| @@ -0,0 +1,101 | |||||
|
|
1 | # -*- coding: utf-8 -*- | |||
|
|
2 | ||||
|
|
3 | # Copyright (C) 2016-2017 RhodeCode GmbH | |||
|
|
4 | # | |||
|
|
5 | # This program is free software: you can redistribute it and/or modify | |||
|
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |||
|
|
7 | # (only), as published by the Free Software Foundation. | |||
|
|
8 | # | |||
|
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
12 | # GNU General Public License for more details. | |||
|
|
13 | # | |||
|
|
14 | # You should have received a copy of the GNU Affero General Public License | |||
|
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
|
|
16 | # | |||
|
|
17 | # This program is dual-licensed. If you wish to learn more about the | |||
|
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |||
|
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |||
|
|
20 | ||||
|
|
21 | ||||
|
|
22 | from rhodecode.apps.admin.navigation import NavigationRegistry | |||
|
|
23 | from rhodecode.config.routing import ADMIN_PREFIX | |||
|
|
24 | from rhodecode.lib.utils2 import str2bool | |||
|
|
25 | ||||
|
|
26 | ||||
|
|
27 | def admin_routes(config): | |||
|
|
28 | """ | |||
|
|
29 | User groups /_admin prefixed routes | |||
|
|
30 | """ | |||
|
|
31 | ||||
|
|
32 | config.add_route( | |||
|
|
33 | name='user_group_members_data', | |||
|
|
34 | pattern='/user_groups/{user_group_id:\d+}/members', | |||
|
|
35 | user_group_route=True) | |||
|
|
36 | ||||
|
|
37 | # user groups perms | |||
|
|
38 | config.add_route( | |||
|
|
39 | name='edit_user_group_perms_summary', | |||
|
|
40 | pattern='/user_groups/{user_group_id:\d+}/edit/permissions_summary', | |||
|
|
41 | user_group_route=True) | |||
|
|
42 | config.add_route( | |||
|
|
43 | name='edit_user_group_perms_summary_json', | |||
|
|
44 | pattern='/user_groups/{user_group_id:\d+}/edit/permissions_summary/json', | |||
|
|
45 | user_group_route=True) | |||
|
|
46 | ||||
|
|
47 | # user groups edit | |||
|
|
48 | config.add_route( | |||
|
|
49 | name='edit_user_group', | |||
|
|
50 | pattern='/user_groups/{user_group_id:\d+}/edit', | |||
|
|
51 | user_group_route=True) | |||
|
|
52 | ||||
|
|
53 | # user groups update | |||
|
|
54 | config.add_route( | |||
|
|
55 | name='user_groups_update', | |||
|
|
56 | pattern='/user_groups/{user_group_id:\d+}/update', | |||
|
|
57 | user_group_route=True) | |||
|
|
58 | ||||
|
|
59 | config.add_route( | |||
|
|
60 | name='edit_user_group_global_perms', | |||
|
|
61 | pattern='/user_groups/{user_group_id:\d+}/edit/global_permissions', | |||
|
|
62 | user_group_route=True) | |||
|
|
63 | ||||
|
|
64 | config.add_route( | |||
|
|
65 | name='edit_user_group_global_perms_update', | |||
|
|
66 | pattern='/user_groups/{user_group_id:\d+}/edit/global_permissions/update', | |||
|
|
67 | user_group_route=True) | |||
|
|
68 | ||||
|
|
69 | config.add_route( | |||
|
|
70 | name='edit_user_group_perms', | |||
|
|
71 | pattern='/user_groups/{user_group_id:\d+}/edit/permissions', | |||
|
|
72 | user_group_route=True) | |||
|
|
73 | ||||
|
|
74 | config.add_route( | |||
|
|
75 | name='edit_user_group_perms_update', | |||
|
|
76 | pattern='/user_groups/{user_group_id:\d+}/edit/permissions/update', | |||
|
|
77 | user_group_route=True) | |||
|
|
78 | ||||
|
|
79 | config.add_route( | |||
|
|
80 | name='edit_user_group_advanced', | |||
|
|
81 | pattern='/user_groups/{user_group_id:\d+}/edit/advanced', | |||
|
|
82 | user_group_route=True) | |||
|
|
83 | ||||
|
|
84 | config.add_route( | |||
|
|
85 | name='edit_user_group_advanced_sync', | |||
|
|
86 | pattern='/user_groups/{user_group_id:\d+}/edit/advanced/sync', | |||
|
|
87 | user_group_route=True) | |||
|
|
88 | ||||
|
|
89 | # user groups delete | |||
|
|
90 | config.add_route( | |||
|
|
91 | name='user_groups_delete', | |||
|
|
92 | pattern='/user_groups/{user_group_id:\d+}/delete', | |||
|
|
93 | user_group_route=True) | |||
|
|
94 | ||||
|
|
95 | ||||
|
|
96 | def includeme(config): | |||
|
|
97 | # main admin routes | |||
|
|
98 | config.include(admin_routes, route_prefix=ADMIN_PREFIX) | |||
|
|
99 | ||||
|
|
100 | # Scan module for configuration decorators. | |||
|
|
101 | config.scan('.views', ignore='.tests') | |||
| @@ -0,0 +1,19 | |||||
|
|
1 | # -*- coding: utf-8 -*- | |||
|
|
2 | ||||
|
|
3 | # Copyright (C) 2016-2017 RhodeCode GmbH | |||
|
|
4 | # | |||
|
|
5 | # This program is free software: you can redistribute it and/or modify | |||
|
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |||
|
|
7 | # (only), as published by the Free Software Foundation. | |||
|
|
8 | # | |||
|
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
12 | # GNU General Public License for more details. | |||
|
|
13 | # | |||
|
|
14 | # You should have received a copy of the GNU Affero General Public License | |||
|
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
|
|
16 | # | |||
|
|
17 | # This program is dual-licensed. If you wish to learn more about the | |||
|
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |||
|
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/\ | |||
| This diff has been collapsed as it changes many lines, (529 lines changed) Show them Hide them | |||||
| @@ -0,0 +1,529 | |||||
|
|
1 | # -*- coding: utf-8 -*- | |||
|
|
2 | ||||
|
|
3 | # Copyright (C) 2016-2017 RhodeCode GmbH | |||
|
|
4 | # | |||
|
|
5 | # This program is free software: you can redistribute it and/or modify | |||
|
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |||
|
|
7 | # (only), as published by the Free Software Foundation. | |||
|
|
8 | # | |||
|
|
9 | # This program is distributed in the hope that it will be useful, | |||
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
|
|
12 | # GNU General Public License for more details. | |||
|
|
13 | # | |||
|
|
14 | # You should have received a copy of the GNU Affero General Public License | |||
|
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
|
|
16 | # | |||
|
|
17 | # This program is dual-licensed. If you wish to learn more about the | |||
|
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |||
|
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |||
|
|
20 | ||||
|
|
21 | import logging | |||
|
|
22 | ||||
|
|
23 | import peppercorn | |||
|
|
24 | import formencode | |||
|
|
25 | import formencode.htmlfill | |||
|
|
26 | from pyramid.httpexceptions import HTTPFound | |||
|
|
27 | from pyramid.view import view_config | |||
|
|
28 | from pyramid.response import Response | |||
|
|
29 | from pyramid.renderers import render | |||
|
|
30 | ||||
|
|
31 | from rhodecode.lib.exceptions import ( | |||
|
|
32 | RepoGroupAssignmentError, UserGroupAssignedException) | |||
|
|
33 | from rhodecode.model.forms import ( | |||
|
|
34 | UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm, | |||
|
|
35 | UserPermissionsForm) | |||
|
|
36 | from rhodecode.model.permission import PermissionModel | |||
|
|
37 | ||||
|
|
38 | from rhodecode.apps._base import UserGroupAppView | |||
|
|
39 | from rhodecode.lib.auth import ( | |||
|
|
40 | LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired) | |||
|
|
41 | from rhodecode.lib import helpers as h, audit_logger | |||
|
|
42 | from rhodecode.lib.utils2 import str2bool | |||
|
|
43 | from rhodecode.model.db import ( | |||
|
|
44 | joinedload, User, UserGroupRepoToPerm, UserGroupRepoGroupToPerm) | |||
|
|
45 | from rhodecode.model.meta import Session | |||
|
|
46 | from rhodecode.model.user_group import UserGroupModel | |||
|
|
47 | ||||
|
|
48 | log = logging.getLogger(__name__) | |||
|
|
49 | ||||
|
|
50 | ||||
|
|
51 | class UserGroupsView(UserGroupAppView): | |||
|
|
52 | ||||
|
|
53 | def load_default_context(self): | |||
|
|
54 | c = self._get_local_tmpl_context() | |||
|
|
55 | ||||
|
|
56 | PermissionModel().set_global_permission_choices( | |||
|
|
57 | c, gettext_translator=self.request.translate) | |||
|
|
58 | ||||
|
|
59 | self._register_global_c(c) | |||
|
|
60 | return c | |||
|
|
61 | ||||
|
|
62 | def _get_perms_summary(self, user_group_id): | |||
|
|
63 | permissions = { | |||
|
|
64 | 'repositories': {}, | |||
|
|
65 | 'repositories_groups': {}, | |||
|
|
66 | } | |||
|
|
67 | ugroup_repo_perms = UserGroupRepoToPerm.query()\ | |||
|
|
68 | .options(joinedload(UserGroupRepoToPerm.permission))\ | |||
|
|
69 | .options(joinedload(UserGroupRepoToPerm.repository))\ | |||
|
|
70 | .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\ | |||
|
|
71 | .all() | |||
|
|
72 | ||||
|
|
73 | for gr in ugroup_repo_perms: | |||
|
|
74 | permissions['repositories'][gr.repository.repo_name] \ | |||
|
|
75 | = gr.permission.permission_name | |||
|
|
76 | ||||
|
|
77 | ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ | |||
|
|
78 | .options(joinedload(UserGroupRepoGroupToPerm.permission))\ | |||
|
|
79 | .options(joinedload(UserGroupRepoGroupToPerm.group))\ | |||
|
|
80 | .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\ | |||
|
|
81 | .all() | |||
|
|
82 | ||||
|
|
83 | for gr in ugroup_group_perms: | |||
|
|
84 | permissions['repositories_groups'][gr.group.group_name] \ | |||
|
|
85 | = gr.permission.permission_name | |||
|
|
86 | return permissions | |||
|
|
87 | ||||
|
|
88 | @LoginRequired() | |||
|
|
89 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
90 | @view_config( | |||
|
|
91 | route_name='user_group_members_data', request_method='GET', | |||
|
|
92 | renderer='json_ext', xhr=True) | |||
|
|
93 | def user_group_members(self): | |||
|
|
94 | """ | |||
|
|
95 | Return members of given user group | |||
|
|
96 | """ | |||
|
|
97 | user_group = self.db_user_group | |||
|
|
98 | group_members_obj = sorted((x.user for x in user_group.members), | |||
|
|
99 | key=lambda u: u.username.lower()) | |||
|
|
100 | ||||
|
|
101 | group_members = [ | |||
|
|
102 | { | |||
|
|
103 | 'id': user.user_id, | |||
|
|
104 | 'first_name': user.first_name, | |||
|
|
105 | 'last_name': user.last_name, | |||
|
|
106 | 'username': user.username, | |||
|
|
107 | 'icon_link': h.gravatar_url(user.email, 30), | |||
|
|
108 | 'value_display': h.person(user.email), | |||
|
|
109 | 'value': user.username, | |||
|
|
110 | 'value_type': 'user', | |||
|
|
111 | 'active': user.active, | |||
|
|
112 | } | |||
|
|
113 | for user in group_members_obj | |||
|
|
114 | ] | |||
|
|
115 | ||||
|
|
116 | return { | |||
|
|
117 | 'members': group_members | |||
|
|
118 | } | |||
|
|
119 | ||||
|
|
120 | @LoginRequired() | |||
|
|
121 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
122 | @view_config( | |||
|
|
123 | route_name='edit_user_group_perms_summary', request_method='GET', | |||
|
|
124 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
125 | def user_group_perms_summary(self): | |||
|
|
126 | c = self.load_default_context() | |||
|
|
127 | c.user_group = self.db_user_group | |||
|
|
128 | c.active = 'perms_summary' | |||
|
|
129 | c.permissions = self._get_perms_summary(c.user_group.users_group_id) | |||
|
|
130 | return self._get_template_context(c) | |||
|
|
131 | ||||
|
|
132 | @LoginRequired() | |||
|
|
133 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
134 | @view_config( | |||
|
|
135 | route_name='edit_user_group_perms_summary_json', request_method='GET', | |||
|
|
136 | renderer='json_ext') | |||
|
|
137 | def user_group_perms_summary_json(self): | |||
|
|
138 | self.load_default_context() | |||
|
|
139 | user_group = self.db_user_group | |||
|
|
140 | return self._get_perms_summary(user_group.users_group_id) | |||
|
|
141 | ||||
|
|
142 | def _revoke_perms_on_yourself(self, form_result): | |||
|
|
143 | _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), | |||
|
|
144 | form_result['perm_updates']) | |||
|
|
145 | _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), | |||
|
|
146 | form_result['perm_additions']) | |||
|
|
147 | _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), | |||
|
|
148 | form_result['perm_deletions']) | |||
|
|
149 | admin_perm = 'usergroup.admin' | |||
|
|
150 | if _updates and _updates[0][1] != admin_perm or \ | |||
|
|
151 | _additions and _additions[0][1] != admin_perm or \ | |||
|
|
152 | _deletions and _deletions[0][1] != admin_perm: | |||
|
|
153 | return True | |||
|
|
154 | return False | |||
|
|
155 | ||||
|
|
156 | @LoginRequired() | |||
|
|
157 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
158 | @CSRFRequired() | |||
|
|
159 | @view_config( | |||
|
|
160 | route_name='user_groups_update', request_method='POST', | |||
|
|
161 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
162 | def user_group_update(self): | |||
|
|
163 | _ = self.request.translate | |||
|
|
164 | ||||
|
|
165 | user_group = self.db_user_group | |||
|
|
166 | user_group_id = user_group.users_group_id | |||
|
|
167 | ||||
|
|
168 | c = self.load_default_context() | |||
|
|
169 | c.user_group = user_group | |||
|
|
170 | c.group_members_obj = [x.user for x in c.user_group.members] | |||
|
|
171 | c.group_members_obj.sort(key=lambda u: u.username.lower()) | |||
|
|
172 | c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] | |||
|
|
173 | c.active = 'settings' | |||
|
|
174 | ||||
|
|
175 | users_group_form = UserGroupForm( | |||
|
|
176 | edit=True, old_data=c.user_group.get_dict(), allow_disabled=True)() | |||
|
|
177 | ||||
|
|
178 | old_values = c.user_group.get_api_data() | |||
|
|
179 | user_group_name = self.request.POST.get('users_group_name') | |||
|
|
180 | try: | |||
|
|
181 | form_result = users_group_form.to_python(self.request.POST) | |||
|
|
182 | pstruct = peppercorn.parse(self.request.POST.items()) | |||
|
|
183 | form_result['users_group_members'] = pstruct['user_group_members'] | |||
|
|
184 | ||||
|
|
185 | user_group, added_members, removed_members = \ | |||
|
|
186 | UserGroupModel().update(c.user_group, form_result) | |||
|
|
187 | updated_user_group = form_result['users_group_name'] | |||
|
|
188 | ||||
|
|
189 | audit_logger.store_web( | |||
|
|
190 | 'user_group.edit', action_data={'old_data': old_values}, | |||
|
|
191 | user=self._rhodecode_user) | |||
|
|
192 | ||||
|
|
193 | # TODO(marcink): use added/removed to set user_group.edit.member.add | |||
|
|
194 | ||||
|
|
195 | h.flash(_('Updated user group %s') % updated_user_group, | |||
|
|
196 | category='success') | |||
|
|
197 | Session().commit() | |||
|
|
198 | except formencode.Invalid as errors: | |||
|
|
199 | defaults = errors.value | |||
|
|
200 | e = errors.error_dict or {} | |||
|
|
201 | ||||
|
|
202 | data = render( | |||
|
|
203 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |||
|
|
204 | self._get_template_context(c), self.request) | |||
|
|
205 | html = formencode.htmlfill.render( | |||
|
|
206 | data, | |||
|
|
207 | defaults=defaults, | |||
|
|
208 | errors=e, | |||
|
|
209 | prefix_error=False, | |||
|
|
210 | encoding="UTF-8", | |||
|
|
211 | force_defaults=False | |||
|
|
212 | ) | |||
|
|
213 | return Response(html) | |||
|
|
214 | ||||
|
|
215 | except Exception: | |||
|
|
216 | log.exception("Exception during update of user group") | |||
|
|
217 | h.flash(_('Error occurred during update of user group %s') | |||
|
|
218 | % user_group_name, category='error') | |||
|
|
219 | ||||
|
|
220 | raise HTTPFound( | |||
|
|
221 | h.route_path('edit_user_group', user_group_id=user_group_id)) | |||
|
|
222 | ||||
|
|
223 | @LoginRequired() | |||
|
|
224 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
225 | @CSRFRequired() | |||
|
|
226 | @view_config( | |||
|
|
227 | route_name='user_groups_delete', request_method='POST', | |||
|
|
228 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
229 | def user_group_delete(self): | |||
|
|
230 | _ = self.request.translate | |||
|
|
231 | user_group = self.db_user_group | |||
|
|
232 | ||||
|
|
233 | self.load_default_context() | |||
|
|
234 | force = str2bool(self.request.POST.get('force')) | |||
|
|
235 | ||||
|
|
236 | old_values = user_group.get_api_data() | |||
|
|
237 | try: | |||
|
|
238 | UserGroupModel().delete(user_group, force=force) | |||
|
|
239 | audit_logger.store_web( | |||
|
|
240 | 'user.delete', action_data={'old_data': old_values}, | |||
|
|
241 | user=self._rhodecode_user) | |||
|
|
242 | Session().commit() | |||
|
|
243 | h.flash(_('Successfully deleted user group'), category='success') | |||
|
|
244 | except UserGroupAssignedException as e: | |||
|
|
245 | h.flash(str(e), category='error') | |||
|
|
246 | except Exception: | |||
|
|
247 | log.exception("Exception during deletion of user group") | |||
|
|
248 | h.flash(_('An error occurred during deletion of user group'), | |||
|
|
249 | category='error') | |||
|
|
250 | raise HTTPFound(h.route_path('user_groups')) | |||
|
|
251 | ||||
|
|
252 | @LoginRequired() | |||
|
|
253 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
254 | @view_config( | |||
|
|
255 | route_name='edit_user_group', request_method='GET', | |||
|
|
256 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
257 | def user_group_edit(self): | |||
|
|
258 | user_group = self.db_user_group | |||
|
|
259 | ||||
|
|
260 | c = self.load_default_context() | |||
|
|
261 | c.user_group = user_group | |||
|
|
262 | c.group_members_obj = [x.user for x in c.user_group.members] | |||
|
|
263 | c.group_members_obj.sort(key=lambda u: u.username.lower()) | |||
|
|
264 | c.group_members = [(x.user_id, x.username) for x in c.group_members_obj] | |||
|
|
265 | ||||
|
|
266 | c.active = 'settings' | |||
|
|
267 | ||||
|
|
268 | defaults = user_group.get_dict() | |||
|
|
269 | # fill owner | |||
|
|
270 | if user_group.user: | |||
|
|
271 | defaults.update({'user': user_group.user.username}) | |||
|
|
272 | else: | |||
|
|
273 | replacement_user = User.get_first_super_admin().username | |||
|
|
274 | defaults.update({'user': replacement_user}) | |||
|
|
275 | ||||
|
|
276 | data = render( | |||
|
|
277 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |||
|
|
278 | self._get_template_context(c), self.request) | |||
|
|
279 | html = formencode.htmlfill.render( | |||
|
|
280 | data, | |||
|
|
281 | defaults=defaults, | |||
|
|
282 | encoding="UTF-8", | |||
|
|
283 | force_defaults=False | |||
|
|
284 | ) | |||
|
|
285 | return Response(html) | |||
|
|
286 | ||||
|
|
287 | @LoginRequired() | |||
|
|
288 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
289 | @view_config( | |||
|
|
290 | route_name='edit_user_group_perms', request_method='GET', | |||
|
|
291 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
292 | def user_group_edit_perms(self): | |||
|
|
293 | user_group = self.db_user_group | |||
|
|
294 | c = self.load_default_context() | |||
|
|
295 | c.user_group = user_group | |||
|
|
296 | c.active = 'perms' | |||
|
|
297 | ||||
|
|
298 | defaults = {} | |||
|
|
299 | # fill user group users | |||
|
|
300 | for p in c.user_group.user_user_group_to_perm: | |||
|
|
301 | defaults.update({'u_perm_%s' % p.user.user_id: | |||
|
|
302 | p.permission.permission_name}) | |||
|
|
303 | ||||
|
|
304 | for p in c.user_group.user_group_user_group_to_perm: | |||
|
|
305 | defaults.update({'g_perm_%s' % p.user_group.users_group_id: | |||
|
|
306 | p.permission.permission_name}) | |||
|
|
307 | ||||
|
|
308 | data = render( | |||
|
|
309 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |||
|
|
310 | self._get_template_context(c), self.request) | |||
|
|
311 | html = formencode.htmlfill.render( | |||
|
|
312 | data, | |||
|
|
313 | defaults=defaults, | |||
|
|
314 | encoding="UTF-8", | |||
|
|
315 | force_defaults=False | |||
|
|
316 | ) | |||
|
|
317 | return Response(html) | |||
|
|
318 | ||||
|
|
319 | @LoginRequired() | |||
|
|
320 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
321 | @CSRFRequired() | |||
|
|
322 | @view_config( | |||
|
|
323 | route_name='edit_user_group_perms_update', request_method='POST', | |||
|
|
324 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
325 | def user_group_update_perms(self): | |||
|
|
326 | """ | |||
|
|
327 | grant permission for given user group | |||
|
|
328 | """ | |||
|
|
329 | _ = self.request.translate | |||
|
|
330 | ||||
|
|
331 | user_group = self.db_user_group | |||
|
|
332 | user_group_id = user_group.users_group_id | |||
|
|
333 | c = self.load_default_context() | |||
|
|
334 | c.user_group = user_group | |||
|
|
335 | form = UserGroupPermsForm()().to_python(self.request.POST) | |||
|
|
336 | ||||
|
|
337 | if not self._rhodecode_user.is_admin: | |||
|
|
338 | if self._revoke_perms_on_yourself(form): | |||
|
|
339 | msg = _('Cannot change permission for yourself as admin') | |||
|
|
340 | h.flash(msg, category='warning') | |||
|
|
341 | raise HTTPFound( | |||
|
|
342 | h.route_path('edit_user_group_perms', | |||
|
|
343 | user_group_id=user_group_id)) | |||
|
|
344 | ||||
|
|
345 | try: | |||
|
|
346 | changes = UserGroupModel().update_permissions( | |||
|
|
347 | user_group_id, | |||
|
|
348 | form['perm_additions'], form['perm_updates'], | |||
|
|
349 | form['perm_deletions']) | |||
|
|
350 | ||||
|
|
351 | except RepoGroupAssignmentError: | |||
|
|
352 | h.flash(_('Target group cannot be the same'), category='error') | |||
|
|
353 | raise HTTPFound( | |||
|
|
354 | h.route_path('edit_user_group_perms', | |||
|
|
355 | user_group_id=user_group_id)) | |||
|
|
356 | ||||
|
|
357 | action_data = { | |||
|
|
358 | 'added': changes['added'], | |||
|
|
359 | 'updated': changes['updated'], | |||
|
|
360 | 'deleted': changes['deleted'], | |||
|
|
361 | } | |||
|
|
362 | audit_logger.store_web( | |||
|
|
363 | 'user_group.edit.permissions', action_data=action_data, | |||
|
|
364 | user=self._rhodecode_user) | |||
|
|
365 | ||||
|
|
366 | Session().commit() | |||
|
|
367 | h.flash(_('User Group permissions updated'), category='success') | |||
|
|
368 | raise HTTPFound( | |||
|
|
369 | h.route_path('edit_user_group_perms', user_group_id=user_group_id)) | |||
|
|
370 | ||||
|
|
371 | @LoginRequired() | |||
|
|
372 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
373 | @view_config( | |||
|
|
374 | route_name='edit_user_group_global_perms', request_method='GET', | |||
|
|
375 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
376 | def user_group_global_perms_edit(self): | |||
|
|
377 | user_group = self.db_user_group | |||
|
|
378 | c = self.load_default_context() | |||
|
|
379 | c.user_group = user_group | |||
|
|
380 | c.active = 'global_perms' | |||
|
|
381 | ||||
|
|
382 | c.default_user = User.get_default_user() | |||
|
|
383 | defaults = c.user_group.get_dict() | |||
|
|
384 | defaults.update(c.default_user.get_default_perms(suffix='_inherited')) | |||
|
|
385 | defaults.update(c.user_group.get_default_perms()) | |||
|
|
386 | ||||
|
|
387 | data = render( | |||
|
|
388 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |||
|
|
389 | self._get_template_context(c), self.request) | |||
|
|
390 | html = formencode.htmlfill.render( | |||
|
|
391 | data, | |||
|
|
392 | defaults=defaults, | |||
|
|
393 | encoding="UTF-8", | |||
|
|
394 | force_defaults=False | |||
|
|
395 | ) | |||
|
|
396 | return Response(html) | |||
|
|
397 | ||||
|
|
398 | @LoginRequired() | |||
|
|
399 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
400 | @CSRFRequired() | |||
|
|
401 | @view_config( | |||
|
|
402 | route_name='edit_user_group_global_perms_update', request_method='POST', | |||
|
|
403 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
404 | def user_group_global_perms_update(self): | |||
|
|
405 | _ = self.request.translate | |||
|
|
406 | user_group = self.db_user_group | |||
|
|
407 | user_group_id = self.db_user_group.users_group_id | |||
|
|
408 | ||||
|
|
409 | c = self.load_default_context() | |||
|
|
410 | c.user_group = user_group | |||
|
|
411 | c.active = 'global_perms' | |||
|
|
412 | ||||
|
|
413 | try: | |||
|
|
414 | # first stage that verifies the checkbox | |||
|
|
415 | _form = UserIndividualPermissionsForm() | |||
|
|
416 | form_result = _form.to_python(dict(self.request.POST)) | |||
|
|
417 | inherit_perms = form_result['inherit_default_permissions'] | |||
|
|
418 | user_group.inherit_default_permissions = inherit_perms | |||
|
|
419 | Session().add(user_group) | |||
|
|
420 | ||||
|
|
421 | if not inherit_perms: | |||
|
|
422 | # only update the individual ones if we un check the flag | |||
|
|
423 | _form = UserPermissionsForm( | |||
|
|
424 | [x[0] for x in c.repo_create_choices], | |||
|
|
425 | [x[0] for x in c.repo_create_on_write_choices], | |||
|
|
426 | [x[0] for x in c.repo_group_create_choices], | |||
|
|
427 | [x[0] for x in c.user_group_create_choices], | |||
|
|
428 | [x[0] for x in c.fork_choices], | |||
|
|
429 | [x[0] for x in c.inherit_default_permission_choices])() | |||
|
|
430 | ||||
|
|
431 | form_result = _form.to_python(dict(self.request.POST)) | |||
|
|
432 | form_result.update( | |||
|
|
433 | {'perm_user_group_id': user_group.users_group_id}) | |||
|
|
434 | ||||
|
|
435 | PermissionModel().update_user_group_permissions(form_result) | |||
|
|
436 | ||||
|
|
437 | Session().commit() | |||
|
|
438 | h.flash(_('User Group global permissions updated successfully'), | |||
|
|
439 | category='success') | |||
|
|
440 | ||||
|
|
441 | except formencode.Invalid as errors: | |||
|
|
442 | defaults = errors.value | |||
|
|
443 | ||||
|
|
444 | data = render( | |||
|
|
445 | 'rhodecode:templates/admin/user_groups/user_group_edit.mako', | |||
|
|
446 | self._get_template_context(c), self.request) | |||
|
|
447 | html = formencode.htmlfill.render( | |||
|
|
448 | data, | |||
|
|
449 | defaults=defaults, | |||
|
|
450 | errors=errors.error_dict or {}, | |||
|
|
451 | prefix_error=False, | |||
|
|
452 | encoding="UTF-8", | |||
|
|
453 | force_defaults=False | |||
|
|
454 | ) | |||
|
|
455 | return Response(html) | |||
|
|
456 | except Exception: | |||
|
|
457 | log.exception("Exception during permissions saving") | |||
|
|
458 | h.flash(_('An error occurred during permissions saving'), | |||
|
|
459 | category='error') | |||
|
|
460 | ||||
|
|
461 | raise HTTPFound( | |||
|
|
462 | h.route_path('edit_user_group_global_perms', | |||
|
|
463 | user_group_id=user_group_id)) | |||
|
|
464 | ||||
|
|
465 | @LoginRequired() | |||
|
|
466 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
467 | @view_config( | |||
|
|
468 | route_name='edit_user_group_advanced', request_method='GET', | |||
|
|
469 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
470 | def user_group_edit_advanced(self): | |||
|
|
471 | user_group = self.db_user_group | |||
|
|
472 | ||||
|
|
473 | c = self.load_default_context() | |||
|
|
474 | c.user_group = user_group | |||
|
|
475 | c.active = 'advanced' | |||
|
|
476 | c.group_members_obj = sorted( | |||
|
|
477 | (x.user for x in c.user_group.members), | |||
|
|
478 | key=lambda u: u.username.lower()) | |||
|
|
479 | ||||
|
|
480 | c.group_to_repos = sorted( | |||
|
|
481 | (x.repository for x in c.user_group.users_group_repo_to_perm), | |||
|
|
482 | key=lambda u: u.repo_name.lower()) | |||
|
|
483 | ||||
|
|
484 | c.group_to_repo_groups = sorted( | |||
|
|
485 | (x.group for x in c.user_group.users_group_repo_group_to_perm), | |||
|
|
486 | key=lambda u: u.group_name.lower()) | |||
|
|
487 | ||||
|
|
488 | c.group_to_review_rules = sorted( | |||
|
|
489 | (x.users_group for x in c.user_group.user_group_review_rules), | |||
|
|
490 | key=lambda u: u.users_group_name.lower()) | |||
|
|
491 | ||||
|
|
492 | return self._get_template_context(c) | |||
|
|
493 | ||||
|
|
494 | @LoginRequired() | |||
|
|
495 | @HasUserGroupPermissionAnyDecorator('usergroup.admin') | |||
|
|
496 | @CSRFRequired() | |||
|
|
497 | @view_config( | |||
|
|
498 | route_name='edit_user_group_advanced_sync', request_method='POST', | |||
|
|
499 | renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako') | |||
|
|
500 | def user_group_edit_advanced_set_synchronization(self): | |||
|
|
501 | _ = self.request.translate | |||
|
|
502 | user_group = self.db_user_group | |||
|
|
503 | user_group_id = user_group.users_group_id | |||
|
|
504 | ||||
|
|
505 | existing = user_group.group_data.get('extern_type') | |||
|
|
506 | ||||
|
|
507 | if existing: | |||
|
|
508 | new_state = user_group.group_data | |||
|
|
509 | new_state['extern_type'] = None | |||
|
|
510 | else: | |||
|
|
511 | new_state = user_group.group_data | |||
|
|
512 | new_state['extern_type'] = 'manual' | |||
|
|
513 | new_state['extern_type_set_by'] = self._rhodecode_user.username | |||
|
|
514 | ||||
|
|
515 | try: | |||
|
|
516 | user_group.group_data = new_state | |||
|
|
517 | Session().add(user_group) | |||
|
|
518 | Session().commit() | |||
|
|
519 | ||||
|
|
520 | h.flash(_('User Group synchronization updated successfully'), | |||
|
|
521 | category='success') | |||
|
|
522 | except Exception: | |||
|
|
523 | log.exception("Exception during sync settings saving") | |||
|
|
524 | h.flash(_('An error occurred during synchronization update'), | |||
|
|
525 | category='error') | |||
|
|
526 | ||||
|
|
527 | raise HTTPFound( | |||
|
|
528 | h.route_path('edit_user_group_advanced', | |||
|
|
529 | user_group_id=user_group_id)) | |||
| @@ -29,6 +29,7 from rhodecode.lib.utils2 import StrictA | |||||
| 29 | from rhodecode.lib.vcs.exceptions import RepositoryRequirementError |
|
29 | from rhodecode.lib.vcs.exceptions import RepositoryRequirementError | |
| 30 | from rhodecode.model import repo |
|
30 | from rhodecode.model import repo | |
| 31 | from rhodecode.model import repo_group |
|
31 | from rhodecode.model import repo_group | |
|
|
32 | from rhodecode.model import user_group | |||
| 32 | from rhodecode.model.db import User |
|
33 | from rhodecode.model.db import User | |
| 33 | from rhodecode.model.scm import ScmModel |
|
34 | from rhodecode.model.scm import ScmModel | |
| 34 |
|
35 | |||
| @@ -259,6 +260,13 class RepoGroupAppView(BaseAppView): | |||||
| 259 | self.db_repo_group_name = self.db_repo_group.group_name |
|
260 | self.db_repo_group_name = self.db_repo_group.group_name | |
| 260 |
|
261 | |||
| 261 |
|
262 | |||
|
|
263 | class UserGroupAppView(BaseAppView): | |||
|
|
264 | def __init__(self, context, request): | |||
|
|
265 | super(UserGroupAppView, self).__init__(context, request) | |||
|
|
266 | self.db_user_group = request.db_user_group | |||
|
|
267 | self.db_user_group_name = self.db_user_group.users_group_name | |||
|
|
268 | ||||
|
|
269 | ||||
| 262 | class DataGridAppView(object): |
|
270 | class DataGridAppView(object): | |
| 263 | """ |
|
271 | """ | |
| 264 | Common class to have re-usable grid rendering components |
|
272 | Common class to have re-usable grid rendering components | |
| @@ -462,6 +470,33 class RepoGroupRoutePredicate(object): | |||||
| 462 | return False |
|
470 | return False | |
| 463 |
|
471 | |||
| 464 |
|
472 | |||
|
|
473 | class UserGroupRoutePredicate(object): | |||
|
|
474 | def __init__(self, val, config): | |||
|
|
475 | self.val = val | |||
|
|
476 | ||||
|
|
477 | def text(self): | |||
|
|
478 | return 'user_group_route = %s' % self.val | |||
|
|
479 | ||||
|
|
480 | phash = text | |||
|
|
481 | ||||
|
|
482 | def __call__(self, info, request): | |||
|
|
483 | if hasattr(request, 'vcs_call'): | |||
|
|
484 | # skip vcs calls | |||
|
|
485 | return | |||
|
|
486 | ||||
|
|
487 | user_group_id = info['match']['user_group_id'] | |||
|
|
488 | user_group_model = user_group.UserGroup() | |||
|
|
489 | by_name_match = user_group_model.get( | |||
|
|
490 | user_group_id, cache=True) | |||
|
|
491 | ||||
|
|
492 | if by_name_match: | |||
|
|
493 | # register this as request object we can re-use later | |||
|
|
494 | request.db_user_group = by_name_match | |||
|
|
495 | return True | |||
|
|
496 | ||||
|
|
497 | return False | |||
|
|
498 | ||||
|
|
499 | ||||
| 465 | def includeme(config): |
|
500 | def includeme(config): | |
| 466 | config.add_route_predicate( |
|
501 | config.add_route_predicate( | |
| 467 | 'repo_route', RepoRoutePredicate) |
|
502 | 'repo_route', RepoRoutePredicate) | |
| @@ -469,3 +504,5 def includeme(config): | |||||
| 469 | 'repo_accepted_types', RepoTypeRoutePredicate) |
|
504 | 'repo_accepted_types', RepoTypeRoutePredicate) | |
| 470 | config.add_route_predicate( |
|
505 | config.add_route_predicate( | |
| 471 | 'repo_group_route', RepoGroupRoutePredicate) |
|
506 | 'repo_group_route', RepoGroupRoutePredicate) | |
|
|
507 | config.add_route_predicate( | |||
|
|
508 | 'user_group_route', UserGroupRoutePredicate) | |||
| @@ -180,7 +180,7 def admin_routes(config): | |||||
| 180 | name='edit_user_perms_summary_json', |
|
180 | name='edit_user_perms_summary_json', | |
| 181 | pattern='/users/{user_id:\d+}/edit/permissions_summary/json') |
|
181 | pattern='/users/{user_id:\d+}/edit/permissions_summary/json') | |
| 182 |
|
182 | |||
| 183 | # user groups management |
|
183 | # user user groups management | |
| 184 | config.add_route( |
|
184 | config.add_route( | |
| 185 | name='edit_user_groups_management', |
|
185 | name='edit_user_groups_management', | |
| 186 | pattern='/users/{user_id:\d+}/edit/groups_management') |
|
186 | pattern='/users/{user_id:\d+}/edit/groups_management') | |
| @@ -194,7 +194,7 def admin_routes(config): | |||||
| 194 | name='edit_user_audit_logs', |
|
194 | name='edit_user_audit_logs', | |
| 195 | pattern='/users/{user_id:\d+}/edit/audit') |
|
195 | pattern='/users/{user_id:\d+}/edit/audit') | |
| 196 |
|
196 | |||
| 197 |
# user |
|
197 | # user-groups admin | |
| 198 | config.add_route( |
|
198 | config.add_route( | |
| 199 | name='user_groups', |
|
199 | name='user_groups', | |
| 200 | pattern='/user_groups') |
|
200 | pattern='/user_groups') | |
| @@ -204,16 +204,12 def admin_routes(config): | |||||
| 204 | pattern='/user_groups_data') |
|
204 | pattern='/user_groups_data') | |
| 205 |
|
205 | |||
| 206 | config.add_route( |
|
206 | config.add_route( | |
| 207 |
name='user_group |
|
207 | name='user_groups_new', | |
| 208 |
pattern='/user_groups/ |
|
208 | pattern='/user_groups/new') | |
| 209 |
|
209 | |||
| 210 | # user groups perms |
|
|||
| 211 | config.add_route( |
|
210 | config.add_route( | |
| 212 |
name=' |
|
211 | name='user_groups_create', | |
| 213 | pattern='/user_groups/{user_group_id:\d+}/edit/permissions_summary') |
|
212 | pattern='/user_groups/create') | |
| 214 | config.add_route( |
|
|||
| 215 | name='edit_user_group_perms_summary_json', |
|
|||
| 216 | pattern='/user_groups/{user_group_id:\d+}/edit/permissions_summary/json') |
|
|||
| 217 |
|
213 | |||
| 218 | # repos admin |
|
214 | # repos admin | |
| 219 | config.add_route( |
|
215 | config.add_route( | |
| @@ -38,6 +38,9 def route_path(name, params=None, **kwar | |||||
| 38 | 'user_groups': ADMIN_PREFIX + '/user_groups', |
|
38 | 'user_groups': ADMIN_PREFIX + '/user_groups', | |
| 39 | 'user_groups_data': ADMIN_PREFIX + '/user_groups_data', |
|
39 | 'user_groups_data': ADMIN_PREFIX + '/user_groups_data', | |
| 40 | 'user_group_members_data': ADMIN_PREFIX + '/user_groups/{user_group_id}/members', |
|
40 | 'user_group_members_data': ADMIN_PREFIX + '/user_groups/{user_group_id}/members', | |