scope(self):
3566 def scope(self):
3559 if self.repo:
3567 if self.repo:
3560 return repr(self.repo)
3568 return repr(self.repo)
3561 if self.repo_group:
3569 if self.repo_group:
3562 if self.child_repos_only:
3570 if self.child_repos_only:
3563 return repr(self.repo_group) + ' (child repos only)'
3571 return repr(self.repo_group) + ' (child repos only)'
3564 else:
3572 else:
3565 return repr(self.repo_group) + ' (recursive)'
3573 return repr(self.repo_group) + ' (recursive)'
3566 if self.child_repos_only:
3574 if self.child_repos_only:
3567 return 'root_repos'
3575 return 'root_repos'
3568 return 'global'
3576 return 'global'
3569
3577
3570 def __repr__(self):
3578 def __repr__(self):
3571 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
3579 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
3572
3580
3573
3581
3574 class RepoReviewRuleUser(Base, BaseModel):
3582 class RepoReviewRuleUser(Base, BaseModel):
3575 __tablename__ = 'repo_review_rules_users'
3583 __tablename__ = 'repo_review_rules_users'
3576 __table_args__ = (
3584 __table_args__ = (
3577 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3585 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3578 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3586 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3579 )
3587 )
3580 repo_review_rule_user_id = Column(
3588 repo_review_rule_user_id = Column(
3581 'repo_review_rule_user_id', Integer(), primary_key=True)
3589 'repo_review_rule_user_id', Integer(), primary_key=True)
3582 repo_review_rule_id = Column("repo_review_rule_id",
3590 repo_review_rule_id = Column("repo_review_rule_id",
3583 Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
3591 Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
3584 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'),
3592 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'),
3585 nullable=False)
3593 nullable=False)
3586 user = relationship('User')
3594 user = relationship('User')
3587
3595
3588
3596
3589 class RepoReviewRuleUserGroup(Base, BaseModel):
3597 class RepoReviewRuleUserGroup(Base, BaseModel):
3590 __tablename__ = 'repo_review_rules_users_groups'
3598 __tablename__ = 'repo_review_rules_users_groups'
3591 __table_args__ = (
3599 __table_args__ = (
3592 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3600 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3593 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3601 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3594 )
3602 )
3595 repo_review_rule_users_group_id = Column(
3603 repo_review_rule_users_group_id = Column(
3596 'repo_review_rule_users_group_id', Integer(), primary_key=True)
3604 'repo_review_rule_users_group_id', Integer(), primary_key=True)
3597 repo_review_rule_id = Column("repo_review_rule_id",
3605 repo_review_rule_id = Column("repo_review_rule_id",
3598 Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
3606 Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
3599 users_group_id = Column("users_group_id", Integer(),
3607 users_group_id = Column("users_group_id", Integer(),
3600 ForeignKey('users_groups.users_group_id'), nullable=False)
3608 ForeignKey('users_groups.users_group_id'), nullable=False)
3601 users_group = relationship('UserGroup')
3609 users_group = relationship('UserGroup')
3602
3610
3603
3611
3604 class RepoReviewRule(Base, BaseModel):
3612 class RepoReviewRule(Base, BaseModel):
3605 __tablename__ = 'repo_review_rules'
3613 __tablename__ = 'repo_review_rules'
3606 __table_args__ = (
3614 __table_args__ = (
3607 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3615 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3608 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3616 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3609 )
3617 )
3610
3618
3611 repo_review_rule_id = Column(
3619 repo_review_rule_id = Column(
3612 'repo_review_rule_id', Integer(), primary_key=True)
3620 'repo_review_rule_id', Integer(), primary_key=True)
3613 repo_id = Column(
3621 repo_id = Column(
3614 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
3622 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
3615 repo = relationship('Repository', backref='review_rules')
3623 repo = relationship('Repository', backref='review_rules')
3616
3624
3617 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'),
3625 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'),
3618 default=u'*') # glob
3626 default=u'*') # glob
3619 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'),
3627 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'),
3620 default=u'*') # glob
3628 default=u'*') # glob
3621
3629
3622 use_authors_for_review = Column("use_authors_for_review", Boolean(),
3630 use_authors_for_review = Column("use_authors_for_review", Boolean(),
3623 nullable=False, default=False)
3631 nullable=False, default=False)
3624 rule_users = relationship('RepoReviewRuleUser')
3632 rule_users = relationship('RepoReviewRuleUser')
3625 rule_user_groups = relationship('RepoReviewRuleUserGroup')
3633 rule_user_groups = relationship('RepoReviewRuleUserGroup')
3626
3634
3627 @hybrid_property
3635 @hybrid_property
3628 def branch_pattern(self):
3636 def branch_pattern(self):
3629 return self._branch_pattern or '*'
3637 return self._branch_pattern or '*'
3630
3638
3631 def _validate_glob(self, value):
3639 def _validate_glob(self, value):
3632 re.compile('^' + glob2re(value) + '$')
3640 re.compile('^' + glob2re(value) + '$')
3633
3641
3634 @branch_pattern.setter
3642 @branch_pattern.setter
3635 def branch_pattern(self, value):
3643 def branch_pattern(self, value):
3636 self._validate_glob(value)
3644 self._validate_glob(value)
3637 self._branch_pattern = value or '*'
3645 self._branch_pattern = value or '*'
3638
3646
3639 @hybrid_property
3647 @hybrid_property
3640 def file_pattern(self):
3648 def file_pattern(self):
3641 return self._file_pattern or '*'
3649 return self._file_pattern or '*'
3642
3650
3643 @file_pattern.setter
3651 @file_pattern.setter
3644 def file_pattern(self, value):
3652 def file_pattern(self, value):
3645 self._validate_glob(value)
3653 self._validate_glob(value)
3646 self._file_pattern = value or '*'
3654 self._file_pattern = value or '*'
3647
3655
3648 def matches(self, branch, files_changed):
3656 def matches(self, branch, files_changed):
3649 """
3657 """
3650 Check if this review rule matches a branch/files in a pull request
3658 Check if this review rule matches a branch/files in a pull request
3651
3659
3652 :param branch: branch name for the commit
3660 :param branch: branch name for the commit
3653 :param files_changed: list of file paths changed in the pull request
3661 :param files_changed: list of file paths changed in the pull request
3654 """
3662 """
3655
3663
3656 branch = branch or ''
3664 branch = branch or ''
3657 files_changed = files_changed or []
3665 files_changed = files_changed or []
3658
3666
3659 branch_matches = True
3667 branch_matches = True
3660 if branch:
3668 if branch:
3661 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
3669 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
3662 branch_matches = bool(branch_regex.search(branch))
3670 branch_matches = bool(branch_regex.search(branch))
3663
3671
3664 files_matches = True
3672 files_matches = True
3665 if self.file_pattern != '*':
3673 if self.file_pattern != '*':
3666 files_matches = False
3674 files_matches = False
3667 file_regex = re.compile(glob2re(self.file_pattern))
3675 file_regex = re.compile(glob2re(self.file_pattern))
3668 for filename in files_changed:
3676 for filename in files_changed:
3669 if file_regex.search(filename):
3677 if file_regex.search(filename):
3670 files_matches = True
3678 files_matches = True
3671 break
3679 break
3672
3680
3673 return branch_matches and files_matches
3681 return branch_matches and files_matches
3674
3682
3675 @property
3683 @property
3676 def review_users(self):
3684 def review_users(self):
3677 """ Returns the users which this rule applies to """
3685 """ Returns the users which this rule applies to """
3678
3686
3679 users = set()
3687 users = set()
3680 users |= set([
3688 users |= set([
3681 rule_user.user for rule_user in self.rule_users
3689 rule_user.user for rule_user in self.rule_users
3682 if rule_user.user.active])
3690 if rule_user.user.active])
3683 users |= set(
3691 users |= set(
3684 member.user
3692 member.user
3685 for rule_user_group in self.rule_user_groups
3693 for rule_user_group in self.rule_user_groups
3686 for member in rule_user_group.users_group.members
3694 for member in rule_user_group.users_group.members
3687 if member.user.active
3695 if member.user.active
3688 )
3696 )
3689 return users
3697 return users
3690
3698
3691 def __repr__(self):
3699 def __repr__(self):
3692 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
3700 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
3693 self.repo_review_rule_id, self.repo)
3701 self.repo_review_rule_id, self.repo)
@@ -1,547 +1,549 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 this is forms validation classes
22 this is forms validation classes
23 http://formencode.org/module-formencode.validators.html
23 http://formencode.org/module-formencode.validators.html
24 for list off all availible validators
24 for list off all availible validators
25
25
26 we can create our own validators
26 we can create our own validators
27
27
28 The table below outlines the options which can be used in a schema in addition to the validators themselves
28 The table below outlines the options which can be used in a schema in addition to the validators themselves
29 pre_validators [] These validators will be applied before the schema
29 pre_validators [] These validators will be applied before the schema
30 chained_validators [] These validators will be applied after the schema
30 chained_validators [] These validators will be applied after the schema
31 allow_extra_fields False If True, then it is not an error when keys that aren't associated with a validator are present
31 allow_extra_fields False If True, then it is not an error when keys that aren't associated with a validator are present
32 filter_extra_fields False If True, then keys that aren't associated with a validator are removed
32 filter_extra_fields False If True, then keys that aren't associated with a validator are removed
33 if_key_missing NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
33 if_key_missing NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value.
34 ignore_key_missing False If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
34 ignore_key_missing False If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already
35
35
36
36
37 <name> = formencode.validators.<name of validator>
37 <name> = formencode.validators.<name of validator>
38 <name> must equal form name
38 <name> must equal form name
39 list=[1,2,3,4,5]
39 list=[1,2,3,4,5]
40 for SELECT use formencode.All(OneOf(list), Int())
40 for SELECT use formencode.All(OneOf(list), Int())
41
41
42 """
42 """
43
43
44 import deform
44 import deform
45 import logging
45 import logging
46 import formencode
46 import formencode
47
47
48 from pkg_resources import resource_filename
48 from pkg_resources import resource_filename
49 from formencode import All, Pipe
49 from formencode import All, Pipe
50
50
51 from pylons.i18n.translation import _
51 from pylons.i18n.translation import _
52
52
53 from rhodecode import BACKENDS
53 from rhodecode import BACKENDS
54 from rhodecode.lib import helpers
54 from rhodecode.lib import helpers
55 from rhodecode.model import validators as v
55 from rhodecode.model import validators as v
56
56
57 log = logging.getLogger(__name__)
57 log = logging.getLogger(__name__)
58
58
59
59
60 deform_templates = resource_filename('deform', 'templates')
60 deform_templates = resource_filename('deform', 'templates')
61 rhodecode_templates = resource_filename('rhodecode', 'templates/forms')
61 rhodecode_templates = resource_filename('rhodecode', 'templates/forms')
62 search_path = (rhodecode_templates, deform_templates)
62 search_path = (rhodecode_templates, deform_templates)
63
63
64
64
65 class RhodecodeFormZPTRendererFactory(deform.ZPTRendererFactory):
65 class RhodecodeFormZPTRendererFactory(deform.ZPTRendererFactory):
66 """ Subclass of ZPTRendererFactory to add rhodecode context variables """
66 """ Subclass of ZPTRendererFactory to add rhodecode context variables """
67 def __call__(self, template_name, **kw):
67 def __call__(self, template_name, **kw):
68 kw['h'] = helpers
68 kw['h'] = helpers
69 return self.load(template_name)(**kw)
69 return self.load(template_name)(**kw)
70
70
71
71
72 form_renderer = RhodecodeFormZPTRendererFactory(search_path)
72 form_renderer = RhodecodeFormZPTRendererFactory(search_path)
73 deform.Form.set_default_renderer(form_renderer)
73 deform.Form.set_default_renderer(form_renderer)
74
74
75
75
76 def LoginForm():
76 def LoginForm():
77 class _LoginForm(formencode.Schema):
77 class _LoginForm(formencode.Schema):
78 allow_extra_fields = True
78 allow_extra_fields = True
79 filter_extra_fields = True
79 filter_extra_fields = True
80 username = v.UnicodeString(
80 username = v.UnicodeString(
81 strip=True,
81 strip=True,
82 min=1,
82 min=1,
83 not_empty=True,
83 not_empty=True,
84 messages={
84 messages={
85 'empty': _(u'Please enter a login'),
85 'empty': _(u'Please enter a login'),
86 'tooShort': _(u'Enter a value %(min)i characters long or more')
86 'tooShort': _(u'Enter a value %(min)i characters long or more')
87 }
87 }
88 )
88 )
89
89
90 password = v.UnicodeString(
90 password = v.UnicodeString(
91 strip=False,
91 strip=False,
92 min=3,
92 min=3,
93 not_empty=True,
93 not_empty=True,
94 messages={
94 messages={
95 'empty': _(u'Please enter a password'),
95 'empty': _(u'Please enter a password'),
96 'tooShort': _(u'Enter %(min)i characters or more')}
96 'tooShort': _(u'Enter %(min)i characters or more')}
97 )
97 )
98
98
99 remember = v.StringBoolean(if_missing=False)
99 remember = v.StringBoolean(if_missing=False)
100
100
101 chained_validators = [v.ValidAuth()]
101 chained_validators = [v.ValidAuth()]
102 return _LoginForm
102 return _LoginForm
103
103
104
104
105 def UserForm(edit=False, available_languages=[], old_data={}):
105 def UserForm(edit=False, available_languages=[], old_data={}):
106 class _UserForm(formencode.Schema):
106 class _UserForm(formencode.Schema):
107 allow_extra_fields = True
107 allow_extra_fields = True
108 filter_extra_fields = True
108 filter_extra_fields = True
109 username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
109 username = All(v.UnicodeString(strip=True, min=1, not_empty=True),
110 v.ValidUsername(edit, old_data))
110 v.ValidUsername(edit, old_data))
111 if edit:
111 if edit:
112 new_password = All(
112 new_password = All(
113 v.ValidPassword(),
113 v.ValidPassword(),
114 v.UnicodeString(strip=False, min=6, not_empty=False)
114 v.UnicodeString(strip=False, min=6, not_empty=False)
115 )
115 )
116 password_confirmation = All(
116 password_confirmation = All(
117 v.ValidPassword(),
117 v.ValidPassword(),
118 v.UnicodeString(strip=False, min=6, not_empty=False),
118 v.UnicodeString(strip=False, min=6, not_empty=False),
119 )
119 )
120 admin = v.StringBoolean(if_missing=False)
120 admin = v.StringBoolean(if_missing=False)
121 else:
121 else:
122 password = All(
122 password = All(
123 v.ValidPassword(),
123 v.ValidPassword(),
124 v.UnicodeString(strip=False, min=6, not_empty=True)
124 v.UnicodeString(strip=False, min=6, not_empty=True)
125 )
125 )
126 password_confirmation = All(
126 password_confirmation = All(
127 v.ValidPassword(),
127 v.ValidPassword(),
128 v.UnicodeString(strip=False, min=6, not_empty=False)
128 v.UnicodeString(strip=False, min=6, not_empty=False)
129 )
129 )
130
130
131 password_change = v.StringBoolean(if_missing=False)
131 password_change = v.StringBoolean(if_missing=False)
132 create_repo_group = v.StringBoolean(if_missing=False)
132 create_repo_group = v.StringBoolean(if_missing=False)
133
133
134 active = v.StringBoolean(if_missing=False)
134 active = v.StringBoolean(if_missing=False)
135 firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
135 firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
136 lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
136 lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
137 email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
137 email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
138 extern_name = v.UnicodeString(strip=True)
138 extern_name = v.UnicodeString(strip=True)
139 extern_type = v.UnicodeString(strip=True)
139 extern_type = v.UnicodeString(strip=True)
140 language = v.OneOf(available_languages, hideList=False,
140 language = v.OneOf(available_languages, hideList=False,
141 testValueList=True, if_missing=None)
141 testValueList=True, if_missing=None)
142 chained_validators = [v.ValidPasswordsMatch()]
142 chained_validators = [v.ValidPasswordsMatch()]
143 return _UserForm
143 return _UserForm
144
144
145
145
146 def UserGroupForm(edit=False, old_data=None, allow_disabled=False):
146 def UserGroupForm(edit=False, old_data=None, allow_disabled=False):
147 old_data = old_data or {}
147 old_data = old_data or {}
148
148
149 class _UserGroupForm(formencode.Schema):
149 class _UserGroupForm(formencode.Schema):
150 allow_extra_fields = True
150 allow_extra_fields = True
151 filter_extra_fields = True
151 filter_extra_fields = True
152
152
153 users_group_name = All(
153 users_group_name = All(
154 v.UnicodeString(strip=True, min=1, not_empty=True),
154 v.UnicodeString(strip=True, min=1, not_empty=True),
155 v.ValidUserGroup(edit, old_data)
155 v.ValidUserGroup(edit, old_data)
156 )
156 )
157 user_group_description = v.UnicodeString(strip=True, min=1,
157 user_group_description = v.UnicodeString(strip=True, min=1,
158 not_empty=False)
158 not_empty=False)
159
159
160 users_group_active = v.StringBoolean(if_missing=False)
160 users_group_active = v.StringBoolean(if_missing=False)
161
161
162 if edit:
162 if edit:
163 # this is user group owner
163 # this is user group owner
164 user = All(
164 user = All(
165 v.UnicodeString(not_empty=True),
165 v.UnicodeString(not_empty=True),
166 v.ValidRepoUser(allow_disabled))
166 v.ValidRepoUser(allow_disabled))
167 return _UserGroupForm
167 return _UserGroupForm
168
168
169
169
170 def RepoGroupForm(edit=False, old_data=None, available_groups=None,
170 def RepoGroupForm(edit=False, old_data=None, available_groups=None,
171 can_create_in_root=False, allow_disabled=False):
171 can_create_in_root=False, allow_disabled=False):
172 old_data = old_data or {}
172 old_data = old_data or {}
173 available_groups = available_groups or []
173 available_groups = available_groups or []
174
174
175 class _RepoGroupForm(formencode.Schema):
175 class _RepoGroupForm(formencode.Schema):
176 allow_extra_fields = True
176 allow_extra_fields = True
177 filter_extra_fields = False
177 filter_extra_fields = False
178
178
179 group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
179 group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
180 v.SlugifyName(),)
180 v.SlugifyName(),)
181 group_description = v.UnicodeString(strip=True, min=1,
181 group_description = v.UnicodeString(strip=True, min=1,
182 not_empty=False)
182 not_empty=False)
183 group_copy_permissions = v.StringBoolean(if_missing=False)
183 group_copy_permissions = v.StringBoolean(if_missing=False)
184
184
185 group_parent_id = v.OneOf(available_groups, hideList=False,
185 group_parent_id = v.OneOf(available_groups, hideList=False,
186 testValueList=True, not_empty=True)
186 testValueList=True, not_empty=True)
187 enable_locking = v.StringBoolean(if_missing=False)
187 enable_locking = v.StringBoolean(if_missing=False)
188 chained_validators = [
188 chained_validators = [
189 v.ValidRepoGroup(edit, old_data, can_create_in_root)]
189 v.ValidRepoGroup(edit, old_data, can_create_in_root)]
190
190
191 if edit:
191 if edit:
192 # this is repo group owner
192 # this is repo group owner
193 user = All(
193 user = All(
194 v.UnicodeString(not_empty=True),
194 v.UnicodeString(not_empty=True),
195 v.ValidRepoUser(allow_disabled))
195 v.ValidRepoUser(allow_disabled))
196
196
197 return _RepoGroupForm
197 return _RepoGroupForm
198
198
199
199
200 def RegisterForm(edit=False, old_data={}):
200 def RegisterForm(edit=False, old_data={}):
201 class _RegisterForm(formencode.Schema):
201 class _RegisterForm(formencode.Schema):
202 allow_extra_fields = True
202 allow_extra_fields = True
203 filter_extra_fields = True
203 filter_extra_fields = True
204 username = All(
204 username = All(
205 v.ValidUsername(edit, old_data),
205 v.ValidUsername(edit, old_data),
206 v.UnicodeString(strip=True, min=1, not_empty=True)
206 v.UnicodeString(strip=True, min=1, not_empty=True)
207 )
207 )
208 password = All(
208 password = All(
209 v.ValidPassword(),
209 v.ValidPassword(),
210 v.UnicodeString(strip=False, min=6, not_empty=True)
210 v.UnicodeString(strip=False, min=6, not_empty=True)
211 )
211 )
212 password_confirmation = All(
212 password_confirmation = All(
213 v.ValidPassword(),
213 v.ValidPassword(),
214 v.UnicodeString(strip=False, min=6, not_empty=True)
214 v.UnicodeString(strip=False, min=6, not_empty=True)
215 )
215 )
216 active = v.StringBoolean(if_missing=False)
216 active = v.StringBoolean(if_missing=False)
217 firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
217 firstname = v.UnicodeString(strip=True, min=1, not_empty=False)
218 lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
218 lastname = v.UnicodeString(strip=True, min=1, not_empty=False)
219 email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
219 email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))
220
220
221 chained_validators = [v.ValidPasswordsMatch()]
221 chained_validators = [v.ValidPasswordsMatch()]
222
222
223 return _RegisterForm
223 return _RegisterForm
224
224
225
225
226 def PasswordResetForm():
226 def PasswordResetForm():
227 class _PasswordResetForm(formencode.Schema):
227 class _PasswordResetForm(formencode.Schema):
228 allow_extra_fields = True
228 allow_extra_fields = True
229 filter_extra_fields = True
229 filter_extra_fields = True
230 email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
230 email = All(v.ValidSystemEmail(), v.Email(not_empty=True))
231 return _PasswordResetForm
231 return _PasswordResetForm
232
232
233
233
234 def RepoForm(edit=False, old_data=None, repo_groups=None, landing_revs=None,
234 def RepoForm(edit=False, old_data=None, repo_groups=None, landing_revs=None,
235 allow_disabled=False):
235 allow_disabled=False):
236 old_data = old_data or {}
236 old_data = old_data or {}
237 repo_groups = repo_groups or []
237 repo_groups = repo_groups or []
238 landing_revs = landing_revs or []
238 landing_revs = landing_revs or []
239 supported_backends = BACKENDS.keys()
239 supported_backends = BACKENDS.keys()
240
240
241 class _RepoForm(formencode.Schema):
241 class _RepoForm(formencode.Schema):
242 allow_extra_fields = True
242 allow_extra_fields = True
243 filter_extra_fields = False
243 filter_extra_fields = False
244 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
244 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
245 v.SlugifyName())
245 v.SlugifyName())
246 repo_group = All(v.CanWriteGroup(old_data),
246 repo_group = All(v.CanWriteGroup(old_data),
247 v.OneOf(repo_groups, hideList=True))
247 v.OneOf(repo_groups, hideList=True))
248 repo_type = v.OneOf(supported_backends, required=False,
248 repo_type = v.OneOf(supported_backends, required=False,
249 if_missing=old_data.get('repo_type'))
249 if_missing=old_data.get('repo_type'))
250 repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
250 repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)
251 repo_private = v.StringBoolean(if_missing=False)
251 repo_private = v.StringBoolean(if_missing=False)
252 repo_landing_rev = v.OneOf(landing_revs, hideList=True)
252 repo_landing_rev = v.OneOf(landing_revs, hideList=True)
253 repo_copy_permissions = v.StringBoolean(if_missing=False)
253 repo_copy_permissions = v.StringBoolean(if_missing=False)
254 clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
254 clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))
255
255
256 repo_enable_statistics = v.StringBoolean(if_missing=False)
256 repo_enable_statistics = v.StringBoolean(if_missing=False)
257 repo_enable_downloads = v.StringBoolean(if_missing=False)
257 repo_enable_downloads = v.StringBoolean(if_missing=False)
258 repo_enable_locking = v.StringBoolean(if_missing=False)
258 repo_enable_locking = v.StringBoolean(if_missing=False)
259
259
260 if edit:
260 if edit:
261 # this is repo owner
261 # this is repo owner
262 user = All(
262 user = All(
263 v.UnicodeString(not_empty=True),
263 v.UnicodeString(not_empty=True),
264 v.ValidRepoUser(allow_disabled))
264 v.ValidRepoUser(allow_disabled))
265 clone_uri_change = v.UnicodeString(
265 clone_uri_change = v.UnicodeString(
266 not_empty=False, if_missing=v.Missing)
266 not_empty=False, if_missing=v.Missing)
267
267
268 chained_validators = [v.ValidCloneUri(),
268 chained_validators = [v.ValidCloneUri(),
269 v.ValidRepoName(edit, old_data)]
269 v.ValidRepoName(edit, old_data)]
270 return _RepoForm
270 return _RepoForm
271
271
272
272
273 def RepoPermsForm():
273 def RepoPermsForm():
274 class _RepoPermsForm(formencode.Schema):
274 class _RepoPermsForm(formencode.Schema):
275 allow_extra_fields = True
275 allow_extra_fields = True
276 filter_extra_fields = False
276 filter_extra_fields = False
277 chained_validators = [v.ValidPerms(type_='repo')]
277 chained_validators = [v.ValidPerms(type_='repo')]
278 return _RepoPermsForm
278 return _RepoPermsForm
279
279
280
280
281 def RepoGroupPermsForm(valid_recursive_choices):
281 def RepoGroupPermsForm(valid_recursive_choices):
282 class _RepoGroupPermsForm(formencode.Schema):
282 class _RepoGroupPermsForm(formencode.Schema):
283 allow_extra_fields = True
283 allow_extra_fields = True
284 filter_extra_fields = False
284 filter_extra_fields = False
285 recursive = v.OneOf(valid_recursive_choices)
285 recursive = v.OneOf(valid_recursive_choices)
286 chained_validators = [v.ValidPerms(type_='repo_group')]
286 chained_validators = [v.ValidPerms(type_='repo_group')]
287 return _RepoGroupPermsForm
287 return _RepoGroupPermsForm
288
288
289
289
290 def UserGroupPermsForm():
290 def UserGroupPermsForm():
291 class _UserPermsForm(formencode.Schema):
291 class _UserPermsForm(formencode.Schema):
292 allow_extra_fields = True
292 allow_extra_fields = True
293 filter_extra_fields = False
293 filter_extra_fields = False
294 chained_validators = [v.ValidPerms(type_='user_group')]
294 chained_validators = [v.ValidPerms(type_='user_group')]
295 return _UserPermsForm
295 return _UserPermsForm
296
296
297
297
298 def RepoFieldForm():
298 def RepoFieldForm():
299 class _RepoFieldForm(formencode.Schema):
299 class _RepoFieldForm(formencode.Schema):
300 filter_extra_fields = True
300 filter_extra_fields = True
301 allow_extra_fields = True
301 allow_extra_fields = True
302
302
303 new_field_key = All(v.FieldKey(),
303 new_field_key = All(v.FieldKey(),
304 v.UnicodeString(strip=True, min=3, not_empty=True))
304 v.UnicodeString(strip=True, min=3, not_empty=True))
305 new_field_value = v.UnicodeString(not_empty=False, if_missing=u'')
305 new_field_value = v.UnicodeString(not_empty=False, if_missing=u'')
306 new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
306 new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],
307 if_missing='str')
307 if_missing='str')
308 new_field_label = v.UnicodeString(not_empty=False)
308 new_field_label = v.UnicodeString(not_empty=False)
309 new_field_desc = v.UnicodeString(not_empty=False)
309 new_field_desc = v.UnicodeString(not_empty=False)
310
310
311 return _RepoFieldForm
311 return _RepoFieldForm
312
312
313
313
314 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
314 def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),
315 repo_groups=[], landing_revs=[]):
315 repo_groups=[], landing_revs=[]):
316 class _RepoForkForm(formencode.Schema):
316 class _RepoForkForm(formencode.Schema):
317 allow_extra_fields = True
317 allow_extra_fields = True
318 filter_extra_fields = False
318 filter_extra_fields = False
319 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
319 repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),
320 v.SlugifyName())
320 v.SlugifyName())
321 repo_group = All(v.CanWriteGroup(),
321 repo_group = All(v.CanWriteGroup(),
322 v.OneOf(repo_groups, hideList=True))
322 v.OneOf(repo_groups, hideList=True))
323 repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
323 repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))
324 description = v.UnicodeString(strip=True, min=1, not_empty=True)
324 description = v.UnicodeString(strip=True, min=1, not_empty=True)
325 private = v.StringBoolean(if_missing=False)
325 private = v.StringBoolean(if_missing=False)
326 copy_permissions = v.StringBoolean(if_missing=False)
326 copy_permissions = v.StringBoolean(if_missing=False)
327 fork_parent_id = v.UnicodeString()
327 fork_parent_id = v.UnicodeString()
328 chained_validators = [v.ValidForkName(edit, old_data)]
328 chained_validators = [v.ValidForkName(edit, old_data)]
329 landing_rev = v.OneOf(landing_revs, hideList=True)
329 landing_rev = v.OneOf(landing_revs, hideList=True)
330
330
331 return _RepoForkForm
331 return _RepoForkForm
332
332
333
333
334 def ApplicationSettingsForm():
334 def ApplicationSettingsForm():
335 class _ApplicationSettingsForm(formencode.Schema):
335 class _ApplicationSettingsForm(formencode.Schema):
336 allow_extra_fields = True
336 allow_extra_fields = True
337 filter_extra_fields = False
337 filter_extra_fields = False
338 rhodecode_title = v.UnicodeString(strip=True, max=40, not_empty=False)
338 rhodecode_title = v.UnicodeString(strip=True, max=40, not_empty=False)
339 rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
339 rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True)
340 rhodecode_pre_code = v.UnicodeString(strip=True, min=1, not_empty=False)
340 rhodecode_pre_code = v.UnicodeString(strip=True, min=1, not_empty=False)
341 rhodecode_post_code = v.UnicodeString(strip=True, min=1, not_empty=False)
341 rhodecode_post_code = v.UnicodeString(strip=True, min=1, not_empty=False)
342 rhodecode_captcha_public_key = v.UnicodeString(strip=True, min=1, not_empty=False)
342 rhodecode_captcha_public_key = v.UnicodeString(strip=True, min=1, not_empty=False)
343 rhodecode_captcha_private_key = v.UnicodeString(strip=True, min=1, not_empty=False)
343 rhodecode_captcha_private_key = v.UnicodeString(strip=True, min=1, not_empty=False)
344 rhodecode_create_personal_repo_group = v.StringBoolean(if_missing=False)
345 rhodecode_personal_repo_group_pattern = v.UnicodeString(strip=True, min=1, not_empty=False)
344
346
345 return _ApplicationSettingsForm
347 return _ApplicationSettingsForm
346
348
347
349
348 def ApplicationVisualisationForm():
350 def ApplicationVisualisationForm():
349 class _ApplicationVisualisationForm(formencode.Schema):
351 class _ApplicationVisualisationForm(formencode.Schema):
350 allow_extra_fields = True
352 allow_extra_fields = True
351 filter_extra_fields = False
353 filter_extra_fields = False
352 rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
354 rhodecode_show_public_icon = v.StringBoolean(if_missing=False)
353 rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
355 rhodecode_show_private_icon = v.StringBoolean(if_missing=False)
354 rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
356 rhodecode_stylify_metatags = v.StringBoolean(if_missing=False)
355
357
356 rhodecode_repository_fields = v.StringBoolean(if_missing=False)
358 rhodecode_repository_fields = v.StringBoolean(if_missing=False)
357 rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
359 rhodecode_lightweight_journal = v.StringBoolean(if_missing=False)
358 rhodecode_dashboard_items = v.Int(min=5, not_empty=True)
360 rhodecode_dashboard_items = v.Int(min=5, not_empty=True)
359 rhodecode_admin_grid_items = v.Int(min=5, not_empty=True)
361 rhodecode_admin_grid_items = v.Int(min=5, not_empty=True)
360 rhodecode_show_version = v.StringBoolean(if_missing=False)
362 rhodecode_show_version = v.StringBoolean(if_missing=False)
361 rhodecode_use_gravatar = v.StringBoolean(if_missing=False)
363 rhodecode_use_gravatar = v.StringBoolean(if_missing=False)
362 rhodecode_markup_renderer = v.OneOf(['markdown', 'rst'])
364 rhodecode_markup_renderer = v.OneOf(['markdown', 'rst'])
363 rhodecode_gravatar_url = v.UnicodeString(min=3)
365 rhodecode_gravatar_url = v.UnicodeString(min=3)
364 rhodecode_clone_uri_tmpl = v.UnicodeString(min=3)
366 rhodecode_clone_uri_tmpl = v.UnicodeString(min=3)
365 rhodecode_support_url = v.UnicodeString()
367 rhodecode_support_url = v.UnicodeString()
366 rhodecode_show_revision_number = v.StringBoolean(if_missing=False)
368 rhodecode_show_revision_number = v.StringBoolean(if_missing=False)
367 rhodecode_show_sha_length = v.Int(min=4, not_empty=True)
369 rhodecode_show_sha_length = v.Int(min=4, not_empty=True)
368
370
369 return _ApplicationVisualisationForm
371 return _ApplicationVisualisationForm
370
372
371
373
372 class _BaseVcsSettingsForm(formencode.Schema):
374 class _BaseVcsSettingsForm(formencode.Schema):
373 allow_extra_fields = True
375 allow_extra_fields = True
374 filter_extra_fields = False
376 filter_extra_fields = False
375 hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
377 hooks_changegroup_repo_size = v.StringBoolean(if_missing=False)
376 hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
378 hooks_changegroup_push_logger = v.StringBoolean(if_missing=False)
377 hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
379 hooks_outgoing_pull_logger = v.StringBoolean(if_missing=False)
378
380
379 extensions_largefiles = v.StringBoolean(if_missing=False)
381 extensions_largefiles = v.StringBoolean(if_missing=False)
380 phases_publish = v.StringBoolean(if_missing=False)
382 phases_publish = v.StringBoolean(if_missing=False)
381
383
382 rhodecode_pr_merge_enabled = v.StringBoolean(if_missing=False)
384 rhodecode_pr_merge_enabled = v.StringBoolean(if_missing=False)
383 rhodecode_use_outdated_comments = v.StringBoolean(if_missing=False)
385 rhodecode_use_outdated_comments = v.StringBoolean(if_missing=False)
384 rhodecode_hg_use_rebase_for_merging = v.StringBoolean(if_missing=False)
386 rhodecode_hg_use_rebase_for_merging = v.StringBoolean(if_missing=False)
385
387
386 vcs_svn_proxy_http_requests_enabled = v.StringBoolean(if_missing=False)
388 vcs_svn_proxy_http_requests_enabled = v.StringBoolean(if_missing=False)
387 vcs_svn_proxy_http_server_url = v.UnicodeString(strip=True, if_missing=None)
389 vcs_svn_proxy_http_server_url = v.UnicodeString(strip=True, if_missing=None)
388
390
389
391
390 def ApplicationUiSettingsForm():
392 def ApplicationUiSettingsForm():
391 class _ApplicationUiSettingsForm(_BaseVcsSettingsForm):
393 class _ApplicationUiSettingsForm(_BaseVcsSettingsForm):
392 web_push_ssl = v.StringBoolean(if_missing=False)
394 web_push_ssl = v.StringBoolean(if_missing=False)
393 paths_root_path = All(
395 paths_root_path = All(
394 v.ValidPath(),
396 v.ValidPath(),
395 v.UnicodeString(strip=True, min=1, not_empty=True)
397 v.UnicodeString(strip=True, min=1, not_empty=True)
396 )
398 )
397 extensions_hgsubversion = v.StringBoolean(if_missing=False)
399 extensions_hgsubversion = v.StringBoolean(if_missing=False)
398 extensions_hggit = v.StringBoolean(if_missing=False)
400 extensions_hggit = v.StringBoolean(if_missing=False)
399 new_svn_branch = v.ValidSvnPattern(section='vcs_svn_branch')
401 new_svn_branch = v.ValidSvnPattern(section='vcs_svn_branch')
400 new_svn_tag = v.ValidSvnPattern(section='vcs_svn_tag')
402 new_svn_tag = v.ValidSvnPattern(section='vcs_svn_tag')
401
403
402 return _ApplicationUiSettingsForm
404 return _ApplicationUiSettingsForm
403
405
404
406
405 def RepoVcsSettingsForm(repo_name):
407 def RepoVcsSettingsForm(repo_name):
406 class _RepoVcsSettingsForm(_BaseVcsSettingsForm):
408 class _RepoVcsSettingsForm(_BaseVcsSettingsForm):
407 inherit_global_settings = v.StringBoolean(if_missing=False)
409 inherit_global_settings = v.StringBoolean(if_missing=False)
408 new_svn_branch = v.ValidSvnPattern(
410 new_svn_branch = v.ValidSvnPattern(
409 section='vcs_svn_branch', repo_name=repo_name)
411 section='vcs_svn_branch', repo_name=repo_name)
410 new_svn_tag = v.ValidSvnPattern(
412 new_svn_tag = v.ValidSvnPattern(
411 section='vcs_svn_tag', repo_name=repo_name)
413 section='vcs_svn_tag', repo_name=repo_name)
412
414
413 return _RepoVcsSettingsForm
415 return _RepoVcsSettingsForm
414
416
415
417
416 def LabsSettingsForm():
418 def LabsSettingsForm():
417 class _LabSettingsForm(formencode.Schema):
419 class _LabSettingsForm(formencode.Schema):
418 allow_extra_fields = True
420 allow_extra_fields = True
419 filter_extra_fields = False
421 filter_extra_fields = False
420
422
421 return _LabSettingsForm
423 return _LabSettingsForm
422
424
423
425
424 def ApplicationPermissionsForm(
426 def ApplicationPermissionsForm(
425 register_choices, password_reset_choices, extern_activate_choices):
427 register_choices, password_reset_choices, extern_activate_choices):
426 class _DefaultPermissionsForm(formencode.Schema):
428 class _DefaultPermissionsForm(formencode.Schema):
427 allow_extra_fields = True
429 allow_extra_fields = True
428 filter_extra_fields = True
430 filter_extra_fields = True
429
431
430 anonymous = v.StringBoolean(if_missing=False)
432 anonymous = v.StringBoolean(if_missing=False)
431 default_register = v.OneOf(register_choices)
433 default_register = v.OneOf(register_choices)
432 default_register_message = v.UnicodeString()
434 default_register_message = v.UnicodeString()
433 default_password_reset = v.OneOf(password_reset_choices)
435 default_password_reset = v.OneOf(password_reset_choices)
434 default_extern_activate = v.OneOf(extern_activate_choices)
436 default_extern_activate = v.OneOf(extern_activate_choices)
435
437
436 return _DefaultPermissionsForm
438 return _DefaultPermissionsForm
437
439
438
440
439 def ObjectPermissionsForm(repo_perms_choices, group_perms_choices,
441 def ObjectPermissionsForm(repo_perms_choices, group_perms_choices,
440 user_group_perms_choices):
442 user_group_perms_choices):
441 class _ObjectPermissionsForm(formencode.Schema):
443 class _ObjectPermissionsForm(formencode.Schema):
442 allow_extra_fields = True
444 allow_extra_fields = True
443 filter_extra_fields = True
445 filter_extra_fields = True
444 overwrite_default_repo = v.StringBoolean(if_missing=False)
446 overwrite_default_repo = v.StringBoolean(if_missing=False)
445 overwrite_default_group = v.StringBoolean(if_missing=False)
447 overwrite_default_group = v.StringBoolean(if_missing=False)
446 overwrite_default_user_group = v.StringBoolean(if_missing=False)
448 overwrite_default_user_group = v.StringBoolean(if_missing=False)
447 default_repo_perm = v.OneOf(repo_perms_choices)
449 default_repo_perm = v.OneOf(repo_perms_choices)
448 default_group_perm = v.OneOf(group_perms_choices)
450 default_group_perm = v.OneOf(group_perms_choices)
449 default_user_group_perm = v.OneOf(user_group_perms_choices)
451 default_user_group_perm = v.OneOf(user_group_perms_choices)
450
452
451 return _ObjectPermissionsForm
453 return _ObjectPermissionsForm
452
454
453
455
454 def UserPermissionsForm(create_choices, create_on_write_choices,
456 def UserPermissionsForm(create_choices, create_on_write_choices,
455 repo_group_create_choices, user_group_create_choices,
457 repo_group_create_choices, user_group_create_choices,
456 fork_choices, inherit_default_permissions_choices):
458 fork_choices, inherit_default_permissions_choices):
457 class _DefaultPermissionsForm(formencode.Schema):
459 class _DefaultPermissionsForm(formencode.Schema):
458 allow_extra_fields = True
460 allow_extra_fields = True
459 filter_extra_fields = True
461 filter_extra_fields = True
460
462
461 anonymous = v.StringBoolean(if_missing=False)
463 anonymous = v.StringBoolean(if_missing=False)
462
464
463 default_repo_create = v.OneOf(create_choices)
465 default_repo_create = v.OneOf(create_choices)
464 default_repo_create_on_write = v.OneOf(create_on_write_choices)
466 default_repo_create_on_write = v.OneOf(create_on_write_choices)
465 default_user_group_create = v.OneOf(user_group_create_choices)
467 default_user_group_create = v.OneOf(user_group_create_choices)
466 default_repo_group_create = v.OneOf(repo_group_create_choices)
468 default_repo_group_create = v.OneOf(repo_group_create_choices)
467 default_fork_create = v.OneOf(fork_choices)
469 default_fork_create = v.OneOf(fork_choices)
468 default_inherit_default_permissions = v.OneOf(inherit_default_permissions_choices)
470 default_inherit_default_permissions = v.OneOf(inherit_default_permissions_choices)
469
471
470 return _DefaultPermissionsForm
472 return _DefaultPermissionsForm
471
473
472
474
473 def UserIndividualPermissionsForm():
475 def UserIndividualPermissionsForm():
474 class _DefaultPermissionsForm(formencode.Schema):
476 class _DefaultPermissionsForm(formencode.Schema):
475 allow_extra_fields = True
477 allow_extra_fields = True
476 filter_extra_fields = True
478 filter_extra_fields = True
477
479
478 inherit_default_permissions = v.StringBoolean(if_missing=False)
480 inherit_default_permissions = v.StringBoolean(if_missing=False)
479
481
480 return _DefaultPermissionsForm
482 return _DefaultPermissionsForm
481
483
482
484
483 def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
485 def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
484 class _DefaultsForm(formencode.Schema):
486 class _DefaultsForm(formencode.Schema):
485 allow_extra_fields = True
487 allow_extra_fields = True
486 filter_extra_fields = True
488 filter_extra_fields = True
487 default_repo_type = v.OneOf(supported_backends)
489 default_repo_type = v.OneOf(supported_backends)
488 default_repo_private = v.StringBoolean(if_missing=False)
490 default_repo_private = v.StringBoolean(if_missing=False)
489 default_repo_enable_statistics = v.StringBoolean(if_missing=False)
491 default_repo_enable_statistics = v.StringBoolean(if_missing=False)
490 default_repo_enable_downloads = v.StringBoolean(if_missing=False)
492 default_repo_enable_downloads = v.StringBoolean(if_missing=False)
491 default_repo_enable_locking = v.StringBoolean(if_missing=False)
493 default_repo_enable_locking = v.StringBoolean(if_missing=False)
492
494
493 return _DefaultsForm
495 return _DefaultsForm
494
496
495
497
496 def AuthSettingsForm():
498 def AuthSettingsForm():
497 class _AuthSettingsForm(formencode.Schema):
499 class _AuthSettingsForm(formencode.Schema):
498 allow_extra_fields = True
500 allow_extra_fields = True
499 filter_extra_fields = True
501 filter_extra_fields = True
500 auth_plugins = All(v.ValidAuthPlugins(),
502 auth_plugins = All(v.ValidAuthPlugins(),
501 v.UniqueListFromString()(not_empty=True))
503 v.UniqueListFromString()(not_empty=True))
502
504
503 return _AuthSettingsForm
505 return _AuthSettingsForm
504
506
505
507
506 def UserExtraEmailForm():
508 def UserExtraEmailForm():
507 class _UserExtraEmailForm(formencode.Schema):
509 class _UserExtraEmailForm(formencode.Schema):
508 email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
510 email = All(v.UniqSystemEmail(), v.Email(not_empty=True))
509 return _UserExtraEmailForm
511 return _UserExtraEmailForm
510
512
511
513
512 def UserExtraIpForm():
514 def UserExtraIpForm():
513 class _UserExtraIpForm(formencode.Schema):
515 class _UserExtraIpForm(formencode.Schema):
514 ip = v.ValidIp()(not_empty=True)
516 ip = v.ValidIp()(not_empty=True)
515 return _UserExtraIpForm
517 return _UserExtraIpForm
516
518
517
519
518
520
519 def PullRequestForm(repo_id):
521 def PullRequestForm(repo_id):
520 class ReviewerForm(formencode.Schema):
522 class ReviewerForm(formencode.Schema):
521 user_id = v.Int(not_empty=True)
523 user_id = v.Int(not_empty=True)
522 reasons = All()
524 reasons = All()
523
525
524 class _PullRequestForm(formencode.Schema):
526 class _PullRequestForm(formencode.Schema):
525 allow_extra_fields = True
527 allow_extra_fields = True
526 filter_extra_fields = True
528 filter_extra_fields = True
527
529
528 user = v.UnicodeString(strip=True, required=True)
530 user = v.UnicodeString(strip=True, required=True)
529 source_repo = v.UnicodeString(strip=True, required=True)
531 source_repo = v.UnicodeString(strip=True, required=True)
530 source_ref = v.UnicodeString(strip=True, required=True)
532 source_ref = v.UnicodeString(strip=True, required=True)
531 target_repo = v.UnicodeString(strip=True, required=True)
533 target_repo = v.UnicodeString(strip=True, required=True)
532 target_ref = v.UnicodeString(strip=True, required=True)
534 target_ref = v.UnicodeString(strip=True, required=True)
533 revisions = All(#v.NotReviewedRevisions(repo_id)(),
535 revisions = All(#v.NotReviewedRevisions(repo_id)(),
534 v.UniqueList()(not_empty=True))
536 v.UniqueList()(not_empty=True))
535 review_members = formencode.ForEach(ReviewerForm())
537 review_members = formencode.ForEach(ReviewerForm())
536 pullrequest_title = v.UnicodeString(strip=True, required=True)
538 pullrequest_title = v.UnicodeString(strip=True, required=True)
537 pullrequest_desc = v.UnicodeString(strip=True, required=False)
539 pullrequest_desc = v.UnicodeString(strip=True, required=False)
538
540
539 return _PullRequestForm
541 return _PullRequestForm
540
542
541
543
542 def IssueTrackerPatternsForm():
544 def IssueTrackerPatternsForm():
543 class _IssueTrackerPatternsForm(formencode.Schema):
545 class _IssueTrackerPatternsForm(formencode.Schema):
544 allow_extra_fields = True
546 allow_extra_fields = True
545 filter_extra_fields = False
547 filter_extra_fields = False
546 chained_validators = [v.ValidPattern()]
548 chained_validators = [v.ValidPattern()]
547 return _IssueTrackerPatternsForm
549 return _IssueTrackerPatternsForm
@@ -1,659 +1,701 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2016 RhodeCode GmbH
3 # Copyright (C) 2011-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21
21
22 """
22 """
23 repo group model for RhodeCode
23 repo group model for RhodeCode
24 """
24 """
25
25
26
26 import os
27 import datetime
27 import datetime
28 import itertools
28 import itertools
29 import logging
29 import logging
30 import os
31 import shutil
30 import shutil
32 import traceback
31 import traceback
32 import string
33
33
34 from zope.cachedescriptors.property import Lazy as LazyProperty
34 from zope.cachedescriptors.property import Lazy as LazyProperty
35
35
36 from rhodecode import events
36 from rhodecode import events
37 from rhodecode.model import BaseModel
37 from rhodecode.model import BaseModel
38 from rhodecode.model.db import (
38 from rhodecode.model.db import (
39 RepoGroup, UserRepoGroupToPerm, User, Permission, UserGroupRepoGroupToPerm,
39 RepoGroup, UserRepoGroupToPerm, User, Permission, UserGroupRepoGroupToPerm,
40 UserGroup, Repository)
40 UserGroup, Repository)
41 from rhodecode.model.settings import VcsSettingsModel
41 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
42 from rhodecode.lib.caching_query import FromCache
42 from rhodecode.lib.caching_query import FromCache
43 from rhodecode.lib.utils2 import action_logger_generic
43 from rhodecode.lib.utils2 import action_logger_generic
44
44
45 log = logging.getLogger(__name__)
45 log = logging.getLogger(__name__)
46
46
47
47
48 class RepoGroupModel(BaseModel):
48 class RepoGroupModel(BaseModel):
49
49
50 cls = RepoGroup
50 cls = RepoGroup
51 PERSONAL_GROUP_DESC = '[personal] repo group: owner `%(username)s`'
51 PERSONAL_GROUP_DESC = '[personal] repo group: owner `%(username)s`'
52 PERSONAL_GROUP_PATTERN = '${username}' # default
52
53
53 def _get_user_group(self, users_group):
54 def _get_user_group(self, users_group):
54 return self._get_instance(UserGroup, users_group,
55 return self._get_instance(UserGroup, users_group,
55 callback=UserGroup.get_by_group_name)
56 callback=UserGroup.get_by_group_name)
56
57
57 def _get_repo_group(self, repo_group):
58 def _get_repo_group(self, repo_group):
58 return self._get_instance(RepoGroup, repo_group,
59 return self._get_instance(RepoGroup, repo_group,
59 callback=RepoGroup.get_by_group_name)
60 callback=RepoGroup.get_by_group_name)
60
61
61 @LazyProperty
62 @LazyProperty
62 def repos_path(self):
63 def repos_path(self):
63 """
64 """
64 Gets the repositories root path from database
65 Gets the repositories root path from database
65 """
66 """
66
67
67 settings_model = VcsSettingsModel(sa=self.sa)
68 settings_model = VcsSettingsModel(sa=self.sa)
68 return settings_model.get_repos_location()
69 return settings_model.get_repos_location()
69
70
70 def get_by_group_name(self, repo_group_name, cache=None):
71 def get_by_group_name(self, repo_group_name, cache=None):
71 repo = self.sa.query(RepoGroup) \
72 repo = self.sa.query(RepoGroup) \
72 .filter(RepoGroup.group_name == repo_group_name)
73 .filter(RepoGroup.group_name == repo_group_name)
73
74
74 if cache:
75 if cache:
75 repo = repo.options(FromCache(
76 repo = repo.options(FromCache(
76 "sql_cache_short", "get_repo_group_%s" % repo_group_name))
77 "sql_cache_short", "get_repo_group_%s" % repo_group_name))
77 return repo.scalar()
78 return repo.scalar()
78
79
80 def get_default_create_personal_repo_group(self):
81 value = SettingsModel().get_setting_by_name(
82 'create_personal_repo_group')
83 return value.app_settings_value if value else None or False
84
85 def get_personal_group_name_pattern(self):
86 value = SettingsModel().get_setting_by_name(
87 'personal_repo_group_pattern')
88 val = value.app_settings_value if value else None
89 group_template = val or self.PERSONAL_GROUP_PATTERN
90
91 group_template = group_template.lstrip('/')
92 return group_template
93
94 def get_personal_group_name(self, user):
95 template = self.get_personal_group_name_pattern()
96 return string.Template(template).safe_substitute(
97 username=user.username,
98 user_id=user.user_id,
99 )
100
101 def create_personal_repo_group(self, user, commit_early=True):
102 desc = self.PERSONAL_GROUP_DESC % {'username': user.username}
103 personal_repo_group_name = self.get_personal_group_name(user)
104
105 # create a new one
106 RepoGroupModel().create(
107 group_name=personal_repo_group_name,
108 group_description=desc,
109 owner=user.username,
110 personal=True,
111 commit_early=commit_early)
112
79 def _create_default_perms(self, new_group):
113 def _create_default_perms(self, new_group):
80 # create default permission
114 # create default permission
81 default_perm = 'group.read'
115 default_perm = 'group.read'
82 def_user = User.get_default_user()
116 def_user = User.get_default_user()
83 for p in def_user.user_perms:
117 for p in def_user.user_perms:
84 if p.permission.permission_name.startswith('group.'):
118 if p.permission.permission_name.startswith('group.'):
85 default_perm = p.permission.permission_name
119 default_perm = p.permission.permission_name
86 break
120 break
87
121
88 repo_group_to_perm = UserRepoGroupToPerm()
122 repo_group_to_perm = UserRepoGroupToPerm()
89 repo_group_to_perm.permission = Permission.get_by_key(default_perm)
123 repo_group_to_perm.permission = Permission.get_by_key(default_perm)
90
124
91 repo_group_to_perm.group = new_group
125 repo_group_to_perm.group = new_group
92 repo_group_to_perm.user_id = def_user.user_id
126 repo_group_to_perm.user_id = def_user.user_id
93 return repo_group_to_perm
127 return repo_group_to_perm
94
128
95 def _get_group_name_and_parent(self, group_name_full, repo_in_path=False):
129 def _get_group_name_and_parent(self, group_name_full, repo_in_path=False):
96 """
130 """
97 Get's the group name and a parent group name from given group name.
131 Get's the group name and a parent group name from given group name.
98 If repo_in_path is set to truth, we asume the full path also includes
132 If repo_in_path is set to truth, we asume the full path also includes
99 repo name, in such case we clean the last element.
133 repo name, in such case we clean the last element.
100
134
101 :param group_name_full:
135 :param group_name_full:
102 """
136 """
103 split_paths = 1
137 split_paths = 1
104 if repo_in_path:
138 if repo_in_path:
105 split_paths = 2
139 split_paths = 2
106 _parts = group_name_full.rsplit(RepoGroup.url_sep(), split_paths)
140 _parts = group_name_full.rsplit(RepoGroup.url_sep(), split_paths)
107
141
108 if repo_in_path and len(_parts) > 1:
142 if repo_in_path and len(_parts) > 1:
109 # such case last element is the repo_name
143 # such case last element is the repo_name
110 _parts.pop(-1)
144 _parts.pop(-1)
111 group_name_cleaned = _parts[-1] # just the group name
145 group_name_cleaned = _parts[-1] # just the group name
112 parent_repo_group_name = None
146 parent_repo_group_name = None
113
147
114 if len(_parts) > 1:
148 if len(_parts) > 1:
115 parent_repo_group_name = _parts[0]
149 parent_repo_group_name = _parts[0]
116
150
117 if parent_repo_group_name:
151 if parent_repo_group_name:
118 parent_group = RepoGroup.get_by_group_name(parent_repo_group_name)
152 parent_group = RepoGroup.get_by_group_name(parent_repo_group_name)
119
153
120 return group_name_cleaned, parent_repo_group_name
154 return group_name_cleaned, parent_repo_group_name
121
155
122 def check_exist_filesystem(self, group_name, exc_on_failure=True):
156 def check_exist_filesystem(self, group_name, exc_on_failure=True):
123 create_path = os.path.join(self.repos_path, group_name)
157 create_path = os.path.join(self.repos_path, group_name)
124 log.debug('creating new group in %s', create_path)
158 log.debug('creating new group in %s', create_path)
125
159
126 if os.path.isdir(create_path):
160 if os.path.isdir(create_path):
127 if exc_on_failure:
161 if exc_on_failure:
128 raise Exception('That directory already exists !')
162 raise Exception('That directory already exists !')
129 return False
163 return False
130 return True
164 return True
131
165
132 def _create_group(self, group_name):
166 def _create_group(self, group_name):
133 """
167 """
134 makes repository group on filesystem
168 makes repository group on filesystem
135
169
136 :param repo_name:
170 :param repo_name:
137 :param parent_id:
171 :param parent_id:
138 """
172 """
139
173
140 self.check_exist_filesystem(group_name)
174 self.check_exist_filesystem(group_name)
141 create_path = os.path.join(self.repos_path, group_name)
175 create_path = os.path.join(self.repos_path, group_name)
142 log.debug('creating new group in %s', create_path)
176 log.debug('creating new group in %s', create_path)
143 os.makedirs(create_path, mode=0755)
177 os.makedirs(create_path, mode=0755)
144 log.debug('created group in %s', create_path)
178 log.debug('created group in %s', create_path)
145
179
146 def _rename_group(self, old, new):
180 def _rename_group(self, old, new):
147 """
181 """
148 Renames a group on filesystem
182 Renames a group on filesystem
149
183
150 :param group_name:
184 :param group_name:
151 """
185 """
152
186
153 if old == new:
187 if old == new:
154 log.debug('skipping group rename')
188 log.debug('skipping group rename')
155 return
189 return
156
190
157 log.debug('renaming repository group from %s to %s', old, new)
191 log.debug('renaming repository group from %s to %s', old, new)
158
192
159 old_path = os.path.join(self.repos_path, old)
193 old_path = os.path.join(self.repos_path, old)
160 new_path = os.path.join(self.repos_path, new)
194 new_path = os.path.join(self.repos_path, new)
161
195
162 log.debug('renaming repos paths from %s to %s', old_path, new_path)
196 log.debug('renaming repos paths from %s to %s', old_path, new_path)
163
197
164 if os.path.isdir(new_path):
198 if os.path.isdir(new_path):
165 raise Exception('Was trying to rename to already '
199 raise Exception('Was trying to rename to already '
166 'existing dir %s' % new_path)
200 'existing dir %s' % new_path)
167 shutil.move(old_path, new_path)
201 shutil.move(old_path, new_path)
168
202
169 def _delete_filesystem_group(self, group, force_delete=False):
203 def _delete_filesystem_group(self, group, force_delete=False):
170 """
204 """
171 Deletes a group from a filesystem
205 Deletes a group from a filesystem
172
206
173 :param group: instance of group from database
207 :param group: instance of group from database
174 :param force_delete: use shutil rmtree to remove all objects
208 :param force_delete: use shutil rmtree to remove all objects
175 """
209 """
176 paths = group.full_path.split(RepoGroup.url_sep())
210 paths = group.full_path.split(RepoGroup.url_sep())
177 paths = os.sep.join(paths)
211 paths = os.sep.join(paths)
178
212
179 rm_path = os.path.join(self.repos_path, paths)
213 rm_path = os.path.join(self.repos_path, paths)
180 log.info("Removing group %s", rm_path)
214 log.info("Removing group %s", rm_path)
181 # delete only if that path really exists
215 # delete only if that path really exists
182 if os.path.isdir(rm_path):
216 if os.path.isdir(rm_path):
183 if force_delete:
217 if force_delete:
184 shutil.rmtree(rm_path)
218 shutil.rmtree(rm_path)
185 else:
219 else:
186 # archive that group`
220 # archive that group`
187 _now = datetime.datetime.now()
221 _now = datetime.datetime.now()
188 _ms = str(_now.microsecond).rjust(6, '0')
222 _ms = str(_now.microsecond).rjust(6, '0')
189 _d = 'rm__%s_GROUP_%s' % (
223 _d = 'rm__%s_GROUP_%s' % (
190 _now.strftime('%Y%m%d_%H%M%S_' + _ms), group.name)
224 _now.strftime('%Y%m%d_%H%M%S_' + _ms), group.name)
191 shutil.move(rm_path, os.path.join(self.repos_path, _d))
225 shutil.move(rm_path, os.path.join(self.repos_path, _d))
192
226
193 def create(self, group_name, group_description, owner, just_db=False,
227 def create(self, group_name, group_description, owner, just_db=False,
194 copy_permissions=False, commit_early=True):
228 copy_permissions=False, personal=None, commit_early=True):
195
229
196 (group_name_cleaned,
230 (group_name_cleaned,
197 parent_group_name) = RepoGroupModel()._get_group_name_and_parent(group_name)
231 parent_group_name) = RepoGroupModel()._get_group_name_and_parent(group_name)
198
232
199 parent_group = None
233 parent_group = None
200 if parent_group_name:
234 if parent_group_name:
201 parent_group = self._get_repo_group(parent_group_name)
235 parent_group = self._get_repo_group(parent_group_name)
236 if not parent_group:
237 # we tried to create a nested group, but the parent is not
238 # existing
239 raise ValueError(
240 'Parent group `%s` given in `%s` group name '
241 'is not yet existing.' % (parent_group_name, group_name))
202
242
203 # becase we are doing a cleanup, we need to check if such directory
243 # because we are doing a cleanup, we need to check if such directory
204 # already exists. If we don't do that we can accidentally delete existing
244 # already exists. If we don't do that we can accidentally delete
205 # directory via cleanup that can cause data issues, since delete does a
245 # existing directory via cleanup that can cause data issues, since
206 # folder rename to special syntax later cleanup functions can delete this
246 # delete does a folder rename to special syntax later cleanup
247 # functions can delete this
207 cleanup_group = self.check_exist_filesystem(group_name,
248 cleanup_group = self.check_exist_filesystem(group_name,
208 exc_on_failure=False)
249 exc_on_failure=False)
209 try:
250 try:
210 user = self._get_user(owner)
251 user = self._get_user(owner)
211 new_repo_group = RepoGroup()
252 new_repo_group = RepoGroup()
212 new_repo_group.user = user
253 new_repo_group.user = user
213 new_repo_group.group_description = group_description or group_name
254 new_repo_group.group_description = group_description or group_name
214 new_repo_group.parent_group = parent_group
255 new_repo_group.parent_group = parent_group
215 new_repo_group.group_name = group_name
256 new_repo_group.group_name = group_name
257 new_repo_group.personal = personal
216
258
217 self.sa.add(new_repo_group)
259 self.sa.add(new_repo_group)
218
260
219 # create an ADMIN permission for owner except if we're super admin,
261 # create an ADMIN permission for owner except if we're super admin,
220 # later owner should go into the owner field of groups
262 # later owner should go into the owner field of groups
221 if not user.is_admin:
263 if not user.is_admin:
222 self.grant_user_permission(repo_group=new_repo_group,
264 self.grant_user_permission(repo_group=new_repo_group,
223 user=owner, perm='group.admin')
265 user=owner, perm='group.admin')
224
266
225 if parent_group and copy_permissions:
267 if parent_group and copy_permissions:
226 # copy permissions from parent
268 # copy permissions from parent
227 user_perms = UserRepoGroupToPerm.query() \
269 user_perms = UserRepoGroupToPerm.query() \
228 .filter(UserRepoGroupToPerm.group == parent_group).all()
270 .filter(UserRepoGroupToPerm.group == parent_group).all()
229
271
230 group_perms = UserGroupRepoGroupToPerm.query() \
272 group_perms = UserGroupRepoGroupToPerm.query() \
231 .filter(UserGroupRepoGroupToPerm.group == parent_group).all()
273 .filter(UserGroupRepoGroupToPerm.group == parent_group).all()
232
274
233 for perm in user_perms:
275 for perm in user_perms:
234 # don't copy over the permission for user who is creating
276 # don't copy over the permission for user who is creating
235 # this group, if he is not super admin he get's admin
277 # this group, if he is not super admin he get's admin
236 # permission set above
278 # permission set above
237 if perm.user != user or user.is_admin:
279 if perm.user != user or user.is_admin:
238 UserRepoGroupToPerm.create(
280 UserRepoGroupToPerm.create(
239 perm.user, new_repo_group, perm.permission)
281 perm.user, new_repo_group, perm.permission)
240
282
241 for perm in group_perms:
283 for perm in group_perms:
242 UserGroupRepoGroupToPerm.create(
284 UserGroupRepoGroupToPerm.create(
243 perm.users_group, new_repo_group, perm.permission)
285 perm.users_group, new_repo_group, perm.permission)
244 else:
286 else:
245 perm_obj = self._create_default_perms(new_repo_group)
287 perm_obj = self._create_default_perms(new_repo_group)
246 self.sa.add(perm_obj)
288 self.sa.add(perm_obj)
247
289
248 # now commit the changes, earlier so we are sure everything is in
290 # now commit the changes, earlier so we are sure everything is in
249 # the database.
291 # the database.
250 if commit_early:
292 if commit_early:
251 self.sa.commit()
293 self.sa.commit()
252 if not just_db:
294 if not just_db:
253 self._create_group(new_repo_group.group_name)
295 self._create_group(new_repo_group.group_name)
254
296
255 # trigger the post hook
297 # trigger the post hook
256 from rhodecode.lib.hooks_base import log_create_repository_group
298 from rhodecode.lib.hooks_base import log_create_repository_group
257 repo_group = RepoGroup.get_by_group_name(group_name)
299 repo_group = RepoGroup.get_by_group_name(group_name)
258 log_create_repository_group(
300 log_create_repository_group(
259 created_by=user.username, **repo_group.get_dict())
301 created_by=user.username, **repo_group.get_dict())
260
302
261 # Trigger create event.
303 # Trigger create event.
262 events.trigger(events.RepoGroupCreateEvent(repo_group))
304 events.trigger(events.RepoGroupCreateEvent(repo_group))
263
305
264 return new_repo_group
306 return new_repo_group
265 except Exception:
307 except Exception:
266 self.sa.rollback()
308 self.sa.rollback()
267 log.exception('Exception occurred when creating repository group, '
309 log.exception('Exception occurred when creating repository group, '
268 'doing cleanup...')
310 'doing cleanup...')
269 # rollback things manually !
311 # rollback things manually !
270 repo_group = RepoGroup.get_by_group_name(group_name)
312 repo_group = RepoGroup.get_by_group_name(group_name)
271 if repo_group:
313 if repo_group:
272 RepoGroup.delete(repo_group.group_id)
314 RepoGroup.delete(repo_group.group_id)
273 self.sa.commit()
315 self.sa.commit()
274 if cleanup_group:
316 if cleanup_group:
275 RepoGroupModel()._delete_filesystem_group(repo_group)
317 RepoGroupModel()._delete_filesystem_group(repo_group)
276 raise
318 raise
277
319
278 def update_permissions(
320 def update_permissions(
279 self, repo_group, perm_additions=None, perm_updates=None,
321 self, repo_group, perm_additions=None, perm_updates=None,
280 perm_deletions=None, recursive=None, check_perms=True,
322 perm_deletions=None, recursive=None, check_perms=True,
281 cur_user=None):
323 cur_user=None):
282 from rhodecode.model.repo import RepoModel
324 from rhodecode.model.repo import RepoModel
283 from rhodecode.lib.auth import HasUserGroupPermissionAny
325 from rhodecode.lib.auth import HasUserGroupPermissionAny
284
326
285 if not perm_additions:
327 if not perm_additions:
286 perm_additions = []
328 perm_additions = []
287 if not perm_updates:
329 if not perm_updates:
288 perm_updates = []
330 perm_updates = []
289 if not perm_deletions:
331 if not perm_deletions:
290 perm_deletions = []
332 perm_deletions = []
291
333
292 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
334 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
293
335
294 def _set_perm_user(obj, user, perm):
336 def _set_perm_user(obj, user, perm):
295 if isinstance(obj, RepoGroup):
337 if isinstance(obj, RepoGroup):
296 self.grant_user_permission(
338 self.grant_user_permission(
297 repo_group=obj, user=user, perm=perm)
339 repo_group=obj, user=user, perm=perm)
298 elif isinstance(obj, Repository):
340 elif isinstance(obj, Repository):
299 # private repos will not allow to change the default
341 # private repos will not allow to change the default
300 # permissions using recursive mode
342 # permissions using recursive mode
301 if obj.private and user == User.DEFAULT_USER:
343 if obj.private and user == User.DEFAULT_USER:
302 return
344 return
303
345
304 # we set group permission but we have to switch to repo
346 # we set group permission but we have to switch to repo
305 # permission
347 # permission
306 perm = perm.replace('group.', 'repository.')
348 perm = perm.replace('group.', 'repository.')
307 RepoModel().grant_user_permission(
349 RepoModel().grant_user_permission(
308 repo=obj, user=user, perm=perm)
350 repo=obj, user=user, perm=perm)
309
351
310 def _set_perm_group(obj, users_group, perm):
352 def _set_perm_group(obj, users_group, perm):
311 if isinstance(obj, RepoGroup):
353 if isinstance(obj, RepoGroup):
312 self.grant_user_group_permission(
354 self.grant_user_group_permission(
313 repo_group=obj, group_name=users_group, perm=perm)
355 repo_group=obj, group_name=users_group, perm=perm)
314 elif isinstance(obj, Repository):
356 elif isinstance(obj, Repository):
315 # we set group permission but we have to switch to repo
357 # we set group permission but we have to switch to repo
316 # permission
358 # permission
317 perm = perm.replace('group.', 'repository.')
359 perm = perm.replace('group.', 'repository.')
318 RepoModel().grant_user_group_permission(
360 RepoModel().grant_user_group_permission(
319 repo=obj, group_name=users_group, perm=perm)
361 repo=obj, group_name=users_group, perm=perm)
320
362
321 def _revoke_perm_user(obj, user):
363 def _revoke_perm_user(obj, user):
322 if isinstance(obj, RepoGroup):
364 if isinstance(obj, RepoGroup):
323 self.revoke_user_permission(repo_group=obj, user=user)
365 self.revoke_user_permission(repo_group=obj, user=user)
324 elif isinstance(obj, Repository):
366 elif isinstance(obj, Repository):
325 RepoModel().revoke_user_permission(repo=obj, user=user)
367 RepoModel().revoke_user_permission(repo=obj, user=user)
326
368
327 def _revoke_perm_group(obj, user_group):
369 def _revoke_perm_group(obj, user_group):
328 if isinstance(obj, RepoGroup):
370 if isinstance(obj, RepoGroup):
329 self.revoke_user_group_permission(
371 self.revoke_user_group_permission(
330 repo_group=obj, group_name=user_group)
372 repo_group=obj, group_name=user_group)
331 elif isinstance(obj, Repository):
373 elif isinstance(obj, Repository):
332 RepoModel().revoke_user_group_permission(
374 RepoModel().revoke_user_group_permission(
333 repo=obj, group_name=user_group)
375 repo=obj, group_name=user_group)
334
376
335 # start updates
377 # start updates
336 updates = []
378 updates = []
337 log.debug('Now updating permissions for %s in recursive mode:%s',
379 log.debug('Now updating permissions for %s in recursive mode:%s',
338 repo_group, recursive)
380 repo_group, recursive)
339
381
340 # initialize check function, we'll call that multiple times
382 # initialize check function, we'll call that multiple times
341 has_group_perm = HasUserGroupPermissionAny(*req_perms)
383 has_group_perm = HasUserGroupPermissionAny(*req_perms)
342
384
343 for obj in repo_group.recursive_groups_and_repos():
385 for obj in repo_group.recursive_groups_and_repos():
344 # iterated obj is an instance of a repos group or repository in
386 # iterated obj is an instance of a repos group or repository in
345 # that group, recursive option can be: none, repos, groups, all
387 # that group, recursive option can be: none, repos, groups, all
346 if recursive == 'all':
388 if recursive == 'all':
347 obj = obj
389 obj = obj
348 elif recursive == 'repos':
390 elif recursive == 'repos':
349 # skip groups, other than this one
391 # skip groups, other than this one
350 if isinstance(obj, RepoGroup) and not obj == repo_group:
392 if isinstance(obj, RepoGroup) and not obj == repo_group:
351 continue
393 continue
352 elif recursive == 'groups':
394 elif recursive == 'groups':
353 # skip repos
395 # skip repos
354 if isinstance(obj, Repository):
396 if isinstance(obj, Repository):
355 continue
397 continue
356 else: # recursive == 'none':
398 else: # recursive == 'none':
357 # DEFAULT option - don't apply to iterated objects
399 # DEFAULT option - don't apply to iterated objects
358 # also we do a break at the end of this loop. if we are not
400 # also we do a break at the end of this loop. if we are not
359 # in recursive mode
401 # in recursive mode
360 obj = repo_group
402 obj = repo_group
361
403
362 # update permissions
404 # update permissions
363 for member_id, perm, member_type in perm_updates:
405 for member_id, perm, member_type in perm_updates:
364 member_id = int(member_id)
406 member_id = int(member_id)
365 if member_type == 'user':
407 if member_type == 'user':
366 # this updates also current one if found
408 # this updates also current one if found
367 _set_perm_user(obj, user=member_id, perm=perm)
409 _set_perm_user(obj, user=member_id, perm=perm)
368 else: # set for user group
410 else: # set for user group
369 member_name = UserGroup.get(member_id).users_group_name
411 member_name = UserGroup.get(member_id).users_group_name
370 if not check_perms or has_group_perm(member_name,
412 if not check_perms or has_group_perm(member_name,
371 user=cur_user):
413 user=cur_user):
372 _set_perm_group(obj, users_group=member_id, perm=perm)
414 _set_perm_group(obj, users_group=member_id, perm=perm)
373
415
374 # set new permissions
416 # set new permissions
375 for member_id, perm, member_type in perm_additions:
417 for member_id, perm, member_type in perm_additions:
376 member_id = int(member_id)
418 member_id = int(member_id)
377 if member_type == 'user':
419 if member_type == 'user':
378 _set_perm_user(obj, user=member_id, perm=perm)
420 _set_perm_user(obj, user=member_id, perm=perm)
379 else: # set for user group
421 else: # set for user group
380 # check if we have permissions to alter this usergroup
422 # check if we have permissions to alter this usergroup
381 member_name = UserGroup.get(member_id).users_group_name
423 member_name = UserGroup.get(member_id).users_group_name
382 if not check_perms or has_group_perm(member_name,
424 if not check_perms or has_group_perm(member_name,
383 user=cur_user):
425 user=cur_user):
384 _set_perm_group(obj, users_group=member_id, perm=perm)
426 _set_perm_group(obj, users_group=member_id, perm=perm)
385
427
386 # delete permissions
428 # delete permissions
387 for member_id, perm, member_type in perm_deletions:
429 for member_id, perm, member_type in perm_deletions:
388 member_id = int(member_id)
430 member_id = int(member_id)
389 if member_type == 'user':
431 if member_type == 'user':
390 _revoke_perm_user(obj, user=member_id)
432 _revoke_perm_user(obj, user=member_id)
391 else: # set for user group
433 else: # set for user group
392 # check if we have permissions to alter this usergroup
434 # check if we have permissions to alter this usergroup
393 member_name = UserGroup.get(member_id).users_group_name
435 member_name = UserGroup.get(member_id).users_group_name
394 if not check_perms or has_group_perm(member_name,
436 if not check_perms or has_group_perm(member_name,
395 user=cur_user):
437 user=cur_user):
396 _revoke_perm_group(obj, user_group=member_id)
438 _revoke_perm_group(obj, user_group=member_id)
397
439
398 updates.append(obj)
440 updates.append(obj)
399 # if it's not recursive call for all,repos,groups
441 # if it's not recursive call for all,repos,groups
400 # break the loop and don't proceed with other changes
442 # break the loop and don't proceed with other changes
401 if recursive not in ['all', 'repos', 'groups']:
443 if recursive not in ['all', 'repos', 'groups']:
402 break
444 break
403
445
404 return updates
446 return updates
405
447
406 def update(self, repo_group, form_data):
448 def update(self, repo_group, form_data):
407 try:
449 try:
408 repo_group = self._get_repo_group(repo_group)
450 repo_group = self._get_repo_group(repo_group)
409 old_path = repo_group.full_path
451 old_path = repo_group.full_path
410
452
411 # change properties
453 # change properties
412 if 'group_description' in form_data:
454 if 'group_description' in form_data:
413 repo_group.group_description = form_data['group_description']
455 repo_group.group_description = form_data['group_description']
414
456
415 if 'enable_locking' in form_data:
457 if 'enable_locking' in form_data:
416 repo_group.enable_locking = form_data['enable_locking']
458 repo_group.enable_locking = form_data['enable_locking']
417
459
418 if 'group_parent_id' in form_data:
460 if 'group_parent_id' in form_data:
419 parent_group = (
461 parent_group = (
420 self._get_repo_group(form_data['group_parent_id']))
462 self._get_repo_group(form_data['group_parent_id']))
421 repo_group.group_parent_id = (
463 repo_group.group_parent_id = (
422 parent_group.group_id if parent_group else None)
464 parent_group.group_id if parent_group else None)
423 repo_group.parent_group = parent_group
465 repo_group.parent_group = parent_group
424
466
425 # mikhail: to update the full_path, we have to explicitly
467 # mikhail: to update the full_path, we have to explicitly
426 # update group_name
468 # update group_name
427 group_name = form_data.get('group_name', repo_group.name)
469 group_name = form_data.get('group_name', repo_group.name)
428 repo_group.group_name = repo_group.get_new_name(group_name)
470 repo_group.group_name = repo_group.get_new_name(group_name)
429
471
430 new_path = repo_group.full_path
472 new_path = repo_group.full_path
431
473
432 if 'user' in form_data:
474 if 'user' in form_data:
433 repo_group.user = User.get_by_username(form_data['user'])
475 repo_group.user = User.get_by_username(form_data['user'])
434
476
435 self.sa.add(repo_group)
477 self.sa.add(repo_group)
436
478
437 # iterate over all members of this groups and do fixes
479 # iterate over all members of this groups and do fixes
438 # set locking if given
480 # set locking if given
439 # if obj is a repoGroup also fix the name of the group according
481 # if obj is a repoGroup also fix the name of the group according
440 # to the parent
482 # to the parent
441 # if obj is a Repo fix it's name
483 # if obj is a Repo fix it's name
442 # this can be potentially heavy operation
484 # this can be potentially heavy operation
443 for obj in repo_group.recursive_groups_and_repos():
485 for obj in repo_group.recursive_groups_and_repos():
444 # set the value from it's parent
486 # set the value from it's parent
445 obj.enable_locking = repo_group.enable_locking
487 obj.enable_locking = repo_group.enable_locking
446 if isinstance(obj, RepoGroup):
488 if isinstance(obj, RepoGroup):
447 new_name = obj.get_new_name(obj.name)
489 new_name = obj.get_new_name(obj.name)
448 log.debug('Fixing group %s to new name %s',
490 log.debug('Fixing group %s to new name %s',
449 obj.group_name, new_name)
491 obj.group_name, new_name)
450 obj.group_name = new_name
492 obj.group_name = new_name
451 elif isinstance(obj, Repository):
493 elif isinstance(obj, Repository):
452 # we need to get all repositories from this new group and
494 # we need to get all repositories from this new group and
453 # rename them accordingly to new group path
495 # rename them accordingly to new group path
454 new_name = obj.get_new_name(obj.just_name)
496 new_name = obj.get_new_name(obj.just_name)
455 log.debug('Fixing repo %s to new name %s',
497 log.debug('Fixing repo %s to new name %s',
456 obj.repo_name, new_name)
498 obj.repo_name, new_name)
457 obj.repo_name = new_name
499 obj.repo_name = new_name
458 self.sa.add(obj)
500 self.sa.add(obj)
459
501
460 self._rename_group(old_path, new_path)
502 self._rename_group(old_path, new_path)
461
503
462 # Trigger update event.
504 # Trigger update event.
463 events.trigger(events.RepoGroupUpdateEvent(repo_group))
505 events.trigger(events.RepoGroupUpdateEvent(repo_group))
464
506
465 return repo_group
507 return repo_group
466 except Exception:
508 except Exception:
467 log.error(traceback.format_exc())
509 log.error(traceback.format_exc())
468 raise
510 raise
469
511
470 def delete(self, repo_group, force_delete=False, fs_remove=True):
512 def delete(self, repo_group, force_delete=False, fs_remove=True):
471 repo_group = self._get_repo_group(repo_group)
513 repo_group = self._get_repo_group(repo_group)
472 if not repo_group:
514 if not repo_group:
473 return False
515 return False
474 try:
516 try:
475 self.sa.delete(repo_group)
517 self.sa.delete(repo_group)
476 if fs_remove:
518 if fs_remove:
477 self._delete_filesystem_group(repo_group, force_delete)
519 self._delete_filesystem_group(repo_group, force_delete)
478 else:
520 else:
479 log.debug('skipping removal from filesystem')
521 log.debug('skipping removal from filesystem')
480
522
481 # Trigger delete event.
523 # Trigger delete event.
482 events.trigger(events.RepoGroupDeleteEvent(repo_group))
524 events.trigger(events.RepoGroupDeleteEvent(repo_group))
483 return True
525 return True
484
526
485 except Exception:
527 except Exception:
486 log.error('Error removing repo_group %s', repo_group)
528 log.error('Error removing repo_group %s', repo_group)
487 raise
529 raise
488
530
489 def grant_user_permission(self, repo_group, user, perm):
531 def grant_user_permission(self, repo_group, user, perm):
490 """
532 """
491 Grant permission for user on given repository group, or update
533 Grant permission for user on given repository group, or update
492 existing one if found
534 existing one if found
493
535
494 :param repo_group: Instance of RepoGroup, repositories_group_id,
536 :param repo_group: Instance of RepoGroup, repositories_group_id,
495 or repositories_group name
537 or repositories_group name
496 :param user: Instance of User, user_id or username
538 :param user: Instance of User, user_id or username
497 :param perm: Instance of Permission, or permission_name
539 :param perm: Instance of Permission, or permission_name
498 """
540 """
499
541
500 repo_group = self._get_repo_group(repo_group)
542 repo_group = self._get_repo_group(repo_group)
501 user = self._get_user(user)
543 user = self._get_user(user)
502 permission = self._get_perm(perm)
544 permission = self._get_perm(perm)
503
545
504 # check if we have that permission already
546 # check if we have that permission already
505 obj = self.sa.query(UserRepoGroupToPerm)\
547 obj = self.sa.query(UserRepoGroupToPerm)\
506 .filter(UserRepoGroupToPerm.user == user)\
548 .filter(UserRepoGroupToPerm.user == user)\
507 .filter(UserRepoGroupToPerm.group == repo_group)\
549 .filter(UserRepoGroupToPerm.group == repo_group)\
508 .scalar()
550 .scalar()
509 if obj is None:
551 if obj is None:
510 # create new !
552 # create new !
511 obj = UserRepoGroupToPerm()
553 obj = UserRepoGroupToPerm()
512 obj.group = repo_group
554 obj.group = repo_group
513 obj.user = user
555 obj.user = user
514 obj.permission = permission
556 obj.permission = permission
515 self.sa.add(obj)
557 self.sa.add(obj)
516 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
558 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
517 action_logger_generic(
559 action_logger_generic(
518 'granted permission: {} to user: {} on repogroup: {}'.format(
560 'granted permission: {} to user: {} on repogroup: {}'.format(
519 perm, user, repo_group), namespace='security.repogroup')
561 perm, user, repo_group), namespace='security.repogroup')
520 return obj
562 return obj
521
563
522 def revoke_user_permission(self, repo_group, user):
564 def revoke_user_permission(self, repo_group, user):
523 """
565 """
524 Revoke permission for user on given repository group
566 Revoke permission for user on given repository group
525
567
526 :param repo_group: Instance of RepoGroup, repositories_group_id,
568 :param repo_group: Instance of RepoGroup, repositories_group_id,
527 or repositories_group name
569 or repositories_group name
528 :param user: Instance of User, user_id or username
570 :param user: Instance of User, user_id or username
529 """
571 """
530
572
531 repo_group = self._get_repo_group(repo_group)
573 repo_group = self._get_repo_group(repo_group)
532 user = self._get_user(user)
574 user = self._get_user(user)
533
575
534 obj = self.sa.query(UserRepoGroupToPerm)\
576 obj = self.sa.query(UserRepoGroupToPerm)\
535 .filter(UserRepoGroupToPerm.user == user)\
577 .filter(UserRepoGroupToPerm.user == user)\
536 .filter(UserRepoGroupToPerm.group == repo_group)\
578 .filter(UserRepoGroupToPerm.group == repo_group)\
537 .scalar()
579 .scalar()
538 if obj:
580 if obj:
539 self.sa.delete(obj)
581 self.sa.delete(obj)
540 log.debug('Revoked perm on %s on %s', repo_group, user)
582 log.debug('Revoked perm on %s on %s', repo_group, user)
541 action_logger_generic(
583 action_logger_generic(
542 'revoked permission from user: {} on repogroup: {}'.format(
584 'revoked permission from user: {} on repogroup: {}'.format(
543 user, repo_group), namespace='security.repogroup')
585 user, repo_group), namespace='security.repogroup')
544
586
545 def grant_user_group_permission(self, repo_group, group_name, perm):
587 def grant_user_group_permission(self, repo_group, group_name, perm):
546 """
588 """
547 Grant permission for user group on given repository group, or update
589 Grant permission for user group on given repository group, or update
548 existing one if found
590 existing one if found
549
591
550 :param repo_group: Instance of RepoGroup, repositories_group_id,
592 :param repo_group: Instance of RepoGroup, repositories_group_id,
551 or repositories_group name
593 or repositories_group name
552 :param group_name: Instance of UserGroup, users_group_id,
594 :param group_name: Instance of UserGroup, users_group_id,
553 or user group name
595 or user group name
554 :param perm: Instance of Permission, or permission_name
596 :param perm: Instance of Permission, or permission_name
555 """
597 """
556 repo_group = self._get_repo_group(repo_group)
598 repo_group = self._get_repo_group(repo_group)
557 group_name = self._get_user_group(group_name)
599 group_name = self._get_user_group(group_name)
558 permission = self._get_perm(perm)
600 permission = self._get_perm(perm)
559
601
560 # check if we have that permission already
602 # check if we have that permission already
561 obj = self.sa.query(UserGroupRepoGroupToPerm)\
603 obj = self.sa.query(UserGroupRepoGroupToPerm)\
562 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
604 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
563 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
605 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
564 .scalar()
606 .scalar()
565
607
566 if obj is None:
608 if obj is None:
567 # create new
609 # create new
568 obj = UserGroupRepoGroupToPerm()
610 obj = UserGroupRepoGroupToPerm()
569
611
570 obj.group = repo_group
612 obj.group = repo_group
571 obj.users_group = group_name
613 obj.users_group = group_name
572 obj.permission = permission
614 obj.permission = permission
573 self.sa.add(obj)
615 self.sa.add(obj)
574 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
616 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
575 action_logger_generic(
617 action_logger_generic(
576 'granted permission: {} to usergroup: {} on repogroup: {}'.format(
618 'granted permission: {} to usergroup: {} on repogroup: {}'.format(
577 perm, group_name, repo_group), namespace='security.repogroup')
619 perm, group_name, repo_group), namespace='security.repogroup')
578 return obj
620 return obj
579
621
580 def revoke_user_group_permission(self, repo_group, group_name):
622 def revoke_user_group_permission(self, repo_group, group_name):
581 """
623 """
582 Revoke permission for user group on given repository group
624 Revoke permission for user group on given repository group
583
625
584 :param repo_group: Instance of RepoGroup, repositories_group_id,
626 :param repo_group: Instance of RepoGroup, repositories_group_id,
585 or repositories_group name
627 or repositories_group name
586 :param group_name: Instance of UserGroup, users_group_id,
628 :param group_name: Instance of UserGroup, users_group_id,
587 or user group name
629 or user group name
588 """
630 """
589 repo_group = self._get_repo_group(repo_group)
631 repo_group = self._get_repo_group(repo_group)
590 group_name = self._get_user_group(group_name)
632 group_name = self._get_user_group(group_name)
591
633
592 obj = self.sa.query(UserGroupRepoGroupToPerm)\
634 obj = self.sa.query(UserGroupRepoGroupToPerm)\
593 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
635 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
594 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
636 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
595 .scalar()
637 .scalar()
596 if obj:
638 if obj:
597 self.sa.delete(obj)
639 self.sa.delete(obj)
598 log.debug('Revoked perm to %s on %s', repo_group, group_name)
640 log.debug('Revoked perm to %s on %s', repo_group, group_name)
599 action_logger_generic(
641 action_logger_generic(
600 'revoked permission from usergroup: {} on repogroup: {}'.format(
642 'revoked permission from usergroup: {} on repogroup: {}'.format(
601 group_name, repo_group), namespace='security.repogroup')
643 group_name, repo_group), namespace='security.repogroup')
602
644
603 def get_repo_groups_as_dict(self, repo_group_list=None, admin=False,
645 def get_repo_groups_as_dict(self, repo_group_list=None, admin=False,
604 super_user_actions=False):
646 super_user_actions=False):
605
647
606 from rhodecode.lib.utils import PartialRenderer
648 from rhodecode.lib.utils import PartialRenderer
607 _render = PartialRenderer('data_table/_dt_elements.html')
649 _render = PartialRenderer('data_table/_dt_elements.html')
608 c = _render.c
650 c = _render.c
609 h = _render.h
651 h = _render.h
610
652
611 def quick_menu(repo_group_name):
653 def quick_menu(repo_group_name):
612 return _render('quick_repo_group_menu', repo_group_name)
654 return _render('quick_repo_group_menu', repo_group_name)
613
655
614 def repo_group_lnk(repo_group_name):
656 def repo_group_lnk(repo_group_name):
615 return _render('repo_group_name', repo_group_name)
657 return _render('repo_group_name', repo_group_name)
616
658
617 def desc(desc):
659 def desc(desc):
618 if c.visual.stylify_metatags:
660 if c.visual.stylify_metatags:
619 return h.urlify_text(h.escaped_stylize(h.truncate(desc, 60)))
661 return h.urlify_text(h.escaped_stylize(h.truncate(desc, 60)))
620 else:
662 else:
621 return h.urlify_text(h.html_escape(h.truncate(desc, 60)))
663 return h.urlify_text(h.html_escape(h.truncate(desc, 60)))
622
664
623 def repo_group_actions(repo_group_id, repo_group_name, gr_count):
665 def repo_group_actions(repo_group_id, repo_group_name, gr_count):
624 return _render(
666 return _render(
625 'repo_group_actions', repo_group_id, repo_group_name, gr_count)
667 'repo_group_actions', repo_group_id, repo_group_name, gr_count)
626
668
627 def repo_group_name(repo_group_name, children_groups):
669 def repo_group_name(repo_group_name, children_groups):
628 return _render("repo_group_name", repo_group_name, children_groups)
670 return _render("repo_group_name", repo_group_name, children_groups)
629
671
630 def user_profile(username):
672 def user_profile(username):
631 return _render('user_profile', username)
673 return _render('user_profile', username)
632
674
633 repo_group_data = []
675 repo_group_data = []
634 for group in repo_group_list:
676 for group in repo_group_list:
635
677
636 row = {
678 row = {
637 "menu": quick_menu(group.group_name),
679 "menu": quick_menu(group.group_name),
638 "name": repo_group_lnk(group.group_name),
680 "name": repo_group_lnk(group.group_name),
639 "name_raw": group.group_name,
681 "name_raw": group.group_name,
640 "desc": desc(group.group_description),
682 "desc": desc(group.group_description),
641 "top_level_repos": 0,
683 "top_level_repos": 0,
642 "owner": user_profile(group.user.username)
684 "owner": user_profile(group.user.username)
643 }
685 }
644 if admin:
686 if admin:
645 repo_count = group.repositories.count()
687 repo_count = group.repositories.count()
646 children_groups = map(
688 children_groups = map(
647 h.safe_unicode,
689 h.safe_unicode,
648 itertools.chain((g.name for g in group.parents),
690 itertools.chain((g.name for g in group.parents),
649 (x.name for x in [group])))
691 (x.name for x in [group])))
650 row.update({
692 row.update({
651 "action": repo_group_actions(
693 "action": repo_group_actions(
652 group.group_id, group.group_name, repo_count),
694 group.group_id, group.group_name, repo_count),
653 "top_level_repos": repo_count,
695 "top_level_repos": repo_count,
654 "name": repo_group_name(group.group_name, children_groups),
696 "name": repo_group_name(group.group_name, children_groups),
655
697
656 })
698 })
657 repo_group_data.append(row)
699 repo_group_data.append(row)
658
700
659 return repo_group_data
701 return repo_group_data
@@ -1,839 +1,845 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 users model for RhodeCode
22 users model for RhodeCode
23 """
23 """
24
24
25 import logging
25 import logging
26 import traceback
26 import traceback
27
27
28 import datetime
28 import datetime
29 from pylons.i18n.translation import _
29 from pylons.i18n.translation import _
30
30
31 import ipaddress
31 import ipaddress
32 from sqlalchemy.exc import DatabaseError
32 from sqlalchemy.exc import DatabaseError
33 from sqlalchemy.sql.expression import true, false
33 from sqlalchemy.sql.expression import true, false
34
34
35 from rhodecode import events
35 from rhodecode import events
36 from rhodecode.lib.utils2 import (
36 from rhodecode.lib.utils2 import (
37 safe_unicode, get_current_rhodecode_user, action_logger_generic,
37 safe_unicode, get_current_rhodecode_user, action_logger_generic,
38 AttributeDict)
38 AttributeDict, str2bool)
39 from rhodecode.lib.caching_query import FromCache
39 from rhodecode.lib.caching_query import FromCache
40 from rhodecode.model import BaseModel
40 from rhodecode.model import BaseModel
41 from rhodecode.model.auth_token import AuthTokenModel
41 from rhodecode.model.auth_token import AuthTokenModel
42 from rhodecode.model.db import (
42 from rhodecode.model.db import (
43 User, UserToPerm, UserEmailMap, UserIpMap)
43 User, UserToPerm, UserEmailMap, UserIpMap)
44 from rhodecode.lib.exceptions import (
44 from rhodecode.lib.exceptions import (
45 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
45 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
46 UserOwnsUserGroupsException, NotAllowedToCreateUserError)
46 UserOwnsUserGroupsException, NotAllowedToCreateUserError)
47 from rhodecode.model.meta import Session
47 from rhodecode.model.meta import Session
48 from rhodecode.model.repo_group import RepoGroupModel
48 from rhodecode.model.repo_group import RepoGroupModel
49
49
50
50
51 log = logging.getLogger(__name__)
51 log = logging.getLogger(__name__)
52
52
53
53
54 class UserModel(BaseModel):
54 class UserModel(BaseModel):
55 cls = User
55 cls = User
56
56
57 def get(self, user_id, cache=False):
57 def get(self, user_id, cache=False):
58 user = self.sa.query(User)
58 user = self.sa.query(User)
59 if cache:
59 if cache:
60 user = user.options(FromCache("sql_cache_short",
60 user = user.options(FromCache("sql_cache_short",
61 "get_user_%s" % user_id))
61 "get_user_%s" % user_id))
62 return user.get(user_id)
62 return user.get(user_id)
63
63
64 def get_user(self, user):
64 def get_user(self, user):
65 return self._get_user(user)
65 return self._get_user(user)
66
66
67 def get_by_username(self, username, cache=False, case_insensitive=False):
67 def get_by_username(self, username, cache=False, case_insensitive=False):
68
68
69 if case_insensitive:
69 if case_insensitive:
70 user = self.sa.query(User).filter(User.username.ilike(username))
70 user = self.sa.query(User).filter(User.username.ilike(username))
71 else:
71 else:
72 user = self.sa.query(User)\
72 user = self.sa.query(User)\
73 .filter(User.username == username)
73 .filter(User.username == username)
74 if cache:
74 if cache:
75 user = user.options(FromCache("sql_cache_short",
75 user = user.options(FromCache("sql_cache_short",
76 "get_user_%s" % username))
76 "get_user_%s" % username))
77 return user.scalar()
77 return user.scalar()
78
78
79 def get_by_email(self, email, cache=False, case_insensitive=False):
79 def get_by_email(self, email, cache=False, case_insensitive=False):
80 return User.get_by_email(email, case_insensitive, cache)
80 return User.get_by_email(email, case_insensitive, cache)
81
81
82 def get_by_auth_token(self, auth_token, cache=False):
82 def get_by_auth_token(self, auth_token, cache=False):
83 return User.get_by_auth_token(auth_token, cache)
83 return User.get_by_auth_token(auth_token, cache)
84
84
85 def get_active_user_count(self, cache=False):
85 def get_active_user_count(self, cache=False):
86 return User.query().filter(
86 return User.query().filter(
87 User.active == True).filter(
87 User.active == True).filter(
88 User.username != User.DEFAULT_USER).count()
88 User.username != User.DEFAULT_USER).count()
89
89
90 def create(self, form_data, cur_user=None):
90 def create(self, form_data, cur_user=None):
91 if not cur_user:
91 if not cur_user:
92 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
92 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
93
93
94 user_data = {
94 user_data = {
95 'username': form_data['username'],
95 'username': form_data['username'],
96 'password': form_data['password'],
96 'password': form_data['password'],
97 'email': form_data['email'],
97 'email': form_data['email'],
98 'firstname': form_data['firstname'],
98 'firstname': form_data['firstname'],
99 'lastname': form_data['lastname'],
99 'lastname': form_data['lastname'],
100 'active': form_data['active'],
100 'active': form_data['active'],
101 'extern_type': form_data['extern_type'],
101 'extern_type': form_data['extern_type'],
102 'extern_name': form_data['extern_name'],
102 'extern_name': form_data['extern_name'],
103 'admin': False,
103 'admin': False,
104 'cur_user': cur_user
104 'cur_user': cur_user
105 }
105 }
106
106
107 if 'create_repo_group' in form_data:
108 user_data['create_repo_group'] = str2bool(
109 form_data.get('create_repo_group'))
110
107 try:
111 try:
108 if form_data.get('create_repo_group'):
109 user_data['create_repo_group'] = True
110 if form_data.get('password_change'):
112 if form_data.get('password_change'):
111 user_data['force_password_change'] = True
113 user_data['force_password_change'] = True
112
113 return UserModel().create_or_update(**user_data)
114 return UserModel().create_or_update(**user_data)
114 except Exception:
115 except Exception:
115 log.error(traceback.format_exc())
116 log.error(traceback.format_exc())
116 raise
117 raise
117
118
118 def update_user(self, user, skip_attrs=None, **kwargs):
119 def update_user(self, user, skip_attrs=None, **kwargs):
119 from rhodecode.lib.auth import get_crypt_password
120 from rhodecode.lib.auth import get_crypt_password
120
121
121 user = self._get_user(user)
122 user = self._get_user(user)
122 if user.username == User.DEFAULT_USER:
123 if user.username == User.DEFAULT_USER:
123 raise DefaultUserException(
124 raise DefaultUserException(
124 _("You can't Edit this user since it's"
125 _("You can't Edit this user since it's"
125 " crucial for entire application"))
126 " crucial for entire application"))
126
127
127 # first store only defaults
128 # first store only defaults
128 user_attrs = {
129 user_attrs = {
129 'updating_user_id': user.user_id,
130 'updating_user_id': user.user_id,
130 'username': user.username,
131 'username': user.username,
131 'password': user.password,
132 'password': user.password,
132 'email': user.email,
133 'email': user.email,
133 'firstname': user.name,
134 'firstname': user.name,
134 'lastname': user.lastname,
135 'lastname': user.lastname,
135 'active': user.active,
136 'active': user.active,
136 'admin': user.admin,
137 'admin': user.admin,
137 'extern_name': user.extern_name,
138 'extern_name': user.extern_name,
138 'extern_type': user.extern_type,
139 'extern_type': user.extern_type,
139 'language': user.user_data.get('language')
140 'language': user.user_data.get('language')
140 }
141 }
141
142
142 # in case there's new_password, that comes from form, use it to
143 # in case there's new_password, that comes from form, use it to
143 # store password
144 # store password
144 if kwargs.get('new_password'):
145 if kwargs.get('new_password'):
145 kwargs['password'] = kwargs['new_password']
146 kwargs['password'] = kwargs['new_password']
146
147
147 # cleanups, my_account password change form
148 # cleanups, my_account password change form
148 kwargs.pop('current_password', None)
149 kwargs.pop('current_password', None)
149 kwargs.pop('new_password', None)
150 kwargs.pop('new_password', None)
150
151
151 # cleanups, user edit password change form
152 # cleanups, user edit password change form
152 kwargs.pop('password_confirmation', None)
153 kwargs.pop('password_confirmation', None)
153 kwargs.pop('password_change', None)
154 kwargs.pop('password_change', None)
154
155
155 # create repo group on user creation
156 # create repo group on user creation
156 kwargs.pop('create_repo_group', None)
157 kwargs.pop('create_repo_group', None)
157
158
158 # legacy forms send name, which is the firstname
159 # legacy forms send name, which is the firstname
159 firstname = kwargs.pop('name', None)
160 firstname = kwargs.pop('name', None)
160 if firstname:
161 if firstname:
161 kwargs['firstname'] = firstname
162 kwargs['firstname'] = firstname
162
163
163 for k, v in kwargs.items():
164 for k, v in kwargs.items():
164 # skip if we don't want to update this
165 # skip if we don't want to update this
165 if skip_attrs and k in skip_attrs:
166 if skip_attrs and k in skip_attrs:
166 continue
167 continue
167
168
168 user_attrs[k] = v
169 user_attrs[k] = v
169
170
170 try:
171 try:
171 return self.create_or_update(**user_attrs)
172 return self.create_or_update(**user_attrs)
172 except Exception:
173 except Exception:
173 log.error(traceback.format_exc())
174 log.error(traceback.format_exc())
174 raise
175 raise
175
176
176 def create_or_update(
177 def create_or_update(
177 self, username, password, email, firstname='', lastname='',
178 self, username, password, email, firstname='', lastname='',
178 active=True, admin=False, extern_type=None, extern_name=None,
179 active=True, admin=False, extern_type=None, extern_name=None,
179 cur_user=None, plugin=None, force_password_change=False,
180 cur_user=None, plugin=None, force_password_change=False,
180 allow_to_create_user=True, create_repo_group=False,
181 allow_to_create_user=True, create_repo_group=None,
181 updating_user_id=None, language=None, strict_creation_check=True):
182 updating_user_id=None, language=None, strict_creation_check=True):
182 """
183 """
183 Creates a new instance if not found, or updates current one
184 Creates a new instance if not found, or updates current one
184
185
185 :param username:
186 :param username:
186 :param password:
187 :param password:
187 :param email:
188 :param email:
188 :param firstname:
189 :param firstname:
189 :param lastname:
190 :param lastname:
190 :param active:
191 :param active:
191 :param admin:
192 :param admin:
192 :param extern_type:
193 :param extern_type:
193 :param extern_name:
194 :param extern_name:
194 :param cur_user:
195 :param cur_user:
195 :param plugin: optional plugin this method was called from
196 :param plugin: optional plugin this method was called from
196 :param force_password_change: toggles new or existing user flag
197 :param force_password_change: toggles new or existing user flag
197 for password change
198 for password change
198 :param allow_to_create_user: Defines if the method can actually create
199 :param allow_to_create_user: Defines if the method can actually create
199 new users
200 new users
200 :param create_repo_group: Defines if the method should also
201 :param create_repo_group: Defines if the method should also
201 create an repo group with user name, and owner
202 create an repo group with user name, and owner
202 :param updating_user_id: if we set it up this is the user we want to
203 :param updating_user_id: if we set it up this is the user we want to
203 update this allows to editing username.
204 update this allows to editing username.
204 :param language: language of user from interface.
205 :param language: language of user from interface.
205
206
206 :returns: new User object with injected `is_new_user` attribute.
207 :returns: new User object with injected `is_new_user` attribute.
207 """
208 """
208 if not cur_user:
209 if not cur_user:
209 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
210 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
210
211
211 from rhodecode.lib.auth import (
212 from rhodecode.lib.auth import (
212 get_crypt_password, check_password, generate_auth_token)
213 get_crypt_password, check_password, generate_auth_token)
213 from rhodecode.lib.hooks_base import (
214 from rhodecode.lib.hooks_base import (
214 log_create_user, check_allowed_create_user)
215 log_create_user, check_allowed_create_user)
215
216
216 def _password_change(new_user, password):
217 def _password_change(new_user, password):
217 # empty password
218 # empty password
218 if not new_user.password:
219 if not new_user.password:
219 return False
220 return False
220
221
221 # password check is only needed for RhodeCode internal auth calls
222 # password check is only needed for RhodeCode internal auth calls
222 # in case it's a plugin we don't care
223 # in case it's a plugin we don't care
223 if not plugin:
224 if not plugin:
224
225
225 # first check if we gave crypted password back, and if it matches
226 # first check if we gave crypted password back, and if it
226 # it's not password change
227 # matches it's not password change
227 if new_user.password == password:
228 if new_user.password == password:
228 return False
229 return False
229
230
230 password_match = check_password(password, new_user.password)
231 password_match = check_password(password, new_user.password)
231 if not password_match:
232 if not password_match:
232 return True
233 return True
233
234
234 return False
235 return False
235
236
237 # read settings on default personal repo group creation
238 if create_repo_group is None:
239 default_create_repo_group = RepoGroupModel()\
240 .get_default_create_personal_repo_group()
241 create_repo_group = default_create_repo_group
242
236 user_data = {
243 user_data = {
237 'username': username,
244 'username': username,
238 'password': password,
245 'password': password,
239 'email': email,
246 'email': email,
240 'firstname': firstname,
247 'firstname': firstname,
241 'lastname': lastname,
248 'lastname': lastname,
242 'active': active,
249 'active': active,
243 'admin': admin
250 'admin': admin
244 }
251 }
245
252
246 if updating_user_id:
253 if updating_user_id:
247 log.debug('Checking for existing account in RhodeCode '
254 log.debug('Checking for existing account in RhodeCode '
248 'database with user_id `%s` ' % (updating_user_id,))
255 'database with user_id `%s` ' % (updating_user_id,))
249 user = User.get(updating_user_id)
256 user = User.get(updating_user_id)
250 else:
257 else:
251 log.debug('Checking for existing account in RhodeCode '
258 log.debug('Checking for existing account in RhodeCode '
252 'database with username `%s` ' % (username,))
259 'database with username `%s` ' % (username,))
253 user = User.get_by_username(username, case_insensitive=True)
260 user = User.get_by_username(username, case_insensitive=True)
254
261
255 if user is None:
262 if user is None:
256 # we check internal flag if this method is actually allowed to
263 # we check internal flag if this method is actually allowed to
257 # create new user
264 # create new user
258 if not allow_to_create_user:
265 if not allow_to_create_user:
259 msg = ('Method wants to create new user, but it is not '
266 msg = ('Method wants to create new user, but it is not '
260 'allowed to do so')
267 'allowed to do so')
261 log.warning(msg)
268 log.warning(msg)
262 raise NotAllowedToCreateUserError(msg)
269 raise NotAllowedToCreateUserError(msg)
263
270
264 log.debug('Creating new user %s', username)
271 log.debug('Creating new user %s', username)
265
272
266 # only if we create user that is active
273 # only if we create user that is active
267 new_active_user = active
274 new_active_user = active
268 if new_active_user and strict_creation_check:
275 if new_active_user and strict_creation_check:
269 # raises UserCreationError if it's not allowed for any reason to
276 # raises UserCreationError if it's not allowed for any reason to
270 # create new active user, this also executes pre-create hooks
277 # create new active user, this also executes pre-create hooks
271 check_allowed_create_user(user_data, cur_user, strict_check=True)
278 check_allowed_create_user(user_data, cur_user, strict_check=True)
272 events.trigger(events.UserPreCreate(user_data))
279 events.trigger(events.UserPreCreate(user_data))
273 new_user = User()
280 new_user = User()
274 edit = False
281 edit = False
275 else:
282 else:
276 log.debug('updating user %s', username)
283 log.debug('updating user %s', username)
277 events.trigger(events.UserPreUpdate(user, user_data))
284 events.trigger(events.UserPreUpdate(user, user_data))
278 new_user = user
285 new_user = user
279 edit = True
286 edit = True
280
287
281 # we're not allowed to edit default user
288 # we're not allowed to edit default user
282 if user.username == User.DEFAULT_USER:
289 if user.username == User.DEFAULT_USER:
283 raise DefaultUserException(
290 raise DefaultUserException(
284 _("You can't edit this user (`%(username)s`) since it's "
291 _("You can't edit this user (`%(username)s`) since it's "
285 "crucial for entire application") % {'username': user.username})
292 "crucial for entire application") % {'username': user.username})
286
293
287 # inject special attribute that will tell us if User is new or old
294 # inject special attribute that will tell us if User is new or old
288 new_user.is_new_user = not edit
295 new_user.is_new_user = not edit
289 # for users that didn's specify auth type, we use RhodeCode built in
296 # for users that didn's specify auth type, we use RhodeCode built in
290 from rhodecode.authentication.plugins import auth_rhodecode
297 from rhodecode.authentication.plugins import auth_rhodecode
291 extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
298 extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
292 extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
299 extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
293
300
294 try:
301 try:
295 new_user.username = username
302 new_user.username = username
296 new_user.admin = admin
303 new_user.admin = admin
297 new_user.email = email
304 new_user.email = email
298 new_user.active = active
305 new_user.active = active
299 new_user.extern_name = safe_unicode(extern_name)
306 new_user.extern_name = safe_unicode(extern_name)
300 new_user.extern_type = safe_unicode(extern_type)
307 new_user.extern_type = safe_unicode(extern_type)
301 new_user.name = firstname
308 new_user.name = firstname
302 new_user.lastname = lastname
309 new_user.lastname = lastname
303
310
304 if not edit:
311 if not edit:
305 new_user.api_key = generate_auth_token(username)
312 new_user.api_key = generate_auth_token(username)
306
313
307 # set password only if creating an user or password is changed
314 # set password only if creating an user or password is changed
308 if not edit or _password_change(new_user, password):
315 if not edit or _password_change(new_user, password):
309 reason = 'new password' if edit else 'new user'
316 reason = 'new password' if edit else 'new user'
310 log.debug('Updating password reason=>%s', reason)
317 log.debug('Updating password reason=>%s', reason)
311 new_user.password = get_crypt_password(password) if password else None
318 new_user.password = get_crypt_password(password) if password else None
312
319
313 if force_password_change:
320 if force_password_change:
314 new_user.update_userdata(force_password_change=True)
321 new_user.update_userdata(force_password_change=True)
315 if language:
322 if language:
316 new_user.update_userdata(language=language)
323 new_user.update_userdata(language=language)
317 new_user.update_userdata(notification_status=True)
324 new_user.update_userdata(notification_status=True)
318
325
319 self.sa.add(new_user)
326 self.sa.add(new_user)
320
327
321 if not edit and create_repo_group:
328 if not edit and create_repo_group:
322 # create new group same as username, and make this user an owner
329 RepoGroupModel().create_personal_repo_group(
323 desc = RepoGroupModel.PERSONAL_GROUP_DESC % {'username': username}
330 new_user, commit_early=False)
324 RepoGroupModel().create(group_name=username,
331
325 group_description=desc,
326 owner=username, commit_early=False)
327 if not edit:
332 if not edit:
328 # add the RSS token
333 # add the RSS token
329 AuthTokenModel().create(username,
334 AuthTokenModel().create(username,
330 description='Generated feed token',
335 description='Generated feed token',
331 role=AuthTokenModel.cls.ROLE_FEED)
336 role=AuthTokenModel.cls.ROLE_FEED)
332 log_create_user(created_by=cur_user, **new_user.get_dict())
337 log_create_user(created_by=cur_user, **new_user.get_dict())
338 events.trigger(events.UserPostCreate(user_data))
333 return new_user
339 return new_user
334 except (DatabaseError,):
340 except (DatabaseError,):
335 log.error(traceback.format_exc())
341 log.error(traceback.format_exc())
336 raise
342 raise
337
343
338 def create_registration(self, form_data):
344 def create_registration(self, form_data):
339 from rhodecode.model.notification import NotificationModel
345 from rhodecode.model.notification import NotificationModel
340 from rhodecode.model.notification import EmailNotificationModel
346 from rhodecode.model.notification import EmailNotificationModel
341
347
342 try:
348 try:
343 form_data['admin'] = False
349 form_data['admin'] = False
344 form_data['extern_name'] = 'rhodecode'
350 form_data['extern_name'] = 'rhodecode'
345 form_data['extern_type'] = 'rhodecode'
351 form_data['extern_type'] = 'rhodecode'
346 new_user = self.create(form_data)
352 new_user = self.create(form_data)
347
353
348 self.sa.add(new_user)
354 self.sa.add(new_user)
349 self.sa.flush()
355 self.sa.flush()
350
356
351 user_data = new_user.get_dict()
357 user_data = new_user.get_dict()
352 kwargs = {
358 kwargs = {
353 # use SQLALCHEMY safe dump of user data
359 # use SQLALCHEMY safe dump of user data
354 'user': AttributeDict(user_data),
360 'user': AttributeDict(user_data),
355 'date': datetime.datetime.now()
361 'date': datetime.datetime.now()
356 }
362 }
357 notification_type = EmailNotificationModel.TYPE_REGISTRATION
363 notification_type = EmailNotificationModel.TYPE_REGISTRATION
358 # pre-generate the subject for notification itself
364 # pre-generate the subject for notification itself
359 (subject,
365 (subject,
360 _h, _e, # we don't care about those
366 _h, _e, # we don't care about those
361 body_plaintext) = EmailNotificationModel().render_email(
367 body_plaintext) = EmailNotificationModel().render_email(
362 notification_type, **kwargs)
368 notification_type, **kwargs)
363
369
364 # create notification objects, and emails
370 # create notification objects, and emails
365 NotificationModel().create(
371 NotificationModel().create(
366 created_by=new_user,
372 created_by=new_user,
367 notification_subject=subject,
373 notification_subject=subject,
368 notification_body=body_plaintext,
374 notification_body=body_plaintext,
369 notification_type=notification_type,
375 notification_type=notification_type,
370 recipients=None, # all admins
376 recipients=None, # all admins
371 email_kwargs=kwargs,
377 email_kwargs=kwargs,
372 )
378 )
373
379
374 return new_user
380 return new_user
375 except Exception:
381 except Exception:
376 log.error(traceback.format_exc())
382 log.error(traceback.format_exc())
377 raise
383 raise
378
384
379 def _handle_user_repos(self, username, repositories, handle_mode=None):
385 def _handle_user_repos(self, username, repositories, handle_mode=None):
380 _superadmin = self.cls.get_first_super_admin()
386 _superadmin = self.cls.get_first_super_admin()
381 left_overs = True
387 left_overs = True
382
388
383 from rhodecode.model.repo import RepoModel
389 from rhodecode.model.repo import RepoModel
384
390
385 if handle_mode == 'detach':
391 if handle_mode == 'detach':
386 for obj in repositories:
392 for obj in repositories:
387 obj.user = _superadmin
393 obj.user = _superadmin
388 # set description we know why we super admin now owns
394 # set description we know why we super admin now owns
389 # additional repositories that were orphaned !
395 # additional repositories that were orphaned !
390 obj.description += ' \n::detached repository from deleted user: %s' % (username,)
396 obj.description += ' \n::detached repository from deleted user: %s' % (username,)
391 self.sa.add(obj)
397 self.sa.add(obj)
392 left_overs = False
398 left_overs = False
393 elif handle_mode == 'delete':
399 elif handle_mode == 'delete':
394 for obj in repositories:
400 for obj in repositories:
395 RepoModel().delete(obj, forks='detach')
401 RepoModel().delete(obj, forks='detach')
396 left_overs = False
402 left_overs = False
397
403
398 # if nothing is done we have left overs left
404 # if nothing is done we have left overs left
399 return left_overs
405 return left_overs
400
406
401 def _handle_user_repo_groups(self, username, repository_groups,
407 def _handle_user_repo_groups(self, username, repository_groups,
402 handle_mode=None):
408 handle_mode=None):
403 _superadmin = self.cls.get_first_super_admin()
409 _superadmin = self.cls.get_first_super_admin()
404 left_overs = True
410 left_overs = True
405
411
406 from rhodecode.model.repo_group import RepoGroupModel
412 from rhodecode.model.repo_group import RepoGroupModel
407
413
408 if handle_mode == 'detach':
414 if handle_mode == 'detach':
409 for r in repository_groups:
415 for r in repository_groups:
410 r.user = _superadmin
416 r.user = _superadmin
411 # set description we know why we super admin now owns
417 # set description we know why we super admin now owns
412 # additional repositories that were orphaned !
418 # additional repositories that were orphaned !
413 r.group_description += ' \n::detached repository group from deleted user: %s' % (username,)
419 r.group_description += ' \n::detached repository group from deleted user: %s' % (username,)
414 self.sa.add(r)
420 self.sa.add(r)
415 left_overs = False
421 left_overs = False
416 elif handle_mode == 'delete':
422 elif handle_mode == 'delete':
417 for r in repository_groups:
423 for r in repository_groups:
418 RepoGroupModel().delete(r)
424 RepoGroupModel().delete(r)
419 left_overs = False
425 left_overs = False
420
426
421 # if nothing is done we have left overs left
427 # if nothing is done we have left overs left
422 return left_overs
428 return left_overs
423
429
424 def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
430 def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
425 _superadmin = self.cls.get_first_super_admin()
431 _superadmin = self.cls.get_first_super_admin()
426 left_overs = True
432 left_overs = True
427
433
428 from rhodecode.model.user_group import UserGroupModel
434 from rhodecode.model.user_group import UserGroupModel
429
435
430 if handle_mode == 'detach':
436 if handle_mode == 'detach':
431 for r in user_groups:
437 for r in user_groups:
432 for user_user_group_to_perm in r.user_user_group_to_perm:
438 for user_user_group_to_perm in r.user_user_group_to_perm:
433 if user_user_group_to_perm.user.username == username:
439 if user_user_group_to_perm.user.username == username:
434 user_user_group_to_perm.user = _superadmin
440 user_user_group_to_perm.user = _superadmin
435 r.user = _superadmin
441 r.user = _superadmin
436 # set description we know why we super admin now owns
442 # set description we know why we super admin now owns
437 # additional repositories that were orphaned !
443 # additional repositories that were orphaned !
438 r.user_group_description += ' \n::detached user group from deleted user: %s' % (username,)
444 r.user_group_description += ' \n::detached user group from deleted user: %s' % (username,)
439 self.sa.add(r)
445 self.sa.add(r)
440 left_overs = False
446 left_overs = False
441 elif handle_mode == 'delete':
447 elif handle_mode == 'delete':
442 for r in user_groups:
448 for r in user_groups:
443 UserGroupModel().delete(r)
449 UserGroupModel().delete(r)
444 left_overs = False
450 left_overs = False
445
451
446 # if nothing is done we have left overs left
452 # if nothing is done we have left overs left
447 return left_overs
453 return left_overs
448
454
449 def delete(self, user, cur_user=None, handle_repos=None,
455 def delete(self, user, cur_user=None, handle_repos=None,
450 handle_repo_groups=None, handle_user_groups=None):
456 handle_repo_groups=None, handle_user_groups=None):
451 if not cur_user:
457 if not cur_user:
452 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
458 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
453 user = self._get_user(user)
459 user = self._get_user(user)
454
460
455 try:
461 try:
456 if user.username == User.DEFAULT_USER:
462 if user.username == User.DEFAULT_USER:
457 raise DefaultUserException(
463 raise DefaultUserException(
458 _(u"You can't remove this user since it's"
464 _(u"You can't remove this user since it's"
459 u" crucial for entire application"))
465 u" crucial for entire application"))
460
466
461 left_overs = self._handle_user_repos(
467 left_overs = self._handle_user_repos(
462 user.username, user.repositories, handle_repos)
468 user.username, user.repositories, handle_repos)
463 if left_overs and user.repositories:
469 if left_overs and user.repositories:
464 repos = [x.repo_name for x in user.repositories]
470 repos = [x.repo_name for x in user.repositories]
465 raise UserOwnsReposException(
471 raise UserOwnsReposException(
466 _(u'user "%s" still owns %s repositories and cannot be '
472 _(u'user "%s" still owns %s repositories and cannot be '
467 u'removed. Switch owners or remove those repositories:%s')
473 u'removed. Switch owners or remove those repositories:%s')
468 % (user.username, len(repos), ', '.join(repos)))
474 % (user.username, len(repos), ', '.join(repos)))
469
475
470 left_overs = self._handle_user_repo_groups(
476 left_overs = self._handle_user_repo_groups(
471 user.username, user.repository_groups, handle_repo_groups)
477 user.username, user.repository_groups, handle_repo_groups)
472 if left_overs and user.repository_groups:
478 if left_overs and user.repository_groups:
473 repo_groups = [x.group_name for x in user.repository_groups]
479 repo_groups = [x.group_name for x in user.repository_groups]
474 raise UserOwnsRepoGroupsException(
480 raise UserOwnsRepoGroupsException(
475 _(u'user "%s" still owns %s repository groups and cannot be '
481 _(u'user "%s" still owns %s repository groups and cannot be '
476 u'removed. Switch owners or remove those repository groups:%s')
482 u'removed. Switch owners or remove those repository groups:%s')
477 % (user.username, len(repo_groups), ', '.join(repo_groups)))
483 % (user.username, len(repo_groups), ', '.join(repo_groups)))
478
484
479 left_overs = self._handle_user_user_groups(
485 left_overs = self._handle_user_user_groups(
480 user.username, user.user_groups, handle_user_groups)
486 user.username, user.user_groups, handle_user_groups)
481 if left_overs and user.user_groups:
487 if left_overs and user.user_groups:
482 user_groups = [x.users_group_name for x in user.user_groups]
488 user_groups = [x.users_group_name for x in user.user_groups]
483 raise UserOwnsUserGroupsException(
489 raise UserOwnsUserGroupsException(
484 _(u'user "%s" still owns %s user groups and cannot be '
490 _(u'user "%s" still owns %s user groups and cannot be '
485 u'removed. Switch owners or remove those user groups:%s')
491 u'removed. Switch owners or remove those user groups:%s')
486 % (user.username, len(user_groups), ', '.join(user_groups)))
492 % (user.username, len(user_groups), ', '.join(user_groups)))
487
493
488 # we might change the user data with detach/delete, make sure
494 # we might change the user data with detach/delete, make sure
489 # the object is marked as expired before actually deleting !
495 # the object is marked as expired before actually deleting !
490 self.sa.expire(user)
496 self.sa.expire(user)
491 self.sa.delete(user)
497 self.sa.delete(user)
492 from rhodecode.lib.hooks_base import log_delete_user
498 from rhodecode.lib.hooks_base import log_delete_user
493 log_delete_user(deleted_by=cur_user, **user.get_dict())
499 log_delete_user(deleted_by=cur_user, **user.get_dict())
494 except Exception:
500 except Exception:
495 log.error(traceback.format_exc())
501 log.error(traceback.format_exc())
496 raise
502 raise
497
503
498 def reset_password_link(self, data, pwd_reset_url):
504 def reset_password_link(self, data, pwd_reset_url):
499 from rhodecode.lib.celerylib import tasks, run_task
505 from rhodecode.lib.celerylib import tasks, run_task
500 from rhodecode.model.notification import EmailNotificationModel
506 from rhodecode.model.notification import EmailNotificationModel
501 user_email = data['email']
507 user_email = data['email']
502 try:
508 try:
503 user = User.get_by_email(user_email)
509 user = User.get_by_email(user_email)
504 if user:
510 if user:
505 log.debug('password reset user found %s', user)
511 log.debug('password reset user found %s', user)
506
512
507 email_kwargs = {
513 email_kwargs = {
508 'password_reset_url': pwd_reset_url,
514 'password_reset_url': pwd_reset_url,
509 'user': user,
515 'user': user,
510 'email': user_email,
516 'email': user_email,
511 'date': datetime.datetime.now()
517 'date': datetime.datetime.now()
512 }
518 }
513
519
514 (subject, headers, email_body,
520 (subject, headers, email_body,
515 email_body_plaintext) = EmailNotificationModel().render_email(
521 email_body_plaintext) = EmailNotificationModel().render_email(
516 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
522 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
517
523
518 recipients = [user_email]
524 recipients = [user_email]
519
525
520 action_logger_generic(
526 action_logger_generic(
521 'sending password reset email to user: {}'.format(
527 'sending password reset email to user: {}'.format(
522 user), namespace='security.password_reset')
528 user), namespace='security.password_reset')
523
529
524 run_task(tasks.send_email, recipients, subject,
530 run_task(tasks.send_email, recipients, subject,
525 email_body_plaintext, email_body)
531 email_body_plaintext, email_body)
526
532
527 else:
533 else:
528 log.debug("password reset email %s not found", user_email)
534 log.debug("password reset email %s not found", user_email)
529 except Exception:
535 except Exception:
530 log.error(traceback.format_exc())
536 log.error(traceback.format_exc())
531 return False
537 return False
532
538
533 return True
539 return True
534
540
535 def reset_password(self, data, pwd_reset_url):
541 def reset_password(self, data, pwd_reset_url):
536 from rhodecode.lib.celerylib import tasks, run_task
542 from rhodecode.lib.celerylib import tasks, run_task
537 from rhodecode.model.notification import EmailNotificationModel
543 from rhodecode.model.notification import EmailNotificationModel
538 from rhodecode.lib import auth
544 from rhodecode.lib import auth
539 user_email = data['email']
545 user_email = data['email']
540 pre_db = True
546 pre_db = True
541 try:
547 try:
542 user = User.get_by_email(user_email)
548 user = User.get_by_email(user_email)
543 new_passwd = auth.PasswordGenerator().gen_password(
549 new_passwd = auth.PasswordGenerator().gen_password(
544 12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
550 12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
545 if user:
551 if user:
546 user.password = auth.get_crypt_password(new_passwd)
552 user.password = auth.get_crypt_password(new_passwd)
547 # also force this user to reset his password !
553 # also force this user to reset his password !
548 user.update_userdata(force_password_change=True)
554 user.update_userdata(force_password_change=True)
549
555
550 Session().add(user)
556 Session().add(user)
551 Session().commit()
557 Session().commit()
552 log.info('change password for %s', user_email)
558 log.info('change password for %s', user_email)
553 if new_passwd is None:
559 if new_passwd is None:
554 raise Exception('unable to generate new password')
560 raise Exception('unable to generate new password')
555
561
556 pre_db = False
562 pre_db = False
557
563
558 email_kwargs = {
564 email_kwargs = {
559 'new_password': new_passwd,
565 'new_password': new_passwd,
560 'password_reset_url': pwd_reset_url,
566 'password_reset_url': pwd_reset_url,
561 'user': user,
567 'user': user,
562 'email': user_email,
568 'email': user_email,
563 'date': datetime.datetime.now()
569 'date': datetime.datetime.now()
564 }
570 }
565
571
566 (subject, headers, email_body,
572 (subject, headers, email_body,
567 email_body_plaintext) = EmailNotificationModel().render_email(
573 email_body_plaintext) = EmailNotificationModel().render_email(
568 EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION, **email_kwargs)
574 EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION, **email_kwargs)
569
575
570 recipients = [user_email]
576 recipients = [user_email]
571
577
572 action_logger_generic(
578 action_logger_generic(
573 'sent new password to user: {} with email: {}'.format(
579 'sent new password to user: {} with email: {}'.format(
574 user, user_email), namespace='security.password_reset')
580 user, user_email), namespace='security.password_reset')
575
581
576 run_task(tasks.send_email, recipients, subject,
582 run_task(tasks.send_email, recipients, subject,
577 email_body_plaintext, email_body)
583 email_body_plaintext, email_body)
578
584
579 except Exception:
585 except Exception:
580 log.error('Failed to update user password')
586 log.error('Failed to update user password')
581 log.error(traceback.format_exc())
587 log.error(traceback.format_exc())
582 if pre_db:
588 if pre_db:
583 # we rollback only if local db stuff fails. If it goes into
589 # we rollback only if local db stuff fails. If it goes into
584 # run_task, we're pass rollback state this wouldn't work then
590 # run_task, we're pass rollback state this wouldn't work then
585 Session().rollback()
591 Session().rollback()
586
592
587 return True
593 return True
588
594
589 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
595 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
590 """
596 """
591 Fetches auth_user by user_id,or api_key if present.
597 Fetches auth_user by user_id,or api_key if present.
592 Fills auth_user attributes with those taken from database.
598 Fills auth_user attributes with those taken from database.
593 Additionally set's is_authenitated if lookup fails
599 Additionally set's is_authenitated if lookup fails
594 present in database
600 present in database
595
601
596 :param auth_user: instance of user to set attributes
602 :param auth_user: instance of user to set attributes
597 :param user_id: user id to fetch by
603 :param user_id: user id to fetch by
598 :param api_key: api key to fetch by
604 :param api_key: api key to fetch by
599 :param username: username to fetch by
605 :param username: username to fetch by
600 """
606 """
601 if user_id is None and api_key is None and username is None:
607 if user_id is None and api_key is None and username is None:
602 raise Exception('You need to pass user_id, api_key or username')
608 raise Exception('You need to pass user_id, api_key or username')
603
609
604 log.debug(
610 log.debug(
605 'doing fill data based on: user_id:%s api_key:%s username:%s',
611 'doing fill data based on: user_id:%s api_key:%s username:%s',
606 user_id, api_key, username)
612 user_id, api_key, username)
607 try:
613 try:
608 dbuser = None
614 dbuser = None
609 if user_id:
615 if user_id:
610 dbuser = self.get(user_id)
616 dbuser = self.get(user_id)
611 elif api_key:
617 elif api_key:
612 dbuser = self.get_by_auth_token(api_key)
618 dbuser = self.get_by_auth_token(api_key)
613 elif username:
619 elif username:
614 dbuser = self.get_by_username(username)
620 dbuser = self.get_by_username(username)
615
621
616 if not dbuser:
622 if not dbuser:
617 log.warning(
623 log.warning(
618 'Unable to lookup user by id:%s api_key:%s username:%s',
624 'Unable to lookup user by id:%s api_key:%s username:%s',
619 user_id, api_key, username)
625 user_id, api_key, username)
620 return False
626 return False
621 if not dbuser.active:
627 if not dbuser.active:
622 log.debug('User `%s` is inactive, skipping fill data', username)
628 log.debug('User `%s` is inactive, skipping fill data', username)
623 return False
629 return False
624
630
625 log.debug('filling user:%s data', dbuser)
631 log.debug('filling user:%s data', dbuser)
626
632
627 # TODO: johbo: Think about this and find a clean solution
633 # TODO: johbo: Think about this and find a clean solution
628 user_data = dbuser.get_dict()
634 user_data = dbuser.get_dict()
629 user_data.update(dbuser.get_api_data(include_secrets=True))
635 user_data.update(dbuser.get_api_data(include_secrets=True))
630
636
631 for k, v in user_data.iteritems():
637 for k, v in user_data.iteritems():
632 # properties of auth user we dont update
638 # properties of auth user we dont update
633 if k not in ['auth_tokens', 'permissions']:
639 if k not in ['auth_tokens', 'permissions']:
634 setattr(auth_user, k, v)
640 setattr(auth_user, k, v)
635
641
636 # few extras
642 # few extras
637 setattr(auth_user, 'feed_token', dbuser.feed_token)
643 setattr(auth_user, 'feed_token', dbuser.feed_token)
638 except Exception:
644 except Exception:
639 log.error(traceback.format_exc())
645 log.error(traceback.format_exc())
640 auth_user.is_authenticated = False
646 auth_user.is_authenticated = False
641 return False
647 return False
642
648
643 return True
649 return True
644
650
645 def has_perm(self, user, perm):
651 def has_perm(self, user, perm):
646 perm = self._get_perm(perm)
652 perm = self._get_perm(perm)
647 user = self._get_user(user)
653 user = self._get_user(user)
648
654
649 return UserToPerm.query().filter(UserToPerm.user == user)\
655 return UserToPerm.query().filter(UserToPerm.user == user)\
650 .filter(UserToPerm.permission == perm).scalar() is not None
656 .filter(UserToPerm.permission == perm).scalar() is not None
651
657
652 def grant_perm(self, user, perm):
658 def grant_perm(self, user, perm):
653 """
659 """
654 Grant user global permissions
660 Grant user global permissions
655
661
656 :param user:
662 :param user:
657 :param perm:
663 :param perm:
658 """
664 """
659 user = self._get_user(user)
665 user = self._get_user(user)
660 perm = self._get_perm(perm)
666 perm = self._get_perm(perm)
661 # if this permission is already granted skip it
667 # if this permission is already granted skip it
662 _perm = UserToPerm.query()\
668 _perm = UserToPerm.query()\
663 .filter(UserToPerm.user == user)\
669 .filter(UserToPerm.user == user)\
664 .filter(UserToPerm.permission == perm)\
670 .filter(UserToPerm.permission == perm)\
665 .scalar()
671 .scalar()
666 if _perm:
672 if _perm:
667 return
673 return
668 new = UserToPerm()
674 new = UserToPerm()
669 new.user = user
675 new.user = user
670 new.permission = perm
676 new.permission = perm
671 self.sa.add(new)
677 self.sa.add(new)
672 return new
678 return new
673
679
674 def revoke_perm(self, user, perm):
680 def revoke_perm(self, user, perm):
675 """
681 """
676 Revoke users global permissions
682 Revoke users global permissions
677
683
678 :param user:
684 :param user:
679 :param perm:
685 :param perm:
680 """
686 """
681 user = self._get_user(user)
687 user = self._get_user(user)
682 perm = self._get_perm(perm)
688 perm = self._get_perm(perm)
683
689
684 obj = UserToPerm.query()\
690 obj = UserToPerm.query()\
685 .filter(UserToPerm.user == user)\
691 .filter(UserToPerm.user == user)\
686 .filter(UserToPerm.permission == perm)\
692 .filter(UserToPerm.permission == perm)\
687 .scalar()
693 .scalar()
688 if obj:
694 if obj:
689 self.sa.delete(obj)
695 self.sa.delete(obj)
690
696
691 def add_extra_email(self, user, email):
697 def add_extra_email(self, user, email):
692 """
698 """
693 Adds email address to UserEmailMap
699 Adds email address to UserEmailMap
694
700
695 :param user:
701 :param user:
696 :param email:
702 :param email:
697 """
703 """
698 from rhodecode.model import forms
704 from rhodecode.model import forms
699 form = forms.UserExtraEmailForm()()
705 form = forms.UserExtraEmailForm()()
700 data = form.to_python({'email': email})
706 data = form.to_python({'email': email})
701 user = self._get_user(user)
707 user = self._get_user(user)
702
708
703 obj = UserEmailMap()
709 obj = UserEmailMap()
704 obj.user = user
710 obj.user = user
705 obj.email = data['email']
711 obj.email = data['email']
706 self.sa.add(obj)
712 self.sa.add(obj)
707 return obj
713 return obj
708
714
709 def delete_extra_email(self, user, email_id):
715 def delete_extra_email(self, user, email_id):
710 """
716 """
711 Removes email address from UserEmailMap
717 Removes email address from UserEmailMap
712
718
713 :param user:
719 :param user:
714 :param email_id:
720 :param email_id:
715 """
721 """
716 user = self._get_user(user)
722 user = self._get_user(user)
717 obj = UserEmailMap.query().get(email_id)
723 obj = UserEmailMap.query().get(email_id)
718 if obj:
724 if obj:
719 self.sa.delete(obj)
725 self.sa.delete(obj)
720
726
721 def parse_ip_range(self, ip_range):
727 def parse_ip_range(self, ip_range):
722 ip_list = []
728 ip_list = []
723 def make_unique(value):
729 def make_unique(value):
724 seen = []
730 seen = []
725 return [c for c in value if not (c in seen or seen.append(c))]
731 return [c for c in value if not (c in seen or seen.append(c))]
726
732
727 # firsts split by commas
733 # firsts split by commas
728 for ip_range in ip_range.split(','):
734 for ip_range in ip_range.split(','):
729 if not ip_range:
735 if not ip_range:
730 continue
736 continue
731 ip_range = ip_range.strip()
737 ip_range = ip_range.strip()
732 if '-' in ip_range:
738 if '-' in ip_range:
733 start_ip, end_ip = ip_range.split('-', 1)
739 start_ip, end_ip = ip_range.split('-', 1)
734 start_ip = ipaddress.ip_address(start_ip.strip())
740 start_ip = ipaddress.ip_address(start_ip.strip())
735 end_ip = ipaddress.ip_address(end_ip.strip())
741 end_ip = ipaddress.ip_address(end_ip.strip())
736 parsed_ip_range = []
742 parsed_ip_range = []
737
743
738 for index in xrange(int(start_ip), int(end_ip) + 1):
744 for index in xrange(int(start_ip), int(end_ip) + 1):
739 new_ip = ipaddress.ip_address(index)
745 new_ip = ipaddress.ip_address(index)
740 parsed_ip_range.append(str(new_ip))
746 parsed_ip_range.append(str(new_ip))
741 ip_list.extend(parsed_ip_range)
747 ip_list.extend(parsed_ip_range)
742 else:
748 else:
743 ip_list.append(ip_range)
749 ip_list.append(ip_range)
744
750
745 return make_unique(ip_list)
751 return make_unique(ip_list)
746
752
747 def add_extra_ip(self, user, ip, description=None):
753 def add_extra_ip(self, user, ip, description=None):
748 """
754 """
749 Adds ip address to UserIpMap
755 Adds ip address to UserIpMap
750
756
751 :param user:
757 :param user:
752 :param ip:
758 :param ip:
753 """
759 """
754 from rhodecode.model import forms
760 from rhodecode.model import forms
755 form = forms.UserExtraIpForm()()
761 form = forms.UserExtraIpForm()()
756 data = form.to_python({'ip': ip})
762 data = form.to_python({'ip': ip})
757 user = self._get_user(user)
763 user = self._get_user(user)
758
764
759 obj = UserIpMap()
765 obj = UserIpMap()
760 obj.user = user
766 obj.user = user
761 obj.ip_addr = data['ip']
767 obj.ip_addr = data['ip']
762 obj.description = description
768 obj.description = description
763 self.sa.add(obj)
769 self.sa.add(obj)
764 return obj
770 return obj
765
771
766 def delete_extra_ip(self, user, ip_id):
772 def delete_extra_ip(self, user, ip_id):
767 """
773 """
768 Removes ip address from UserIpMap
774 Removes ip address from UserIpMap
769
775
770 :param user:
776 :param user:
771 :param ip_id:
777 :param ip_id:
772 """
778 """
773 user = self._get_user(user)
779 user = self._get_user(user)
774 obj = UserIpMap.query().get(ip_id)
780 obj = UserIpMap.query().get(ip_id)
775 if obj:
781 if obj:
776 self.sa.delete(obj)
782 self.sa.delete(obj)
777
783
778 def get_accounts_in_creation_order(self, current_user=None):
784 def get_accounts_in_creation_order(self, current_user=None):
779 """
785 """
780 Get accounts in order of creation for deactivation for license limits
786 Get accounts in order of creation for deactivation for license limits
781
787
782 pick currently logged in user, and append to the list in position 0
788 pick currently logged in user, and append to the list in position 0
783 pick all super-admins in order of creation date and add it to the list
789 pick all super-admins in order of creation date and add it to the list
784 pick all other accounts in order of creation and add it to the list.
790 pick all other accounts in order of creation and add it to the list.
785
791
786 Based on that list, the last accounts can be disabled as they are
792 Based on that list, the last accounts can be disabled as they are
787 created at the end and don't include any of the super admins as well
793 created at the end and don't include any of the super admins as well
788 as the current user.
794 as the current user.
789
795
790 :param current_user: optionally current user running this operation
796 :param current_user: optionally current user running this operation
791 """
797 """
792
798
793 if not current_user:
799 if not current_user:
794 current_user = get_current_rhodecode_user()
800 current_user = get_current_rhodecode_user()
795 active_super_admins = [
801 active_super_admins = [
796 x.user_id for x in User.query()
802 x.user_id for x in User.query()
797 .filter(User.user_id != current_user.user_id)
803 .filter(User.user_id != current_user.user_id)
798 .filter(User.active == true())
804 .filter(User.active == true())
799 .filter(User.admin == true())
805 .filter(User.admin == true())
800 .order_by(User.created_on.asc())]
806 .order_by(User.created_on.asc())]
801
807
802 active_regular_users = [
808 active_regular_users = [
803 x.user_id for x in User.query()
809 x.user_id for x in User.query()
804 .filter(User.user_id != current_user.user_id)
810 .filter(User.user_id != current_user.user_id)
805 .filter(User.active == true())
811 .filter(User.active == true())
806 .filter(User.admin == false())
812 .filter(User.admin == false())
807 .order_by(User.created_on.asc())]
813 .order_by(User.created_on.asc())]
808
814
809 list_of_accounts = [current_user.user_id]
815 list_of_accounts = [current_user.user_id]
810 list_of_accounts += active_super_admins
816 list_of_accounts += active_super_admins
811 list_of_accounts += active_regular_users
817 list_of_accounts += active_regular_users
812
818
813 return list_of_accounts
819 return list_of_accounts
814
820
815 def deactivate_last_users(self, expected_users):
821 def deactivate_last_users(self, expected_users):
816 """
822 """
817 Deactivate accounts that are over the license limits.
823 Deactivate accounts that are over the license limits.
818 Algorithm of which accounts to disabled is based on the formula:
824 Algorithm of which accounts to disabled is based on the formula:
819
825
820 Get current user, then super admins in creation order, then regular
826 Get current user, then super admins in creation order, then regular
821 active users in creation order.
827 active users in creation order.
822
828
823 Using that list we mark all accounts from the end of it as inactive.
829 Using that list we mark all accounts from the end of it as inactive.
824 This way we block only latest created accounts.
830 This way we block only latest created accounts.
825
831
826 :param expected_users: list of users in special order, we deactivate
832 :param expected_users: list of users in special order, we deactivate
827 the end N ammoun of users from that list
833 the end N ammoun of users from that list
828 """
834 """
829
835
830 list_of_accounts = self.get_accounts_in_creation_order()
836 list_of_accounts = self.get_accounts_in_creation_order()
831
837
832 for acc_id in list_of_accounts[expected_users + 1:]:
838 for acc_id in list_of_accounts[expected_users + 1:]:
833 user = User.get(acc_id)
839 user = User.get(acc_id)
834 log.info('Deactivating account %s for license unlock', user)
840 log.info('Deactivating account %s for license unlock', user)
835 user.active = False
841 user.active = False
836 Session().add(user)
842 Session().add(user)
837 Session().commit()
843 Session().commit()
838
844
839 return
845 return
@@ -1,267 +1,296 b''
1 ${h.secure_form(url('admin_settings_global'), method='post')}
1 ${h.secure_form(url('admin_settings_global'), method='post')}
2
2
3 <div class="panel panel-default">
3 <div class="panel panel-default">
4 <div class="panel-heading" id="branding-options">
4 <div class="panel-heading" id="branding-options">
5 <h3 class="panel-title">${_('Branding')} <a class="permalink" href="#branding-options"></a></h3>
5 <h3 class="panel-title">${_('Branding')} <a class="permalink" href="#branding-options"></a></h3>
6 </div>
6 </div>
7 <div class="panel-body">
7 <div class="panel-body">
8 <div class="label">
8 <div class="label">
9 <label for="rhodecode_title">${_('Title')}</label>
9 <label for="rhodecode_title">${_('Title')}</label>
10 </div>
10 </div>
11 <div class="field input">
11 <div class="field input">
12 ${h.text('rhodecode_title',size=60)}
12 ${h.text('rhodecode_title',size=60)}
13 </div>
13 </div>
14 <div class="field">
14 <div class="field">
15 <span class="help-block">
15 <span class="help-block">
16 ${_('Set a custom title for your RhodeCode instance (limited to 40 characters).')}
16 ${_('Set a custom title for your RhodeCode instance (limited to 40 characters).')}
17 </span>
17 </span>
18 </div>
18 </div>
19 <div class="label">
19 <div class="label">
20 <label for="rhodecode_realm">${_('HTTP[S] authentication realm')}</label>
20 <label for="rhodecode_realm">${_('HTTP[S] authentication realm')}</label>
21 </div>
21 </div>
22 <div class="field input">
22 <div class="field input">
23 ${h.text('rhodecode_realm',size=60)}
23 ${h.text('rhodecode_realm',size=60)}
24 </div>
24 </div>
25 <div class="field">
25 <div class="field">
26 <span class="help-block">
26 <span class="help-block">
27 ${_('Set a custom text that is shown as authentication message to clients trying to connect.')}
27 ${_('Set a custom text that is shown as authentication message to clients trying to connect.')}
28 </span>
28 </span>
29 </div>
29 </div>
30 </div>
30 </div>
31 </div>
31 </div>
32
32
33
34 <div class="panel panel-default">
35 <div class="panel-heading" id="personal-group-options">
36 <h3 class="panel-title">${_('Personal Repository Group')} <a class="permalink" href="#personal-group-options"></a></h3>
37 </div>
38 <div class="panel-body">
39 <div class="checkbox">
40 ${h.checkbox('rhodecode_create_personal_repo_group','True')}
41 <label for="rhodecode_create_personal_repo_group">${_('Create Personal Repository Group')}</label>
42 </div>
43 <span class="help-block">
44 ${_('Always create Personal Repository Groups for new users.')} <br/>
45 ${_('When creating new users from add user form or API you can still turn this off via a checkbox or flag')}
46 </span>
47
48 <div class="label">
49 <label for="rhodecode_personal_repo_group_pattern">${_('Personal Repo Group Pattern')}</label>
50 </div>
51 <div class="field input">
52 ${h.text('rhodecode_personal_repo_group_pattern',size=60, placeholder=c.personal_repo_group_default_pattern)}
53 </div>
54 <span class="help-block">
55 ${_('Pattern used to create Personal Repository Groups. Prefix can be other existing repository group path[s], eg. /u/${username}')} <br/>
56 ${_('Available variables are currently ${username} and ${user_id}')}
57 </span>
58 </div>
59 </div>
60
61
33 <div class="panel panel-default">
62 <div class="panel panel-default">
34 <div class="panel-heading" id="captcha-options">
63 <div class="panel-heading" id="captcha-options">
35 <h3 class="panel-title">${_('Registration Captcha')} <a class="permalink" href="#captcha-options"></a></h3>
64 <h3 class="panel-title">${_('Registration Captcha')} <a class="permalink" href="#captcha-options"></a></h3>
36 </div>
65 </div>
37 <div class="panel-body">
66 <div class="panel-body">
38 <div class="label">
67 <div class="label">
39 <label for="rhodecode_captcha_public_key">${_('Google ReCaptcha public key')}</label>
68 <label for="rhodecode_captcha_public_key">${_('Google ReCaptcha public key')}</label>
40 </div>
69 </div>
41 <div class="field input">
70 <div class="field input">
42 ${h.text('rhodecode_captcha_public_key',size=60)}
71 ${h.text('rhodecode_captcha_public_key',size=60)}
43 </div>
72 </div>
44 <div class="field">
73 <div class="field">
45 <span class="help-block">
74 <span class="help-block">
46 ${_('Public key for reCaptcha system.')}
75 ${_('Public key for reCaptcha system.')}
47 </span>
76 </span>
48 </div>
77 </div>
49
78
50 <div class="label">
79 <div class="label">
51 <label for="rhodecode_captcha_private_key">${_('Google ReCaptcha private key')}</label>
80 <label for="rhodecode_captcha_private_key">${_('Google ReCaptcha private key')}</label>
52 </div>
81 </div>
53 <div class="field input">
82 <div class="field input">
54 ${h.text('rhodecode_captcha_private_key',size=60)}
83 ${h.text('rhodecode_captcha_private_key',size=60)}
55 </div>
84 </div>
56 <div class="field">
85 <div class="field">
57 <span class="help-block">
86 <span class="help-block">
58 ${_('Private key for reCaptcha system. Setting this value will enable captcha on registration')}
87 ${_('Private key for reCaptcha system. Setting this value will enable captcha on registration')}
59 </span>
88 </span>
60 </div>
89 </div>
61 </div>
90 </div>
62 </div>
91 </div>
63
92
64 <div class="panel panel-default">
93 <div class="panel panel-default">
65 <div class="panel-heading" id="header-code-options">
94 <div class="panel-heading" id="header-code-options">
66 <h3 class="panel-title">${_('Custom Header Code')} <a class="permalink" href="#header-code-options"></a></h3>
95 <h3 class="panel-title">${_('Custom Header Code')} <a class="permalink" href="#header-code-options"></a></h3>
67 </div>
96 </div>
68 <div class="panel-body">
97 <div class="panel-body">
69 <div class="select">
98 <div class="select">
70 <select id="pre_template" >
99 <select id="pre_template" >
71 <option value="#">${_('Templates...')}</option>
100 <option value="#">${_('Templates...')}</option>
72 <option value="ga">Google Analytics</option>
101 <option value="ga">Google Analytics</option>
73 <option value="clicky">Clicky</option>
102 <option value="clicky">Clicky</option>
74 <option value="server_announce">${_('Server Announcement')}</option>
103 <option value="server_announce">${_('Server Announcement')}</option>
75 <option value="flash_filtering">${_('Flash message filtering')}</option>
104 <option value="flash_filtering">${_('Flash message filtering')}</option>
76 </select>
105 </select>
77 </div>
106 </div>
78 <div style="padding: 10px 0px"></div>
107 <div style="padding: 10px 0px"></div>
79 <div class="textarea text-area">
108 <div class="textarea text-area">
80 ${h.textarea('rhodecode_pre_code',cols=23,rows=5,class_="medium")}
109 ${h.textarea('rhodecode_pre_code',cols=23,rows=5,class_="medium")}
81 <span class="help-block">${_('Custom js/css code added at the end of the <header/> tag.')}
110 <span class="help-block">${_('Custom js/css code added at the end of the <header/> tag.')}
82 ${_('Use <script/> or <css/> tags to define custom styling or scripting')}</span>
111 ${_('Use <script/> or <css/> tags to define custom styling or scripting')}</span>
83 </div>
112 </div>
84 </div>
113 </div>
85 </div>
114 </div>
86
115
87 <div class="panel panel-default">
116 <div class="panel panel-default">
88 <div class="panel-heading" id="footer-code-options">
117 <div class="panel-heading" id="footer-code-options">
89 <h3 class="panel-title">${_('Custom Footer Code')} <a class="permalink" href="#footer-code-options"> ¶</a></h3>
118 <h3 class="panel-title">${_('Custom Footer Code')} <a class="permalink" href="#footer-code-options"> ¶</a></h3>
90 </div>
119 </div>
91 <div class="panel-body">
120 <div class="panel-body">
92 <div class="select">
121 <div class="select">
93 <select id="post_template" >
122 <select id="post_template" >
94 <option value="#">${_('Templates...')}</option>
123 <option value="#">${_('Templates...')}</option>
95 <option value="ga">Google Analytics</option>
124 <option value="ga">Google Analytics</option>
96 <option value="clicky">Clicky</option>
125 <option value="clicky">Clicky</option>
97 <option value="server_announce">${_('Server Announcement')}</option>
126 <option value="server_announce">${_('Server Announcement')}</option>
98 </select>
127 </select>
99 </div>
128 </div>
100 <div style="padding: 10px 0px"></div>
129 <div style="padding: 10px 0px"></div>
101 <div class="textarea text-area">
130 <div class="textarea text-area">
102 ${h.textarea('rhodecode_post_code',cols=23,rows=5, class_="medium")}
131 ${h.textarea('rhodecode_post_code',cols=23,rows=5, class_="medium")}
103 <span class="help-block">${_('Custom js/css code added at the end of the <body> tag.')}
132 <span class="help-block">${_('Custom js/css code added at the end of the <body> tag.')}
104 ${_('Use <script> or <css> tags to define custom styling or scripting')}</span>
133 ${_('Use <script> or <css> tags to define custom styling or scripting')}</span>
105 </div>
134 </div>
106 </div>
135 </div>
107 </div>
136 </div>
108
137
109 <div class="buttons">
138 <div class="buttons">
110 ${h.submit('save',_('Save settings'),class_="btn")}
139 ${h.submit('save',_('Save settings'),class_="btn")}
111 ${h.reset('reset',_('Reset'),class_="btn")}
140 ${h.reset('reset',_('Reset'),class_="btn")}
112 </div>
141 </div>
113 ${h.end_form()}
142 ${h.end_form()}
114
143
115
144
116
145
117 ## TEMPLATES ##
146 ## TEMPLATES ##
118 ###############
147 ###############
119
148
120 <script id="ga_tmpl" type="text/x-template">
149 <script id="ga_tmpl" type="text/x-template">
121 <%text filter="h">
150 <%text filter="h">
122 <script>
151 <script>
123 // Google Analytics
152 // Google Analytics
124 // Put your Google Analytics code instead of _GACODE_
153 // Put your Google Analytics code instead of _GACODE_
125 var _gaq_code = '_GACODE_';
154 var _gaq_code = '_GACODE_';
126 var _gaq = _gaq || [];
155 var _gaq = _gaq || [];
127 _gaq.push(['_setAccount', _gaq_code]);
156 _gaq.push(['_setAccount', _gaq_code]);
128 _gaq.push(['_trackPageview']);
157 _gaq.push(['_trackPageview']);
129
158
130 (function() {
159 (function() {
131 var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
160 var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
132 ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
161 ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
133 var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
162 var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
134 })();
163 })();
135
164
136 rhodecode_statechange_callback = function(url, data){
165 rhodecode_statechange_callback = function(url, data){
137 // ANALYTICS callback on html5 history state changed
166 // ANALYTICS callback on html5 history state changed
138 // triggered by file browser, url is the new url,
167 // triggered by file browser, url is the new url,
139 // data is extra info passed from the State object
168 // data is extra info passed from the State object
140 if (typeof window._gaq !== 'undefined') {
169 if (typeof window._gaq !== 'undefined') {
141 _gaq.push(['_trackPageview', url]);
170 _gaq.push(['_trackPageview', url]);
142 }
171 }
143 };
172 };
144 </script>
173 </script>
145 </%text>
174 </%text>
146 </script>
175 </script>
147
176
148
177
149
178
150 <script id="clicky_tmpl" type="text/x-template">
179 <script id="clicky_tmpl" type="text/x-template">
151 <%text filter="h">
180 <%text filter="h">
152 <script src="//static.getclicky.com/js" type="text/javascript"></script>
181 <script src="//static.getclicky.com/js" type="text/javascript"></script>
153 <script type="text/javascript">
182 <script type="text/javascript">
154 // Clicky Analytics - should be used in the footer code section.
183 // Clicky Analytics - should be used in the footer code section.
155 // Put your Clicky code instead of _CLICKYCODE_ here,
184 // Put your Clicky code instead of _CLICKYCODE_ here,
156 // and below in the <img> tag.
185 // and below in the <img> tag.
157 var _cl_code = _CLICKYCODE_;
186 var _cl_code = _CLICKYCODE_;
158 try{clicky.init(_cl_code);}catch(e){}
187 try{clicky.init(_cl_code);}catch(e){}
159
188
160 rhodecode_statechange_callback = function(url, data){
189 rhodecode_statechange_callback = function(url, data){
161 // ANALYTICS callback on html5 history state changed
190 // ANALYTICS callback on html5 history state changed
162 // triggered by file browser, url is the new url,
191 // triggered by file browser, url is the new url,
163 // data is extra info passed from the State object
192 // data is extra info passed from the State object
164 if (typeof window.clicky !== 'undefined') {
193 if (typeof window.clicky !== 'undefined') {
165 clicky.log(url);
194 clicky.log(url);
166 }
195 }
167 }
196 }
168 </script>
197 </script>
169 <noscript>
198 <noscript>
170 // Put your clicky code in the src file.
199 // Put your clicky code in the src file.
171 <p><img alt="Clicky" width="1" height="1"
200 <p><img alt="Clicky" width="1" height="1"
172 src="//in.getclicky.com/_CLICKYCODE_ns.gif" /></p>
201 src="//in.getclicky.com/_CLICKYCODE_ns.gif" /></p>
173 </noscript>
202 </noscript>
174 </%text>
203 </%text>
175 </script>
204 </script>
176
205
177
206
178
207
179 <script id="server_announce_tmpl" type='text/x-template'>
208 <script id="server_announce_tmpl" type='text/x-template'>
180 <%text filter="h">
209 <%text filter="h">
181 <script>
210 <script>
182 // Server announcement displayed on the top of the page.
211 // Server announcement displayed on the top of the page.
183 // This can be used to send a global maintainance messages or other
212 // This can be used to send a global maintainance messages or other
184 // important messages to all users of the RhodeCode Enterprise system.
213 // important messages to all users of the RhodeCode Enterprise system.
185
214
186 $(document).ready(function(e){
215 $(document).ready(function(e){
187
216
188 // EDIT - put your message below
217 // EDIT - put your message below
189 var message = "TYPE YOUR MESSAGE HERE";
218 var message = "TYPE YOUR MESSAGE HERE";
190
219
191 // EDIT - choose "info"/"warning"/"error"/"success"/"neutral" as appropriate
220 // EDIT - choose "info"/"warning"/"error"/"success"/"neutral" as appropriate
192 var alert_level = "info";
221 var alert_level = "info";
193
222
194 $("#body").prepend(
223 $("#body").prepend(
195 ("<div id='server-announcement' class='"+alert_level+"'>_MSG_"+"</div>").replace("_MSG_", message)
224 ("<div id='server-announcement' class='"+alert_level+"'>_MSG_"+"</div>").replace("_MSG_", message)
196 )
225 )
197 })
226 })
198 </script>
227 </script>
199 </%text>
228 </%text>
200 </script>
229 </script>
201
230
202 <script id="flash_filtering_tmpl" type='text/x-template'>
231 <script id="flash_filtering_tmpl" type='text/x-template'>
203 <%text filter="h">
232 <%text filter="h">
204 <script>
233 <script>
205 // This filters out some flash messages before they are presented to user
234 // This filters out some flash messages before they are presented to user
206 // based on their contents. Could be used to filter out warnings/errors
235 // based on their contents. Could be used to filter out warnings/errors
207 // of license messages
236 // of license messages
208
237
209 var filteredMessages = [];
238 var filteredMessages = [];
210 for(var i =0; i< alertMessagePayloads.length; i++){
239 for(var i =0; i< alertMessagePayloads.length; i++){
211 if (typeof alertMessagePayloads[i].message.subdata.subtype !== 'undefined' &&
240 if (typeof alertMessagePayloads[i].message.subdata.subtype !== 'undefined' &&
212 alertMessagePayloads[i].message.subdata.subtype.indexOf('rc_license') !== -1){
241 alertMessagePayloads[i].message.subdata.subtype.indexOf('rc_license') !== -1){
213 continue
242 continue
214 }
243 }
215 filteredMessages.push(alertMessagePayloads[i]);
244 filteredMessages.push(alertMessagePayloads[i]);
216 }
245 }
217 alertMessagePayloads = filteredMessages;
246 alertMessagePayloads = filteredMessages;
218 </script>
247 </script>
219 </%text>
248 </%text>
220 </script>
249 </script>
221
250
222 <script>
251 <script>
223 var pre_cm = initCodeMirror('rhodecode_pre_code', '', false);
252 var pre_cm = initCodeMirror('rhodecode_pre_code', '', false);
224 var pre_old = pre_cm.getValue();
253 var pre_old = pre_cm.getValue();
225
254
226 var post_cm = initCodeMirror('rhodecode_post_code', '', false);
255 var post_cm = initCodeMirror('rhodecode_post_code', '', false);
227 var post_old = post_cm.getValue();
256 var post_old = post_cm.getValue();
228
257
229 var get_data = function(type, old){
258 var get_data = function(type, old){
230 var get_tmpl = function(tmpl_name){
259 var get_tmpl = function(tmpl_name){
231 // unescape some stuff
260 // unescape some stuff
232 var html = htmlEnDeCode.htmlDecode($('#'+tmpl_name+'_tmpl').html());
261 var html = htmlEnDeCode.htmlDecode($('#'+tmpl_name+'_tmpl').html());
233 return html;
262 return html;
234 };
263 };
235 return {
264 return {
236 '#': old,
265 '#': old,
237 'ga': get_tmpl('ga'),
266 'ga': get_tmpl('ga'),
238 'clicky': get_tmpl('clicky'),
267 'clicky': get_tmpl('clicky'),
239 'server_announce': get_tmpl('server_announce'),
268 'server_announce': get_tmpl('server_announce'),
240 'flash_filtering': get_tmpl('flash_filtering')
269 'flash_filtering': get_tmpl('flash_filtering')
241 }[type]
270 }[type]
242 };
271 };
243
272
244 $('#pre_template').select2({
273 $('#pre_template').select2({
245 containerCssClass: 'drop-menu',
274 containerCssClass: 'drop-menu',
246 dropdownCssClass: 'drop-menu-dropdown',
275 dropdownCssClass: 'drop-menu-dropdown',
247 dropdownAutoWidth: true,
276 dropdownAutoWidth: true,
248 minimumResultsForSearch: -1
277 minimumResultsForSearch: -1
249 });
278 });
250
279
251 $('#post_template').select2({
280 $('#post_template').select2({
252 containerCssClass: 'drop-menu',
281 containerCssClass: 'drop-menu',
253 dropdownCssClass: 'drop-menu-dropdown',
282 dropdownCssClass: 'drop-menu-dropdown',
254 dropdownAutoWidth: true,
283 dropdownAutoWidth: true,
255 minimumResultsForSearch: -1
284 minimumResultsForSearch: -1
256 });
285 });
257
286
258 $('#post_template').on('change', function(e){
287 $('#post_template').on('change', function(e){
259 var sel = this.value;
288 var sel = this.value;
260 post_cm.setValue(get_data(sel, post_old))
289 post_cm.setValue(get_data(sel, post_old))
261 });
290 });
262
291
263 $('#pre_template').on('change', function(e){
292 $('#pre_template').on('change', function(e){
264 var sel = this.value;
293 var sel = this.value;
265 pre_cm.setValue(get_data(sel, pre_old))
294 pre_cm.setValue(get_data(sel, pre_old))
266 })
295 })
267 </script>
296 </script>
@@ -1,144 +1,147 b''
1 ## -*- coding: utf-8 -*-
1 ## -*- coding: utf-8 -*-
2 <%inherit file="/base/base.html"/>
2 <%inherit file="/base/base.html"/>
3
3
4 <%def name="title()">
4 <%def name="title()">
5 ${_('Add user')}
5 ${_('Add user')}
6 %if c.rhodecode_name:
6 %if c.rhodecode_name:
7 &middot; ${h.branding(c.rhodecode_name)}
7 &middot; ${h.branding(c.rhodecode_name)}
8 %endif
8 %endif
9 </%def>
9 </%def>
10 <%def name="breadcrumbs_links()">
10 <%def name="breadcrumbs_links()">
11 ${h.link_to(_('Admin'),h.url('admin_home'))}
11 ${h.link_to(_('Admin'),h.url('admin_home'))}
12 &raquo;
12 &raquo;
13 ${h.link_to(_('Users'),h.url('users'))}
13 ${h.link_to(_('Users'),h.url('users'))}
14 &raquo;
14 &raquo;
15 ${_('Add User')}
15 ${_('Add User')}
16 </%def>
16 </%def>
17
17
18 <%def name="menu_bar_nav()">
18 <%def name="menu_bar_nav()">
19 ${self.menu_items(active='admin')}
19 ${self.menu_items(active='admin')}
20 </%def>
20 </%def>
21
21
22 <%def name="main()">
22 <%def name="main()">
23 <div class="box">
23 <div class="box">
24 <!-- box / title -->
24 <!-- box / title -->
25 <div class="title">
25 <div class="title">
26 ${self.breadcrumbs()}
26 ${self.breadcrumbs()}
27 </div>
27 </div>
28 <!-- end box / title -->
28 <!-- end box / title -->
29 ${h.secure_form(url('users'))}
29 ${h.secure_form(url('users'))}
30 <div class="form">
30 <div class="form">
31 <!-- fields -->
31 <!-- fields -->
32 <div class="fields">
32 <div class="fields">
33 <div class="field">
33 <div class="field">
34 <div class="label">
34 <div class="label">
35 <label for="username">${_('Username')}:</label>
35 <label for="username">${_('Username')}:</label>
36 </div>
36 </div>
37 <div class="input">
37 <div class="input">
38 ${h.text('username', class_='medium')}
38 ${h.text('username', class_='medium')}
39 </div>
39 </div>
40 </div>
40 </div>
41
41
42 <div class="field">
42 <div class="field">
43 <div class="label">
43 <div class="label">
44 <label for="password">${_('Password')}:</label>
44 <label for="password">${_('Password')}:</label>
45 </div>
45 </div>
46 <div class="input">
46 <div class="input">
47 ${h.password('password', class_='medium')}
47 ${h.password('password', class_='medium')}
48 </div>
48 </div>
49 </div>
49 </div>
50
50
51 <div class="field">
51 <div class="field">
52 <div class="label">
52 <div class="label">
53 <label for="password_confirmation">${_('Password confirmation')}:</label>
53 <label for="password_confirmation">${_('Password confirmation')}:</label>
54 </div>
54 </div>
55 <div class="input">
55 <div class="input">
56 ${h.password('password_confirmation',autocomplete="off", class_='medium')}
56 ${h.password('password_confirmation',autocomplete="off", class_='medium')}
57 <div class="info-block">
57 <div class="info-block">
58 <a id="generate_password" href="#">
58 <a id="generate_password" href="#">
59 <i class="icon-lock"></i> ${_('Generate password')}
59 <i class="icon-lock"></i> ${_('Generate password')}
60 </a>
60 </a>
61 <span id="generate_password_preview"></span>
61 <span id="generate_password_preview"></span>
62 </div>
62 </div>
63 </div>
63 </div>
64 </div>
64 </div>
65
65
66 <div class="field">
66 <div class="field">
67 <div class="label">
67 <div class="label">
68 <label for="firstname">${_('First Name')}:</label>
68 <label for="firstname">${_('First Name')}:</label>
69 </div>
69 </div>
70 <div class="input">
70 <div class="input">
71 ${h.text('firstname', class_='medium')}
71 ${h.text('firstname', class_='medium')}
72 </div>
72 </div>
73 </div>
73 </div>
74
74
75 <div class="field">
75 <div class="field">
76 <div class="label">
76 <div class="label">
77 <label for="lastname">${_('Last Name')}:</label>
77 <label for="lastname">${_('Last Name')}:</label>
78 </div>
78 </div>
79 <div class="input">
79 <div class="input">
80 ${h.text('lastname', class_='medium')}
80 ${h.text('lastname', class_='medium')}
81 </div>
81 </div>
82 </div>
82 </div>
83
83
84 <div class="field">
84 <div class="field">
85 <div class="label">
85 <div class="label">
86 <label for="email">${_('Email')}:</label>
86 <label for="email">${_('Email')}:</label>
87 </div>
87 </div>
88 <div class="input">
88 <div class="input">
89 ${h.text('email', class_='medium')}
89 ${h.text('email', class_='medium')}
90 ${h.hidden('extern_name', c.default_extern_type)}
90 ${h.hidden('extern_name', c.default_extern_type)}
91 ${h.hidden('extern_type', c.default_extern_type)}
91 ${h.hidden('extern_type', c.default_extern_type)}
92 </div>
92 </div>
93 </div>
93 </div>
94
94
95 <div class="field">
95 <div class="field">
96 <div class="label label-checkbox">
96 <div class="label label-checkbox">
97 <label for="active">${_('Active')}:</label>
97 <label for="active">${_('Active')}:</label>
98 </div>
98 </div>
99 <div class="checkboxes">
99 <div class="checkboxes">
100 ${h.checkbox('active',value=True,checked='checked')}
100 ${h.checkbox('active',value=True,checked='checked')}
101 </div>
101 </div>
102 </div>
102 </div>
103
103
104 <div class="field">
104 <div class="field">
105 <div class="label label-checkbox">
105 <div class="label label-checkbox">
106 <label for="password_change">${_('Password change')}:</label>
106 <label for="password_change">${_('Password change')}:</label>
107 </div>
107 </div>
108 <div class="checkboxes">
108 <div class="checkboxes">
109 ${h.checkbox('password_change',value=True)}
109 ${h.checkbox('password_change',value=True)}
110 <span class="help-block">${_('Force user to change his password on the next login')}</span>
110 <span class="help-block">${_('Force user to change his password on the next login')}</span>
111 </div>
111 </div>
112 </div>
112 </div>
113
113
114 <div class="field">
114 <div class="field">
115 <div class="label label-checkbox">
115 <div class="label label-checkbox">
116 <label for="create_repo_group">${_('Add repository group')}:</label>
116 <label for="create_repo_group">${_('Add personal repository group')}:</label>
117 </div>
117 </div>
118 <div class="checkboxes">
118 <div class="checkboxes">
119 ${h.checkbox('create_repo_group',value=True)}
119 ${h.checkbox('create_repo_group',value=True, checked=c.default_create_repo_group)}
120 <span class="help-block">${_('Add repository group with the same name as username. \nUser will be automatically set as this group owner.')}</span>
120 <span class="help-block">
121 ${_('New group will be created at: `/%(path)s`') % {'path': c.personal_repo_group_name}}<br/>
122 ${_('User will be automatically set as this group owner.')}
123 </span>
121 </div>
124 </div>
122 </div>
125 </div>
123
126
124 <div class="buttons">
127 <div class="buttons">
125 ${h.submit('save',_('Save'),class_="btn")}
128 ${h.submit('save',_('Save'),class_="btn")}
126 </div>
129 </div>
127 </div>
130 </div>
128 </div>
131 </div>
129 ${h.end_form()}
132 ${h.end_form()}
130 </div>
133 </div>
131 <script>
134 <script>
132 $(document).ready(function(){
135 $(document).ready(function(){
133 $('#username').focus();
136 $('#username').focus();
134
137
135 $('#generate_password').on('click', function(e){
138 $('#generate_password').on('click', function(e){
136 var tmpl = "(${_('generated password:')} {0})"
139 var tmpl = "(${_('generated password:')} {0})"
137 var new_passwd = generatePassword(12)
140 var new_passwd = generatePassword(12)
138 $('#generate_password_preview').html(tmpl.format(new_passwd))
141 $('#generate_password_preview').html(tmpl.format(new_passwd))
139 $('#password').val(new_passwd);
142 $('#password').val(new_passwd);
140 $('#password_confirmation').val(new_passwd);
143 $('#password_confirmation').val(new_passwd);
141 })
144 })
142 })
145 })
143 </script>
146 </script>
144 </%def>
147 </%def>
@@ -1,154 +1,158 b''
1 <%namespace name="base" file="/base/base.html"/>
1 <%namespace name="base" file="/base/base.html"/>
2
2
3 <%
3 <%
4 elems = [
4 elems = [
5 (_('Created on'), h.format_date(c.user.created_on), '', ''),
5 (_('Created on'), h.format_date(c.user.created_on), '', ''),
6 (_('Source of Record'), c.user.extern_type, '', ''),
6 (_('Source of Record'), c.user.extern_type, '', ''),
7
7
8 (_('Last login'), c.user.last_login or '-', '', ''),
8 (_('Last login'), c.user.last_login or '-', '', ''),
9 (_('Last activity'), h.format_date(h.time_to_datetime(c.user.user_data.get('last_activity', 0))), '', ''),
9 (_('Last activity'), h.format_date(h.time_to_datetime(c.user.user_data.get('last_activity', 0))), '', ''),
10
10
11 (_('Repositories'), len(c.user.repositories), '', [x.repo_name for x in c.user.repositories]),
11 (_('Repositories'), len(c.user.repositories), '', [x.repo_name for x in c.user.repositories]),
12 (_('Repository groups'), len(c.user.repository_groups), '', [x.group_name for x in c.user.repository_groups]),
12 (_('Repository groups'), len(c.user.repository_groups), '', [x.group_name for x in c.user.repository_groups]),
13 (_('User groups'), len(c.user.user_groups), '', [x.users_group_name for x in c.user.user_groups]),
13 (_('User groups'), len(c.user.user_groups), '', [x.users_group_name for x in c.user.user_groups]),
14
14
15 (_('Member of User groups'), len(c.user.group_member), '', [x.users_group.users_group_name for x in c.user.group_member]),
15 (_('Member of User groups'), len(c.user.group_member), '', [x.users_group.users_group_name for x in c.user.group_member]),
16 (_('Force password change'), c.user.user_data.get('force_password_change', 'False'), '', ''),
16 (_('Force password change'), c.user.user_data.get('force_password_change', 'False'), '', ''),
17 ]
17 ]
18 %>
18 %>
19
19
20 <div class="panel panel-default">
20 <div class="panel panel-default">
21 <div class="panel-heading">
21 <div class="panel-heading">
22 <h3 class="panel-title">${_('User: %s') % c.user.username}</h3>
22 <h3 class="panel-title">${_('User: %s') % c.user.username}</h3>
23 </div>
23 </div>
24 <div class="panel-body">
24 <div class="panel-body">
25 ${base.dt_info_panel(elems)}
25 ${base.dt_info_panel(elems)}
26 </div>
26 </div>
27 </div>
27 </div>
28
28
29 <div class="panel panel-default">
29 <div class="panel panel-default">
30 <div class="panel-heading">
30 <div class="panel-heading">
31 <h3 class="panel-title">${_('Force Password Reset')}</h3>
31 <h3 class="panel-title">${_('Force Password Reset')}</h3>
32 </div>
32 </div>
33 <div class="panel-body">
33 <div class="panel-body">
34 ${h.secure_form(h.url('force_password_reset_user', user_id=c.user.user_id), method='post')}
34 ${h.secure_form(h.url('force_password_reset_user', user_id=c.user.user_id), method='post')}
35 <div class="field">
35 <div class="field">
36 <button class="btn btn-default" type="submit">
36 <button class="btn btn-default" type="submit">
37 <i class="icon-lock"></i>
37 <i class="icon-lock"></i>
38 %if c.user.user_data.get('force_password_change'):
38 %if c.user.user_data.get('force_password_change'):
39 ${_('Disable forced password reset')}
39 ${_('Disable forced password reset')}
40 %else:
40 %else:
41 ${_('Enable forced password reset')}
41 ${_('Enable forced password reset')}
42 %endif
42 %endif
43 </button>
43 </button>
44 </div>
44 </div>
45 <div class="field">
45 <div class="field">
46 <span class="help-block">
46 <span class="help-block">
47 ${_("When this is enabled user will have to change they password when they next use RhodeCode system. This will also forbid vcs operations until someone makes a password change in the web interface")}
47 ${_("When this is enabled user will have to change they password when they next use RhodeCode system. This will also forbid vcs operations until someone makes a password change in the web interface")}
48 </span>
48 </span>
49 </div>
49 </div>
50 ${h.end_form()}
50 ${h.end_form()}
51 </div>
51 </div>
52 </div>
52 </div>
53
53
54 <div class="panel panel-default">
54 <div class="panel panel-default">
55 <div class="panel-heading">
55 <div class="panel-heading">
56 <h3 class="panel-title">${_('Personal Repository Group')}</h3>
56 <h3 class="panel-title">${_('Personal Repository Group')}</h3>
57 </div>
57 </div>
58 <div class="panel-body">
58 <div class="panel-body">
59 ${h.secure_form(h.url('create_personal_repo_group', user_id=c.user.user_id), method='post')}
59 ${h.secure_form(h.url('create_personal_repo_group', user_id=c.user.user_id), method='post')}
60
60
61 %if c.personal_repo_group:
61 %if c.personal_repo_group:
62 <div class="panel-body-title-text">${_('Users personal repository group')} : ${h.link_to(c.personal_repo_group.group_name, url('repo_group_home', group_name=c.personal_repo_group.group_name))}</div>
62 <div class="panel-body-title-text">${_('Users personal repository group')} : ${h.link_to(c.personal_repo_group.group_name, url('repo_group_home', group_name=c.personal_repo_group.group_name))}</div>
63 %else:
63 %else:
64 <div class="panel-body-title-text">${_('This user currently does not have a personal repository group')}</div>
64 <div class="panel-body-title-text">
65 ${_('This user currently does not have a personal repository group')}
66 <br/>
67 ${_('New group will be created at: `/%(path)s`') % {'path': c.personal_repo_group_name}}
68 </div>
65 %endif
69 %endif
66 <button class="btn btn-default" type="submit" ${'disabled="disabled"' if c.personal_repo_group else ''}>
70 <button class="btn btn-default" type="submit" ${'disabled="disabled"' if c.personal_repo_group else ''}>
67 <i class="icon-folder-close"></i>
71 <i class="icon-folder-close"></i>
68 ${_('Create personal repository group')}
72 ${_('Create personal repository group')}
69 </button>
73 </button>
70 ${h.end_form()}
74 ${h.end_form()}
71 </div>
75 </div>
72 </div>
76 </div>
73
77
74
78
75 <div class="panel panel-danger">
79 <div class="panel panel-danger">
76 <div class="panel-heading">
80 <div class="panel-heading">
77 <h3 class="panel-title">${_('Delete User')}</h3>
81 <h3 class="panel-title">${_('Delete User')}</h3>
78 </div>
82 </div>
79 <div class="panel-body">
83 <div class="panel-body">
80 ${h.secure_form(h.url('delete_user', user_id=c.user.user_id), method='delete')}
84 ${h.secure_form(h.url('delete_user', user_id=c.user.user_id), method='delete')}
81
85
82 <table class="display">
86 <table class="display">
83 <tr>
87 <tr>
84 <td>
88 <td>
85 ${ungettext('This user owns %s repository.', 'This user owns %s repositories.', len(c.user.repositories)) % len(c.user.repositories)}
89 ${ungettext('This user owns %s repository.', 'This user owns %s repositories.', len(c.user.repositories)) % len(c.user.repositories)}
86 </td>
90 </td>
87 <td>
91 <td>
88 %if len(c.user.repositories) > 0:
92 %if len(c.user.repositories) > 0:
89 <input type="radio" id="user_repos_1" name="user_repos" value="detach" checked="checked"/> <label for="user_repos_1">${_('Detach repositories')}</label>
93 <input type="radio" id="user_repos_1" name="user_repos" value="detach" checked="checked"/> <label for="user_repos_1">${_('Detach repositories')}</label>
90 %endif
94 %endif
91 </td>
95 </td>
92 <td>
96 <td>
93 %if len(c.user.repositories) > 0:
97 %if len(c.user.repositories) > 0:
94 <input type="radio" id="user_repos_2" name="user_repos" value="delete" /> <label for="user_repos_2">${_('Delete repositories')}</label>
98 <input type="radio" id="user_repos_2" name="user_repos" value="delete" /> <label for="user_repos_2">${_('Delete repositories')}</label>
95 %endif
99 %endif
96 </td>
100 </td>
97 </tr>
101 </tr>
98
102
99 <tr>
103 <tr>
100 <td>
104 <td>
101 ${ungettext('This user owns %s repository group.', 'This user owns %s repository groups.', len(c.user.repository_groups)) % len(c.user.repository_groups)}
105 ${ungettext('This user owns %s repository group.', 'This user owns %s repository groups.', len(c.user.repository_groups)) % len(c.user.repository_groups)}
102 </td>
106 </td>
103 <td>
107 <td>
104 %if len(c.user.repository_groups) > 0:
108 %if len(c.user.repository_groups) > 0:
105 <input type="radio" id="user_repo_groups_1" name="user_repo_groups" value="detach" checked="checked"/> <label for="user_repo_groups_1">${_('Detach repository groups')}</label>
109 <input type="radio" id="user_repo_groups_1" name="user_repo_groups" value="detach" checked="checked"/> <label for="user_repo_groups_1">${_('Detach repository groups')}</label>
106 %endif
110 %endif
107 </td>
111 </td>
108 <td>
112 <td>
109 %if len(c.user.repository_groups) > 0:
113 %if len(c.user.repository_groups) > 0:
110 <input type="radio" id="user_repo_groups_2" name="user_repo_groups" value="delete" /> <label for="user_repo_groups_2">${_('Delete repositories')}</label>
114 <input type="radio" id="user_repo_groups_2" name="user_repo_groups" value="delete" /> <label for="user_repo_groups_2">${_('Delete repositories')}</label>
111 %endif
115 %endif
112 </td>
116 </td>
113 </tr>
117 </tr>
114
118
115 <tr>
119 <tr>
116 <td>
120 <td>
117 ${ungettext('This user owns %s user group.', 'This user owns %s user groups.', len(c.user.user_groups)) % len(c.user.user_groups)}
121 ${ungettext('This user owns %s user group.', 'This user owns %s user groups.', len(c.user.user_groups)) % len(c.user.user_groups)}
118 </td>
122 </td>
119 <td>
123 <td>
120 %if len(c.user.user_groups) > 0:
124 %if len(c.user.user_groups) > 0:
121 <input type="radio" id="user_user_groups_1" name="user_user_groups" value="detach" checked="checked"/> <label for="user_user_groups_1">${_('Detach user groups')}</label>
125 <input type="radio" id="user_user_groups_1" name="user_user_groups" value="detach" checked="checked"/> <label for="user_user_groups_1">${_('Detach user groups')}</label>
122 %endif
126 %endif
123 </td>
127 </td>
124 <td>
128 <td>
125 %if len(c.user.user_groups) > 0:
129 %if len(c.user.user_groups) > 0:
126 <input type="radio" id="user_user_groups_2" name="user_user_groups" value="delete" /> <label for="user_user_groups_2">${_('Delete repositories')}</label>
130 <input type="radio" id="user_user_groups_2" name="user_user_groups" value="delete" /> <label for="user_user_groups_2">${_('Delete repositories')}</label>
127 %endif
131 %endif
128 </td>
132 </td>
129 </tr>
133 </tr>
130 </table>
134 </table>
131 <div style="margin: 0 0 20px 0" class="fake-space"></div>
135 <div style="margin: 0 0 20px 0" class="fake-space"></div>
132
136
133 <div class="field">
137 <div class="field">
134 <button class="btn btn-small btn-danger" type="submit"
138 <button class="btn btn-small btn-danger" type="submit"
135 onclick="return confirm('${_('Confirm to delete this user: %s') % c.user.username}');"
139 onclick="return confirm('${_('Confirm to delete this user: %s') % c.user.username}');"
136 ${"disabled" if not c.can_delete_user else ""}>
140 ${"disabled" if not c.can_delete_user else ""}>
137 ${_('Delete this user')}
141 ${_('Delete this user')}
138 </button>
142 </button>
139 </div>
143 </div>
140 % if c.can_delete_user_message:
144 % if c.can_delete_user_message:
141 <p class="help-block">${c.can_delete_user_message}</p>
145 <p class="help-block">${c.can_delete_user_message}</p>
142 % endif
146 % endif
143
147
144 <div class="field">
148 <div class="field">
145 <span class="help-block">
149 <span class="help-block">
146 %if len(c.user.repositories) > 0 or len(c.user.repository_groups) > 0 or len(c.user.user_groups) > 0:
150 %if len(c.user.repositories) > 0 or len(c.user.repository_groups) > 0 or len(c.user.user_groups) > 0:
147 <p class="help-block">${_("When selecting the detach option, the depending objects owned by this user will be assigned to the `%s` super admin in the system. The delete option will delete the user's repositories!") % (c.first_admin.full_name)}</p>
151 <p class="help-block">${_("When selecting the detach option, the depending objects owned by this user will be assigned to the `%s` super admin in the system. The delete option will delete the user's repositories!") % (c.first_admin.full_name)}</p>
148 %endif
152 %endif
149 </span>
153 </span>
150 </div>
154 </div>
151
155
152 ${h.end_form()}
156 ${h.end_form()}
153 </div>
157 </div>
154 </div>
158 </div>
1 NO CONTENT: modified file
NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
General Comments 0
You need to be logged in to leave comments. Login now