##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
feed-token, user, performance: lazy load the feed_token. We only need it for...
marcink -
r2424:76f7c7cb default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,2187 +1,2190 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 authentication and permission libraries
22 authentication and permission libraries
23 """
23 """
24
24
25 import os
25 import os
26 import inspect
26 import inspect
27 import collections
27 import collections
28 import fnmatch
28 import fnmatch
29 import hashlib
29 import hashlib
30 import itertools
30 import itertools
31 import logging
31 import logging
32 import random
32 import random
33 import traceback
33 import traceback
34 from functools import wraps
34 from functools import wraps
35
35
36 import ipaddress
36 import ipaddress
37
37
38 from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
38 from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
39 from sqlalchemy.orm.exc import ObjectDeletedError
39 from sqlalchemy.orm.exc import ObjectDeletedError
40 from sqlalchemy.orm import joinedload
40 from sqlalchemy.orm import joinedload
41 from zope.cachedescriptors.property import Lazy as LazyProperty
41 from zope.cachedescriptors.property import Lazy as LazyProperty
42
42
43 import rhodecode
43 import rhodecode
44 from rhodecode.model import meta
44 from rhodecode.model import meta
45 from rhodecode.model.meta import Session
45 from rhodecode.model.meta import Session
46 from rhodecode.model.user import UserModel
46 from rhodecode.model.user import UserModel
47 from rhodecode.model.db import (
47 from rhodecode.model.db import (
48 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
48 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
49 UserIpMap, UserApiKeys, RepoGroup, UserGroup)
49 UserIpMap, UserApiKeys, RepoGroup, UserGroup)
50 from rhodecode.lib import caches
50 from rhodecode.lib import caches
51 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
51 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
52 from rhodecode.lib.utils import (
52 from rhodecode.lib.utils import (
53 get_repo_slug, get_repo_group_slug, get_user_group_slug)
53 get_repo_slug, get_repo_group_slug, get_user_group_slug)
54 from rhodecode.lib.caching_query import FromCache
54 from rhodecode.lib.caching_query import FromCache
55
55
56
56
57 if rhodecode.is_unix:
57 if rhodecode.is_unix:
58 import bcrypt
58 import bcrypt
59
59
60 log = logging.getLogger(__name__)
60 log = logging.getLogger(__name__)
61
61
62 csrf_token_key = "csrf_token"
62 csrf_token_key = "csrf_token"
63
63
64
64
65 class PasswordGenerator(object):
65 class PasswordGenerator(object):
66 """
66 """
67 This is a simple class for generating password from different sets of
67 This is a simple class for generating password from different sets of
68 characters
68 characters
69 usage::
69 usage::
70
70
71 passwd_gen = PasswordGenerator()
71 passwd_gen = PasswordGenerator()
72 #print 8-letter password containing only big and small letters
72 #print 8-letter password containing only big and small letters
73 of alphabet
73 of alphabet
74 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
74 passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
75 """
75 """
76 ALPHABETS_NUM = r'''1234567890'''
76 ALPHABETS_NUM = r'''1234567890'''
77 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
77 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
78 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
78 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
79 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
79 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
80 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
80 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
81 + ALPHABETS_NUM + ALPHABETS_SPECIAL
81 + ALPHABETS_NUM + ALPHABETS_SPECIAL
82 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
82 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
83 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
83 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
84 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
84 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
85 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
85 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
86
86
87 def __init__(self, passwd=''):
87 def __init__(self, passwd=''):
88 self.passwd = passwd
88 self.passwd = passwd
89
89
90 def gen_password(self, length, type_=None):
90 def gen_password(self, length, type_=None):
91 if type_ is None:
91 if type_ is None:
92 type_ = self.ALPHABETS_FULL
92 type_ = self.ALPHABETS_FULL
93 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
93 self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
94 return self.passwd
94 return self.passwd
95
95
96
96
97 class _RhodeCodeCryptoBase(object):
97 class _RhodeCodeCryptoBase(object):
98 ENC_PREF = None
98 ENC_PREF = None
99
99
100 def hash_create(self, str_):
100 def hash_create(self, str_):
101 """
101 """
102 hash the string using
102 hash the string using
103
103
104 :param str_: password to hash
104 :param str_: password to hash
105 """
105 """
106 raise NotImplementedError
106 raise NotImplementedError
107
107
108 def hash_check_with_upgrade(self, password, hashed):
108 def hash_check_with_upgrade(self, password, hashed):
109 """
109 """
110 Returns tuple in which first element is boolean that states that
110 Returns tuple in which first element is boolean that states that
111 given password matches it's hashed version, and the second is new hash
111 given password matches it's hashed version, and the second is new hash
112 of the password, in case this password should be migrated to new
112 of the password, in case this password should be migrated to new
113 cipher.
113 cipher.
114 """
114 """
115 checked_hash = self.hash_check(password, hashed)
115 checked_hash = self.hash_check(password, hashed)
116 return checked_hash, None
116 return checked_hash, None
117
117
118 def hash_check(self, password, hashed):
118 def hash_check(self, password, hashed):
119 """
119 """
120 Checks matching password with it's hashed value.
120 Checks matching password with it's hashed value.
121
121
122 :param password: password
122 :param password: password
123 :param hashed: password in hashed form
123 :param hashed: password in hashed form
124 """
124 """
125 raise NotImplementedError
125 raise NotImplementedError
126
126
127 def _assert_bytes(self, value):
127 def _assert_bytes(self, value):
128 """
128 """
129 Passing in an `unicode` object can lead to hard to detect issues
129 Passing in an `unicode` object can lead to hard to detect issues
130 if passwords contain non-ascii characters. Doing a type check
130 if passwords contain non-ascii characters. Doing a type check
131 during runtime, so that such mistakes are detected early on.
131 during runtime, so that such mistakes are detected early on.
132 """
132 """
133 if not isinstance(value, str):
133 if not isinstance(value, str):
134 raise TypeError(
134 raise TypeError(
135 "Bytestring required as input, got %r." % (value, ))
135 "Bytestring required as input, got %r." % (value, ))
136
136
137
137
138 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
138 class _RhodeCodeCryptoBCrypt(_RhodeCodeCryptoBase):
139 ENC_PREF = ('$2a$10', '$2b$10')
139 ENC_PREF = ('$2a$10', '$2b$10')
140
140
141 def hash_create(self, str_):
141 def hash_create(self, str_):
142 self._assert_bytes(str_)
142 self._assert_bytes(str_)
143 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
143 return bcrypt.hashpw(str_, bcrypt.gensalt(10))
144
144
145 def hash_check_with_upgrade(self, password, hashed):
145 def hash_check_with_upgrade(self, password, hashed):
146 """
146 """
147 Returns tuple in which first element is boolean that states that
147 Returns tuple in which first element is boolean that states that
148 given password matches it's hashed version, and the second is new hash
148 given password matches it's hashed version, and the second is new hash
149 of the password, in case this password should be migrated to new
149 of the password, in case this password should be migrated to new
150 cipher.
150 cipher.
151
151
152 This implements special upgrade logic which works like that:
152 This implements special upgrade logic which works like that:
153 - check if the given password == bcrypted hash, if yes then we
153 - check if the given password == bcrypted hash, if yes then we
154 properly used password and it was already in bcrypt. Proceed
154 properly used password and it was already in bcrypt. Proceed
155 without any changes
155 without any changes
156 - if bcrypt hash check is not working try with sha256. If hash compare
156 - if bcrypt hash check is not working try with sha256. If hash compare
157 is ok, it means we using correct but old hashed password. indicate
157 is ok, it means we using correct but old hashed password. indicate
158 hash change and proceed
158 hash change and proceed
159 """
159 """
160
160
161 new_hash = None
161 new_hash = None
162
162
163 # regular pw check
163 # regular pw check
164 password_match_bcrypt = self.hash_check(password, hashed)
164 password_match_bcrypt = self.hash_check(password, hashed)
165
165
166 # now we want to know if the password was maybe from sha256
166 # now we want to know if the password was maybe from sha256
167 # basically calling _RhodeCodeCryptoSha256().hash_check()
167 # basically calling _RhodeCodeCryptoSha256().hash_check()
168 if not password_match_bcrypt:
168 if not password_match_bcrypt:
169 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
169 if _RhodeCodeCryptoSha256().hash_check(password, hashed):
170 new_hash = self.hash_create(password) # make new bcrypt hash
170 new_hash = self.hash_create(password) # make new bcrypt hash
171 password_match_bcrypt = True
171 password_match_bcrypt = True
172
172
173 return password_match_bcrypt, new_hash
173 return password_match_bcrypt, new_hash
174
174
175 def hash_check(self, password, hashed):
175 def hash_check(self, password, hashed):
176 """
176 """
177 Checks matching password with it's hashed value.
177 Checks matching password with it's hashed value.
178
178
179 :param password: password
179 :param password: password
180 :param hashed: password in hashed form
180 :param hashed: password in hashed form
181 """
181 """
182 self._assert_bytes(password)
182 self._assert_bytes(password)
183 try:
183 try:
184 return bcrypt.hashpw(password, hashed) == hashed
184 return bcrypt.hashpw(password, hashed) == hashed
185 except ValueError as e:
185 except ValueError as e:
186 # we're having a invalid salt here probably, we should not crash
186 # we're having a invalid salt here probably, we should not crash
187 # just return with False as it would be a wrong password.
187 # just return with False as it would be a wrong password.
188 log.debug('Failed to check password hash using bcrypt %s',
188 log.debug('Failed to check password hash using bcrypt %s',
189 safe_str(e))
189 safe_str(e))
190
190
191 return False
191 return False
192
192
193
193
194 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
194 class _RhodeCodeCryptoSha256(_RhodeCodeCryptoBase):
195 ENC_PREF = '_'
195 ENC_PREF = '_'
196
196
197 def hash_create(self, str_):
197 def hash_create(self, str_):
198 self._assert_bytes(str_)
198 self._assert_bytes(str_)
199 return hashlib.sha256(str_).hexdigest()
199 return hashlib.sha256(str_).hexdigest()
200
200
201 def hash_check(self, password, hashed):
201 def hash_check(self, password, hashed):
202 """
202 """
203 Checks matching password with it's hashed value.
203 Checks matching password with it's hashed value.
204
204
205 :param password: password
205 :param password: password
206 :param hashed: password in hashed form
206 :param hashed: password in hashed form
207 """
207 """
208 self._assert_bytes(password)
208 self._assert_bytes(password)
209 return hashlib.sha256(password).hexdigest() == hashed
209 return hashlib.sha256(password).hexdigest() == hashed
210
210
211
211
212 class _RhodeCodeCryptoMd5(_RhodeCodeCryptoBase):
212 class _RhodeCodeCryptoMd5(_RhodeCodeCryptoBase):
213 ENC_PREF = '_'
213 ENC_PREF = '_'
214
214
215 def hash_create(self, str_):
215 def hash_create(self, str_):
216 self._assert_bytes(str_)
216 self._assert_bytes(str_)
217 return hashlib.md5(str_).hexdigest()
217 return hashlib.md5(str_).hexdigest()
218
218
219 def hash_check(self, password, hashed):
219 def hash_check(self, password, hashed):
220 """
220 """
221 Checks matching password with it's hashed value.
221 Checks matching password with it's hashed value.
222
222
223 :param password: password
223 :param password: password
224 :param hashed: password in hashed form
224 :param hashed: password in hashed form
225 """
225 """
226 self._assert_bytes(password)
226 self._assert_bytes(password)
227 return hashlib.md5(password).hexdigest() == hashed
227 return hashlib.md5(password).hexdigest() == hashed
228
228
229
229
230 def crypto_backend():
230 def crypto_backend():
231 """
231 """
232 Return the matching crypto backend.
232 Return the matching crypto backend.
233
233
234 Selection is based on if we run tests or not, we pick md5 backend to run
234 Selection is based on if we run tests or not, we pick md5 backend to run
235 tests faster since BCRYPT is expensive to calculate
235 tests faster since BCRYPT is expensive to calculate
236 """
236 """
237 if rhodecode.is_test:
237 if rhodecode.is_test:
238 RhodeCodeCrypto = _RhodeCodeCryptoMd5()
238 RhodeCodeCrypto = _RhodeCodeCryptoMd5()
239 else:
239 else:
240 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
240 RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()
241
241
242 return RhodeCodeCrypto
242 return RhodeCodeCrypto
243
243
244
244
245 def get_crypt_password(password):
245 def get_crypt_password(password):
246 """
246 """
247 Create the hash of `password` with the active crypto backend.
247 Create the hash of `password` with the active crypto backend.
248
248
249 :param password: The cleartext password.
249 :param password: The cleartext password.
250 :type password: unicode
250 :type password: unicode
251 """
251 """
252 password = safe_str(password)
252 password = safe_str(password)
253 return crypto_backend().hash_create(password)
253 return crypto_backend().hash_create(password)
254
254
255
255
256 def check_password(password, hashed):
256 def check_password(password, hashed):
257 """
257 """
258 Check if the value in `password` matches the hash in `hashed`.
258 Check if the value in `password` matches the hash in `hashed`.
259
259
260 :param password: The cleartext password.
260 :param password: The cleartext password.
261 :type password: unicode
261 :type password: unicode
262
262
263 :param hashed: The expected hashed version of the password.
263 :param hashed: The expected hashed version of the password.
264 :type hashed: The hash has to be passed in in text representation.
264 :type hashed: The hash has to be passed in in text representation.
265 """
265 """
266 password = safe_str(password)
266 password = safe_str(password)
267 return crypto_backend().hash_check(password, hashed)
267 return crypto_backend().hash_check(password, hashed)
268
268
269
269
270 def generate_auth_token(data, salt=None):
270 def generate_auth_token(data, salt=None):
271 """
271 """
272 Generates API KEY from given string
272 Generates API KEY from given string
273 """
273 """
274
274
275 if salt is None:
275 if salt is None:
276 salt = os.urandom(16)
276 salt = os.urandom(16)
277 return hashlib.sha1(safe_str(data) + salt).hexdigest()
277 return hashlib.sha1(safe_str(data) + salt).hexdigest()
278
278
279
279
280 def get_came_from(request):
280 def get_came_from(request):
281 """
281 """
282 get query_string+path from request sanitized after removing auth_token
282 get query_string+path from request sanitized after removing auth_token
283 """
283 """
284 _req = request
284 _req = request
285
285
286 path = _req.path
286 path = _req.path
287 if 'auth_token' in _req.GET:
287 if 'auth_token' in _req.GET:
288 # sanitize the request and remove auth_token for redirection
288 # sanitize the request and remove auth_token for redirection
289 _req.GET.pop('auth_token')
289 _req.GET.pop('auth_token')
290 qs = _req.query_string
290 qs = _req.query_string
291 if qs:
291 if qs:
292 path += '?' + qs
292 path += '?' + qs
293
293
294 return path
294 return path
295
295
296
296
297 class CookieStoreWrapper(object):
297 class CookieStoreWrapper(object):
298
298
299 def __init__(self, cookie_store):
299 def __init__(self, cookie_store):
300 self.cookie_store = cookie_store
300 self.cookie_store = cookie_store
301
301
302 def __repr__(self):
302 def __repr__(self):
303 return 'CookieStore<%s>' % (self.cookie_store)
303 return 'CookieStore<%s>' % (self.cookie_store)
304
304
305 def get(self, key, other=None):
305 def get(self, key, other=None):
306 if isinstance(self.cookie_store, dict):
306 if isinstance(self.cookie_store, dict):
307 return self.cookie_store.get(key, other)
307 return self.cookie_store.get(key, other)
308 elif isinstance(self.cookie_store, AuthUser):
308 elif isinstance(self.cookie_store, AuthUser):
309 return self.cookie_store.__dict__.get(key, other)
309 return self.cookie_store.__dict__.get(key, other)
310
310
311
311
312 def _cached_perms_data(user_id, scope, user_is_admin,
312 def _cached_perms_data(user_id, scope, user_is_admin,
313 user_inherit_default_permissions, explicit, algo,
313 user_inherit_default_permissions, explicit, algo,
314 calculate_super_admin):
314 calculate_super_admin):
315
315
316 permissions = PermissionCalculator(
316 permissions = PermissionCalculator(
317 user_id, scope, user_is_admin, user_inherit_default_permissions,
317 user_id, scope, user_is_admin, user_inherit_default_permissions,
318 explicit, algo, calculate_super_admin)
318 explicit, algo, calculate_super_admin)
319 return permissions.calculate()
319 return permissions.calculate()
320
320
321
321
322 class PermOrigin(object):
322 class PermOrigin(object):
323 SUPER_ADMIN = 'superadmin'
323 SUPER_ADMIN = 'superadmin'
324
324
325 REPO_USER = 'user:%s'
325 REPO_USER = 'user:%s'
326 REPO_USERGROUP = 'usergroup:%s'
326 REPO_USERGROUP = 'usergroup:%s'
327 REPO_OWNER = 'repo.owner'
327 REPO_OWNER = 'repo.owner'
328 REPO_DEFAULT = 'repo.default'
328 REPO_DEFAULT = 'repo.default'
329 REPO_DEFAULT_NO_INHERIT = 'repo.default.no.inherit'
329 REPO_DEFAULT_NO_INHERIT = 'repo.default.no.inherit'
330 REPO_PRIVATE = 'repo.private'
330 REPO_PRIVATE = 'repo.private'
331
331
332 REPOGROUP_USER = 'user:%s'
332 REPOGROUP_USER = 'user:%s'
333 REPOGROUP_USERGROUP = 'usergroup:%s'
333 REPOGROUP_USERGROUP = 'usergroup:%s'
334 REPOGROUP_OWNER = 'group.owner'
334 REPOGROUP_OWNER = 'group.owner'
335 REPOGROUP_DEFAULT = 'group.default'
335 REPOGROUP_DEFAULT = 'group.default'
336 REPOGROUP_DEFAULT_NO_INHERIT = 'group.default.no.inherit'
336 REPOGROUP_DEFAULT_NO_INHERIT = 'group.default.no.inherit'
337
337
338 USERGROUP_USER = 'user:%s'
338 USERGROUP_USER = 'user:%s'
339 USERGROUP_USERGROUP = 'usergroup:%s'
339 USERGROUP_USERGROUP = 'usergroup:%s'
340 USERGROUP_OWNER = 'usergroup.owner'
340 USERGROUP_OWNER = 'usergroup.owner'
341 USERGROUP_DEFAULT = 'usergroup.default'
341 USERGROUP_DEFAULT = 'usergroup.default'
342 USERGROUP_DEFAULT_NO_INHERIT = 'usergroup.default.no.inherit'
342 USERGROUP_DEFAULT_NO_INHERIT = 'usergroup.default.no.inherit'
343
343
344
344
345 class PermOriginDict(dict):
345 class PermOriginDict(dict):
346 """
346 """
347 A special dict used for tracking permissions along with their origins.
347 A special dict used for tracking permissions along with their origins.
348
348
349 `__setitem__` has been overridden to expect a tuple(perm, origin)
349 `__setitem__` has been overridden to expect a tuple(perm, origin)
350 `__getitem__` will return only the perm
350 `__getitem__` will return only the perm
351 `.perm_origin_stack` will return the stack of (perm, origin) set per key
351 `.perm_origin_stack` will return the stack of (perm, origin) set per key
352
352
353 >>> perms = PermOriginDict()
353 >>> perms = PermOriginDict()
354 >>> perms['resource'] = 'read', 'default'
354 >>> perms['resource'] = 'read', 'default'
355 >>> perms['resource']
355 >>> perms['resource']
356 'read'
356 'read'
357 >>> perms['resource'] = 'write', 'admin'
357 >>> perms['resource'] = 'write', 'admin'
358 >>> perms['resource']
358 >>> perms['resource']
359 'write'
359 'write'
360 >>> perms.perm_origin_stack
360 >>> perms.perm_origin_stack
361 {'resource': [('read', 'default'), ('write', 'admin')]}
361 {'resource': [('read', 'default'), ('write', 'admin')]}
362 """
362 """
363
363
364 def __init__(self, *args, **kw):
364 def __init__(self, *args, **kw):
365 dict.__init__(self, *args, **kw)
365 dict.__init__(self, *args, **kw)
366 self.perm_origin_stack = collections.OrderedDict()
366 self.perm_origin_stack = collections.OrderedDict()
367
367
368 def __setitem__(self, key, (perm, origin)):
368 def __setitem__(self, key, (perm, origin)):
369 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
369 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
370 dict.__setitem__(self, key, perm)
370 dict.__setitem__(self, key, perm)
371
371
372
372
373 class PermissionCalculator(object):
373 class PermissionCalculator(object):
374
374
375 def __init__(
375 def __init__(
376 self, user_id, scope, user_is_admin,
376 self, user_id, scope, user_is_admin,
377 user_inherit_default_permissions, explicit, algo,
377 user_inherit_default_permissions, explicit, algo,
378 calculate_super_admin=False):
378 calculate_super_admin=False):
379
379
380 self.user_id = user_id
380 self.user_id = user_id
381 self.user_is_admin = user_is_admin
381 self.user_is_admin = user_is_admin
382 self.inherit_default_permissions = user_inherit_default_permissions
382 self.inherit_default_permissions = user_inherit_default_permissions
383 self.explicit = explicit
383 self.explicit = explicit
384 self.algo = algo
384 self.algo = algo
385 self.calculate_super_admin = calculate_super_admin
385 self.calculate_super_admin = calculate_super_admin
386
386
387 scope = scope or {}
387 scope = scope or {}
388 self.scope_repo_id = scope.get('repo_id')
388 self.scope_repo_id = scope.get('repo_id')
389 self.scope_repo_group_id = scope.get('repo_group_id')
389 self.scope_repo_group_id = scope.get('repo_group_id')
390 self.scope_user_group_id = scope.get('user_group_id')
390 self.scope_user_group_id = scope.get('user_group_id')
391
391
392 self.default_user_id = User.get_default_user(cache=True).user_id
392 self.default_user_id = User.get_default_user(cache=True).user_id
393
393
394 self.permissions_repositories = PermOriginDict()
394 self.permissions_repositories = PermOriginDict()
395 self.permissions_repository_groups = PermOriginDict()
395 self.permissions_repository_groups = PermOriginDict()
396 self.permissions_user_groups = PermOriginDict()
396 self.permissions_user_groups = PermOriginDict()
397 self.permissions_global = set()
397 self.permissions_global = set()
398
398
399 self.default_repo_perms = Permission.get_default_repo_perms(
399 self.default_repo_perms = Permission.get_default_repo_perms(
400 self.default_user_id, self.scope_repo_id)
400 self.default_user_id, self.scope_repo_id)
401 self.default_repo_groups_perms = Permission.get_default_group_perms(
401 self.default_repo_groups_perms = Permission.get_default_group_perms(
402 self.default_user_id, self.scope_repo_group_id)
402 self.default_user_id, self.scope_repo_group_id)
403 self.default_user_group_perms = \
403 self.default_user_group_perms = \
404 Permission.get_default_user_group_perms(
404 Permission.get_default_user_group_perms(
405 self.default_user_id, self.scope_user_group_id)
405 self.default_user_id, self.scope_user_group_id)
406
406
407 def calculate(self):
407 def calculate(self):
408 if self.user_is_admin and not self.calculate_super_admin:
408 if self.user_is_admin and not self.calculate_super_admin:
409 return self._admin_permissions()
409 return self._admin_permissions()
410
410
411 self._calculate_global_default_permissions()
411 self._calculate_global_default_permissions()
412 self._calculate_global_permissions()
412 self._calculate_global_permissions()
413 self._calculate_default_permissions()
413 self._calculate_default_permissions()
414 self._calculate_repository_permissions()
414 self._calculate_repository_permissions()
415 self._calculate_repository_group_permissions()
415 self._calculate_repository_group_permissions()
416 self._calculate_user_group_permissions()
416 self._calculate_user_group_permissions()
417 return self._permission_structure()
417 return self._permission_structure()
418
418
419 def _admin_permissions(self):
419 def _admin_permissions(self):
420 """
420 """
421 admin user have all default rights for repositories
421 admin user have all default rights for repositories
422 and groups set to admin
422 and groups set to admin
423 """
423 """
424 self.permissions_global.add('hg.admin')
424 self.permissions_global.add('hg.admin')
425 self.permissions_global.add('hg.create.write_on_repogroup.true')
425 self.permissions_global.add('hg.create.write_on_repogroup.true')
426
426
427 # repositories
427 # repositories
428 for perm in self.default_repo_perms:
428 for perm in self.default_repo_perms:
429 r_k = perm.UserRepoToPerm.repository.repo_name
429 r_k = perm.UserRepoToPerm.repository.repo_name
430 p = 'repository.admin'
430 p = 'repository.admin'
431 self.permissions_repositories[r_k] = p, PermOrigin.SUPER_ADMIN
431 self.permissions_repositories[r_k] = p, PermOrigin.SUPER_ADMIN
432
432
433 # repository groups
433 # repository groups
434 for perm in self.default_repo_groups_perms:
434 for perm in self.default_repo_groups_perms:
435 rg_k = perm.UserRepoGroupToPerm.group.group_name
435 rg_k = perm.UserRepoGroupToPerm.group.group_name
436 p = 'group.admin'
436 p = 'group.admin'
437 self.permissions_repository_groups[rg_k] = p, PermOrigin.SUPER_ADMIN
437 self.permissions_repository_groups[rg_k] = p, PermOrigin.SUPER_ADMIN
438
438
439 # user groups
439 # user groups
440 for perm in self.default_user_group_perms:
440 for perm in self.default_user_group_perms:
441 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
441 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
442 p = 'usergroup.admin'
442 p = 'usergroup.admin'
443 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN
443 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN
444
444
445 return self._permission_structure()
445 return self._permission_structure()
446
446
447 def _calculate_global_default_permissions(self):
447 def _calculate_global_default_permissions(self):
448 """
448 """
449 global permissions taken from the default user
449 global permissions taken from the default user
450 """
450 """
451 default_global_perms = UserToPerm.query()\
451 default_global_perms = UserToPerm.query()\
452 .filter(UserToPerm.user_id == self.default_user_id)\
452 .filter(UserToPerm.user_id == self.default_user_id)\
453 .options(joinedload(UserToPerm.permission))
453 .options(joinedload(UserToPerm.permission))
454
454
455 for perm in default_global_perms:
455 for perm in default_global_perms:
456 self.permissions_global.add(perm.permission.permission_name)
456 self.permissions_global.add(perm.permission.permission_name)
457
457
458 if self.user_is_admin:
458 if self.user_is_admin:
459 self.permissions_global.add('hg.admin')
459 self.permissions_global.add('hg.admin')
460 self.permissions_global.add('hg.create.write_on_repogroup.true')
460 self.permissions_global.add('hg.create.write_on_repogroup.true')
461
461
462 def _calculate_global_permissions(self):
462 def _calculate_global_permissions(self):
463 """
463 """
464 Set global system permissions with user permissions or permissions
464 Set global system permissions with user permissions or permissions
465 taken from the user groups of the current user.
465 taken from the user groups of the current user.
466
466
467 The permissions include repo creating, repo group creating, forking
467 The permissions include repo creating, repo group creating, forking
468 etc.
468 etc.
469 """
469 """
470
470
471 # now we read the defined permissions and overwrite what we have set
471 # now we read the defined permissions and overwrite what we have set
472 # before those can be configured from groups or users explicitly.
472 # before those can be configured from groups or users explicitly.
473
473
474 # TODO: johbo: This seems to be out of sync, find out the reason
474 # TODO: johbo: This seems to be out of sync, find out the reason
475 # for the comment below and update it.
475 # for the comment below and update it.
476
476
477 # In case we want to extend this list we should be always in sync with
477 # In case we want to extend this list we should be always in sync with
478 # User.DEFAULT_USER_PERMISSIONS definitions
478 # User.DEFAULT_USER_PERMISSIONS definitions
479 _configurable = frozenset([
479 _configurable = frozenset([
480 'hg.fork.none', 'hg.fork.repository',
480 'hg.fork.none', 'hg.fork.repository',
481 'hg.create.none', 'hg.create.repository',
481 'hg.create.none', 'hg.create.repository',
482 'hg.usergroup.create.false', 'hg.usergroup.create.true',
482 'hg.usergroup.create.false', 'hg.usergroup.create.true',
483 'hg.repogroup.create.false', 'hg.repogroup.create.true',
483 'hg.repogroup.create.false', 'hg.repogroup.create.true',
484 'hg.create.write_on_repogroup.false',
484 'hg.create.write_on_repogroup.false',
485 'hg.create.write_on_repogroup.true',
485 'hg.create.write_on_repogroup.true',
486 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
486 'hg.inherit_default_perms.false', 'hg.inherit_default_perms.true'
487 ])
487 ])
488
488
489 # USER GROUPS comes first user group global permissions
489 # USER GROUPS comes first user group global permissions
490 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
490 user_perms_from_users_groups = Session().query(UserGroupToPerm)\
491 .options(joinedload(UserGroupToPerm.permission))\
491 .options(joinedload(UserGroupToPerm.permission))\
492 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
492 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
493 UserGroupMember.users_group_id))\
493 UserGroupMember.users_group_id))\
494 .filter(UserGroupMember.user_id == self.user_id)\
494 .filter(UserGroupMember.user_id == self.user_id)\
495 .order_by(UserGroupToPerm.users_group_id)\
495 .order_by(UserGroupToPerm.users_group_id)\
496 .all()
496 .all()
497
497
498 # need to group here by groups since user can be in more than
498 # need to group here by groups since user can be in more than
499 # one group, so we get all groups
499 # one group, so we get all groups
500 _explicit_grouped_perms = [
500 _explicit_grouped_perms = [
501 [x, list(y)] for x, y in
501 [x, list(y)] for x, y in
502 itertools.groupby(user_perms_from_users_groups,
502 itertools.groupby(user_perms_from_users_groups,
503 lambda _x: _x.users_group)]
503 lambda _x: _x.users_group)]
504
504
505 for gr, perms in _explicit_grouped_perms:
505 for gr, perms in _explicit_grouped_perms:
506 # since user can be in multiple groups iterate over them and
506 # since user can be in multiple groups iterate over them and
507 # select the lowest permissions first (more explicit)
507 # select the lowest permissions first (more explicit)
508 # TODO: marcink: do this^^
508 # TODO: marcink: do this^^
509
509
510 # group doesn't inherit default permissions so we actually set them
510 # group doesn't inherit default permissions so we actually set them
511 if not gr.inherit_default_permissions:
511 if not gr.inherit_default_permissions:
512 # NEED TO IGNORE all previously set configurable permissions
512 # NEED TO IGNORE all previously set configurable permissions
513 # and replace them with explicitly set from this user
513 # and replace them with explicitly set from this user
514 # group permissions
514 # group permissions
515 self.permissions_global = self.permissions_global.difference(
515 self.permissions_global = self.permissions_global.difference(
516 _configurable)
516 _configurable)
517 for perm in perms:
517 for perm in perms:
518 self.permissions_global.add(perm.permission.permission_name)
518 self.permissions_global.add(perm.permission.permission_name)
519
519
520 # user explicit global permissions
520 # user explicit global permissions
521 user_perms = Session().query(UserToPerm)\
521 user_perms = Session().query(UserToPerm)\
522 .options(joinedload(UserToPerm.permission))\
522 .options(joinedload(UserToPerm.permission))\
523 .filter(UserToPerm.user_id == self.user_id).all()
523 .filter(UserToPerm.user_id == self.user_id).all()
524
524
525 if not self.inherit_default_permissions:
525 if not self.inherit_default_permissions:
526 # NEED TO IGNORE all configurable permissions and
526 # NEED TO IGNORE all configurable permissions and
527 # replace them with explicitly set from this user permissions
527 # replace them with explicitly set from this user permissions
528 self.permissions_global = self.permissions_global.difference(
528 self.permissions_global = self.permissions_global.difference(
529 _configurable)
529 _configurable)
530 for perm in user_perms:
530 for perm in user_perms:
531 self.permissions_global.add(perm.permission.permission_name)
531 self.permissions_global.add(perm.permission.permission_name)
532
532
533 def _calculate_default_permissions(self):
533 def _calculate_default_permissions(self):
534 """
534 """
535 Set default user permissions for repositories, repository groups
535 Set default user permissions for repositories, repository groups
536 taken from the default user.
536 taken from the default user.
537
537
538 Calculate inheritance of object permissions based on what we have now
538 Calculate inheritance of object permissions based on what we have now
539 in GLOBAL permissions. We check if .false is in GLOBAL since this is
539 in GLOBAL permissions. We check if .false is in GLOBAL since this is
540 explicitly set. Inherit is the opposite of .false being there.
540 explicitly set. Inherit is the opposite of .false being there.
541
541
542 .. note::
542 .. note::
543
543
544 the syntax is little bit odd but what we need to check here is
544 the syntax is little bit odd but what we need to check here is
545 the opposite of .false permission being in the list so even for
545 the opposite of .false permission being in the list so even for
546 inconsistent state when both .true/.false is there
546 inconsistent state when both .true/.false is there
547 .false is more important
547 .false is more important
548
548
549 """
549 """
550 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
550 user_inherit_object_permissions = not ('hg.inherit_default_perms.false'
551 in self.permissions_global)
551 in self.permissions_global)
552
552
553 # defaults for repositories, taken from `default` user permissions
553 # defaults for repositories, taken from `default` user permissions
554 # on given repo
554 # on given repo
555 for perm in self.default_repo_perms:
555 for perm in self.default_repo_perms:
556 r_k = perm.UserRepoToPerm.repository.repo_name
556 r_k = perm.UserRepoToPerm.repository.repo_name
557 p = perm.Permission.permission_name
557 p = perm.Permission.permission_name
558 o = PermOrigin.REPO_DEFAULT
558 o = PermOrigin.REPO_DEFAULT
559 self.permissions_repositories[r_k] = p, o
559 self.permissions_repositories[r_k] = p, o
560
560
561 # if we decide this user isn't inheriting permissions from
561 # if we decide this user isn't inheriting permissions from
562 # default user we set him to .none so only explicit
562 # default user we set him to .none so only explicit
563 # permissions work
563 # permissions work
564 if not user_inherit_object_permissions:
564 if not user_inherit_object_permissions:
565 p = 'repository.none'
565 p = 'repository.none'
566 o = PermOrigin.REPO_DEFAULT_NO_INHERIT
566 o = PermOrigin.REPO_DEFAULT_NO_INHERIT
567 self.permissions_repositories[r_k] = p, o
567 self.permissions_repositories[r_k] = p, o
568
568
569 if perm.Repository.private and not (
569 if perm.Repository.private and not (
570 perm.Repository.user_id == self.user_id):
570 perm.Repository.user_id == self.user_id):
571 # disable defaults for private repos,
571 # disable defaults for private repos,
572 p = 'repository.none'
572 p = 'repository.none'
573 o = PermOrigin.REPO_PRIVATE
573 o = PermOrigin.REPO_PRIVATE
574 self.permissions_repositories[r_k] = p, o
574 self.permissions_repositories[r_k] = p, o
575
575
576 elif perm.Repository.user_id == self.user_id:
576 elif perm.Repository.user_id == self.user_id:
577 # set admin if owner
577 # set admin if owner
578 p = 'repository.admin'
578 p = 'repository.admin'
579 o = PermOrigin.REPO_OWNER
579 o = PermOrigin.REPO_OWNER
580 self.permissions_repositories[r_k] = p, o
580 self.permissions_repositories[r_k] = p, o
581
581
582 if self.user_is_admin:
582 if self.user_is_admin:
583 p = 'repository.admin'
583 p = 'repository.admin'
584 o = PermOrigin.SUPER_ADMIN
584 o = PermOrigin.SUPER_ADMIN
585 self.permissions_repositories[r_k] = p, o
585 self.permissions_repositories[r_k] = p, o
586
586
587 # defaults for repository groups taken from `default` user permission
587 # defaults for repository groups taken from `default` user permission
588 # on given group
588 # on given group
589 for perm in self.default_repo_groups_perms:
589 for perm in self.default_repo_groups_perms:
590 rg_k = perm.UserRepoGroupToPerm.group.group_name
590 rg_k = perm.UserRepoGroupToPerm.group.group_name
591 p = perm.Permission.permission_name
591 p = perm.Permission.permission_name
592 o = PermOrigin.REPOGROUP_DEFAULT
592 o = PermOrigin.REPOGROUP_DEFAULT
593 self.permissions_repository_groups[rg_k] = p, o
593 self.permissions_repository_groups[rg_k] = p, o
594
594
595 # if we decide this user isn't inheriting permissions from default
595 # if we decide this user isn't inheriting permissions from default
596 # user we set him to .none so only explicit permissions work
596 # user we set him to .none so only explicit permissions work
597 if not user_inherit_object_permissions:
597 if not user_inherit_object_permissions:
598 p = 'group.none'
598 p = 'group.none'
599 o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
599 o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
600 self.permissions_repository_groups[rg_k] = p, o
600 self.permissions_repository_groups[rg_k] = p, o
601
601
602 if perm.RepoGroup.user_id == self.user_id:
602 if perm.RepoGroup.user_id == self.user_id:
603 # set admin if owner
603 # set admin if owner
604 p = 'group.admin'
604 p = 'group.admin'
605 o = PermOrigin.REPOGROUP_OWNER
605 o = PermOrigin.REPOGROUP_OWNER
606 self.permissions_repository_groups[rg_k] = p, o
606 self.permissions_repository_groups[rg_k] = p, o
607
607
608 if self.user_is_admin:
608 if self.user_is_admin:
609 p = 'group.admin'
609 p = 'group.admin'
610 o = PermOrigin.SUPER_ADMIN
610 o = PermOrigin.SUPER_ADMIN
611 self.permissions_repository_groups[rg_k] = p, o
611 self.permissions_repository_groups[rg_k] = p, o
612
612
613 # defaults for user groups taken from `default` user permission
613 # defaults for user groups taken from `default` user permission
614 # on given user group
614 # on given user group
615 for perm in self.default_user_group_perms:
615 for perm in self.default_user_group_perms:
616 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
616 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
617 p = perm.Permission.permission_name
617 p = perm.Permission.permission_name
618 o = PermOrigin.USERGROUP_DEFAULT
618 o = PermOrigin.USERGROUP_DEFAULT
619 self.permissions_user_groups[u_k] = p, o
619 self.permissions_user_groups[u_k] = p, o
620
620
621 # if we decide this user isn't inheriting permissions from default
621 # if we decide this user isn't inheriting permissions from default
622 # user we set him to .none so only explicit permissions work
622 # user we set him to .none so only explicit permissions work
623 if not user_inherit_object_permissions:
623 if not user_inherit_object_permissions:
624 p = 'usergroup.none'
624 p = 'usergroup.none'
625 o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
625 o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
626 self.permissions_user_groups[u_k] = p, o
626 self.permissions_user_groups[u_k] = p, o
627
627
628 if perm.UserGroup.user_id == self.user_id:
628 if perm.UserGroup.user_id == self.user_id:
629 # set admin if owner
629 # set admin if owner
630 p = 'usergroup.admin'
630 p = 'usergroup.admin'
631 o = PermOrigin.USERGROUP_OWNER
631 o = PermOrigin.USERGROUP_OWNER
632 self.permissions_user_groups[u_k] = p, o
632 self.permissions_user_groups[u_k] = p, o
633
633
634 if self.user_is_admin:
634 if self.user_is_admin:
635 p = 'usergroup.admin'
635 p = 'usergroup.admin'
636 o = PermOrigin.SUPER_ADMIN
636 o = PermOrigin.SUPER_ADMIN
637 self.permissions_user_groups[u_k] = p, o
637 self.permissions_user_groups[u_k] = p, o
638
638
639 def _calculate_repository_permissions(self):
639 def _calculate_repository_permissions(self):
640 """
640 """
641 Repository permissions for the current user.
641 Repository permissions for the current user.
642
642
643 Check if the user is part of user groups for this repository and
643 Check if the user is part of user groups for this repository and
644 fill in the permission from it. `_choose_permission` decides of which
644 fill in the permission from it. `_choose_permission` decides of which
645 permission should be selected based on selected method.
645 permission should be selected based on selected method.
646 """
646 """
647
647
648 # user group for repositories permissions
648 # user group for repositories permissions
649 user_repo_perms_from_user_group = Permission\
649 user_repo_perms_from_user_group = Permission\
650 .get_default_repo_perms_from_user_group(
650 .get_default_repo_perms_from_user_group(
651 self.user_id, self.scope_repo_id)
651 self.user_id, self.scope_repo_id)
652
652
653 multiple_counter = collections.defaultdict(int)
653 multiple_counter = collections.defaultdict(int)
654 for perm in user_repo_perms_from_user_group:
654 for perm in user_repo_perms_from_user_group:
655 r_k = perm.UserGroupRepoToPerm.repository.repo_name
655 r_k = perm.UserGroupRepoToPerm.repository.repo_name
656 multiple_counter[r_k] += 1
656 multiple_counter[r_k] += 1
657 p = perm.Permission.permission_name
657 p = perm.Permission.permission_name
658 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
658 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
659 .users_group.users_group_name
659 .users_group.users_group_name
660
660
661 if multiple_counter[r_k] > 1:
661 if multiple_counter[r_k] > 1:
662 cur_perm = self.permissions_repositories[r_k]
662 cur_perm = self.permissions_repositories[r_k]
663 p = self._choose_permission(p, cur_perm)
663 p = self._choose_permission(p, cur_perm)
664
664
665 self.permissions_repositories[r_k] = p, o
665 self.permissions_repositories[r_k] = p, o
666
666
667 if perm.Repository.user_id == self.user_id:
667 if perm.Repository.user_id == self.user_id:
668 # set admin if owner
668 # set admin if owner
669 p = 'repository.admin'
669 p = 'repository.admin'
670 o = PermOrigin.REPO_OWNER
670 o = PermOrigin.REPO_OWNER
671 self.permissions_repositories[r_k] = p, o
671 self.permissions_repositories[r_k] = p, o
672
672
673 if self.user_is_admin:
673 if self.user_is_admin:
674 p = 'repository.admin'
674 p = 'repository.admin'
675 o = PermOrigin.SUPER_ADMIN
675 o = PermOrigin.SUPER_ADMIN
676 self.permissions_repositories[r_k] = p, o
676 self.permissions_repositories[r_k] = p, o
677
677
678 # user explicit permissions for repositories, overrides any specified
678 # user explicit permissions for repositories, overrides any specified
679 # by the group permission
679 # by the group permission
680 user_repo_perms = Permission.get_default_repo_perms(
680 user_repo_perms = Permission.get_default_repo_perms(
681 self.user_id, self.scope_repo_id)
681 self.user_id, self.scope_repo_id)
682 for perm in user_repo_perms:
682 for perm in user_repo_perms:
683 r_k = perm.UserRepoToPerm.repository.repo_name
683 r_k = perm.UserRepoToPerm.repository.repo_name
684 p = perm.Permission.permission_name
684 p = perm.Permission.permission_name
685 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
685 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
686
686
687 if not self.explicit:
687 if not self.explicit:
688 cur_perm = self.permissions_repositories.get(
688 cur_perm = self.permissions_repositories.get(
689 r_k, 'repository.none')
689 r_k, 'repository.none')
690 p = self._choose_permission(p, cur_perm)
690 p = self._choose_permission(p, cur_perm)
691
691
692 self.permissions_repositories[r_k] = p, o
692 self.permissions_repositories[r_k] = p, o
693
693
694 if perm.Repository.user_id == self.user_id:
694 if perm.Repository.user_id == self.user_id:
695 # set admin if owner
695 # set admin if owner
696 p = 'repository.admin'
696 p = 'repository.admin'
697 o = PermOrigin.REPO_OWNER
697 o = PermOrigin.REPO_OWNER
698 self.permissions_repositories[r_k] = p, o
698 self.permissions_repositories[r_k] = p, o
699
699
700 if self.user_is_admin:
700 if self.user_is_admin:
701 p = 'repository.admin'
701 p = 'repository.admin'
702 o = PermOrigin.SUPER_ADMIN
702 o = PermOrigin.SUPER_ADMIN
703 self.permissions_repositories[r_k] = p, o
703 self.permissions_repositories[r_k] = p, o
704
704
705 def _calculate_repository_group_permissions(self):
705 def _calculate_repository_group_permissions(self):
706 """
706 """
707 Repository group permissions for the current user.
707 Repository group permissions for the current user.
708
708
709 Check if the user is part of user groups for repository groups and
709 Check if the user is part of user groups for repository groups and
710 fill in the permissions from it. `_choose_permission` decides of which
710 fill in the permissions from it. `_choose_permission` decides of which
711 permission should be selected based on selected method.
711 permission should be selected based on selected method.
712 """
712 """
713 # user group for repo groups permissions
713 # user group for repo groups permissions
714 user_repo_group_perms_from_user_group = Permission\
714 user_repo_group_perms_from_user_group = Permission\
715 .get_default_group_perms_from_user_group(
715 .get_default_group_perms_from_user_group(
716 self.user_id, self.scope_repo_group_id)
716 self.user_id, self.scope_repo_group_id)
717
717
718 multiple_counter = collections.defaultdict(int)
718 multiple_counter = collections.defaultdict(int)
719 for perm in user_repo_group_perms_from_user_group:
719 for perm in user_repo_group_perms_from_user_group:
720 rg_k = perm.UserGroupRepoGroupToPerm.group.group_name
720 rg_k = perm.UserGroupRepoGroupToPerm.group.group_name
721 multiple_counter[rg_k] += 1
721 multiple_counter[rg_k] += 1
722 o = PermOrigin.REPOGROUP_USERGROUP % perm.UserGroupRepoGroupToPerm\
722 o = PermOrigin.REPOGROUP_USERGROUP % perm.UserGroupRepoGroupToPerm\
723 .users_group.users_group_name
723 .users_group.users_group_name
724 p = perm.Permission.permission_name
724 p = perm.Permission.permission_name
725
725
726 if multiple_counter[rg_k] > 1:
726 if multiple_counter[rg_k] > 1:
727 cur_perm = self.permissions_repository_groups[rg_k]
727 cur_perm = self.permissions_repository_groups[rg_k]
728 p = self._choose_permission(p, cur_perm)
728 p = self._choose_permission(p, cur_perm)
729 self.permissions_repository_groups[rg_k] = p, o
729 self.permissions_repository_groups[rg_k] = p, o
730
730
731 if perm.RepoGroup.user_id == self.user_id:
731 if perm.RepoGroup.user_id == self.user_id:
732 # set admin if owner, even for member of other user group
732 # set admin if owner, even for member of other user group
733 p = 'group.admin'
733 p = 'group.admin'
734 o = PermOrigin.REPOGROUP_OWNER
734 o = PermOrigin.REPOGROUP_OWNER
735 self.permissions_repository_groups[rg_k] = p, o
735 self.permissions_repository_groups[rg_k] = p, o
736
736
737 if self.user_is_admin:
737 if self.user_is_admin:
738 p = 'group.admin'
738 p = 'group.admin'
739 o = PermOrigin.SUPER_ADMIN
739 o = PermOrigin.SUPER_ADMIN
740 self.permissions_repository_groups[rg_k] = p, o
740 self.permissions_repository_groups[rg_k] = p, o
741
741
742 # user explicit permissions for repository groups
742 # user explicit permissions for repository groups
743 user_repo_groups_perms = Permission.get_default_group_perms(
743 user_repo_groups_perms = Permission.get_default_group_perms(
744 self.user_id, self.scope_repo_group_id)
744 self.user_id, self.scope_repo_group_id)
745 for perm in user_repo_groups_perms:
745 for perm in user_repo_groups_perms:
746 rg_k = perm.UserRepoGroupToPerm.group.group_name
746 rg_k = perm.UserRepoGroupToPerm.group.group_name
747 o = PermOrigin.REPOGROUP_USER % perm.UserRepoGroupToPerm\
747 o = PermOrigin.REPOGROUP_USER % perm.UserRepoGroupToPerm\
748 .user.username
748 .user.username
749 p = perm.Permission.permission_name
749 p = perm.Permission.permission_name
750
750
751 if not self.explicit:
751 if not self.explicit:
752 cur_perm = self.permissions_repository_groups.get(
752 cur_perm = self.permissions_repository_groups.get(
753 rg_k, 'group.none')
753 rg_k, 'group.none')
754 p = self._choose_permission(p, cur_perm)
754 p = self._choose_permission(p, cur_perm)
755
755
756 self.permissions_repository_groups[rg_k] = p, o
756 self.permissions_repository_groups[rg_k] = p, o
757
757
758 if perm.RepoGroup.user_id == self.user_id:
758 if perm.RepoGroup.user_id == self.user_id:
759 # set admin if owner
759 # set admin if owner
760 p = 'group.admin'
760 p = 'group.admin'
761 o = PermOrigin.REPOGROUP_OWNER
761 o = PermOrigin.REPOGROUP_OWNER
762 self.permissions_repository_groups[rg_k] = p, o
762 self.permissions_repository_groups[rg_k] = p, o
763
763
764 if self.user_is_admin:
764 if self.user_is_admin:
765 p = 'group.admin'
765 p = 'group.admin'
766 o = PermOrigin.SUPER_ADMIN
766 o = PermOrigin.SUPER_ADMIN
767 self.permissions_repository_groups[rg_k] = p, o
767 self.permissions_repository_groups[rg_k] = p, o
768
768
769 def _calculate_user_group_permissions(self):
769 def _calculate_user_group_permissions(self):
770 """
770 """
771 User group permissions for the current user.
771 User group permissions for the current user.
772 """
772 """
773 # user group for user group permissions
773 # user group for user group permissions
774 user_group_from_user_group = Permission\
774 user_group_from_user_group = Permission\
775 .get_default_user_group_perms_from_user_group(
775 .get_default_user_group_perms_from_user_group(
776 self.user_id, self.scope_user_group_id)
776 self.user_id, self.scope_user_group_id)
777
777
778 multiple_counter = collections.defaultdict(int)
778 multiple_counter = collections.defaultdict(int)
779 for perm in user_group_from_user_group:
779 for perm in user_group_from_user_group:
780 ug_k = perm.UserGroupUserGroupToPerm\
780 ug_k = perm.UserGroupUserGroupToPerm\
781 .target_user_group.users_group_name
781 .target_user_group.users_group_name
782 multiple_counter[ug_k] += 1
782 multiple_counter[ug_k] += 1
783 o = PermOrigin.USERGROUP_USERGROUP % perm.UserGroupUserGroupToPerm\
783 o = PermOrigin.USERGROUP_USERGROUP % perm.UserGroupUserGroupToPerm\
784 .user_group.users_group_name
784 .user_group.users_group_name
785 p = perm.Permission.permission_name
785 p = perm.Permission.permission_name
786
786
787 if multiple_counter[ug_k] > 1:
787 if multiple_counter[ug_k] > 1:
788 cur_perm = self.permissions_user_groups[ug_k]
788 cur_perm = self.permissions_user_groups[ug_k]
789 p = self._choose_permission(p, cur_perm)
789 p = self._choose_permission(p, cur_perm)
790
790
791 self.permissions_user_groups[ug_k] = p, o
791 self.permissions_user_groups[ug_k] = p, o
792
792
793 if perm.UserGroup.user_id == self.user_id:
793 if perm.UserGroup.user_id == self.user_id:
794 # set admin if owner, even for member of other user group
794 # set admin if owner, even for member of other user group
795 p = 'usergroup.admin'
795 p = 'usergroup.admin'
796 o = PermOrigin.USERGROUP_OWNER
796 o = PermOrigin.USERGROUP_OWNER
797 self.permissions_user_groups[ug_k] = p, o
797 self.permissions_user_groups[ug_k] = p, o
798
798
799 if self.user_is_admin:
799 if self.user_is_admin:
800 p = 'usergroup.admin'
800 p = 'usergroup.admin'
801 o = PermOrigin.SUPER_ADMIN
801 o = PermOrigin.SUPER_ADMIN
802 self.permissions_user_groups[ug_k] = p, o
802 self.permissions_user_groups[ug_k] = p, o
803
803
804 # user explicit permission for user groups
804 # user explicit permission for user groups
805 user_user_groups_perms = Permission.get_default_user_group_perms(
805 user_user_groups_perms = Permission.get_default_user_group_perms(
806 self.user_id, self.scope_user_group_id)
806 self.user_id, self.scope_user_group_id)
807 for perm in user_user_groups_perms:
807 for perm in user_user_groups_perms:
808 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
808 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
809 o = PermOrigin.USERGROUP_USER % perm.UserUserGroupToPerm\
809 o = PermOrigin.USERGROUP_USER % perm.UserUserGroupToPerm\
810 .user.username
810 .user.username
811 p = perm.Permission.permission_name
811 p = perm.Permission.permission_name
812
812
813 if not self.explicit:
813 if not self.explicit:
814 cur_perm = self.permissions_user_groups.get(
814 cur_perm = self.permissions_user_groups.get(
815 ug_k, 'usergroup.none')
815 ug_k, 'usergroup.none')
816 p = self._choose_permission(p, cur_perm)
816 p = self._choose_permission(p, cur_perm)
817
817
818 self.permissions_user_groups[ug_k] = p, o
818 self.permissions_user_groups[ug_k] = p, o
819
819
820 if perm.UserGroup.user_id == self.user_id:
820 if perm.UserGroup.user_id == self.user_id:
821 # set admin if owner
821 # set admin if owner
822 p = 'usergroup.admin'
822 p = 'usergroup.admin'
823 o = PermOrigin.USERGROUP_OWNER
823 o = PermOrigin.USERGROUP_OWNER
824 self.permissions_user_groups[ug_k] = p, o
824 self.permissions_user_groups[ug_k] = p, o
825
825
826 if self.user_is_admin:
826 if self.user_is_admin:
827 p = 'usergroup.admin'
827 p = 'usergroup.admin'
828 o = PermOrigin.SUPER_ADMIN
828 o = PermOrigin.SUPER_ADMIN
829 self.permissions_user_groups[ug_k] = p, o
829 self.permissions_user_groups[ug_k] = p, o
830
830
831 def _choose_permission(self, new_perm, cur_perm):
831 def _choose_permission(self, new_perm, cur_perm):
832 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
832 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
833 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
833 cur_perm_val = Permission.PERM_WEIGHTS[cur_perm]
834 if self.algo == 'higherwin':
834 if self.algo == 'higherwin':
835 if new_perm_val > cur_perm_val:
835 if new_perm_val > cur_perm_val:
836 return new_perm
836 return new_perm
837 return cur_perm
837 return cur_perm
838 elif self.algo == 'lowerwin':
838 elif self.algo == 'lowerwin':
839 if new_perm_val < cur_perm_val:
839 if new_perm_val < cur_perm_val:
840 return new_perm
840 return new_perm
841 return cur_perm
841 return cur_perm
842
842
843 def _permission_structure(self):
843 def _permission_structure(self):
844 return {
844 return {
845 'global': self.permissions_global,
845 'global': self.permissions_global,
846 'repositories': self.permissions_repositories,
846 'repositories': self.permissions_repositories,
847 'repositories_groups': self.permissions_repository_groups,
847 'repositories_groups': self.permissions_repository_groups,
848 'user_groups': self.permissions_user_groups,
848 'user_groups': self.permissions_user_groups,
849 }
849 }
850
850
851
851
852 def allowed_auth_token_access(view_name, auth_token, whitelist=None):
852 def allowed_auth_token_access(view_name, auth_token, whitelist=None):
853 """
853 """
854 Check if given controller_name is in whitelist of auth token access
854 Check if given controller_name is in whitelist of auth token access
855 """
855 """
856 if not whitelist:
856 if not whitelist:
857 from rhodecode import CONFIG
857 from rhodecode import CONFIG
858 whitelist = aslist(
858 whitelist = aslist(
859 CONFIG.get('api_access_controllers_whitelist'), sep=',')
859 CONFIG.get('api_access_controllers_whitelist'), sep=',')
860 # backward compat translation
860 # backward compat translation
861 compat = {
861 compat = {
862 # old controller, new VIEW
862 # old controller, new VIEW
863 'ChangesetController:*': 'RepoCommitsView:*',
863 'ChangesetController:*': 'RepoCommitsView:*',
864 'ChangesetController:changeset_patch': 'RepoCommitsView:repo_commit_patch',
864 'ChangesetController:changeset_patch': 'RepoCommitsView:repo_commit_patch',
865 'ChangesetController:changeset_raw': 'RepoCommitsView:repo_commit_raw',
865 'ChangesetController:changeset_raw': 'RepoCommitsView:repo_commit_raw',
866 'FilesController:raw': 'RepoCommitsView:repo_commit_raw',
866 'FilesController:raw': 'RepoCommitsView:repo_commit_raw',
867 'FilesController:archivefile': 'RepoFilesView:repo_archivefile',
867 'FilesController:archivefile': 'RepoFilesView:repo_archivefile',
868 'GistsController:*': 'GistView:*',
868 'GistsController:*': 'GistView:*',
869 }
869 }
870
870
871 log.debug(
871 log.debug(
872 'Allowed views for AUTH TOKEN access: %s' % (whitelist,))
872 'Allowed views for AUTH TOKEN access: %s' % (whitelist,))
873 auth_token_access_valid = False
873 auth_token_access_valid = False
874
874
875 for entry in whitelist:
875 for entry in whitelist:
876 token_match = True
876 token_match = True
877 if entry in compat:
877 if entry in compat:
878 # translate from old Controllers to Pyramid Views
878 # translate from old Controllers to Pyramid Views
879 entry = compat[entry]
879 entry = compat[entry]
880
880
881 if '@' in entry:
881 if '@' in entry:
882 # specific AuthToken
882 # specific AuthToken
883 entry, allowed_token = entry.split('@', 1)
883 entry, allowed_token = entry.split('@', 1)
884 token_match = auth_token == allowed_token
884 token_match = auth_token == allowed_token
885
885
886 if fnmatch.fnmatch(view_name, entry) and token_match:
886 if fnmatch.fnmatch(view_name, entry) and token_match:
887 auth_token_access_valid = True
887 auth_token_access_valid = True
888 break
888 break
889
889
890 if auth_token_access_valid:
890 if auth_token_access_valid:
891 log.debug('view: `%s` matches entry in whitelist: %s'
891 log.debug('view: `%s` matches entry in whitelist: %s'
892 % (view_name, whitelist))
892 % (view_name, whitelist))
893 else:
893 else:
894 msg = ('view: `%s` does *NOT* match any entry in whitelist: %s'
894 msg = ('view: `%s` does *NOT* match any entry in whitelist: %s'
895 % (view_name, whitelist))
895 % (view_name, whitelist))
896 if auth_token:
896 if auth_token:
897 # if we use auth token key and don't have access it's a warning
897 # if we use auth token key and don't have access it's a warning
898 log.warning(msg)
898 log.warning(msg)
899 else:
899 else:
900 log.debug(msg)
900 log.debug(msg)
901
901
902 return auth_token_access_valid
902 return auth_token_access_valid
903
903
904
904
905 class AuthUser(object):
905 class AuthUser(object):
906 """
906 """
907 A simple object that handles all attributes of user in RhodeCode
907 A simple object that handles all attributes of user in RhodeCode
908
908
909 It does lookup based on API key,given user, or user present in session
909 It does lookup based on API key,given user, or user present in session
910 Then it fills all required information for such user. It also checks if
910 Then it fills all required information for such user. It also checks if
911 anonymous access is enabled and if so, it returns default user as logged in
911 anonymous access is enabled and if so, it returns default user as logged in
912 """
912 """
913 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
913 GLOBAL_PERMS = [x[0] for x in Permission.PERMS]
914
914
915 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
915 def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None):
916
916
917 self.user_id = user_id
917 self.user_id = user_id
918 self._api_key = api_key
918 self._api_key = api_key
919
919
920 self.api_key = None
920 self.api_key = None
921 self.feed_token = ''
922 self.username = username
921 self.username = username
923 self.ip_addr = ip_addr
922 self.ip_addr = ip_addr
924 self.name = ''
923 self.name = ''
925 self.lastname = ''
924 self.lastname = ''
926 self.first_name = ''
925 self.first_name = ''
927 self.last_name = ''
926 self.last_name = ''
928 self.email = ''
927 self.email = ''
929 self.is_authenticated = False
928 self.is_authenticated = False
930 self.admin = False
929 self.admin = False
931 self.inherit_default_permissions = False
930 self.inherit_default_permissions = False
932 self.password = ''
931 self.password = ''
933
932
934 self.anonymous_user = None # propagated on propagate_data
933 self.anonymous_user = None # propagated on propagate_data
935 self.propagate_data()
934 self.propagate_data()
936 self._instance = None
935 self._instance = None
937 self._permissions_scoped_cache = {} # used to bind scoped calculation
936 self._permissions_scoped_cache = {} # used to bind scoped calculation
938
937
939 @LazyProperty
938 @LazyProperty
940 def permissions(self):
939 def permissions(self):
941 return self.get_perms(user=self, cache=False)
940 return self.get_perms(user=self, cache=False)
942
941
943 @LazyProperty
942 @LazyProperty
944 def permissions_safe(self):
943 def permissions_safe(self):
945 """
944 """
946 Filtered permissions excluding not allowed repositories
945 Filtered permissions excluding not allowed repositories
947 """
946 """
948 perms = self.get_perms(user=self, cache=False)
947 perms = self.get_perms(user=self, cache=False)
949
948
950 perms['repositories'] = {
949 perms['repositories'] = {
951 k: v for k, v in perms['repositories'].iteritems()
950 k: v for k, v in perms['repositories'].iteritems()
952 if v != 'repository.none'}
951 if v != 'repository.none'}
953 perms['repositories_groups'] = {
952 perms['repositories_groups'] = {
954 k: v for k, v in perms['repositories_groups'].iteritems()
953 k: v for k, v in perms['repositories_groups'].iteritems()
955 if v != 'group.none'}
954 if v != 'group.none'}
956 perms['user_groups'] = {
955 perms['user_groups'] = {
957 k: v for k, v in perms['user_groups'].iteritems()
956 k: v for k, v in perms['user_groups'].iteritems()
958 if v != 'usergroup.none'}
957 if v != 'usergroup.none'}
959 return perms
958 return perms
960
959
961 @LazyProperty
960 @LazyProperty
962 def permissions_full_details(self):
961 def permissions_full_details(self):
963 return self.get_perms(
962 return self.get_perms(
964 user=self, cache=False, calculate_super_admin=True)
963 user=self, cache=False, calculate_super_admin=True)
965
964
966 def permissions_with_scope(self, scope):
965 def permissions_with_scope(self, scope):
967 """
966 """
968 Call the get_perms function with scoped data. The scope in that function
967 Call the get_perms function with scoped data. The scope in that function
969 narrows the SQL calls to the given ID of objects resulting in fetching
968 narrows the SQL calls to the given ID of objects resulting in fetching
970 Just particular permission we want to obtain. If scope is an empty dict
969 Just particular permission we want to obtain. If scope is an empty dict
971 then it basically narrows the scope to GLOBAL permissions only.
970 then it basically narrows the scope to GLOBAL permissions only.
972
971
973 :param scope: dict
972 :param scope: dict
974 """
973 """
975 if 'repo_name' in scope:
974 if 'repo_name' in scope:
976 obj = Repository.get_by_repo_name(scope['repo_name'])
975 obj = Repository.get_by_repo_name(scope['repo_name'])
977 if obj:
976 if obj:
978 scope['repo_id'] = obj.repo_id
977 scope['repo_id'] = obj.repo_id
979 _scope = {
978 _scope = {
980 'repo_id': -1,
979 'repo_id': -1,
981 'user_group_id': -1,
980 'user_group_id': -1,
982 'repo_group_id': -1,
981 'repo_group_id': -1,
983 }
982 }
984 _scope.update(scope)
983 _scope.update(scope)
985 cache_key = "_".join(map(safe_str, reduce(lambda a, b: a+b,
984 cache_key = "_".join(map(safe_str, reduce(lambda a, b: a+b,
986 _scope.items())))
985 _scope.items())))
987 if cache_key not in self._permissions_scoped_cache:
986 if cache_key not in self._permissions_scoped_cache:
988 # store in cache to mimic how the @LazyProperty works,
987 # store in cache to mimic how the @LazyProperty works,
989 # the difference here is that we use the unique key calculated
988 # the difference here is that we use the unique key calculated
990 # from params and values
989 # from params and values
991 res = self.get_perms(user=self, cache=False, scope=_scope)
990 res = self.get_perms(user=self, cache=False, scope=_scope)
992 self._permissions_scoped_cache[cache_key] = res
991 self._permissions_scoped_cache[cache_key] = res
993 return self._permissions_scoped_cache[cache_key]
992 return self._permissions_scoped_cache[cache_key]
994
993
995 def get_instance(self):
994 def get_instance(self):
996 return User.get(self.user_id)
995 return User.get(self.user_id)
997
996
998 def update_lastactivity(self):
997 def update_lastactivity(self):
999 if self.user_id:
998 if self.user_id:
1000 User.get(self.user_id).update_lastactivity()
999 User.get(self.user_id).update_lastactivity()
1001
1000
1002 def propagate_data(self):
1001 def propagate_data(self):
1003 """
1002 """
1004 Fills in user data and propagates values to this instance. Maps fetched
1003 Fills in user data and propagates values to this instance. Maps fetched
1005 user attributes to this class instance attributes
1004 user attributes to this class instance attributes
1006 """
1005 """
1007 log.debug('AuthUser: starting data propagation for new potential user')
1006 log.debug('AuthUser: starting data propagation for new potential user')
1008 user_model = UserModel()
1007 user_model = UserModel()
1009 anon_user = self.anonymous_user = User.get_default_user(cache=True)
1008 anon_user = self.anonymous_user = User.get_default_user(cache=True)
1010 is_user_loaded = False
1009 is_user_loaded = False
1011
1010
1012 # lookup by userid
1011 # lookup by userid
1013 if self.user_id is not None and self.user_id != anon_user.user_id:
1012 if self.user_id is not None and self.user_id != anon_user.user_id:
1014 log.debug('Trying Auth User lookup by USER ID: `%s`', self.user_id)
1013 log.debug('Trying Auth User lookup by USER ID: `%s`', self.user_id)
1015 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
1014 is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
1016
1015
1017 # try go get user by api key
1016 # try go get user by api key
1018 elif self._api_key and self._api_key != anon_user.api_key:
1017 elif self._api_key and self._api_key != anon_user.api_key:
1019 log.debug('Trying Auth User lookup by API KEY: `%s`', self._api_key)
1018 log.debug('Trying Auth User lookup by API KEY: `%s`', self._api_key)
1020 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
1019 is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
1021
1020
1022 # lookup by username
1021 # lookup by username
1023 elif self.username:
1022 elif self.username:
1024 log.debug('Trying Auth User lookup by USER NAME: `%s`', self.username)
1023 log.debug('Trying Auth User lookup by USER NAME: `%s`', self.username)
1025 is_user_loaded = user_model.fill_data(self, username=self.username)
1024 is_user_loaded = user_model.fill_data(self, username=self.username)
1026 else:
1025 else:
1027 log.debug('No data in %s that could been used to log in', self)
1026 log.debug('No data in %s that could been used to log in', self)
1028
1027
1029 if not is_user_loaded:
1028 if not is_user_loaded:
1030 log.debug(
1029 log.debug(
1031 'Failed to load user. Fallback to default user %s', anon_user)
1030 'Failed to load user. Fallback to default user %s', anon_user)
1032 # if we cannot authenticate user try anonymous
1031 # if we cannot authenticate user try anonymous
1033 if anon_user.active:
1032 if anon_user.active:
1034 log.debug('default user is active, using it as a session user')
1033 log.debug('default user is active, using it as a session user')
1035 user_model.fill_data(self, user_id=anon_user.user_id)
1034 user_model.fill_data(self, user_id=anon_user.user_id)
1036 # then we set this user is logged in
1035 # then we set this user is logged in
1037 self.is_authenticated = True
1036 self.is_authenticated = True
1038 else:
1037 else:
1039 log.debug('default user is NOT active')
1038 log.debug('default user is NOT active')
1040 # in case of disabled anonymous user we reset some of the
1039 # in case of disabled anonymous user we reset some of the
1041 # parameters so such user is "corrupted", skipping the fill_data
1040 # parameters so such user is "corrupted", skipping the fill_data
1042 for attr in ['user_id', 'username', 'admin', 'active']:
1041 for attr in ['user_id', 'username', 'admin', 'active']:
1043 setattr(self, attr, None)
1042 setattr(self, attr, None)
1044 self.is_authenticated = False
1043 self.is_authenticated = False
1045
1044
1046 if not self.username:
1045 if not self.username:
1047 self.username = 'None'
1046 self.username = 'None'
1048
1047
1049 log.debug('AuthUser: propagated user is now %s', self)
1048 log.debug('AuthUser: propagated user is now %s', self)
1050
1049
1051 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
1050 def get_perms(self, user, scope=None, explicit=True, algo='higherwin',
1052 calculate_super_admin=False, cache=False):
1051 calculate_super_admin=False, cache=False):
1053 """
1052 """
1054 Fills user permission attribute with permissions taken from database
1053 Fills user permission attribute with permissions taken from database
1055 works for permissions given for repositories, and for permissions that
1054 works for permissions given for repositories, and for permissions that
1056 are granted to groups
1055 are granted to groups
1057
1056
1058 :param user: instance of User object from database
1057 :param user: instance of User object from database
1059 :param explicit: In case there are permissions both for user and a group
1058 :param explicit: In case there are permissions both for user and a group
1060 that user is part of, explicit flag will defiine if user will
1059 that user is part of, explicit flag will defiine if user will
1061 explicitly override permissions from group, if it's False it will
1060 explicitly override permissions from group, if it's False it will
1062 make decision based on the algo
1061 make decision based on the algo
1063 :param algo: algorithm to decide what permission should be choose if
1062 :param algo: algorithm to decide what permission should be choose if
1064 it's multiple defined, eg user in two different groups. It also
1063 it's multiple defined, eg user in two different groups. It also
1065 decides if explicit flag is turned off how to specify the permission
1064 decides if explicit flag is turned off how to specify the permission
1066 for case when user is in a group + have defined separate permission
1065 for case when user is in a group + have defined separate permission
1067 """
1066 """
1068 user_id = user.user_id
1067 user_id = user.user_id
1069 user_is_admin = user.is_admin
1068 user_is_admin = user.is_admin
1070
1069
1071 # inheritance of global permissions like create repo/fork repo etc
1070 # inheritance of global permissions like create repo/fork repo etc
1072 user_inherit_default_permissions = user.inherit_default_permissions
1071 user_inherit_default_permissions = user.inherit_default_permissions
1073
1072
1074 log.debug('Computing PERMISSION tree for scope %s' % (scope, ))
1073 log.debug('Computing PERMISSION tree for scope %s' % (scope, ))
1075 compute = caches.conditional_cache(
1074 compute = caches.conditional_cache(
1076 'short_term', 'cache_desc',
1075 'short_term', 'cache_desc',
1077 condition=cache, func=_cached_perms_data)
1076 condition=cache, func=_cached_perms_data)
1078 result = compute(user_id, scope, user_is_admin,
1077 result = compute(user_id, scope, user_is_admin,
1079 user_inherit_default_permissions, explicit, algo,
1078 user_inherit_default_permissions, explicit, algo,
1080 calculate_super_admin)
1079 calculate_super_admin)
1081
1080
1082 result_repr = []
1081 result_repr = []
1083 for k in result:
1082 for k in result:
1084 result_repr.append((k, len(result[k])))
1083 result_repr.append((k, len(result[k])))
1085
1084
1086 log.debug('PERMISSION tree computed %s' % (result_repr,))
1085 log.debug('PERMISSION tree computed %s' % (result_repr,))
1087 return result
1086 return result
1088
1087
1089 @property
1088 @property
1090 def is_default(self):
1089 def is_default(self):
1091 return self.username == User.DEFAULT_USER
1090 return self.username == User.DEFAULT_USER
1092
1091
1093 @property
1092 @property
1094 def is_admin(self):
1093 def is_admin(self):
1095 return self.admin
1094 return self.admin
1096
1095
1097 @property
1096 @property
1098 def is_user_object(self):
1097 def is_user_object(self):
1099 return self.user_id is not None
1098 return self.user_id is not None
1100
1099
1101 @property
1100 @property
1102 def repositories_admin(self):
1101 def repositories_admin(self):
1103 """
1102 """
1104 Returns list of repositories you're an admin of
1103 Returns list of repositories you're an admin of
1105 """
1104 """
1106 return [
1105 return [
1107 x[0] for x in self.permissions['repositories'].iteritems()
1106 x[0] for x in self.permissions['repositories'].iteritems()
1108 if x[1] == 'repository.admin']
1107 if x[1] == 'repository.admin']
1109
1108
1110 @property
1109 @property
1111 def repository_groups_admin(self):
1110 def repository_groups_admin(self):
1112 """
1111 """
1113 Returns list of repository groups you're an admin of
1112 Returns list of repository groups you're an admin of
1114 """
1113 """
1115 return [
1114 return [
1116 x[0] for x in self.permissions['repositories_groups'].iteritems()
1115 x[0] for x in self.permissions['repositories_groups'].iteritems()
1117 if x[1] == 'group.admin']
1116 if x[1] == 'group.admin']
1118
1117
1119 @property
1118 @property
1120 def user_groups_admin(self):
1119 def user_groups_admin(self):
1121 """
1120 """
1122 Returns list of user groups you're an admin of
1121 Returns list of user groups you're an admin of
1123 """
1122 """
1124 return [
1123 return [
1125 x[0] for x in self.permissions['user_groups'].iteritems()
1124 x[0] for x in self.permissions['user_groups'].iteritems()
1126 if x[1] == 'usergroup.admin']
1125 if x[1] == 'usergroup.admin']
1127
1126
1128 def repo_acl_ids(self, perms=None, name_filter=None, cache=False):
1127 def repo_acl_ids(self, perms=None, name_filter=None, cache=False):
1129 """
1128 """
1130 Returns list of repository ids that user have access to based on given
1129 Returns list of repository ids that user have access to based on given
1131 perms. The cache flag should be only used in cases that are used for
1130 perms. The cache flag should be only used in cases that are used for
1132 display purposes, NOT IN ANY CASE for permission checks.
1131 display purposes, NOT IN ANY CASE for permission checks.
1133 """
1132 """
1134 from rhodecode.model.scm import RepoList
1133 from rhodecode.model.scm import RepoList
1135 if not perms:
1134 if not perms:
1136 perms = [
1135 perms = [
1137 'repository.read', 'repository.write', 'repository.admin']
1136 'repository.read', 'repository.write', 'repository.admin']
1138
1137
1139 def _cached_repo_acl(user_id, perm_def, name_filter):
1138 def _cached_repo_acl(user_id, perm_def, name_filter):
1140 qry = Repository.query()
1139 qry = Repository.query()
1141 if name_filter:
1140 if name_filter:
1142 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1141 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1143 qry = qry.filter(
1142 qry = qry.filter(
1144 Repository.repo_name.ilike(ilike_expression))
1143 Repository.repo_name.ilike(ilike_expression))
1145
1144
1146 return [x.repo_id for x in
1145 return [x.repo_id for x in
1147 RepoList(qry, perm_set=perm_def)]
1146 RepoList(qry, perm_set=perm_def)]
1148
1147
1149 compute = caches.conditional_cache(
1148 compute = caches.conditional_cache(
1150 'long_term', 'repo_acl_ids',
1149 'long_term', 'repo_acl_ids',
1151 condition=cache, func=_cached_repo_acl)
1150 condition=cache, func=_cached_repo_acl)
1152 return compute(self.user_id, perms, name_filter)
1151 return compute(self.user_id, perms, name_filter)
1153
1152
1154 def repo_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1153 def repo_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1155 """
1154 """
1156 Returns list of repository group ids that user have access to based on given
1155 Returns list of repository group ids that user have access to based on given
1157 perms. The cache flag should be only used in cases that are used for
1156 perms. The cache flag should be only used in cases that are used for
1158 display purposes, NOT IN ANY CASE for permission checks.
1157 display purposes, NOT IN ANY CASE for permission checks.
1159 """
1158 """
1160 from rhodecode.model.scm import RepoGroupList
1159 from rhodecode.model.scm import RepoGroupList
1161 if not perms:
1160 if not perms:
1162 perms = [
1161 perms = [
1163 'group.read', 'group.write', 'group.admin']
1162 'group.read', 'group.write', 'group.admin']
1164
1163
1165 def _cached_repo_group_acl(user_id, perm_def, name_filter):
1164 def _cached_repo_group_acl(user_id, perm_def, name_filter):
1166 qry = RepoGroup.query()
1165 qry = RepoGroup.query()
1167 if name_filter:
1166 if name_filter:
1168 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1167 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1169 qry = qry.filter(
1168 qry = qry.filter(
1170 RepoGroup.group_name.ilike(ilike_expression))
1169 RepoGroup.group_name.ilike(ilike_expression))
1171
1170
1172 return [x.group_id for x in
1171 return [x.group_id for x in
1173 RepoGroupList(qry, perm_set=perm_def)]
1172 RepoGroupList(qry, perm_set=perm_def)]
1174
1173
1175 compute = caches.conditional_cache(
1174 compute = caches.conditional_cache(
1176 'long_term', 'repo_group_acl_ids',
1175 'long_term', 'repo_group_acl_ids',
1177 condition=cache, func=_cached_repo_group_acl)
1176 condition=cache, func=_cached_repo_group_acl)
1178 return compute(self.user_id, perms, name_filter)
1177 return compute(self.user_id, perms, name_filter)
1179
1178
1180 def user_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1179 def user_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1181 """
1180 """
1182 Returns list of user group ids that user have access to based on given
1181 Returns list of user group ids that user have access to based on given
1183 perms. The cache flag should be only used in cases that are used for
1182 perms. The cache flag should be only used in cases that are used for
1184 display purposes, NOT IN ANY CASE for permission checks.
1183 display purposes, NOT IN ANY CASE for permission checks.
1185 """
1184 """
1186 from rhodecode.model.scm import UserGroupList
1185 from rhodecode.model.scm import UserGroupList
1187 if not perms:
1186 if not perms:
1188 perms = [
1187 perms = [
1189 'usergroup.read', 'usergroup.write', 'usergroup.admin']
1188 'usergroup.read', 'usergroup.write', 'usergroup.admin']
1190
1189
1191 def _cached_user_group_acl(user_id, perm_def, name_filter):
1190 def _cached_user_group_acl(user_id, perm_def, name_filter):
1192 qry = UserGroup.query()
1191 qry = UserGroup.query()
1193 if name_filter:
1192 if name_filter:
1194 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1193 ilike_expression = u'%{}%'.format(safe_unicode(name_filter))
1195 qry = qry.filter(
1194 qry = qry.filter(
1196 UserGroup.users_group_name.ilike(ilike_expression))
1195 UserGroup.users_group_name.ilike(ilike_expression))
1197
1196
1198 return [x.users_group_id for x in
1197 return [x.users_group_id for x in
1199 UserGroupList(qry, perm_set=perm_def)]
1198 UserGroupList(qry, perm_set=perm_def)]
1200
1199
1201 compute = caches.conditional_cache(
1200 compute = caches.conditional_cache(
1202 'long_term', 'user_group_acl_ids',
1201 'long_term', 'user_group_acl_ids',
1203 condition=cache, func=_cached_user_group_acl)
1202 condition=cache, func=_cached_user_group_acl)
1204 return compute(self.user_id, perms, name_filter)
1203 return compute(self.user_id, perms, name_filter)
1205
1204
1206 @property
1205 @property
1207 def ip_allowed(self):
1206 def ip_allowed(self):
1208 """
1207 """
1209 Checks if ip_addr used in constructor is allowed from defined list of
1208 Checks if ip_addr used in constructor is allowed from defined list of
1210 allowed ip_addresses for user
1209 allowed ip_addresses for user
1211
1210
1212 :returns: boolean, True if ip is in allowed ip range
1211 :returns: boolean, True if ip is in allowed ip range
1213 """
1212 """
1214 # check IP
1213 # check IP
1215 inherit = self.inherit_default_permissions
1214 inherit = self.inherit_default_permissions
1216 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
1215 return AuthUser.check_ip_allowed(self.user_id, self.ip_addr,
1217 inherit_from_default=inherit)
1216 inherit_from_default=inherit)
1218 @property
1217 @property
1219 def personal_repo_group(self):
1218 def personal_repo_group(self):
1220 return RepoGroup.get_user_personal_repo_group(self.user_id)
1219 return RepoGroup.get_user_personal_repo_group(self.user_id)
1221
1220
1221 @LazyProperty
1222 def feed_token(self):
1223 return self.get_instance().feed_token
1224
1222 @classmethod
1225 @classmethod
1223 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
1226 def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
1224 allowed_ips = AuthUser.get_allowed_ips(
1227 allowed_ips = AuthUser.get_allowed_ips(
1225 user_id, cache=True, inherit_from_default=inherit_from_default)
1228 user_id, cache=True, inherit_from_default=inherit_from_default)
1226 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
1229 if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
1227 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
1230 log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
1228 return True
1231 return True
1229 else:
1232 else:
1230 log.info('Access for IP:%s forbidden, '
1233 log.info('Access for IP:%s forbidden, '
1231 'not in %s' % (ip_addr, allowed_ips))
1234 'not in %s' % (ip_addr, allowed_ips))
1232 return False
1235 return False
1233
1236
1234 def __repr__(self):
1237 def __repr__(self):
1235 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1238 return "<AuthUser('id:%s[%s] ip:%s auth:%s')>"\
1236 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1239 % (self.user_id, self.username, self.ip_addr, self.is_authenticated)
1237
1240
1238 def set_authenticated(self, authenticated=True):
1241 def set_authenticated(self, authenticated=True):
1239 if self.user_id != self.anonymous_user.user_id:
1242 if self.user_id != self.anonymous_user.user_id:
1240 self.is_authenticated = authenticated
1243 self.is_authenticated = authenticated
1241
1244
1242 def get_cookie_store(self):
1245 def get_cookie_store(self):
1243 return {
1246 return {
1244 'username': self.username,
1247 'username': self.username,
1245 'password': md5(self.password or ''),
1248 'password': md5(self.password or ''),
1246 'user_id': self.user_id,
1249 'user_id': self.user_id,
1247 'is_authenticated': self.is_authenticated
1250 'is_authenticated': self.is_authenticated
1248 }
1251 }
1249
1252
1250 @classmethod
1253 @classmethod
1251 def from_cookie_store(cls, cookie_store):
1254 def from_cookie_store(cls, cookie_store):
1252 """
1255 """
1253 Creates AuthUser from a cookie store
1256 Creates AuthUser from a cookie store
1254
1257
1255 :param cls:
1258 :param cls:
1256 :param cookie_store:
1259 :param cookie_store:
1257 """
1260 """
1258 user_id = cookie_store.get('user_id')
1261 user_id = cookie_store.get('user_id')
1259 username = cookie_store.get('username')
1262 username = cookie_store.get('username')
1260 api_key = cookie_store.get('api_key')
1263 api_key = cookie_store.get('api_key')
1261 return AuthUser(user_id, api_key, username)
1264 return AuthUser(user_id, api_key, username)
1262
1265
1263 @classmethod
1266 @classmethod
1264 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1267 def get_allowed_ips(cls, user_id, cache=False, inherit_from_default=False):
1265 _set = set()
1268 _set = set()
1266
1269
1267 if inherit_from_default:
1270 if inherit_from_default:
1268 default_ips = UserIpMap.query().filter(
1271 default_ips = UserIpMap.query().filter(
1269 UserIpMap.user == User.get_default_user(cache=True))
1272 UserIpMap.user == User.get_default_user(cache=True))
1270 if cache:
1273 if cache:
1271 default_ips = default_ips.options(
1274 default_ips = default_ips.options(
1272 FromCache("sql_cache_short", "get_user_ips_default"))
1275 FromCache("sql_cache_short", "get_user_ips_default"))
1273
1276
1274 # populate from default user
1277 # populate from default user
1275 for ip in default_ips:
1278 for ip in default_ips:
1276 try:
1279 try:
1277 _set.add(ip.ip_addr)
1280 _set.add(ip.ip_addr)
1278 except ObjectDeletedError:
1281 except ObjectDeletedError:
1279 # since we use heavy caching sometimes it happens that
1282 # since we use heavy caching sometimes it happens that
1280 # we get deleted objects here, we just skip them
1283 # we get deleted objects here, we just skip them
1281 pass
1284 pass
1282
1285
1283 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1286 user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id)
1284 if cache:
1287 if cache:
1285 user_ips = user_ips.options(
1288 user_ips = user_ips.options(
1286 FromCache("sql_cache_short", "get_user_ips_%s" % user_id))
1289 FromCache("sql_cache_short", "get_user_ips_%s" % user_id))
1287
1290
1288 for ip in user_ips:
1291 for ip in user_ips:
1289 try:
1292 try:
1290 _set.add(ip.ip_addr)
1293 _set.add(ip.ip_addr)
1291 except ObjectDeletedError:
1294 except ObjectDeletedError:
1292 # since we use heavy caching sometimes it happens that we get
1295 # since we use heavy caching sometimes it happens that we get
1293 # deleted objects here, we just skip them
1296 # deleted objects here, we just skip them
1294 pass
1297 pass
1295 return _set or set(['0.0.0.0/0', '::/0'])
1298 return _set or set(['0.0.0.0/0', '::/0'])
1296
1299
1297
1300
1298 def set_available_permissions(settings):
1301 def set_available_permissions(settings):
1299 """
1302 """
1300 This function will propagate pyramid settings with all available defined
1303 This function will propagate pyramid settings with all available defined
1301 permission given in db. We don't want to check each time from db for new
1304 permission given in db. We don't want to check each time from db for new
1302 permissions since adding a new permission also requires application restart
1305 permissions since adding a new permission also requires application restart
1303 ie. to decorate new views with the newly created permission
1306 ie. to decorate new views with the newly created permission
1304
1307
1305 :param settings: current pyramid registry.settings
1308 :param settings: current pyramid registry.settings
1306
1309
1307 """
1310 """
1308 log.debug('auth: getting information about all available permissions')
1311 log.debug('auth: getting information about all available permissions')
1309 try:
1312 try:
1310 sa = meta.Session
1313 sa = meta.Session
1311 all_perms = sa.query(Permission).all()
1314 all_perms = sa.query(Permission).all()
1312 settings.setdefault('available_permissions',
1315 settings.setdefault('available_permissions',
1313 [x.permission_name for x in all_perms])
1316 [x.permission_name for x in all_perms])
1314 log.debug('auth: set available permissions')
1317 log.debug('auth: set available permissions')
1315 except Exception:
1318 except Exception:
1316 log.exception('Failed to fetch permissions from the database.')
1319 log.exception('Failed to fetch permissions from the database.')
1317 raise
1320 raise
1318
1321
1319
1322
1320 def get_csrf_token(session, force_new=False, save_if_missing=True):
1323 def get_csrf_token(session, force_new=False, save_if_missing=True):
1321 """
1324 """
1322 Return the current authentication token, creating one if one doesn't
1325 Return the current authentication token, creating one if one doesn't
1323 already exist and the save_if_missing flag is present.
1326 already exist and the save_if_missing flag is present.
1324
1327
1325 :param session: pass in the pyramid session, else we use the global ones
1328 :param session: pass in the pyramid session, else we use the global ones
1326 :param force_new: force to re-generate the token and store it in session
1329 :param force_new: force to re-generate the token and store it in session
1327 :param save_if_missing: save the newly generated token if it's missing in
1330 :param save_if_missing: save the newly generated token if it's missing in
1328 session
1331 session
1329 """
1332 """
1330 # NOTE(marcink): probably should be replaced with below one from pyramid 1.9
1333 # NOTE(marcink): probably should be replaced with below one from pyramid 1.9
1331 # from pyramid.csrf import get_csrf_token
1334 # from pyramid.csrf import get_csrf_token
1332
1335
1333 if (csrf_token_key not in session and save_if_missing) or force_new:
1336 if (csrf_token_key not in session and save_if_missing) or force_new:
1334 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1337 token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
1335 session[csrf_token_key] = token
1338 session[csrf_token_key] = token
1336 if hasattr(session, 'save'):
1339 if hasattr(session, 'save'):
1337 session.save()
1340 session.save()
1338 return session.get(csrf_token_key)
1341 return session.get(csrf_token_key)
1339
1342
1340
1343
1341 def get_request(perm_class_instance):
1344 def get_request(perm_class_instance):
1342 from pyramid.threadlocal import get_current_request
1345 from pyramid.threadlocal import get_current_request
1343 pyramid_request = get_current_request()
1346 pyramid_request = get_current_request()
1344 return pyramid_request
1347 return pyramid_request
1345
1348
1346
1349
1347 # CHECK DECORATORS
1350 # CHECK DECORATORS
1348 class CSRFRequired(object):
1351 class CSRFRequired(object):
1349 """
1352 """
1350 Decorator for authenticating a form
1353 Decorator for authenticating a form
1351
1354
1352 This decorator uses an authorization token stored in the client's
1355 This decorator uses an authorization token stored in the client's
1353 session for prevention of certain Cross-site request forgery (CSRF)
1356 session for prevention of certain Cross-site request forgery (CSRF)
1354 attacks (See
1357 attacks (See
1355 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1358 http://en.wikipedia.org/wiki/Cross-site_request_forgery for more
1356 information).
1359 information).
1357
1360
1358 For use with the ``webhelpers.secure_form`` helper functions.
1361 For use with the ``webhelpers.secure_form`` helper functions.
1359
1362
1360 """
1363 """
1361 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1364 def __init__(self, token=csrf_token_key, header='X-CSRF-Token',
1362 except_methods=None):
1365 except_methods=None):
1363 self.token = token
1366 self.token = token
1364 self.header = header
1367 self.header = header
1365 self.except_methods = except_methods or []
1368 self.except_methods = except_methods or []
1366
1369
1367 def __call__(self, func):
1370 def __call__(self, func):
1368 return get_cython_compat_decorator(self.__wrapper, func)
1371 return get_cython_compat_decorator(self.__wrapper, func)
1369
1372
1370 def _get_csrf(self, _request):
1373 def _get_csrf(self, _request):
1371 return _request.POST.get(self.token, _request.headers.get(self.header))
1374 return _request.POST.get(self.token, _request.headers.get(self.header))
1372
1375
1373 def check_csrf(self, _request, cur_token):
1376 def check_csrf(self, _request, cur_token):
1374 supplied_token = self._get_csrf(_request)
1377 supplied_token = self._get_csrf(_request)
1375 return supplied_token and supplied_token == cur_token
1378 return supplied_token and supplied_token == cur_token
1376
1379
1377 def _get_request(self):
1380 def _get_request(self):
1378 return get_request(self)
1381 return get_request(self)
1379
1382
1380 def __wrapper(self, func, *fargs, **fkwargs):
1383 def __wrapper(self, func, *fargs, **fkwargs):
1381 request = self._get_request()
1384 request = self._get_request()
1382
1385
1383 if request.method in self.except_methods:
1386 if request.method in self.except_methods:
1384 return func(*fargs, **fkwargs)
1387 return func(*fargs, **fkwargs)
1385
1388
1386 cur_token = get_csrf_token(request.session, save_if_missing=False)
1389 cur_token = get_csrf_token(request.session, save_if_missing=False)
1387 if self.check_csrf(request, cur_token):
1390 if self.check_csrf(request, cur_token):
1388 if request.POST.get(self.token):
1391 if request.POST.get(self.token):
1389 del request.POST[self.token]
1392 del request.POST[self.token]
1390 return func(*fargs, **fkwargs)
1393 return func(*fargs, **fkwargs)
1391 else:
1394 else:
1392 reason = 'token-missing'
1395 reason = 'token-missing'
1393 supplied_token = self._get_csrf(request)
1396 supplied_token = self._get_csrf(request)
1394 if supplied_token and cur_token != supplied_token:
1397 if supplied_token and cur_token != supplied_token:
1395 reason = 'token-mismatch [%s:%s]' % (
1398 reason = 'token-mismatch [%s:%s]' % (
1396 cur_token or ''[:6], supplied_token or ''[:6])
1399 cur_token or ''[:6], supplied_token or ''[:6])
1397
1400
1398 csrf_message = \
1401 csrf_message = \
1399 ("Cross-site request forgery detected, request denied. See "
1402 ("Cross-site request forgery detected, request denied. See "
1400 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1403 "http://en.wikipedia.org/wiki/Cross-site_request_forgery for "
1401 "more information.")
1404 "more information.")
1402 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1405 log.warn('Cross-site request forgery detected, request %r DENIED: %s '
1403 'REMOTE_ADDR:%s, HEADERS:%s' % (
1406 'REMOTE_ADDR:%s, HEADERS:%s' % (
1404 request, reason, request.remote_addr, request.headers))
1407 request, reason, request.remote_addr, request.headers))
1405
1408
1406 raise HTTPForbidden(explanation=csrf_message)
1409 raise HTTPForbidden(explanation=csrf_message)
1407
1410
1408
1411
1409 class LoginRequired(object):
1412 class LoginRequired(object):
1410 """
1413 """
1411 Must be logged in to execute this function else
1414 Must be logged in to execute this function else
1412 redirect to login page
1415 redirect to login page
1413
1416
1414 :param api_access: if enabled this checks only for valid auth token
1417 :param api_access: if enabled this checks only for valid auth token
1415 and grants access based on valid token
1418 and grants access based on valid token
1416 """
1419 """
1417 def __init__(self, auth_token_access=None):
1420 def __init__(self, auth_token_access=None):
1418 self.auth_token_access = auth_token_access
1421 self.auth_token_access = auth_token_access
1419
1422
1420 def __call__(self, func):
1423 def __call__(self, func):
1421 return get_cython_compat_decorator(self.__wrapper, func)
1424 return get_cython_compat_decorator(self.__wrapper, func)
1422
1425
1423 def _get_request(self):
1426 def _get_request(self):
1424 return get_request(self)
1427 return get_request(self)
1425
1428
1426 def __wrapper(self, func, *fargs, **fkwargs):
1429 def __wrapper(self, func, *fargs, **fkwargs):
1427 from rhodecode.lib import helpers as h
1430 from rhodecode.lib import helpers as h
1428 cls = fargs[0]
1431 cls = fargs[0]
1429 user = cls._rhodecode_user
1432 user = cls._rhodecode_user
1430 request = self._get_request()
1433 request = self._get_request()
1431 _ = request.translate
1434 _ = request.translate
1432
1435
1433 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1436 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
1434 log.debug('Starting login restriction checks for user: %s' % (user,))
1437 log.debug('Starting login restriction checks for user: %s' % (user,))
1435 # check if our IP is allowed
1438 # check if our IP is allowed
1436 ip_access_valid = True
1439 ip_access_valid = True
1437 if not user.ip_allowed:
1440 if not user.ip_allowed:
1438 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1441 h.flash(h.literal(_('IP %s not allowed' % (user.ip_addr,))),
1439 category='warning')
1442 category='warning')
1440 ip_access_valid = False
1443 ip_access_valid = False
1441
1444
1442 # check if we used an APIKEY and it's a valid one
1445 # check if we used an APIKEY and it's a valid one
1443 # defined white-list of controllers which API access will be enabled
1446 # defined white-list of controllers which API access will be enabled
1444 _auth_token = request.GET.get(
1447 _auth_token = request.GET.get(
1445 'auth_token', '') or request.GET.get('api_key', '')
1448 'auth_token', '') or request.GET.get('api_key', '')
1446 auth_token_access_valid = allowed_auth_token_access(
1449 auth_token_access_valid = allowed_auth_token_access(
1447 loc, auth_token=_auth_token)
1450 loc, auth_token=_auth_token)
1448
1451
1449 # explicit controller is enabled or API is in our whitelist
1452 # explicit controller is enabled or API is in our whitelist
1450 if self.auth_token_access or auth_token_access_valid:
1453 if self.auth_token_access or auth_token_access_valid:
1451 log.debug('Checking AUTH TOKEN access for %s' % (cls,))
1454 log.debug('Checking AUTH TOKEN access for %s' % (cls,))
1452 db_user = user.get_instance()
1455 db_user = user.get_instance()
1453
1456
1454 if db_user:
1457 if db_user:
1455 if self.auth_token_access:
1458 if self.auth_token_access:
1456 roles = self.auth_token_access
1459 roles = self.auth_token_access
1457 else:
1460 else:
1458 roles = [UserApiKeys.ROLE_HTTP]
1461 roles = [UserApiKeys.ROLE_HTTP]
1459 token_match = db_user.authenticate_by_token(
1462 token_match = db_user.authenticate_by_token(
1460 _auth_token, roles=roles)
1463 _auth_token, roles=roles)
1461 else:
1464 else:
1462 log.debug('Unable to fetch db instance for auth user: %s', user)
1465 log.debug('Unable to fetch db instance for auth user: %s', user)
1463 token_match = False
1466 token_match = False
1464
1467
1465 if _auth_token and token_match:
1468 if _auth_token and token_match:
1466 auth_token_access_valid = True
1469 auth_token_access_valid = True
1467 log.debug('AUTH TOKEN ****%s is VALID' % (_auth_token[-4:],))
1470 log.debug('AUTH TOKEN ****%s is VALID' % (_auth_token[-4:],))
1468 else:
1471 else:
1469 auth_token_access_valid = False
1472 auth_token_access_valid = False
1470 if not _auth_token:
1473 if not _auth_token:
1471 log.debug("AUTH TOKEN *NOT* present in request")
1474 log.debug("AUTH TOKEN *NOT* present in request")
1472 else:
1475 else:
1473 log.warning(
1476 log.warning(
1474 "AUTH TOKEN ****%s *NOT* valid" % _auth_token[-4:])
1477 "AUTH TOKEN ****%s *NOT* valid" % _auth_token[-4:])
1475
1478
1476 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
1479 log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
1477 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1480 reason = 'RHODECODE_AUTH' if user.is_authenticated \
1478 else 'AUTH_TOKEN_AUTH'
1481 else 'AUTH_TOKEN_AUTH'
1479
1482
1480 if ip_access_valid and (
1483 if ip_access_valid and (
1481 user.is_authenticated or auth_token_access_valid):
1484 user.is_authenticated or auth_token_access_valid):
1482 log.info(
1485 log.info(
1483 'user %s authenticating with:%s IS authenticated on func %s'
1486 'user %s authenticating with:%s IS authenticated on func %s'
1484 % (user, reason, loc))
1487 % (user, reason, loc))
1485
1488
1486 # update user data to check last activity
1489 # update user data to check last activity
1487 user.update_lastactivity()
1490 user.update_lastactivity()
1488 Session().commit()
1491 Session().commit()
1489 return func(*fargs, **fkwargs)
1492 return func(*fargs, **fkwargs)
1490 else:
1493 else:
1491 log.warning(
1494 log.warning(
1492 'user %s authenticating with:%s NOT authenticated on '
1495 'user %s authenticating with:%s NOT authenticated on '
1493 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s'
1496 'func: %s: IP_ACCESS:%s AUTH_TOKEN_ACCESS:%s'
1494 % (user, reason, loc, ip_access_valid,
1497 % (user, reason, loc, ip_access_valid,
1495 auth_token_access_valid))
1498 auth_token_access_valid))
1496 # we preserve the get PARAM
1499 # we preserve the get PARAM
1497 came_from = get_came_from(request)
1500 came_from = get_came_from(request)
1498
1501
1499 log.debug('redirecting to login page with %s' % (came_from,))
1502 log.debug('redirecting to login page with %s' % (came_from,))
1500 raise HTTPFound(
1503 raise HTTPFound(
1501 h.route_path('login', _query={'came_from': came_from}))
1504 h.route_path('login', _query={'came_from': came_from}))
1502
1505
1503
1506
1504 class NotAnonymous(object):
1507 class NotAnonymous(object):
1505 """
1508 """
1506 Must be logged in to execute this function else
1509 Must be logged in to execute this function else
1507 redirect to login page
1510 redirect to login page
1508 """
1511 """
1509
1512
1510 def __call__(self, func):
1513 def __call__(self, func):
1511 return get_cython_compat_decorator(self.__wrapper, func)
1514 return get_cython_compat_decorator(self.__wrapper, func)
1512
1515
1513 def _get_request(self):
1516 def _get_request(self):
1514 return get_request(self)
1517 return get_request(self)
1515
1518
1516 def __wrapper(self, func, *fargs, **fkwargs):
1519 def __wrapper(self, func, *fargs, **fkwargs):
1517 import rhodecode.lib.helpers as h
1520 import rhodecode.lib.helpers as h
1518 cls = fargs[0]
1521 cls = fargs[0]
1519 self.user = cls._rhodecode_user
1522 self.user = cls._rhodecode_user
1520 request = self._get_request()
1523 request = self._get_request()
1521 _ = request.translate
1524 _ = request.translate
1522 log.debug('Checking if user is not anonymous @%s' % cls)
1525 log.debug('Checking if user is not anonymous @%s' % cls)
1523
1526
1524 anonymous = self.user.username == User.DEFAULT_USER
1527 anonymous = self.user.username == User.DEFAULT_USER
1525
1528
1526 if anonymous:
1529 if anonymous:
1527 came_from = get_came_from(request)
1530 came_from = get_came_from(request)
1528 h.flash(_('You need to be a registered user to '
1531 h.flash(_('You need to be a registered user to '
1529 'perform this action'),
1532 'perform this action'),
1530 category='warning')
1533 category='warning')
1531 raise HTTPFound(
1534 raise HTTPFound(
1532 h.route_path('login', _query={'came_from': came_from}))
1535 h.route_path('login', _query={'came_from': came_from}))
1533 else:
1536 else:
1534 return func(*fargs, **fkwargs)
1537 return func(*fargs, **fkwargs)
1535
1538
1536
1539
1537 class PermsDecorator(object):
1540 class PermsDecorator(object):
1538 """
1541 """
1539 Base class for controller decorators, we extract the current user from
1542 Base class for controller decorators, we extract the current user from
1540 the class itself, which has it stored in base controllers
1543 the class itself, which has it stored in base controllers
1541 """
1544 """
1542
1545
1543 def __init__(self, *required_perms):
1546 def __init__(self, *required_perms):
1544 self.required_perms = set(required_perms)
1547 self.required_perms = set(required_perms)
1545
1548
1546 def __call__(self, func):
1549 def __call__(self, func):
1547 return get_cython_compat_decorator(self.__wrapper, func)
1550 return get_cython_compat_decorator(self.__wrapper, func)
1548
1551
1549 def _get_request(self):
1552 def _get_request(self):
1550 return get_request(self)
1553 return get_request(self)
1551
1554
1552 def __wrapper(self, func, *fargs, **fkwargs):
1555 def __wrapper(self, func, *fargs, **fkwargs):
1553 import rhodecode.lib.helpers as h
1556 import rhodecode.lib.helpers as h
1554 cls = fargs[0]
1557 cls = fargs[0]
1555 _user = cls._rhodecode_user
1558 _user = cls._rhodecode_user
1556 request = self._get_request()
1559 request = self._get_request()
1557 _ = request.translate
1560 _ = request.translate
1558
1561
1559 log.debug('checking %s permissions %s for %s %s',
1562 log.debug('checking %s permissions %s for %s %s',
1560 self.__class__.__name__, self.required_perms, cls, _user)
1563 self.__class__.__name__, self.required_perms, cls, _user)
1561
1564
1562 if self.check_permissions(_user):
1565 if self.check_permissions(_user):
1563 log.debug('Permission granted for %s %s', cls, _user)
1566 log.debug('Permission granted for %s %s', cls, _user)
1564 return func(*fargs, **fkwargs)
1567 return func(*fargs, **fkwargs)
1565
1568
1566 else:
1569 else:
1567 log.debug('Permission denied for %s %s', cls, _user)
1570 log.debug('Permission denied for %s %s', cls, _user)
1568 anonymous = _user.username == User.DEFAULT_USER
1571 anonymous = _user.username == User.DEFAULT_USER
1569
1572
1570 if anonymous:
1573 if anonymous:
1571 came_from = get_came_from(self._get_request())
1574 came_from = get_came_from(self._get_request())
1572 h.flash(_('You need to be signed in to view this page'),
1575 h.flash(_('You need to be signed in to view this page'),
1573 category='warning')
1576 category='warning')
1574 raise HTTPFound(
1577 raise HTTPFound(
1575 h.route_path('login', _query={'came_from': came_from}))
1578 h.route_path('login', _query={'came_from': came_from}))
1576
1579
1577 else:
1580 else:
1578 # redirect with 404 to prevent resource discovery
1581 # redirect with 404 to prevent resource discovery
1579 raise HTTPNotFound()
1582 raise HTTPNotFound()
1580
1583
1581 def check_permissions(self, user):
1584 def check_permissions(self, user):
1582 """Dummy function for overriding"""
1585 """Dummy function for overriding"""
1583 raise NotImplementedError(
1586 raise NotImplementedError(
1584 'You have to write this function in child class')
1587 'You have to write this function in child class')
1585
1588
1586
1589
1587 class HasPermissionAllDecorator(PermsDecorator):
1590 class HasPermissionAllDecorator(PermsDecorator):
1588 """
1591 """
1589 Checks for access permission for all given predicates. All of them
1592 Checks for access permission for all given predicates. All of them
1590 have to be meet in order to fulfill the request
1593 have to be meet in order to fulfill the request
1591 """
1594 """
1592
1595
1593 def check_permissions(self, user):
1596 def check_permissions(self, user):
1594 perms = user.permissions_with_scope({})
1597 perms = user.permissions_with_scope({})
1595 if self.required_perms.issubset(perms['global']):
1598 if self.required_perms.issubset(perms['global']):
1596 return True
1599 return True
1597 return False
1600 return False
1598
1601
1599
1602
1600 class HasPermissionAnyDecorator(PermsDecorator):
1603 class HasPermissionAnyDecorator(PermsDecorator):
1601 """
1604 """
1602 Checks for access permission for any of given predicates. In order to
1605 Checks for access permission for any of given predicates. In order to
1603 fulfill the request any of predicates must be meet
1606 fulfill the request any of predicates must be meet
1604 """
1607 """
1605
1608
1606 def check_permissions(self, user):
1609 def check_permissions(self, user):
1607 perms = user.permissions_with_scope({})
1610 perms = user.permissions_with_scope({})
1608 if self.required_perms.intersection(perms['global']):
1611 if self.required_perms.intersection(perms['global']):
1609 return True
1612 return True
1610 return False
1613 return False
1611
1614
1612
1615
1613 class HasRepoPermissionAllDecorator(PermsDecorator):
1616 class HasRepoPermissionAllDecorator(PermsDecorator):
1614 """
1617 """
1615 Checks for access permission for all given predicates for specific
1618 Checks for access permission for all given predicates for specific
1616 repository. All of them have to be meet in order to fulfill the request
1619 repository. All of them have to be meet in order to fulfill the request
1617 """
1620 """
1618 def _get_repo_name(self):
1621 def _get_repo_name(self):
1619 _request = self._get_request()
1622 _request = self._get_request()
1620 return get_repo_slug(_request)
1623 return get_repo_slug(_request)
1621
1624
1622 def check_permissions(self, user):
1625 def check_permissions(self, user):
1623 perms = user.permissions
1626 perms = user.permissions
1624 repo_name = self._get_repo_name()
1627 repo_name = self._get_repo_name()
1625
1628
1626 try:
1629 try:
1627 user_perms = set([perms['repositories'][repo_name]])
1630 user_perms = set([perms['repositories'][repo_name]])
1628 except KeyError:
1631 except KeyError:
1629 log.debug('cannot locate repo with name: `%s` in permissions defs',
1632 log.debug('cannot locate repo with name: `%s` in permissions defs',
1630 repo_name)
1633 repo_name)
1631 return False
1634 return False
1632
1635
1633 log.debug('checking `%s` permissions for repo `%s`',
1636 log.debug('checking `%s` permissions for repo `%s`',
1634 user_perms, repo_name)
1637 user_perms, repo_name)
1635 if self.required_perms.issubset(user_perms):
1638 if self.required_perms.issubset(user_perms):
1636 return True
1639 return True
1637 return False
1640 return False
1638
1641
1639
1642
1640 class HasRepoPermissionAnyDecorator(PermsDecorator):
1643 class HasRepoPermissionAnyDecorator(PermsDecorator):
1641 """
1644 """
1642 Checks for access permission for any of given predicates for specific
1645 Checks for access permission for any of given predicates for specific
1643 repository. In order to fulfill the request any of predicates must be meet
1646 repository. In order to fulfill the request any of predicates must be meet
1644 """
1647 """
1645 def _get_repo_name(self):
1648 def _get_repo_name(self):
1646 _request = self._get_request()
1649 _request = self._get_request()
1647 return get_repo_slug(_request)
1650 return get_repo_slug(_request)
1648
1651
1649 def check_permissions(self, user):
1652 def check_permissions(self, user):
1650 perms = user.permissions
1653 perms = user.permissions
1651 repo_name = self._get_repo_name()
1654 repo_name = self._get_repo_name()
1652
1655
1653 try:
1656 try:
1654 user_perms = set([perms['repositories'][repo_name]])
1657 user_perms = set([perms['repositories'][repo_name]])
1655 except KeyError:
1658 except KeyError:
1656 log.debug(
1659 log.debug(
1657 'cannot locate repo with name: `%s` in permissions defs',
1660 'cannot locate repo with name: `%s` in permissions defs',
1658 repo_name)
1661 repo_name)
1659 return False
1662 return False
1660
1663
1661 log.debug('checking `%s` permissions for repo `%s`',
1664 log.debug('checking `%s` permissions for repo `%s`',
1662 user_perms, repo_name)
1665 user_perms, repo_name)
1663 if self.required_perms.intersection(user_perms):
1666 if self.required_perms.intersection(user_perms):
1664 return True
1667 return True
1665 return False
1668 return False
1666
1669
1667
1670
1668 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1671 class HasRepoGroupPermissionAllDecorator(PermsDecorator):
1669 """
1672 """
1670 Checks for access permission for all given predicates for specific
1673 Checks for access permission for all given predicates for specific
1671 repository group. All of them have to be meet in order to
1674 repository group. All of them have to be meet in order to
1672 fulfill the request
1675 fulfill the request
1673 """
1676 """
1674 def _get_repo_group_name(self):
1677 def _get_repo_group_name(self):
1675 _request = self._get_request()
1678 _request = self._get_request()
1676 return get_repo_group_slug(_request)
1679 return get_repo_group_slug(_request)
1677
1680
1678 def check_permissions(self, user):
1681 def check_permissions(self, user):
1679 perms = user.permissions
1682 perms = user.permissions
1680 group_name = self._get_repo_group_name()
1683 group_name = self._get_repo_group_name()
1681 try:
1684 try:
1682 user_perms = set([perms['repositories_groups'][group_name]])
1685 user_perms = set([perms['repositories_groups'][group_name]])
1683 except KeyError:
1686 except KeyError:
1684 log.debug(
1687 log.debug(
1685 'cannot locate repo group with name: `%s` in permissions defs',
1688 'cannot locate repo group with name: `%s` in permissions defs',
1686 group_name)
1689 group_name)
1687 return False
1690 return False
1688
1691
1689 log.debug('checking `%s` permissions for repo group `%s`',
1692 log.debug('checking `%s` permissions for repo group `%s`',
1690 user_perms, group_name)
1693 user_perms, group_name)
1691 if self.required_perms.issubset(user_perms):
1694 if self.required_perms.issubset(user_perms):
1692 return True
1695 return True
1693 return False
1696 return False
1694
1697
1695
1698
1696 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1699 class HasRepoGroupPermissionAnyDecorator(PermsDecorator):
1697 """
1700 """
1698 Checks for access permission for any of given predicates for specific
1701 Checks for access permission for any of given predicates for specific
1699 repository group. In order to fulfill the request any
1702 repository group. In order to fulfill the request any
1700 of predicates must be met
1703 of predicates must be met
1701 """
1704 """
1702 def _get_repo_group_name(self):
1705 def _get_repo_group_name(self):
1703 _request = self._get_request()
1706 _request = self._get_request()
1704 return get_repo_group_slug(_request)
1707 return get_repo_group_slug(_request)
1705
1708
1706 def check_permissions(self, user):
1709 def check_permissions(self, user):
1707 perms = user.permissions
1710 perms = user.permissions
1708 group_name = self._get_repo_group_name()
1711 group_name = self._get_repo_group_name()
1709
1712
1710 try:
1713 try:
1711 user_perms = set([perms['repositories_groups'][group_name]])
1714 user_perms = set([perms['repositories_groups'][group_name]])
1712 except KeyError:
1715 except KeyError:
1713 log.debug(
1716 log.debug(
1714 'cannot locate repo group with name: `%s` in permissions defs',
1717 'cannot locate repo group with name: `%s` in permissions defs',
1715 group_name)
1718 group_name)
1716 return False
1719 return False
1717
1720
1718 log.debug('checking `%s` permissions for repo group `%s`',
1721 log.debug('checking `%s` permissions for repo group `%s`',
1719 user_perms, group_name)
1722 user_perms, group_name)
1720 if self.required_perms.intersection(user_perms):
1723 if self.required_perms.intersection(user_perms):
1721 return True
1724 return True
1722 return False
1725 return False
1723
1726
1724
1727
1725 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1728 class HasUserGroupPermissionAllDecorator(PermsDecorator):
1726 """
1729 """
1727 Checks for access permission for all given predicates for specific
1730 Checks for access permission for all given predicates for specific
1728 user group. All of them have to be meet in order to fulfill the request
1731 user group. All of them have to be meet in order to fulfill the request
1729 """
1732 """
1730 def _get_user_group_name(self):
1733 def _get_user_group_name(self):
1731 _request = self._get_request()
1734 _request = self._get_request()
1732 return get_user_group_slug(_request)
1735 return get_user_group_slug(_request)
1733
1736
1734 def check_permissions(self, user):
1737 def check_permissions(self, user):
1735 perms = user.permissions
1738 perms = user.permissions
1736 group_name = self._get_user_group_name()
1739 group_name = self._get_user_group_name()
1737 try:
1740 try:
1738 user_perms = set([perms['user_groups'][group_name]])
1741 user_perms = set([perms['user_groups'][group_name]])
1739 except KeyError:
1742 except KeyError:
1740 return False
1743 return False
1741
1744
1742 if self.required_perms.issubset(user_perms):
1745 if self.required_perms.issubset(user_perms):
1743 return True
1746 return True
1744 return False
1747 return False
1745
1748
1746
1749
1747 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1750 class HasUserGroupPermissionAnyDecorator(PermsDecorator):
1748 """
1751 """
1749 Checks for access permission for any of given predicates for specific
1752 Checks for access permission for any of given predicates for specific
1750 user group. In order to fulfill the request any of predicates must be meet
1753 user group. In order to fulfill the request any of predicates must be meet
1751 """
1754 """
1752 def _get_user_group_name(self):
1755 def _get_user_group_name(self):
1753 _request = self._get_request()
1756 _request = self._get_request()
1754 return get_user_group_slug(_request)
1757 return get_user_group_slug(_request)
1755
1758
1756 def check_permissions(self, user):
1759 def check_permissions(self, user):
1757 perms = user.permissions
1760 perms = user.permissions
1758 group_name = self._get_user_group_name()
1761 group_name = self._get_user_group_name()
1759 try:
1762 try:
1760 user_perms = set([perms['user_groups'][group_name]])
1763 user_perms = set([perms['user_groups'][group_name]])
1761 except KeyError:
1764 except KeyError:
1762 return False
1765 return False
1763
1766
1764 if self.required_perms.intersection(user_perms):
1767 if self.required_perms.intersection(user_perms):
1765 return True
1768 return True
1766 return False
1769 return False
1767
1770
1768
1771
1769 # CHECK FUNCTIONS
1772 # CHECK FUNCTIONS
1770 class PermsFunction(object):
1773 class PermsFunction(object):
1771 """Base function for other check functions"""
1774 """Base function for other check functions"""
1772
1775
1773 def __init__(self, *perms):
1776 def __init__(self, *perms):
1774 self.required_perms = set(perms)
1777 self.required_perms = set(perms)
1775 self.repo_name = None
1778 self.repo_name = None
1776 self.repo_group_name = None
1779 self.repo_group_name = None
1777 self.user_group_name = None
1780 self.user_group_name = None
1778
1781
1779 def __bool__(self):
1782 def __bool__(self):
1780 frame = inspect.currentframe()
1783 frame = inspect.currentframe()
1781 stack_trace = traceback.format_stack(frame)
1784 stack_trace = traceback.format_stack(frame)
1782 log.error('Checking bool value on a class instance of perm '
1785 log.error('Checking bool value on a class instance of perm '
1783 'function is not allowed: %s' % ''.join(stack_trace))
1786 'function is not allowed: %s' % ''.join(stack_trace))
1784 # rather than throwing errors, here we always return False so if by
1787 # rather than throwing errors, here we always return False so if by
1785 # accident someone checks truth for just an instance it will always end
1788 # accident someone checks truth for just an instance it will always end
1786 # up in returning False
1789 # up in returning False
1787 return False
1790 return False
1788 __nonzero__ = __bool__
1791 __nonzero__ = __bool__
1789
1792
1790 def __call__(self, check_location='', user=None):
1793 def __call__(self, check_location='', user=None):
1791 if not user:
1794 if not user:
1792 log.debug('Using user attribute from global request')
1795 log.debug('Using user attribute from global request')
1793 # TODO: remove this someday,put as user as attribute here
1796 # TODO: remove this someday,put as user as attribute here
1794 request = self._get_request()
1797 request = self._get_request()
1795 user = request.user
1798 user = request.user
1796
1799
1797 # init auth user if not already given
1800 # init auth user if not already given
1798 if not isinstance(user, AuthUser):
1801 if not isinstance(user, AuthUser):
1799 log.debug('Wrapping user %s into AuthUser', user)
1802 log.debug('Wrapping user %s into AuthUser', user)
1800 user = AuthUser(user.user_id)
1803 user = AuthUser(user.user_id)
1801
1804
1802 cls_name = self.__class__.__name__
1805 cls_name = self.__class__.__name__
1803 check_scope = self._get_check_scope(cls_name)
1806 check_scope = self._get_check_scope(cls_name)
1804 check_location = check_location or 'unspecified location'
1807 check_location = check_location or 'unspecified location'
1805
1808
1806 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1809 log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
1807 self.required_perms, user, check_scope, check_location)
1810 self.required_perms, user, check_scope, check_location)
1808 if not user:
1811 if not user:
1809 log.warning('Empty user given for permission check')
1812 log.warning('Empty user given for permission check')
1810 return False
1813 return False
1811
1814
1812 if self.check_permissions(user):
1815 if self.check_permissions(user):
1813 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1816 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
1814 check_scope, user, check_location)
1817 check_scope, user, check_location)
1815 return True
1818 return True
1816
1819
1817 else:
1820 else:
1818 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1821 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
1819 check_scope, user, check_location)
1822 check_scope, user, check_location)
1820 return False
1823 return False
1821
1824
1822 def _get_request(self):
1825 def _get_request(self):
1823 return get_request(self)
1826 return get_request(self)
1824
1827
1825 def _get_check_scope(self, cls_name):
1828 def _get_check_scope(self, cls_name):
1826 return {
1829 return {
1827 'HasPermissionAll': 'GLOBAL',
1830 'HasPermissionAll': 'GLOBAL',
1828 'HasPermissionAny': 'GLOBAL',
1831 'HasPermissionAny': 'GLOBAL',
1829 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1832 'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
1830 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1833 'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
1831 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
1834 'HasRepoGroupPermissionAll': 'repo_group:%s' % self.repo_group_name,
1832 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
1835 'HasRepoGroupPermissionAny': 'repo_group:%s' % self.repo_group_name,
1833 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
1836 'HasUserGroupPermissionAll': 'user_group:%s' % self.user_group_name,
1834 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
1837 'HasUserGroupPermissionAny': 'user_group:%s' % self.user_group_name,
1835 }.get(cls_name, '?:%s' % cls_name)
1838 }.get(cls_name, '?:%s' % cls_name)
1836
1839
1837 def check_permissions(self, user):
1840 def check_permissions(self, user):
1838 """Dummy function for overriding"""
1841 """Dummy function for overriding"""
1839 raise Exception('You have to write this function in child class')
1842 raise Exception('You have to write this function in child class')
1840
1843
1841
1844
1842 class HasPermissionAll(PermsFunction):
1845 class HasPermissionAll(PermsFunction):
1843 def check_permissions(self, user):
1846 def check_permissions(self, user):
1844 perms = user.permissions_with_scope({})
1847 perms = user.permissions_with_scope({})
1845 if self.required_perms.issubset(perms.get('global')):
1848 if self.required_perms.issubset(perms.get('global')):
1846 return True
1849 return True
1847 return False
1850 return False
1848
1851
1849
1852
1850 class HasPermissionAny(PermsFunction):
1853 class HasPermissionAny(PermsFunction):
1851 def check_permissions(self, user):
1854 def check_permissions(self, user):
1852 perms = user.permissions_with_scope({})
1855 perms = user.permissions_with_scope({})
1853 if self.required_perms.intersection(perms.get('global')):
1856 if self.required_perms.intersection(perms.get('global')):
1854 return True
1857 return True
1855 return False
1858 return False
1856
1859
1857
1860
1858 class HasRepoPermissionAll(PermsFunction):
1861 class HasRepoPermissionAll(PermsFunction):
1859 def __call__(self, repo_name=None, check_location='', user=None):
1862 def __call__(self, repo_name=None, check_location='', user=None):
1860 self.repo_name = repo_name
1863 self.repo_name = repo_name
1861 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1864 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1862
1865
1863 def _get_repo_name(self):
1866 def _get_repo_name(self):
1864 if not self.repo_name:
1867 if not self.repo_name:
1865 _request = self._get_request()
1868 _request = self._get_request()
1866 self.repo_name = get_repo_slug(_request)
1869 self.repo_name = get_repo_slug(_request)
1867 return self.repo_name
1870 return self.repo_name
1868
1871
1869 def check_permissions(self, user):
1872 def check_permissions(self, user):
1870 self.repo_name = self._get_repo_name()
1873 self.repo_name = self._get_repo_name()
1871 perms = user.permissions
1874 perms = user.permissions
1872 try:
1875 try:
1873 user_perms = set([perms['repositories'][self.repo_name]])
1876 user_perms = set([perms['repositories'][self.repo_name]])
1874 except KeyError:
1877 except KeyError:
1875 return False
1878 return False
1876 if self.required_perms.issubset(user_perms):
1879 if self.required_perms.issubset(user_perms):
1877 return True
1880 return True
1878 return False
1881 return False
1879
1882
1880
1883
1881 class HasRepoPermissionAny(PermsFunction):
1884 class HasRepoPermissionAny(PermsFunction):
1882 def __call__(self, repo_name=None, check_location='', user=None):
1885 def __call__(self, repo_name=None, check_location='', user=None):
1883 self.repo_name = repo_name
1886 self.repo_name = repo_name
1884 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1887 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1885
1888
1886 def _get_repo_name(self):
1889 def _get_repo_name(self):
1887 if not self.repo_name:
1890 if not self.repo_name:
1888 _request = self._get_request()
1891 _request = self._get_request()
1889 self.repo_name = get_repo_slug(_request)
1892 self.repo_name = get_repo_slug(_request)
1890 return self.repo_name
1893 return self.repo_name
1891
1894
1892 def check_permissions(self, user):
1895 def check_permissions(self, user):
1893 self.repo_name = self._get_repo_name()
1896 self.repo_name = self._get_repo_name()
1894 perms = user.permissions
1897 perms = user.permissions
1895 try:
1898 try:
1896 user_perms = set([perms['repositories'][self.repo_name]])
1899 user_perms = set([perms['repositories'][self.repo_name]])
1897 except KeyError:
1900 except KeyError:
1898 return False
1901 return False
1899 if self.required_perms.intersection(user_perms):
1902 if self.required_perms.intersection(user_perms):
1900 return True
1903 return True
1901 return False
1904 return False
1902
1905
1903
1906
1904 class HasRepoGroupPermissionAny(PermsFunction):
1907 class HasRepoGroupPermissionAny(PermsFunction):
1905 def __call__(self, group_name=None, check_location='', user=None):
1908 def __call__(self, group_name=None, check_location='', user=None):
1906 self.repo_group_name = group_name
1909 self.repo_group_name = group_name
1907 return super(HasRepoGroupPermissionAny, self).__call__(
1910 return super(HasRepoGroupPermissionAny, self).__call__(
1908 check_location, user)
1911 check_location, user)
1909
1912
1910 def check_permissions(self, user):
1913 def check_permissions(self, user):
1911 perms = user.permissions
1914 perms = user.permissions
1912 try:
1915 try:
1913 user_perms = set(
1916 user_perms = set(
1914 [perms['repositories_groups'][self.repo_group_name]])
1917 [perms['repositories_groups'][self.repo_group_name]])
1915 except KeyError:
1918 except KeyError:
1916 return False
1919 return False
1917 if self.required_perms.intersection(user_perms):
1920 if self.required_perms.intersection(user_perms):
1918 return True
1921 return True
1919 return False
1922 return False
1920
1923
1921
1924
1922 class HasRepoGroupPermissionAll(PermsFunction):
1925 class HasRepoGroupPermissionAll(PermsFunction):
1923 def __call__(self, group_name=None, check_location='', user=None):
1926 def __call__(self, group_name=None, check_location='', user=None):
1924 self.repo_group_name = group_name
1927 self.repo_group_name = group_name
1925 return super(HasRepoGroupPermissionAll, self).__call__(
1928 return super(HasRepoGroupPermissionAll, self).__call__(
1926 check_location, user)
1929 check_location, user)
1927
1930
1928 def check_permissions(self, user):
1931 def check_permissions(self, user):
1929 perms = user.permissions
1932 perms = user.permissions
1930 try:
1933 try:
1931 user_perms = set(
1934 user_perms = set(
1932 [perms['repositories_groups'][self.repo_group_name]])
1935 [perms['repositories_groups'][self.repo_group_name]])
1933 except KeyError:
1936 except KeyError:
1934 return False
1937 return False
1935 if self.required_perms.issubset(user_perms):
1938 if self.required_perms.issubset(user_perms):
1936 return True
1939 return True
1937 return False
1940 return False
1938
1941
1939
1942
1940 class HasUserGroupPermissionAny(PermsFunction):
1943 class HasUserGroupPermissionAny(PermsFunction):
1941 def __call__(self, user_group_name=None, check_location='', user=None):
1944 def __call__(self, user_group_name=None, check_location='', user=None):
1942 self.user_group_name = user_group_name
1945 self.user_group_name = user_group_name
1943 return super(HasUserGroupPermissionAny, self).__call__(
1946 return super(HasUserGroupPermissionAny, self).__call__(
1944 check_location, user)
1947 check_location, user)
1945
1948
1946 def check_permissions(self, user):
1949 def check_permissions(self, user):
1947 perms = user.permissions
1950 perms = user.permissions
1948 try:
1951 try:
1949 user_perms = set([perms['user_groups'][self.user_group_name]])
1952 user_perms = set([perms['user_groups'][self.user_group_name]])
1950 except KeyError:
1953 except KeyError:
1951 return False
1954 return False
1952 if self.required_perms.intersection(user_perms):
1955 if self.required_perms.intersection(user_perms):
1953 return True
1956 return True
1954 return False
1957 return False
1955
1958
1956
1959
1957 class HasUserGroupPermissionAll(PermsFunction):
1960 class HasUserGroupPermissionAll(PermsFunction):
1958 def __call__(self, user_group_name=None, check_location='', user=None):
1961 def __call__(self, user_group_name=None, check_location='', user=None):
1959 self.user_group_name = user_group_name
1962 self.user_group_name = user_group_name
1960 return super(HasUserGroupPermissionAll, self).__call__(
1963 return super(HasUserGroupPermissionAll, self).__call__(
1961 check_location, user)
1964 check_location, user)
1962
1965
1963 def check_permissions(self, user):
1966 def check_permissions(self, user):
1964 perms = user.permissions
1967 perms = user.permissions
1965 try:
1968 try:
1966 user_perms = set([perms['user_groups'][self.user_group_name]])
1969 user_perms = set([perms['user_groups'][self.user_group_name]])
1967 except KeyError:
1970 except KeyError:
1968 return False
1971 return False
1969 if self.required_perms.issubset(user_perms):
1972 if self.required_perms.issubset(user_perms):
1970 return True
1973 return True
1971 return False
1974 return False
1972
1975
1973
1976
1974 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1977 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
1975 class HasPermissionAnyMiddleware(object):
1978 class HasPermissionAnyMiddleware(object):
1976 def __init__(self, *perms):
1979 def __init__(self, *perms):
1977 self.required_perms = set(perms)
1980 self.required_perms = set(perms)
1978
1981
1979 def __call__(self, user, repo_name):
1982 def __call__(self, user, repo_name):
1980 # repo_name MUST be unicode, since we handle keys in permission
1983 # repo_name MUST be unicode, since we handle keys in permission
1981 # dict by unicode
1984 # dict by unicode
1982 repo_name = safe_unicode(repo_name)
1985 repo_name = safe_unicode(repo_name)
1983 user = AuthUser(user.user_id)
1986 user = AuthUser(user.user_id)
1984 log.debug(
1987 log.debug(
1985 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
1988 'Checking VCS protocol permissions %s for user:%s repo:`%s`',
1986 self.required_perms, user, repo_name)
1989 self.required_perms, user, repo_name)
1987
1990
1988 if self.check_permissions(user, repo_name):
1991 if self.check_permissions(user, repo_name):
1989 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
1992 log.debug('Permission to repo:`%s` GRANTED for user:%s @ %s',
1990 repo_name, user, 'PermissionMiddleware')
1993 repo_name, user, 'PermissionMiddleware')
1991 return True
1994 return True
1992
1995
1993 else:
1996 else:
1994 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
1997 log.debug('Permission to repo:`%s` DENIED for user:%s @ %s',
1995 repo_name, user, 'PermissionMiddleware')
1998 repo_name, user, 'PermissionMiddleware')
1996 return False
1999 return False
1997
2000
1998 def check_permissions(self, user, repo_name):
2001 def check_permissions(self, user, repo_name):
1999 perms = user.permissions_with_scope({'repo_name': repo_name})
2002 perms = user.permissions_with_scope({'repo_name': repo_name})
2000
2003
2001 try:
2004 try:
2002 user_perms = set([perms['repositories'][repo_name]])
2005 user_perms = set([perms['repositories'][repo_name]])
2003 except Exception:
2006 except Exception:
2004 log.exception('Error while accessing user permissions')
2007 log.exception('Error while accessing user permissions')
2005 return False
2008 return False
2006
2009
2007 if self.required_perms.intersection(user_perms):
2010 if self.required_perms.intersection(user_perms):
2008 return True
2011 return True
2009 return False
2012 return False
2010
2013
2011
2014
2012 # SPECIAL VERSION TO HANDLE API AUTH
2015 # SPECIAL VERSION TO HANDLE API AUTH
2013 class _BaseApiPerm(object):
2016 class _BaseApiPerm(object):
2014 def __init__(self, *perms):
2017 def __init__(self, *perms):
2015 self.required_perms = set(perms)
2018 self.required_perms = set(perms)
2016
2019
2017 def __call__(self, check_location=None, user=None, repo_name=None,
2020 def __call__(self, check_location=None, user=None, repo_name=None,
2018 group_name=None, user_group_name=None):
2021 group_name=None, user_group_name=None):
2019 cls_name = self.__class__.__name__
2022 cls_name = self.__class__.__name__
2020 check_scope = 'global:%s' % (self.required_perms,)
2023 check_scope = 'global:%s' % (self.required_perms,)
2021 if repo_name:
2024 if repo_name:
2022 check_scope += ', repo_name:%s' % (repo_name,)
2025 check_scope += ', repo_name:%s' % (repo_name,)
2023
2026
2024 if group_name:
2027 if group_name:
2025 check_scope += ', repo_group_name:%s' % (group_name,)
2028 check_scope += ', repo_group_name:%s' % (group_name,)
2026
2029
2027 if user_group_name:
2030 if user_group_name:
2028 check_scope += ', user_group_name:%s' % (user_group_name,)
2031 check_scope += ', user_group_name:%s' % (user_group_name,)
2029
2032
2030 log.debug(
2033 log.debug(
2031 'checking cls:%s %s %s @ %s'
2034 'checking cls:%s %s %s @ %s'
2032 % (cls_name, self.required_perms, check_scope, check_location))
2035 % (cls_name, self.required_perms, check_scope, check_location))
2033 if not user:
2036 if not user:
2034 log.debug('Empty User passed into arguments')
2037 log.debug('Empty User passed into arguments')
2035 return False
2038 return False
2036
2039
2037 # process user
2040 # process user
2038 if not isinstance(user, AuthUser):
2041 if not isinstance(user, AuthUser):
2039 user = AuthUser(user.user_id)
2042 user = AuthUser(user.user_id)
2040 if not check_location:
2043 if not check_location:
2041 check_location = 'unspecified'
2044 check_location = 'unspecified'
2042 if self.check_permissions(user.permissions, repo_name, group_name,
2045 if self.check_permissions(user.permissions, repo_name, group_name,
2043 user_group_name):
2046 user_group_name):
2044 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
2047 log.debug('Permission to repo:`%s` GRANTED for user:`%s` @ %s',
2045 check_scope, user, check_location)
2048 check_scope, user, check_location)
2046 return True
2049 return True
2047
2050
2048 else:
2051 else:
2049 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
2052 log.debug('Permission to repo:`%s` DENIED for user:`%s` @ %s',
2050 check_scope, user, check_location)
2053 check_scope, user, check_location)
2051 return False
2054 return False
2052
2055
2053 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2056 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2054 user_group_name=None):
2057 user_group_name=None):
2055 """
2058 """
2056 implement in child class should return True if permissions are ok,
2059 implement in child class should return True if permissions are ok,
2057 False otherwise
2060 False otherwise
2058
2061
2059 :param perm_defs: dict with permission definitions
2062 :param perm_defs: dict with permission definitions
2060 :param repo_name: repo name
2063 :param repo_name: repo name
2061 """
2064 """
2062 raise NotImplementedError()
2065 raise NotImplementedError()
2063
2066
2064
2067
2065 class HasPermissionAllApi(_BaseApiPerm):
2068 class HasPermissionAllApi(_BaseApiPerm):
2066 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2069 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2067 user_group_name=None):
2070 user_group_name=None):
2068 if self.required_perms.issubset(perm_defs.get('global')):
2071 if self.required_perms.issubset(perm_defs.get('global')):
2069 return True
2072 return True
2070 return False
2073 return False
2071
2074
2072
2075
2073 class HasPermissionAnyApi(_BaseApiPerm):
2076 class HasPermissionAnyApi(_BaseApiPerm):
2074 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2077 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2075 user_group_name=None):
2078 user_group_name=None):
2076 if self.required_perms.intersection(perm_defs.get('global')):
2079 if self.required_perms.intersection(perm_defs.get('global')):
2077 return True
2080 return True
2078 return False
2081 return False
2079
2082
2080
2083
2081 class HasRepoPermissionAllApi(_BaseApiPerm):
2084 class HasRepoPermissionAllApi(_BaseApiPerm):
2082 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2085 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2083 user_group_name=None):
2086 user_group_name=None):
2084 try:
2087 try:
2085 _user_perms = set([perm_defs['repositories'][repo_name]])
2088 _user_perms = set([perm_defs['repositories'][repo_name]])
2086 except KeyError:
2089 except KeyError:
2087 log.warning(traceback.format_exc())
2090 log.warning(traceback.format_exc())
2088 return False
2091 return False
2089 if self.required_perms.issubset(_user_perms):
2092 if self.required_perms.issubset(_user_perms):
2090 return True
2093 return True
2091 return False
2094 return False
2092
2095
2093
2096
2094 class HasRepoPermissionAnyApi(_BaseApiPerm):
2097 class HasRepoPermissionAnyApi(_BaseApiPerm):
2095 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2098 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2096 user_group_name=None):
2099 user_group_name=None):
2097 try:
2100 try:
2098 _user_perms = set([perm_defs['repositories'][repo_name]])
2101 _user_perms = set([perm_defs['repositories'][repo_name]])
2099 except KeyError:
2102 except KeyError:
2100 log.warning(traceback.format_exc())
2103 log.warning(traceback.format_exc())
2101 return False
2104 return False
2102 if self.required_perms.intersection(_user_perms):
2105 if self.required_perms.intersection(_user_perms):
2103 return True
2106 return True
2104 return False
2107 return False
2105
2108
2106
2109
2107 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
2110 class HasRepoGroupPermissionAnyApi(_BaseApiPerm):
2108 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2111 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2109 user_group_name=None):
2112 user_group_name=None):
2110 try:
2113 try:
2111 _user_perms = set([perm_defs['repositories_groups'][group_name]])
2114 _user_perms = set([perm_defs['repositories_groups'][group_name]])
2112 except KeyError:
2115 except KeyError:
2113 log.warning(traceback.format_exc())
2116 log.warning(traceback.format_exc())
2114 return False
2117 return False
2115 if self.required_perms.intersection(_user_perms):
2118 if self.required_perms.intersection(_user_perms):
2116 return True
2119 return True
2117 return False
2120 return False
2118
2121
2119
2122
2120 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
2123 class HasRepoGroupPermissionAllApi(_BaseApiPerm):
2121 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2124 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2122 user_group_name=None):
2125 user_group_name=None):
2123 try:
2126 try:
2124 _user_perms = set([perm_defs['repositories_groups'][group_name]])
2127 _user_perms = set([perm_defs['repositories_groups'][group_name]])
2125 except KeyError:
2128 except KeyError:
2126 log.warning(traceback.format_exc())
2129 log.warning(traceback.format_exc())
2127 return False
2130 return False
2128 if self.required_perms.issubset(_user_perms):
2131 if self.required_perms.issubset(_user_perms):
2129 return True
2132 return True
2130 return False
2133 return False
2131
2134
2132
2135
2133 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
2136 class HasUserGroupPermissionAnyApi(_BaseApiPerm):
2134 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2137 def check_permissions(self, perm_defs, repo_name=None, group_name=None,
2135 user_group_name=None):
2138 user_group_name=None):
2136 try:
2139 try:
2137 _user_perms = set([perm_defs['user_groups'][user_group_name]])
2140 _user_perms = set([perm_defs['user_groups'][user_group_name]])
2138 except KeyError:
2141 except KeyError:
2139 log.warning(traceback.format_exc())
2142 log.warning(traceback.format_exc())
2140 return False
2143 return False
2141 if self.required_perms.intersection(_user_perms):
2144 if self.required_perms.intersection(_user_perms):
2142 return True
2145 return True
2143 return False
2146 return False
2144
2147
2145
2148
2146 def check_ip_access(source_ip, allowed_ips=None):
2149 def check_ip_access(source_ip, allowed_ips=None):
2147 """
2150 """
2148 Checks if source_ip is a subnet of any of allowed_ips.
2151 Checks if source_ip is a subnet of any of allowed_ips.
2149
2152
2150 :param source_ip:
2153 :param source_ip:
2151 :param allowed_ips: list of allowed ips together with mask
2154 :param allowed_ips: list of allowed ips together with mask
2152 """
2155 """
2153 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
2156 log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips))
2154 source_ip_address = ipaddress.ip_address(safe_unicode(source_ip))
2157 source_ip_address = ipaddress.ip_address(safe_unicode(source_ip))
2155 if isinstance(allowed_ips, (tuple, list, set)):
2158 if isinstance(allowed_ips, (tuple, list, set)):
2156 for ip in allowed_ips:
2159 for ip in allowed_ips:
2157 ip = safe_unicode(ip)
2160 ip = safe_unicode(ip)
2158 try:
2161 try:
2159 network_address = ipaddress.ip_network(ip, strict=False)
2162 network_address = ipaddress.ip_network(ip, strict=False)
2160 if source_ip_address in network_address:
2163 if source_ip_address in network_address:
2161 log.debug('IP %s is network %s' %
2164 log.debug('IP %s is network %s' %
2162 (source_ip_address, network_address))
2165 (source_ip_address, network_address))
2163 return True
2166 return True
2164 # for any case we cannot determine the IP, don't crash just
2167 # for any case we cannot determine the IP, don't crash just
2165 # skip it and log as error, we want to say forbidden still when
2168 # skip it and log as error, we want to say forbidden still when
2166 # sending bad IP
2169 # sending bad IP
2167 except Exception:
2170 except Exception:
2168 log.error(traceback.format_exc())
2171 log.error(traceback.format_exc())
2169 continue
2172 continue
2170 return False
2173 return False
2171
2174
2172
2175
2173 def get_cython_compat_decorator(wrapper, func):
2176 def get_cython_compat_decorator(wrapper, func):
2174 """
2177 """
2175 Creates a cython compatible decorator. The previously used
2178 Creates a cython compatible decorator. The previously used
2176 decorator.decorator() function seems to be incompatible with cython.
2179 decorator.decorator() function seems to be incompatible with cython.
2177
2180
2178 :param wrapper: __wrapper method of the decorator class
2181 :param wrapper: __wrapper method of the decorator class
2179 :param func: decorated function
2182 :param func: decorated function
2180 """
2183 """
2181 @wraps(func)
2184 @wraps(func)
2182 def local_wrapper(*args, **kwds):
2185 def local_wrapper(*args, **kwds):
2183 return wrapper(func, *args, **kwds)
2186 return wrapper(func, *args, **kwds)
2184 local_wrapper.__wrapped__ = func
2187 local_wrapper.__wrapped__ = func
2185 return local_wrapper
2188 return local_wrapper
2186
2189
2187
2190
Show file before | Show file after | Hide comments
@@ -1,4366 +1,4370 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 Database Models for RhodeCode Enterprise
22 Database Models for RhodeCode Enterprise
23 """
23 """
24
24
25 import re
25 import re
26 import os
26 import os
27 import time
27 import time
28 import hashlib
28 import hashlib
29 import logging
29 import logging
30 import datetime
30 import datetime
31 import warnings
31 import warnings
32 import ipaddress
32 import ipaddress
33 import functools
33 import functools
34 import traceback
34 import traceback
35 import collections
35 import collections
36
36
37 from sqlalchemy import (
37 from sqlalchemy import (
38 or_, and_, not_, func, TypeDecorator, event,
38 or_, and_, not_, func, TypeDecorator, event,
39 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
39 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
40 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
40 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
41 Text, Float, PickleType)
41 Text, Float, PickleType)
42 from sqlalchemy.sql.expression import true, false
42 from sqlalchemy.sql.expression import true, false
43 from sqlalchemy.sql.functions import coalesce, count # noqa
43 from sqlalchemy.sql.functions import coalesce, count # noqa
44 from sqlalchemy.orm import (
44 from sqlalchemy.orm import (
45 relationship, joinedload, class_mapper, validates, aliased)
45 relationship, joinedload, class_mapper, validates, aliased)
46 from sqlalchemy.ext.declarative import declared_attr
46 from sqlalchemy.ext.declarative import declared_attr
47 from sqlalchemy.ext.hybrid import hybrid_property
47 from sqlalchemy.ext.hybrid import hybrid_property
48 from sqlalchemy.exc import IntegrityError # noqa
48 from sqlalchemy.exc import IntegrityError # noqa
49 from sqlalchemy.dialects.mysql import LONGTEXT
49 from sqlalchemy.dialects.mysql import LONGTEXT
50 from beaker.cache import cache_region
50 from beaker.cache import cache_region
51 from zope.cachedescriptors.property import Lazy as LazyProperty
51 from zope.cachedescriptors.property import Lazy as LazyProperty
52
52
53 from pyramid.threadlocal import get_current_request
53 from pyramid.threadlocal import get_current_request
54
54
55 from rhodecode.translation import _
55 from rhodecode.translation import _
56 from rhodecode.lib.vcs import get_vcs_instance
56 from rhodecode.lib.vcs import get_vcs_instance
57 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
57 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
58 from rhodecode.lib.utils2 import (
58 from rhodecode.lib.utils2 import (
59 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
59 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
60 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
60 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
61 glob2re, StrictAttributeDict, cleaned_uri)
61 glob2re, StrictAttributeDict, cleaned_uri)
62 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
62 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
63 JsonRaw
63 JsonRaw
64 from rhodecode.lib.ext_json import json
64 from rhodecode.lib.ext_json import json
65 from rhodecode.lib.caching_query import FromCache
65 from rhodecode.lib.caching_query import FromCache
66 from rhodecode.lib.encrypt import AESCipher
66 from rhodecode.lib.encrypt import AESCipher
67
67
68 from rhodecode.model.meta import Base, Session
68 from rhodecode.model.meta import Base, Session
69
69
70 URL_SEP = '/'
70 URL_SEP = '/'
71 log = logging.getLogger(__name__)
71 log = logging.getLogger(__name__)
72
72
73 # =============================================================================
73 # =============================================================================
74 # BASE CLASSES
74 # BASE CLASSES
75 # =============================================================================
75 # =============================================================================
76
76
77 # this is propagated from .ini file rhodecode.encrypted_values.secret or
77 # this is propagated from .ini file rhodecode.encrypted_values.secret or
78 # beaker.session.secret if first is not set.
78 # beaker.session.secret if first is not set.
79 # and initialized at environment.py
79 # and initialized at environment.py
80 ENCRYPTION_KEY = None
80 ENCRYPTION_KEY = None
81
81
82 # used to sort permissions by types, '#' used here is not allowed to be in
82 # used to sort permissions by types, '#' used here is not allowed to be in
83 # usernames, and it's very early in sorted string.printable table.
83 # usernames, and it's very early in sorted string.printable table.
84 PERMISSION_TYPE_SORT = {
84 PERMISSION_TYPE_SORT = {
85 'admin': '####',
85 'admin': '####',
86 'write': '###',
86 'write': '###',
87 'read': '##',
87 'read': '##',
88 'none': '#',
88 'none': '#',
89 }
89 }
90
90
91
91
92 def display_user_sort(obj):
92 def display_user_sort(obj):
93 """
93 """
94 Sort function used to sort permissions in .permissions() function of
94 Sort function used to sort permissions in .permissions() function of
95 Repository, RepoGroup, UserGroup. Also it put the default user in front
95 Repository, RepoGroup, UserGroup. Also it put the default user in front
96 of all other resources
96 of all other resources
97 """
97 """
98
98
99 if obj.username == User.DEFAULT_USER:
99 if obj.username == User.DEFAULT_USER:
100 return '#####'
100 return '#####'
101 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
101 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
102 return prefix + obj.username
102 return prefix + obj.username
103
103
104
104
105 def display_user_group_sort(obj):
105 def display_user_group_sort(obj):
106 """
106 """
107 Sort function used to sort permissions in .permissions() function of
107 Sort function used to sort permissions in .permissions() function of
108 Repository, RepoGroup, UserGroup. Also it put the default user in front
108 Repository, RepoGroup, UserGroup. Also it put the default user in front
109 of all other resources
109 of all other resources
110 """
110 """
111
111
112 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
112 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
113 return prefix + obj.users_group_name
113 return prefix + obj.users_group_name
114
114
115
115
116 def _hash_key(k):
116 def _hash_key(k):
117 return md5_safe(k)
117 return md5_safe(k)
118
118
119
119
120 def in_filter_generator(qry, items, limit=500):
120 def in_filter_generator(qry, items, limit=500):
121 """
121 """
122 Splits IN() into multiple with OR
122 Splits IN() into multiple with OR
123 e.g.::
123 e.g.::
124 cnt = Repository.query().filter(
124 cnt = Repository.query().filter(
125 or_(
125 or_(
126 *in_filter_generator(Repository.repo_id, range(100000))
126 *in_filter_generator(Repository.repo_id, range(100000))
127 )).count()
127 )).count()
128 """
128 """
129 if not items:
129 if not items:
130 # empty list will cause empty query which might cause security issues
130 # empty list will cause empty query which might cause security issues
131 # this can lead to hidden unpleasant results
131 # this can lead to hidden unpleasant results
132 items = [-1]
132 items = [-1]
133
133
134 parts = []
134 parts = []
135 for chunk in xrange(0, len(items), limit):
135 for chunk in xrange(0, len(items), limit):
136 parts.append(
136 parts.append(
137 qry.in_(items[chunk: chunk + limit])
137 qry.in_(items[chunk: chunk + limit])
138 )
138 )
139
139
140 return parts
140 return parts
141
141
142
142
143 class EncryptedTextValue(TypeDecorator):
143 class EncryptedTextValue(TypeDecorator):
144 """
144 """
145 Special column for encrypted long text data, use like::
145 Special column for encrypted long text data, use like::
146
146
147 value = Column("encrypted_value", EncryptedValue(), nullable=False)
147 value = Column("encrypted_value", EncryptedValue(), nullable=False)
148
148
149 This column is intelligent so if value is in unencrypted form it return
149 This column is intelligent so if value is in unencrypted form it return
150 unencrypted form, but on save it always encrypts
150 unencrypted form, but on save it always encrypts
151 """
151 """
152 impl = Text
152 impl = Text
153
153
154 def process_bind_param(self, value, dialect):
154 def process_bind_param(self, value, dialect):
155 if not value:
155 if not value:
156 return value
156 return value
157 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
157 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
158 # protect against double encrypting if someone manually starts
158 # protect against double encrypting if someone manually starts
159 # doing
159 # doing
160 raise ValueError('value needs to be in unencrypted format, ie. '
160 raise ValueError('value needs to be in unencrypted format, ie. '
161 'not starting with enc$aes')
161 'not starting with enc$aes')
162 return 'enc$aes_hmac$%s' % AESCipher(
162 return 'enc$aes_hmac$%s' % AESCipher(
163 ENCRYPTION_KEY, hmac=True).encrypt(value)
163 ENCRYPTION_KEY, hmac=True).encrypt(value)
164
164
165 def process_result_value(self, value, dialect):
165 def process_result_value(self, value, dialect):
166 import rhodecode
166 import rhodecode
167
167
168 if not value:
168 if not value:
169 return value
169 return value
170
170
171 parts = value.split('$', 3)
171 parts = value.split('$', 3)
172 if not len(parts) == 3:
172 if not len(parts) == 3:
173 # probably not encrypted values
173 # probably not encrypted values
174 return value
174 return value
175 else:
175 else:
176 if parts[0] != 'enc':
176 if parts[0] != 'enc':
177 # parts ok but without our header ?
177 # parts ok but without our header ?
178 return value
178 return value
179 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
179 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
180 'rhodecode.encrypted_values.strict') or True)
180 'rhodecode.encrypted_values.strict') or True)
181 # at that stage we know it's our encryption
181 # at that stage we know it's our encryption
182 if parts[1] == 'aes':
182 if parts[1] == 'aes':
183 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
183 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
184 elif parts[1] == 'aes_hmac':
184 elif parts[1] == 'aes_hmac':
185 decrypted_data = AESCipher(
185 decrypted_data = AESCipher(
186 ENCRYPTION_KEY, hmac=True,
186 ENCRYPTION_KEY, hmac=True,
187 strict_verification=enc_strict_mode).decrypt(parts[2])
187 strict_verification=enc_strict_mode).decrypt(parts[2])
188 else:
188 else:
189 raise ValueError(
189 raise ValueError(
190 'Encryption type part is wrong, must be `aes` '
190 'Encryption type part is wrong, must be `aes` '
191 'or `aes_hmac`, got `%s` instead' % (parts[1]))
191 'or `aes_hmac`, got `%s` instead' % (parts[1]))
192 return decrypted_data
192 return decrypted_data
193
193
194
194
195 class BaseModel(object):
195 class BaseModel(object):
196 """
196 """
197 Base Model for all classes
197 Base Model for all classes
198 """
198 """
199
199
200 @classmethod
200 @classmethod
201 def _get_keys(cls):
201 def _get_keys(cls):
202 """return column names for this model """
202 """return column names for this model """
203 return class_mapper(cls).c.keys()
203 return class_mapper(cls).c.keys()
204
204
205 def get_dict(self):
205 def get_dict(self):
206 """
206 """
207 return dict with keys and values corresponding
207 return dict with keys and values corresponding
208 to this model data """
208 to this model data """
209
209
210 d = {}
210 d = {}
211 for k in self._get_keys():
211 for k in self._get_keys():
212 d[k] = getattr(self, k)
212 d[k] = getattr(self, k)
213
213
214 # also use __json__() if present to get additional fields
214 # also use __json__() if present to get additional fields
215 _json_attr = getattr(self, '__json__', None)
215 _json_attr = getattr(self, '__json__', None)
216 if _json_attr:
216 if _json_attr:
217 # update with attributes from __json__
217 # update with attributes from __json__
218 if callable(_json_attr):
218 if callable(_json_attr):
219 _json_attr = _json_attr()
219 _json_attr = _json_attr()
220 for k, val in _json_attr.iteritems():
220 for k, val in _json_attr.iteritems():
221 d[k] = val
221 d[k] = val
222 return d
222 return d
223
223
224 def get_appstruct(self):
224 def get_appstruct(self):
225 """return list with keys and values tuples corresponding
225 """return list with keys and values tuples corresponding
226 to this model data """
226 to this model data """
227
227
228 lst = []
228 lst = []
229 for k in self._get_keys():
229 for k in self._get_keys():
230 lst.append((k, getattr(self, k),))
230 lst.append((k, getattr(self, k),))
231 return lst
231 return lst
232
232
233 def populate_obj(self, populate_dict):
233 def populate_obj(self, populate_dict):
234 """populate model with data from given populate_dict"""
234 """populate model with data from given populate_dict"""
235
235
236 for k in self._get_keys():
236 for k in self._get_keys():
237 if k in populate_dict:
237 if k in populate_dict:
238 setattr(self, k, populate_dict[k])
238 setattr(self, k, populate_dict[k])
239
239
240 @classmethod
240 @classmethod
241 def query(cls):
241 def query(cls):
242 return Session().query(cls)
242 return Session().query(cls)
243
243
244 @classmethod
244 @classmethod
245 def get(cls, id_):
245 def get(cls, id_):
246 if id_:
246 if id_:
247 return cls.query().get(id_)
247 return cls.query().get(id_)
248
248
249 @classmethod
249 @classmethod
250 def get_or_404(cls, id_):
250 def get_or_404(cls, id_):
251 from pyramid.httpexceptions import HTTPNotFound
251 from pyramid.httpexceptions import HTTPNotFound
252
252
253 try:
253 try:
254 id_ = int(id_)
254 id_ = int(id_)
255 except (TypeError, ValueError):
255 except (TypeError, ValueError):
256 raise HTTPNotFound()
256 raise HTTPNotFound()
257
257
258 res = cls.query().get(id_)
258 res = cls.query().get(id_)
259 if not res:
259 if not res:
260 raise HTTPNotFound()
260 raise HTTPNotFound()
261 return res
261 return res
262
262
263 @classmethod
263 @classmethod
264 def getAll(cls):
264 def getAll(cls):
265 # deprecated and left for backward compatibility
265 # deprecated and left for backward compatibility
266 return cls.get_all()
266 return cls.get_all()
267
267
268 @classmethod
268 @classmethod
269 def get_all(cls):
269 def get_all(cls):
270 return cls.query().all()
270 return cls.query().all()
271
271
272 @classmethod
272 @classmethod
273 def delete(cls, id_):
273 def delete(cls, id_):
274 obj = cls.query().get(id_)
274 obj = cls.query().get(id_)
275 Session().delete(obj)
275 Session().delete(obj)
276
276
277 @classmethod
277 @classmethod
278 def identity_cache(cls, session, attr_name, value):
278 def identity_cache(cls, session, attr_name, value):
279 exist_in_session = []
279 exist_in_session = []
280 for (item_cls, pkey), instance in session.identity_map.items():
280 for (item_cls, pkey), instance in session.identity_map.items():
281 if cls == item_cls and getattr(instance, attr_name) == value:
281 if cls == item_cls and getattr(instance, attr_name) == value:
282 exist_in_session.append(instance)
282 exist_in_session.append(instance)
283 if exist_in_session:
283 if exist_in_session:
284 if len(exist_in_session) == 1:
284 if len(exist_in_session) == 1:
285 return exist_in_session[0]
285 return exist_in_session[0]
286 log.exception(
286 log.exception(
287 'multiple objects with attr %s and '
287 'multiple objects with attr %s and '
288 'value %s found with same name: %r',
288 'value %s found with same name: %r',
289 attr_name, value, exist_in_session)
289 attr_name, value, exist_in_session)
290
290
291 def __repr__(self):
291 def __repr__(self):
292 if hasattr(self, '__unicode__'):
292 if hasattr(self, '__unicode__'):
293 # python repr needs to return str
293 # python repr needs to return str
294 try:
294 try:
295 return safe_str(self.__unicode__())
295 return safe_str(self.__unicode__())
296 except UnicodeDecodeError:
296 except UnicodeDecodeError:
297 pass
297 pass
298 return '<DB:%s>' % (self.__class__.__name__)
298 return '<DB:%s>' % (self.__class__.__name__)
299
299
300
300
301 class RhodeCodeSetting(Base, BaseModel):
301 class RhodeCodeSetting(Base, BaseModel):
302 __tablename__ = 'rhodecode_settings'
302 __tablename__ = 'rhodecode_settings'
303 __table_args__ = (
303 __table_args__ = (
304 UniqueConstraint('app_settings_name'),
304 UniqueConstraint('app_settings_name'),
305 {'extend_existing': True, 'mysql_engine': 'InnoDB',
305 {'extend_existing': True, 'mysql_engine': 'InnoDB',
306 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
306 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
307 )
307 )
308
308
309 SETTINGS_TYPES = {
309 SETTINGS_TYPES = {
310 'str': safe_str,
310 'str': safe_str,
311 'int': safe_int,
311 'int': safe_int,
312 'unicode': safe_unicode,
312 'unicode': safe_unicode,
313 'bool': str2bool,
313 'bool': str2bool,
314 'list': functools.partial(aslist, sep=',')
314 'list': functools.partial(aslist, sep=',')
315 }
315 }
316 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
316 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
317 GLOBAL_CONF_KEY = 'app_settings'
317 GLOBAL_CONF_KEY = 'app_settings'
318
318
319 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
319 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
320 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
320 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
321 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
321 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
322 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
322 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
323
323
324 def __init__(self, key='', val='', type='unicode'):
324 def __init__(self, key='', val='', type='unicode'):
325 self.app_settings_name = key
325 self.app_settings_name = key
326 self.app_settings_type = type
326 self.app_settings_type = type
327 self.app_settings_value = val
327 self.app_settings_value = val
328
328
329 @validates('_app_settings_value')
329 @validates('_app_settings_value')
330 def validate_settings_value(self, key, val):
330 def validate_settings_value(self, key, val):
331 assert type(val) == unicode
331 assert type(val) == unicode
332 return val
332 return val
333
333
334 @hybrid_property
334 @hybrid_property
335 def app_settings_value(self):
335 def app_settings_value(self):
336 v = self._app_settings_value
336 v = self._app_settings_value
337 _type = self.app_settings_type
337 _type = self.app_settings_type
338 if _type:
338 if _type:
339 _type = self.app_settings_type.split('.')[0]
339 _type = self.app_settings_type.split('.')[0]
340 # decode the encrypted value
340 # decode the encrypted value
341 if 'encrypted' in self.app_settings_type:
341 if 'encrypted' in self.app_settings_type:
342 cipher = EncryptedTextValue()
342 cipher = EncryptedTextValue()
343 v = safe_unicode(cipher.process_result_value(v, None))
343 v = safe_unicode(cipher.process_result_value(v, None))
344
344
345 converter = self.SETTINGS_TYPES.get(_type) or \
345 converter = self.SETTINGS_TYPES.get(_type) or \
346 self.SETTINGS_TYPES['unicode']
346 self.SETTINGS_TYPES['unicode']
347 return converter(v)
347 return converter(v)
348
348
349 @app_settings_value.setter
349 @app_settings_value.setter
350 def app_settings_value(self, val):
350 def app_settings_value(self, val):
351 """
351 """
352 Setter that will always make sure we use unicode in app_settings_value
352 Setter that will always make sure we use unicode in app_settings_value
353
353
354 :param val:
354 :param val:
355 """
355 """
356 val = safe_unicode(val)
356 val = safe_unicode(val)
357 # encode the encrypted value
357 # encode the encrypted value
358 if 'encrypted' in self.app_settings_type:
358 if 'encrypted' in self.app_settings_type:
359 cipher = EncryptedTextValue()
359 cipher = EncryptedTextValue()
360 val = safe_unicode(cipher.process_bind_param(val, None))
360 val = safe_unicode(cipher.process_bind_param(val, None))
361 self._app_settings_value = val
361 self._app_settings_value = val
362
362
363 @hybrid_property
363 @hybrid_property
364 def app_settings_type(self):
364 def app_settings_type(self):
365 return self._app_settings_type
365 return self._app_settings_type
366
366
367 @app_settings_type.setter
367 @app_settings_type.setter
368 def app_settings_type(self, val):
368 def app_settings_type(self, val):
369 if val.split('.')[0] not in self.SETTINGS_TYPES:
369 if val.split('.')[0] not in self.SETTINGS_TYPES:
370 raise Exception('type must be one of %s got %s'
370 raise Exception('type must be one of %s got %s'
371 % (self.SETTINGS_TYPES.keys(), val))
371 % (self.SETTINGS_TYPES.keys(), val))
372 self._app_settings_type = val
372 self._app_settings_type = val
373
373
374 def __unicode__(self):
374 def __unicode__(self):
375 return u"<%s('%s:%s[%s]')>" % (
375 return u"<%s('%s:%s[%s]')>" % (
376 self.__class__.__name__,
376 self.__class__.__name__,
377 self.app_settings_name, self.app_settings_value,
377 self.app_settings_name, self.app_settings_value,
378 self.app_settings_type
378 self.app_settings_type
379 )
379 )
380
380
381
381
382 class RhodeCodeUi(Base, BaseModel):
382 class RhodeCodeUi(Base, BaseModel):
383 __tablename__ = 'rhodecode_ui'
383 __tablename__ = 'rhodecode_ui'
384 __table_args__ = (
384 __table_args__ = (
385 UniqueConstraint('ui_key'),
385 UniqueConstraint('ui_key'),
386 {'extend_existing': True, 'mysql_engine': 'InnoDB',
386 {'extend_existing': True, 'mysql_engine': 'InnoDB',
387 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
387 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
388 )
388 )
389
389
390 HOOK_REPO_SIZE = 'changegroup.repo_size'
390 HOOK_REPO_SIZE = 'changegroup.repo_size'
391 # HG
391 # HG
392 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
392 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
393 HOOK_PULL = 'outgoing.pull_logger'
393 HOOK_PULL = 'outgoing.pull_logger'
394 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
394 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
395 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
395 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
396 HOOK_PUSH = 'changegroup.push_logger'
396 HOOK_PUSH = 'changegroup.push_logger'
397 HOOK_PUSH_KEY = 'pushkey.key_push'
397 HOOK_PUSH_KEY = 'pushkey.key_push'
398
398
399 # TODO: johbo: Unify way how hooks are configured for git and hg,
399 # TODO: johbo: Unify way how hooks are configured for git and hg,
400 # git part is currently hardcoded.
400 # git part is currently hardcoded.
401
401
402 # SVN PATTERNS
402 # SVN PATTERNS
403 SVN_BRANCH_ID = 'vcs_svn_branch'
403 SVN_BRANCH_ID = 'vcs_svn_branch'
404 SVN_TAG_ID = 'vcs_svn_tag'
404 SVN_TAG_ID = 'vcs_svn_tag'
405
405
406 ui_id = Column(
406 ui_id = Column(
407 "ui_id", Integer(), nullable=False, unique=True, default=None,
407 "ui_id", Integer(), nullable=False, unique=True, default=None,
408 primary_key=True)
408 primary_key=True)
409 ui_section = Column(
409 ui_section = Column(
410 "ui_section", String(255), nullable=True, unique=None, default=None)
410 "ui_section", String(255), nullable=True, unique=None, default=None)
411 ui_key = Column(
411 ui_key = Column(
412 "ui_key", String(255), nullable=True, unique=None, default=None)
412 "ui_key", String(255), nullable=True, unique=None, default=None)
413 ui_value = Column(
413 ui_value = Column(
414 "ui_value", String(255), nullable=True, unique=None, default=None)
414 "ui_value", String(255), nullable=True, unique=None, default=None)
415 ui_active = Column(
415 ui_active = Column(
416 "ui_active", Boolean(), nullable=True, unique=None, default=True)
416 "ui_active", Boolean(), nullable=True, unique=None, default=True)
417
417
418 def __repr__(self):
418 def __repr__(self):
419 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
419 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
420 self.ui_key, self.ui_value)
420 self.ui_key, self.ui_value)
421
421
422
422
423 class RepoRhodeCodeSetting(Base, BaseModel):
423 class RepoRhodeCodeSetting(Base, BaseModel):
424 __tablename__ = 'repo_rhodecode_settings'
424 __tablename__ = 'repo_rhodecode_settings'
425 __table_args__ = (
425 __table_args__ = (
426 UniqueConstraint(
426 UniqueConstraint(
427 'app_settings_name', 'repository_id',
427 'app_settings_name', 'repository_id',
428 name='uq_repo_rhodecode_setting_name_repo_id'),
428 name='uq_repo_rhodecode_setting_name_repo_id'),
429 {'extend_existing': True, 'mysql_engine': 'InnoDB',
429 {'extend_existing': True, 'mysql_engine': 'InnoDB',
430 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
430 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
431 )
431 )
432
432
433 repository_id = Column(
433 repository_id = Column(
434 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
434 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
435 nullable=False)
435 nullable=False)
436 app_settings_id = Column(
436 app_settings_id = Column(
437 "app_settings_id", Integer(), nullable=False, unique=True,
437 "app_settings_id", Integer(), nullable=False, unique=True,
438 default=None, primary_key=True)
438 default=None, primary_key=True)
439 app_settings_name = Column(
439 app_settings_name = Column(
440 "app_settings_name", String(255), nullable=True, unique=None,
440 "app_settings_name", String(255), nullable=True, unique=None,
441 default=None)
441 default=None)
442 _app_settings_value = Column(
442 _app_settings_value = Column(
443 "app_settings_value", String(4096), nullable=True, unique=None,
443 "app_settings_value", String(4096), nullable=True, unique=None,
444 default=None)
444 default=None)
445 _app_settings_type = Column(
445 _app_settings_type = Column(
446 "app_settings_type", String(255), nullable=True, unique=None,
446 "app_settings_type", String(255), nullable=True, unique=None,
447 default=None)
447 default=None)
448
448
449 repository = relationship('Repository')
449 repository = relationship('Repository')
450
450
451 def __init__(self, repository_id, key='', val='', type='unicode'):
451 def __init__(self, repository_id, key='', val='', type='unicode'):
452 self.repository_id = repository_id
452 self.repository_id = repository_id
453 self.app_settings_name = key
453 self.app_settings_name = key
454 self.app_settings_type = type
454 self.app_settings_type = type
455 self.app_settings_value = val
455 self.app_settings_value = val
456
456
457 @validates('_app_settings_value')
457 @validates('_app_settings_value')
458 def validate_settings_value(self, key, val):
458 def validate_settings_value(self, key, val):
459 assert type(val) == unicode
459 assert type(val) == unicode
460 return val
460 return val
461
461
462 @hybrid_property
462 @hybrid_property
463 def app_settings_value(self):
463 def app_settings_value(self):
464 v = self._app_settings_value
464 v = self._app_settings_value
465 type_ = self.app_settings_type
465 type_ = self.app_settings_type
466 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
466 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
467 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
467 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
468 return converter(v)
468 return converter(v)
469
469
470 @app_settings_value.setter
470 @app_settings_value.setter
471 def app_settings_value(self, val):
471 def app_settings_value(self, val):
472 """
472 """
473 Setter that will always make sure we use unicode in app_settings_value
473 Setter that will always make sure we use unicode in app_settings_value
474
474
475 :param val:
475 :param val:
476 """
476 """
477 self._app_settings_value = safe_unicode(val)
477 self._app_settings_value = safe_unicode(val)
478
478
479 @hybrid_property
479 @hybrid_property
480 def app_settings_type(self):
480 def app_settings_type(self):
481 return self._app_settings_type
481 return self._app_settings_type
482
482
483 @app_settings_type.setter
483 @app_settings_type.setter
484 def app_settings_type(self, val):
484 def app_settings_type(self, val):
485 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
485 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
486 if val not in SETTINGS_TYPES:
486 if val not in SETTINGS_TYPES:
487 raise Exception('type must be one of %s got %s'
487 raise Exception('type must be one of %s got %s'
488 % (SETTINGS_TYPES.keys(), val))
488 % (SETTINGS_TYPES.keys(), val))
489 self._app_settings_type = val
489 self._app_settings_type = val
490
490
491 def __unicode__(self):
491 def __unicode__(self):
492 return u"<%s('%s:%s:%s[%s]')>" % (
492 return u"<%s('%s:%s:%s[%s]')>" % (
493 self.__class__.__name__, self.repository.repo_name,
493 self.__class__.__name__, self.repository.repo_name,
494 self.app_settings_name, self.app_settings_value,
494 self.app_settings_name, self.app_settings_value,
495 self.app_settings_type
495 self.app_settings_type
496 )
496 )
497
497
498
498
499 class RepoRhodeCodeUi(Base, BaseModel):
499 class RepoRhodeCodeUi(Base, BaseModel):
500 __tablename__ = 'repo_rhodecode_ui'
500 __tablename__ = 'repo_rhodecode_ui'
501 __table_args__ = (
501 __table_args__ = (
502 UniqueConstraint(
502 UniqueConstraint(
503 'repository_id', 'ui_section', 'ui_key',
503 'repository_id', 'ui_section', 'ui_key',
504 name='uq_repo_rhodecode_ui_repository_id_section_key'),
504 name='uq_repo_rhodecode_ui_repository_id_section_key'),
505 {'extend_existing': True, 'mysql_engine': 'InnoDB',
505 {'extend_existing': True, 'mysql_engine': 'InnoDB',
506 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
506 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
507 )
507 )
508
508
509 repository_id = Column(
509 repository_id = Column(
510 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
510 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
511 nullable=False)
511 nullable=False)
512 ui_id = Column(
512 ui_id = Column(
513 "ui_id", Integer(), nullable=False, unique=True, default=None,
513 "ui_id", Integer(), nullable=False, unique=True, default=None,
514 primary_key=True)
514 primary_key=True)
515 ui_section = Column(
515 ui_section = Column(
516 "ui_section", String(255), nullable=True, unique=None, default=None)
516 "ui_section", String(255), nullable=True, unique=None, default=None)
517 ui_key = Column(
517 ui_key = Column(
518 "ui_key", String(255), nullable=True, unique=None, default=None)
518 "ui_key", String(255), nullable=True, unique=None, default=None)
519 ui_value = Column(
519 ui_value = Column(
520 "ui_value", String(255), nullable=True, unique=None, default=None)
520 "ui_value", String(255), nullable=True, unique=None, default=None)
521 ui_active = Column(
521 ui_active = Column(
522 "ui_active", Boolean(), nullable=True, unique=None, default=True)
522 "ui_active", Boolean(), nullable=True, unique=None, default=True)
523
523
524 repository = relationship('Repository')
524 repository = relationship('Repository')
525
525
526 def __repr__(self):
526 def __repr__(self):
527 return '<%s[%s:%s]%s=>%s]>' % (
527 return '<%s[%s:%s]%s=>%s]>' % (
528 self.__class__.__name__, self.repository.repo_name,
528 self.__class__.__name__, self.repository.repo_name,
529 self.ui_section, self.ui_key, self.ui_value)
529 self.ui_section, self.ui_key, self.ui_value)
530
530
531
531
532 class User(Base, BaseModel):
532 class User(Base, BaseModel):
533 __tablename__ = 'users'
533 __tablename__ = 'users'
534 __table_args__ = (
534 __table_args__ = (
535 UniqueConstraint('username'), UniqueConstraint('email'),
535 UniqueConstraint('username'), UniqueConstraint('email'),
536 Index('u_username_idx', 'username'),
536 Index('u_username_idx', 'username'),
537 Index('u_email_idx', 'email'),
537 Index('u_email_idx', 'email'),
538 {'extend_existing': True, 'mysql_engine': 'InnoDB',
538 {'extend_existing': True, 'mysql_engine': 'InnoDB',
539 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
539 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
540 )
540 )
541 DEFAULT_USER = 'default'
541 DEFAULT_USER = 'default'
542 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
542 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
543 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
543 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
544
544
545 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
545 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
546 username = Column("username", String(255), nullable=True, unique=None, default=None)
546 username = Column("username", String(255), nullable=True, unique=None, default=None)
547 password = Column("password", String(255), nullable=True, unique=None, default=None)
547 password = Column("password", String(255), nullable=True, unique=None, default=None)
548 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
548 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
549 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
549 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
550 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
550 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
551 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
551 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
552 _email = Column("email", String(255), nullable=True, unique=None, default=None)
552 _email = Column("email", String(255), nullable=True, unique=None, default=None)
553 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
553 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
554 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
554 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
555
555
556 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
556 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
557 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
557 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
558 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
558 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
559 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
559 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
560 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
560 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
561 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
561 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
562
562
563 user_log = relationship('UserLog')
563 user_log = relationship('UserLog')
564 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
564 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
565
565
566 repositories = relationship('Repository')
566 repositories = relationship('Repository')
567 repository_groups = relationship('RepoGroup')
567 repository_groups = relationship('RepoGroup')
568 user_groups = relationship('UserGroup')
568 user_groups = relationship('UserGroup')
569
569
570 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
570 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
571 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
571 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
572
572
573 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
573 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
574 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
574 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
575 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
575 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
576
576
577 group_member = relationship('UserGroupMember', cascade='all')
577 group_member = relationship('UserGroupMember', cascade='all')
578
578
579 notifications = relationship('UserNotification', cascade='all')
579 notifications = relationship('UserNotification', cascade='all')
580 # notifications assigned to this user
580 # notifications assigned to this user
581 user_created_notifications = relationship('Notification', cascade='all')
581 user_created_notifications = relationship('Notification', cascade='all')
582 # comments created by this user
582 # comments created by this user
583 user_comments = relationship('ChangesetComment', cascade='all')
583 user_comments = relationship('ChangesetComment', cascade='all')
584 # user profile extra info
584 # user profile extra info
585 user_emails = relationship('UserEmailMap', cascade='all')
585 user_emails = relationship('UserEmailMap', cascade='all')
586 user_ip_map = relationship('UserIpMap', cascade='all')
586 user_ip_map = relationship('UserIpMap', cascade='all')
587 user_auth_tokens = relationship('UserApiKeys', cascade='all')
587 user_auth_tokens = relationship('UserApiKeys', cascade='all')
588 user_ssh_keys = relationship('UserSshKeys', cascade='all')
588 user_ssh_keys = relationship('UserSshKeys', cascade='all')
589
589
590 # gists
590 # gists
591 user_gists = relationship('Gist', cascade='all')
591 user_gists = relationship('Gist', cascade='all')
592 # user pull requests
592 # user pull requests
593 user_pull_requests = relationship('PullRequest', cascade='all')
593 user_pull_requests = relationship('PullRequest', cascade='all')
594 # external identities
594 # external identities
595 extenal_identities = relationship(
595 extenal_identities = relationship(
596 'ExternalIdentity',
596 'ExternalIdentity',
597 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
597 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
598 cascade='all')
598 cascade='all')
599 # review rules
599 # review rules
600 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
600 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
601
601
602 def __unicode__(self):
602 def __unicode__(self):
603 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
603 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
604 self.user_id, self.username)
604 self.user_id, self.username)
605
605
606 @hybrid_property
606 @hybrid_property
607 def email(self):
607 def email(self):
608 return self._email
608 return self._email
609
609
610 @email.setter
610 @email.setter
611 def email(self, val):
611 def email(self, val):
612 self._email = val.lower() if val else None
612 self._email = val.lower() if val else None
613
613
614 @hybrid_property
614 @hybrid_property
615 def first_name(self):
615 def first_name(self):
616 from rhodecode.lib import helpers as h
616 from rhodecode.lib import helpers as h
617 if self.name:
617 if self.name:
618 return h.escape(self.name)
618 return h.escape(self.name)
619 return self.name
619 return self.name
620
620
621 @hybrid_property
621 @hybrid_property
622 def last_name(self):
622 def last_name(self):
623 from rhodecode.lib import helpers as h
623 from rhodecode.lib import helpers as h
624 if self.lastname:
624 if self.lastname:
625 return h.escape(self.lastname)
625 return h.escape(self.lastname)
626 return self.lastname
626 return self.lastname
627
627
628 @hybrid_property
628 @hybrid_property
629 def api_key(self):
629 def api_key(self):
630 """
630 """
631 Fetch if exist an auth-token with role ALL connected to this user
631 Fetch if exist an auth-token with role ALL connected to this user
632 """
632 """
633 user_auth_token = UserApiKeys.query()\
633 user_auth_token = UserApiKeys.query()\
634 .filter(UserApiKeys.user_id == self.user_id)\
634 .filter(UserApiKeys.user_id == self.user_id)\
635 .filter(or_(UserApiKeys.expires == -1,
635 .filter(or_(UserApiKeys.expires == -1,
636 UserApiKeys.expires >= time.time()))\
636 UserApiKeys.expires >= time.time()))\
637 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
637 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
638 if user_auth_token:
638 if user_auth_token:
639 user_auth_token = user_auth_token.api_key
639 user_auth_token = user_auth_token.api_key
640
640
641 return user_auth_token
641 return user_auth_token
642
642
643 @api_key.setter
643 @api_key.setter
644 def api_key(self, val):
644 def api_key(self, val):
645 # don't allow to set API key this is deprecated for now
645 # don't allow to set API key this is deprecated for now
646 self._api_key = None
646 self._api_key = None
647
647
648 @property
648 @property
649 def reviewer_pull_requests(self):
649 def reviewer_pull_requests(self):
650 return PullRequestReviewers.query() \
650 return PullRequestReviewers.query() \
651 .options(joinedload(PullRequestReviewers.pull_request)) \
651 .options(joinedload(PullRequestReviewers.pull_request)) \
652 .filter(PullRequestReviewers.user_id == self.user_id) \
652 .filter(PullRequestReviewers.user_id == self.user_id) \
653 .all()
653 .all()
654
654
655 @property
655 @property
656 def firstname(self):
656 def firstname(self):
657 # alias for future
657 # alias for future
658 return self.name
658 return self.name
659
659
660 @property
660 @property
661 def emails(self):
661 def emails(self):
662 other = UserEmailMap.query()\
662 other = UserEmailMap.query()\
663 .filter(UserEmailMap.user == self) \
663 .filter(UserEmailMap.user == self) \
664 .order_by(UserEmailMap.email_id.asc()) \
664 .order_by(UserEmailMap.email_id.asc()) \
665 .all()
665 .all()
666 return [self.email] + [x.email for x in other]
666 return [self.email] + [x.email for x in other]
667
667
668 @property
668 @property
669 def auth_tokens(self):
669 def auth_tokens(self):
670 auth_tokens = self.get_auth_tokens()
670 auth_tokens = self.get_auth_tokens()
671 return [x.api_key for x in auth_tokens]
671 return [x.api_key for x in auth_tokens]
672
672
673 def get_auth_tokens(self):
673 def get_auth_tokens(self):
674 return UserApiKeys.query()\
674 return UserApiKeys.query()\
675 .filter(UserApiKeys.user == self)\
675 .filter(UserApiKeys.user == self)\
676 .order_by(UserApiKeys.user_api_key_id.asc())\
676 .order_by(UserApiKeys.user_api_key_id.asc())\
677 .all()
677 .all()
678
678
679 @property
679 @LazyProperty
680 def feed_token(self):
680 def feed_token(self):
681 return self.get_feed_token()
681 return self.get_feed_token()
682
682
683 def get_feed_token(self):
683 def get_feed_token(self, cache=True):
684 feed_tokens = UserApiKeys.query()\
684 feed_tokens = UserApiKeys.query()\
685 .filter(UserApiKeys.user == self)\
685 .filter(UserApiKeys.user == self)\
686 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)\
686 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)
687 .all()
687 if cache:
688 feed_tokens = feed_tokens.options(
689 FromCache("long_term", "get_user_feed_token_%s" % self.user_id))
690
691 feed_tokens = feed_tokens.all()
688 if feed_tokens:
692 if feed_tokens:
689 return feed_tokens[0].api_key
693 return feed_tokens[0].api_key
690 return 'NO_FEED_TOKEN_AVAILABLE'
694 return 'NO_FEED_TOKEN_AVAILABLE'
691
695
692 @classmethod
696 @classmethod
693 def get(cls, user_id, cache=False):
697 def get(cls, user_id, cache=False):
694 if not user_id:
698 if not user_id:
695 return
699 return
696
700
697 user = cls.query()
701 user = cls.query()
698 if cache:
702 if cache:
699 user = user.options(
703 user = user.options(
700 FromCache("sql_cache_short", "get_users_%s" % user_id))
704 FromCache("sql_cache_short", "get_users_%s" % user_id))
701 return user.get(user_id)
705 return user.get(user_id)
702
706
703 @classmethod
707 @classmethod
704 def extra_valid_auth_tokens(cls, user, role=None):
708 def extra_valid_auth_tokens(cls, user, role=None):
705 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
709 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
706 .filter(or_(UserApiKeys.expires == -1,
710 .filter(or_(UserApiKeys.expires == -1,
707 UserApiKeys.expires >= time.time()))
711 UserApiKeys.expires >= time.time()))
708 if role:
712 if role:
709 tokens = tokens.filter(or_(UserApiKeys.role == role,
713 tokens = tokens.filter(or_(UserApiKeys.role == role,
710 UserApiKeys.role == UserApiKeys.ROLE_ALL))
714 UserApiKeys.role == UserApiKeys.ROLE_ALL))
711 return tokens.all()
715 return tokens.all()
712
716
713 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
717 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
714 from rhodecode.lib import auth
718 from rhodecode.lib import auth
715
719
716 log.debug('Trying to authenticate user: %s via auth-token, '
720 log.debug('Trying to authenticate user: %s via auth-token, '
717 'and roles: %s', self, roles)
721 'and roles: %s', self, roles)
718
722
719 if not auth_token:
723 if not auth_token:
720 return False
724 return False
721
725
722 crypto_backend = auth.crypto_backend()
726 crypto_backend = auth.crypto_backend()
723
727
724 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
728 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
725 tokens_q = UserApiKeys.query()\
729 tokens_q = UserApiKeys.query()\
726 .filter(UserApiKeys.user_id == self.user_id)\
730 .filter(UserApiKeys.user_id == self.user_id)\
727 .filter(or_(UserApiKeys.expires == -1,
731 .filter(or_(UserApiKeys.expires == -1,
728 UserApiKeys.expires >= time.time()))
732 UserApiKeys.expires >= time.time()))
729
733
730 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
734 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
731
735
732 plain_tokens = []
736 plain_tokens = []
733 hash_tokens = []
737 hash_tokens = []
734
738
735 for token in tokens_q.all():
739 for token in tokens_q.all():
736 # verify scope first
740 # verify scope first
737 if token.repo_id:
741 if token.repo_id:
738 # token has a scope, we need to verify it
742 # token has a scope, we need to verify it
739 if scope_repo_id != token.repo_id:
743 if scope_repo_id != token.repo_id:
740 log.debug(
744 log.debug(
741 'Scope mismatch: token has a set repo scope: %s, '
745 'Scope mismatch: token has a set repo scope: %s, '
742 'and calling scope is:%s, skipping further checks',
746 'and calling scope is:%s, skipping further checks',
743 token.repo, scope_repo_id)
747 token.repo, scope_repo_id)
744 # token has a scope, and it doesn't match, skip token
748 # token has a scope, and it doesn't match, skip token
745 continue
749 continue
746
750
747 if token.api_key.startswith(crypto_backend.ENC_PREF):
751 if token.api_key.startswith(crypto_backend.ENC_PREF):
748 hash_tokens.append(token.api_key)
752 hash_tokens.append(token.api_key)
749 else:
753 else:
750 plain_tokens.append(token.api_key)
754 plain_tokens.append(token.api_key)
751
755
752 is_plain_match = auth_token in plain_tokens
756 is_plain_match = auth_token in plain_tokens
753 if is_plain_match:
757 if is_plain_match:
754 return True
758 return True
755
759
756 for hashed in hash_tokens:
760 for hashed in hash_tokens:
757 # TODO(marcink): this is expensive to calculate, but most secure
761 # TODO(marcink): this is expensive to calculate, but most secure
758 match = crypto_backend.hash_check(auth_token, hashed)
762 match = crypto_backend.hash_check(auth_token, hashed)
759 if match:
763 if match:
760 return True
764 return True
761
765
762 return False
766 return False
763
767
764 @property
768 @property
765 def ip_addresses(self):
769 def ip_addresses(self):
766 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
770 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
767 return [x.ip_addr for x in ret]
771 return [x.ip_addr for x in ret]
768
772
769 @property
773 @property
770 def username_and_name(self):
774 def username_and_name(self):
771 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
775 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
772
776
773 @property
777 @property
774 def username_or_name_or_email(self):
778 def username_or_name_or_email(self):
775 full_name = self.full_name if self.full_name is not ' ' else None
779 full_name = self.full_name if self.full_name is not ' ' else None
776 return self.username or full_name or self.email
780 return self.username or full_name or self.email
777
781
778 @property
782 @property
779 def full_name(self):
783 def full_name(self):
780 return '%s %s' % (self.first_name, self.last_name)
784 return '%s %s' % (self.first_name, self.last_name)
781
785
782 @property
786 @property
783 def full_name_or_username(self):
787 def full_name_or_username(self):
784 return ('%s %s' % (self.first_name, self.last_name)
788 return ('%s %s' % (self.first_name, self.last_name)
785 if (self.first_name and self.last_name) else self.username)
789 if (self.first_name and self.last_name) else self.username)
786
790
787 @property
791 @property
788 def full_contact(self):
792 def full_contact(self):
789 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
793 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
790
794
791 @property
795 @property
792 def short_contact(self):
796 def short_contact(self):
793 return '%s %s' % (self.first_name, self.last_name)
797 return '%s %s' % (self.first_name, self.last_name)
794
798
795 @property
799 @property
796 def is_admin(self):
800 def is_admin(self):
797 return self.admin
801 return self.admin
798
802
799 def AuthUser(self, **kwargs):
803 def AuthUser(self, **kwargs):
800 """
804 """
801 Returns instance of AuthUser for this user
805 Returns instance of AuthUser for this user
802 """
806 """
803 from rhodecode.lib.auth import AuthUser
807 from rhodecode.lib.auth import AuthUser
804 return AuthUser(user_id=self.user_id, username=self.username, **kwargs)
808 return AuthUser(user_id=self.user_id, username=self.username, **kwargs)
805
809
806 @hybrid_property
810 @hybrid_property
807 def user_data(self):
811 def user_data(self):
808 if not self._user_data:
812 if not self._user_data:
809 return {}
813 return {}
810
814
811 try:
815 try:
812 return json.loads(self._user_data)
816 return json.loads(self._user_data)
813 except TypeError:
817 except TypeError:
814 return {}
818 return {}
815
819
816 @user_data.setter
820 @user_data.setter
817 def user_data(self, val):
821 def user_data(self, val):
818 if not isinstance(val, dict):
822 if not isinstance(val, dict):
819 raise Exception('user_data must be dict, got %s' % type(val))
823 raise Exception('user_data must be dict, got %s' % type(val))
820 try:
824 try:
821 self._user_data = json.dumps(val)
825 self._user_data = json.dumps(val)
822 except Exception:
826 except Exception:
823 log.error(traceback.format_exc())
827 log.error(traceback.format_exc())
824
828
825 @classmethod
829 @classmethod
826 def get_by_username(cls, username, case_insensitive=False,
830 def get_by_username(cls, username, case_insensitive=False,
827 cache=False, identity_cache=False):
831 cache=False, identity_cache=False):
828 session = Session()
832 session = Session()
829
833
830 if case_insensitive:
834 if case_insensitive:
831 q = cls.query().filter(
835 q = cls.query().filter(
832 func.lower(cls.username) == func.lower(username))
836 func.lower(cls.username) == func.lower(username))
833 else:
837 else:
834 q = cls.query().filter(cls.username == username)
838 q = cls.query().filter(cls.username == username)
835
839
836 if cache:
840 if cache:
837 if identity_cache:
841 if identity_cache:
838 val = cls.identity_cache(session, 'username', username)
842 val = cls.identity_cache(session, 'username', username)
839 if val:
843 if val:
840 return val
844 return val
841 else:
845 else:
842 cache_key = "get_user_by_name_%s" % _hash_key(username)
846 cache_key = "get_user_by_name_%s" % _hash_key(username)
843 q = q.options(
847 q = q.options(
844 FromCache("sql_cache_short", cache_key))
848 FromCache("sql_cache_short", cache_key))
845
849
846 return q.scalar()
850 return q.scalar()
847
851
848 @classmethod
852 @classmethod
849 def get_by_auth_token(cls, auth_token, cache=False):
853 def get_by_auth_token(cls, auth_token, cache=False):
850 q = UserApiKeys.query()\
854 q = UserApiKeys.query()\
851 .filter(UserApiKeys.api_key == auth_token)\
855 .filter(UserApiKeys.api_key == auth_token)\
852 .filter(or_(UserApiKeys.expires == -1,
856 .filter(or_(UserApiKeys.expires == -1,
853 UserApiKeys.expires >= time.time()))
857 UserApiKeys.expires >= time.time()))
854 if cache:
858 if cache:
855 q = q.options(
859 q = q.options(
856 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
860 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
857
861
858 match = q.first()
862 match = q.first()
859 if match:
863 if match:
860 return match.user
864 return match.user
861
865
862 @classmethod
866 @classmethod
863 def get_by_email(cls, email, case_insensitive=False, cache=False):
867 def get_by_email(cls, email, case_insensitive=False, cache=False):
864
868
865 if case_insensitive:
869 if case_insensitive:
866 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
870 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
867
871
868 else:
872 else:
869 q = cls.query().filter(cls.email == email)
873 q = cls.query().filter(cls.email == email)
870
874
871 email_key = _hash_key(email)
875 email_key = _hash_key(email)
872 if cache:
876 if cache:
873 q = q.options(
877 q = q.options(
874 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
878 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
875
879
876 ret = q.scalar()
880 ret = q.scalar()
877 if ret is None:
881 if ret is None:
878 q = UserEmailMap.query()
882 q = UserEmailMap.query()
879 # try fetching in alternate email map
883 # try fetching in alternate email map
880 if case_insensitive:
884 if case_insensitive:
881 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
885 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
882 else:
886 else:
883 q = q.filter(UserEmailMap.email == email)
887 q = q.filter(UserEmailMap.email == email)
884 q = q.options(joinedload(UserEmailMap.user))
888 q = q.options(joinedload(UserEmailMap.user))
885 if cache:
889 if cache:
886 q = q.options(
890 q = q.options(
887 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
891 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
888 ret = getattr(q.scalar(), 'user', None)
892 ret = getattr(q.scalar(), 'user', None)
889
893
890 return ret
894 return ret
891
895
892 @classmethod
896 @classmethod
893 def get_from_cs_author(cls, author):
897 def get_from_cs_author(cls, author):
894 """
898 """
895 Tries to get User objects out of commit author string
899 Tries to get User objects out of commit author string
896
900
897 :param author:
901 :param author:
898 """
902 """
899 from rhodecode.lib.helpers import email, author_name
903 from rhodecode.lib.helpers import email, author_name
900 # Valid email in the attribute passed, see if they're in the system
904 # Valid email in the attribute passed, see if they're in the system
901 _email = email(author)
905 _email = email(author)
902 if _email:
906 if _email:
903 user = cls.get_by_email(_email, case_insensitive=True)
907 user = cls.get_by_email(_email, case_insensitive=True)
904 if user:
908 if user:
905 return user
909 return user
906 # Maybe we can match by username?
910 # Maybe we can match by username?
907 _author = author_name(author)
911 _author = author_name(author)
908 user = cls.get_by_username(_author, case_insensitive=True)
912 user = cls.get_by_username(_author, case_insensitive=True)
909 if user:
913 if user:
910 return user
914 return user
911
915
912 def update_userdata(self, **kwargs):
916 def update_userdata(self, **kwargs):
913 usr = self
917 usr = self
914 old = usr.user_data
918 old = usr.user_data
915 old.update(**kwargs)
919 old.update(**kwargs)
916 usr.user_data = old
920 usr.user_data = old
917 Session().add(usr)
921 Session().add(usr)
918 log.debug('updated userdata with ', kwargs)
922 log.debug('updated userdata with ', kwargs)
919
923
920 def update_lastlogin(self):
924 def update_lastlogin(self):
921 """Update user lastlogin"""
925 """Update user lastlogin"""
922 self.last_login = datetime.datetime.now()
926 self.last_login = datetime.datetime.now()
923 Session().add(self)
927 Session().add(self)
924 log.debug('updated user %s lastlogin', self.username)
928 log.debug('updated user %s lastlogin', self.username)
925
929
926 def update_lastactivity(self):
930 def update_lastactivity(self):
927 """Update user lastactivity"""
931 """Update user lastactivity"""
928 self.last_activity = datetime.datetime.now()
932 self.last_activity = datetime.datetime.now()
929 Session().add(self)
933 Session().add(self)
930 log.debug('updated user `%s` last activity', self.username)
934 log.debug('updated user `%s` last activity', self.username)
931
935
932 def update_password(self, new_password):
936 def update_password(self, new_password):
933 from rhodecode.lib.auth import get_crypt_password
937 from rhodecode.lib.auth import get_crypt_password
934
938
935 self.password = get_crypt_password(new_password)
939 self.password = get_crypt_password(new_password)
936 Session().add(self)
940 Session().add(self)
937
941
938 @classmethod
942 @classmethod
939 def get_first_super_admin(cls):
943 def get_first_super_admin(cls):
940 user = User.query().filter(User.admin == true()).first()
944 user = User.query().filter(User.admin == true()).first()
941 if user is None:
945 if user is None:
942 raise Exception('FATAL: Missing administrative account!')
946 raise Exception('FATAL: Missing administrative account!')
943 return user
947 return user
944
948
945 @classmethod
949 @classmethod
946 def get_all_super_admins(cls):
950 def get_all_super_admins(cls):
947 """
951 """
948 Returns all admin accounts sorted by username
952 Returns all admin accounts sorted by username
949 """
953 """
950 return User.query().filter(User.admin == true())\
954 return User.query().filter(User.admin == true())\
951 .order_by(User.username.asc()).all()
955 .order_by(User.username.asc()).all()
952
956
953 @classmethod
957 @classmethod
954 def get_default_user(cls, cache=False, refresh=False):
958 def get_default_user(cls, cache=False, refresh=False):
955 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
959 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
956 if user is None:
960 if user is None:
957 raise Exception('FATAL: Missing default account!')
961 raise Exception('FATAL: Missing default account!')
958 if refresh:
962 if refresh:
959 # The default user might be based on outdated state which
963 # The default user might be based on outdated state which
960 # has been loaded from the cache.
964 # has been loaded from the cache.
961 # A call to refresh() ensures that the
965 # A call to refresh() ensures that the
962 # latest state from the database is used.
966 # latest state from the database is used.
963 Session().refresh(user)
967 Session().refresh(user)
964 return user
968 return user
965
969
966 def _get_default_perms(self, user, suffix=''):
970 def _get_default_perms(self, user, suffix=''):
967 from rhodecode.model.permission import PermissionModel
971 from rhodecode.model.permission import PermissionModel
968 return PermissionModel().get_default_perms(user.user_perms, suffix)
972 return PermissionModel().get_default_perms(user.user_perms, suffix)
969
973
970 def get_default_perms(self, suffix=''):
974 def get_default_perms(self, suffix=''):
971 return self._get_default_perms(self, suffix)
975 return self._get_default_perms(self, suffix)
972
976
973 def get_api_data(self, include_secrets=False, details='full'):
977 def get_api_data(self, include_secrets=False, details='full'):
974 """
978 """
975 Common function for generating user related data for API
979 Common function for generating user related data for API
976
980
977 :param include_secrets: By default secrets in the API data will be replaced
981 :param include_secrets: By default secrets in the API data will be replaced
978 by a placeholder value to prevent exposing this data by accident. In case
982 by a placeholder value to prevent exposing this data by accident. In case
979 this data shall be exposed, set this flag to ``True``.
983 this data shall be exposed, set this flag to ``True``.
980
984
981 :param details: details can be 'basic|full' basic gives only a subset of
985 :param details: details can be 'basic|full' basic gives only a subset of
982 the available user information that includes user_id, name and emails.
986 the available user information that includes user_id, name and emails.
983 """
987 """
984 user = self
988 user = self
985 user_data = self.user_data
989 user_data = self.user_data
986 data = {
990 data = {
987 'user_id': user.user_id,
991 'user_id': user.user_id,
988 'username': user.username,
992 'username': user.username,
989 'firstname': user.name,
993 'firstname': user.name,
990 'lastname': user.lastname,
994 'lastname': user.lastname,
991 'email': user.email,
995 'email': user.email,
992 'emails': user.emails,
996 'emails': user.emails,
993 }
997 }
994 if details == 'basic':
998 if details == 'basic':
995 return data
999 return data
996
1000
997 auth_token_length = 40
1001 auth_token_length = 40
998 auth_token_replacement = '*' * auth_token_length
1002 auth_token_replacement = '*' * auth_token_length
999
1003
1000 extras = {
1004 extras = {
1001 'auth_tokens': [auth_token_replacement],
1005 'auth_tokens': [auth_token_replacement],
1002 'active': user.active,
1006 'active': user.active,
1003 'admin': user.admin,
1007 'admin': user.admin,
1004 'extern_type': user.extern_type,
1008 'extern_type': user.extern_type,
1005 'extern_name': user.extern_name,
1009 'extern_name': user.extern_name,
1006 'last_login': user.last_login,
1010 'last_login': user.last_login,
1007 'last_activity': user.last_activity,
1011 'last_activity': user.last_activity,
1008 'ip_addresses': user.ip_addresses,
1012 'ip_addresses': user.ip_addresses,
1009 'language': user_data.get('language')
1013 'language': user_data.get('language')
1010 }
1014 }
1011 data.update(extras)
1015 data.update(extras)
1012
1016
1013 if include_secrets:
1017 if include_secrets:
1014 data['auth_tokens'] = user.auth_tokens
1018 data['auth_tokens'] = user.auth_tokens
1015 return data
1019 return data
1016
1020
1017 def __json__(self):
1021 def __json__(self):
1018 data = {
1022 data = {
1019 'full_name': self.full_name,
1023 'full_name': self.full_name,
1020 'full_name_or_username': self.full_name_or_username,
1024 'full_name_or_username': self.full_name_or_username,
1021 'short_contact': self.short_contact,
1025 'short_contact': self.short_contact,
1022 'full_contact': self.full_contact,
1026 'full_contact': self.full_contact,
1023 }
1027 }
1024 data.update(self.get_api_data())
1028 data.update(self.get_api_data())
1025 return data
1029 return data
1026
1030
1027
1031
1028 class UserApiKeys(Base, BaseModel):
1032 class UserApiKeys(Base, BaseModel):
1029 __tablename__ = 'user_api_keys'
1033 __tablename__ = 'user_api_keys'
1030 __table_args__ = (
1034 __table_args__ = (
1031 Index('uak_api_key_idx', 'api_key', unique=True),
1035 Index('uak_api_key_idx', 'api_key', unique=True),
1032 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
1036 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
1033 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1037 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1034 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1038 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1035 )
1039 )
1036 __mapper_args__ = {}
1040 __mapper_args__ = {}
1037
1041
1038 # ApiKey role
1042 # ApiKey role
1039 ROLE_ALL = 'token_role_all'
1043 ROLE_ALL = 'token_role_all'
1040 ROLE_HTTP = 'token_role_http'
1044 ROLE_HTTP = 'token_role_http'
1041 ROLE_VCS = 'token_role_vcs'
1045 ROLE_VCS = 'token_role_vcs'
1042 ROLE_API = 'token_role_api'
1046 ROLE_API = 'token_role_api'
1043 ROLE_FEED = 'token_role_feed'
1047 ROLE_FEED = 'token_role_feed'
1044 ROLE_PASSWORD_RESET = 'token_password_reset'
1048 ROLE_PASSWORD_RESET = 'token_password_reset'
1045
1049
1046 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
1050 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
1047
1051
1048 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1052 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1049 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1053 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1050 api_key = Column("api_key", String(255), nullable=False, unique=True)
1054 api_key = Column("api_key", String(255), nullable=False, unique=True)
1051 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1055 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1052 expires = Column('expires', Float(53), nullable=False)
1056 expires = Column('expires', Float(53), nullable=False)
1053 role = Column('role', String(255), nullable=True)
1057 role = Column('role', String(255), nullable=True)
1054 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1058 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1055
1059
1056 # scope columns
1060 # scope columns
1057 repo_id = Column(
1061 repo_id = Column(
1058 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1062 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1059 nullable=True, unique=None, default=None)
1063 nullable=True, unique=None, default=None)
1060 repo = relationship('Repository', lazy='joined')
1064 repo = relationship('Repository', lazy='joined')
1061
1065
1062 repo_group_id = Column(
1066 repo_group_id = Column(
1063 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1067 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1064 nullable=True, unique=None, default=None)
1068 nullable=True, unique=None, default=None)
1065 repo_group = relationship('RepoGroup', lazy='joined')
1069 repo_group = relationship('RepoGroup', lazy='joined')
1066
1070
1067 user = relationship('User', lazy='joined')
1071 user = relationship('User', lazy='joined')
1068
1072
1069 def __unicode__(self):
1073 def __unicode__(self):
1070 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1074 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1071
1075
1072 def __json__(self):
1076 def __json__(self):
1073 data = {
1077 data = {
1074 'auth_token': self.api_key,
1078 'auth_token': self.api_key,
1075 'role': self.role,
1079 'role': self.role,
1076 'scope': self.scope_humanized,
1080 'scope': self.scope_humanized,
1077 'expired': self.expired
1081 'expired': self.expired
1078 }
1082 }
1079 return data
1083 return data
1080
1084
1081 def get_api_data(self, include_secrets=False):
1085 def get_api_data(self, include_secrets=False):
1082 data = self.__json__()
1086 data = self.__json__()
1083 if include_secrets:
1087 if include_secrets:
1084 return data
1088 return data
1085 else:
1089 else:
1086 data['auth_token'] = self.token_obfuscated
1090 data['auth_token'] = self.token_obfuscated
1087 return data
1091 return data
1088
1092
1089 @hybrid_property
1093 @hybrid_property
1090 def description_safe(self):
1094 def description_safe(self):
1091 from rhodecode.lib import helpers as h
1095 from rhodecode.lib import helpers as h
1092 return h.escape(self.description)
1096 return h.escape(self.description)
1093
1097
1094 @property
1098 @property
1095 def expired(self):
1099 def expired(self):
1096 if self.expires == -1:
1100 if self.expires == -1:
1097 return False
1101 return False
1098 return time.time() > self.expires
1102 return time.time() > self.expires
1099
1103
1100 @classmethod
1104 @classmethod
1101 def _get_role_name(cls, role):
1105 def _get_role_name(cls, role):
1102 return {
1106 return {
1103 cls.ROLE_ALL: _('all'),
1107 cls.ROLE_ALL: _('all'),
1104 cls.ROLE_HTTP: _('http/web interface'),
1108 cls.ROLE_HTTP: _('http/web interface'),
1105 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1109 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1106 cls.ROLE_API: _('api calls'),
1110 cls.ROLE_API: _('api calls'),
1107 cls.ROLE_FEED: _('feed access'),
1111 cls.ROLE_FEED: _('feed access'),
1108 }.get(role, role)
1112 }.get(role, role)
1109
1113
1110 @property
1114 @property
1111 def role_humanized(self):
1115 def role_humanized(self):
1112 return self._get_role_name(self.role)
1116 return self._get_role_name(self.role)
1113
1117
1114 def _get_scope(self):
1118 def _get_scope(self):
1115 if self.repo:
1119 if self.repo:
1116 return repr(self.repo)
1120 return repr(self.repo)
1117 if self.repo_group:
1121 if self.repo_group:
1118 return repr(self.repo_group) + ' (recursive)'
1122 return repr(self.repo_group) + ' (recursive)'
1119 return 'global'
1123 return 'global'
1120
1124
1121 @property
1125 @property
1122 def scope_humanized(self):
1126 def scope_humanized(self):
1123 return self._get_scope()
1127 return self._get_scope()
1124
1128
1125 @property
1129 @property
1126 def token_obfuscated(self):
1130 def token_obfuscated(self):
1127 if self.api_key:
1131 if self.api_key:
1128 return self.api_key[:4] + "****"
1132 return self.api_key[:4] + "****"
1129
1133
1130
1134
1131 class UserEmailMap(Base, BaseModel):
1135 class UserEmailMap(Base, BaseModel):
1132 __tablename__ = 'user_email_map'
1136 __tablename__ = 'user_email_map'
1133 __table_args__ = (
1137 __table_args__ = (
1134 Index('uem_email_idx', 'email'),
1138 Index('uem_email_idx', 'email'),
1135 UniqueConstraint('email'),
1139 UniqueConstraint('email'),
1136 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1140 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1137 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1141 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1138 )
1142 )
1139 __mapper_args__ = {}
1143 __mapper_args__ = {}
1140
1144
1141 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1145 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1142 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1146 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1143 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1147 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1144 user = relationship('User', lazy='joined')
1148 user = relationship('User', lazy='joined')
1145
1149
1146 @validates('_email')
1150 @validates('_email')
1147 def validate_email(self, key, email):
1151 def validate_email(self, key, email):
1148 # check if this email is not main one
1152 # check if this email is not main one
1149 main_email = Session().query(User).filter(User.email == email).scalar()
1153 main_email = Session().query(User).filter(User.email == email).scalar()
1150 if main_email is not None:
1154 if main_email is not None:
1151 raise AttributeError('email %s is present is user table' % email)
1155 raise AttributeError('email %s is present is user table' % email)
1152 return email
1156 return email
1153
1157
1154 @hybrid_property
1158 @hybrid_property
1155 def email(self):
1159 def email(self):
1156 return self._email
1160 return self._email
1157
1161
1158 @email.setter
1162 @email.setter
1159 def email(self, val):
1163 def email(self, val):
1160 self._email = val.lower() if val else None
1164 self._email = val.lower() if val else None
1161
1165
1162
1166
1163 class UserIpMap(Base, BaseModel):
1167 class UserIpMap(Base, BaseModel):
1164 __tablename__ = 'user_ip_map'
1168 __tablename__ = 'user_ip_map'
1165 __table_args__ = (
1169 __table_args__ = (
1166 UniqueConstraint('user_id', 'ip_addr'),
1170 UniqueConstraint('user_id', 'ip_addr'),
1167 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1171 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1168 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1172 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1169 )
1173 )
1170 __mapper_args__ = {}
1174 __mapper_args__ = {}
1171
1175
1172 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1176 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1173 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1177 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1174 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1178 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1175 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1179 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1176 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1180 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1177 user = relationship('User', lazy='joined')
1181 user = relationship('User', lazy='joined')
1178
1182
1179 @hybrid_property
1183 @hybrid_property
1180 def description_safe(self):
1184 def description_safe(self):
1181 from rhodecode.lib import helpers as h
1185 from rhodecode.lib import helpers as h
1182 return h.escape(self.description)
1186 return h.escape(self.description)
1183
1187
1184 @classmethod
1188 @classmethod
1185 def _get_ip_range(cls, ip_addr):
1189 def _get_ip_range(cls, ip_addr):
1186 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1190 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1187 return [str(net.network_address), str(net.broadcast_address)]
1191 return [str(net.network_address), str(net.broadcast_address)]
1188
1192
1189 def __json__(self):
1193 def __json__(self):
1190 return {
1194 return {
1191 'ip_addr': self.ip_addr,
1195 'ip_addr': self.ip_addr,
1192 'ip_range': self._get_ip_range(self.ip_addr),
1196 'ip_range': self._get_ip_range(self.ip_addr),
1193 }
1197 }
1194
1198
1195 def __unicode__(self):
1199 def __unicode__(self):
1196 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1200 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1197 self.user_id, self.ip_addr)
1201 self.user_id, self.ip_addr)
1198
1202
1199
1203
1200 class UserSshKeys(Base, BaseModel):
1204 class UserSshKeys(Base, BaseModel):
1201 __tablename__ = 'user_ssh_keys'
1205 __tablename__ = 'user_ssh_keys'
1202 __table_args__ = (
1206 __table_args__ = (
1203 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1207 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1204
1208
1205 UniqueConstraint('ssh_key_fingerprint'),
1209 UniqueConstraint('ssh_key_fingerprint'),
1206
1210
1207 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1211 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1208 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1212 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1209 )
1213 )
1210 __mapper_args__ = {}
1214 __mapper_args__ = {}
1211
1215
1212 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1216 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1213 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1217 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1214 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(255), nullable=False, unique=None, default=None)
1218 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(255), nullable=False, unique=None, default=None)
1215
1219
1216 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1220 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1217
1221
1218 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1222 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1219 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1223 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1220 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1224 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1221
1225
1222 user = relationship('User', lazy='joined')
1226 user = relationship('User', lazy='joined')
1223
1227
1224 def __json__(self):
1228 def __json__(self):
1225 data = {
1229 data = {
1226 'ssh_fingerprint': self.ssh_key_fingerprint,
1230 'ssh_fingerprint': self.ssh_key_fingerprint,
1227 'description': self.description,
1231 'description': self.description,
1228 'created_on': self.created_on
1232 'created_on': self.created_on
1229 }
1233 }
1230 return data
1234 return data
1231
1235
1232 def get_api_data(self):
1236 def get_api_data(self):
1233 data = self.__json__()
1237 data = self.__json__()
1234 return data
1238 return data
1235
1239
1236
1240
1237 class UserLog(Base, BaseModel):
1241 class UserLog(Base, BaseModel):
1238 __tablename__ = 'user_logs'
1242 __tablename__ = 'user_logs'
1239 __table_args__ = (
1243 __table_args__ = (
1240 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1244 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1241 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1245 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1242 )
1246 )
1243 VERSION_1 = 'v1'
1247 VERSION_1 = 'v1'
1244 VERSION_2 = 'v2'
1248 VERSION_2 = 'v2'
1245 VERSIONS = [VERSION_1, VERSION_2]
1249 VERSIONS = [VERSION_1, VERSION_2]
1246
1250
1247 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1251 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1248 user_id = Column("user_id", Integer(), ForeignKey('users.user_id',ondelete='SET NULL'), nullable=True, unique=None, default=None)
1252 user_id = Column("user_id", Integer(), ForeignKey('users.user_id',ondelete='SET NULL'), nullable=True, unique=None, default=None)
1249 username = Column("username", String(255), nullable=True, unique=None, default=None)
1253 username = Column("username", String(255), nullable=True, unique=None, default=None)
1250 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id', ondelete='SET NULL'), nullable=True, unique=None, default=None)
1254 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id', ondelete='SET NULL'), nullable=True, unique=None, default=None)
1251 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1255 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1252 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1256 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1253 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1257 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1254 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1258 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1255
1259
1256 version = Column("version", String(255), nullable=True, default=VERSION_1)
1260 version = Column("version", String(255), nullable=True, default=VERSION_1)
1257 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1261 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1258 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1262 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=LONGTEXT()))))
1259
1263
1260 def __unicode__(self):
1264 def __unicode__(self):
1261 return u"<%s('id:%s:%s')>" % (
1265 return u"<%s('id:%s:%s')>" % (
1262 self.__class__.__name__, self.repository_name, self.action)
1266 self.__class__.__name__, self.repository_name, self.action)
1263
1267
1264 def __json__(self):
1268 def __json__(self):
1265 return {
1269 return {
1266 'user_id': self.user_id,
1270 'user_id': self.user_id,
1267 'username': self.username,
1271 'username': self.username,
1268 'repository_id': self.repository_id,
1272 'repository_id': self.repository_id,
1269 'repository_name': self.repository_name,
1273 'repository_name': self.repository_name,
1270 'user_ip': self.user_ip,
1274 'user_ip': self.user_ip,
1271 'action_date': self.action_date,
1275 'action_date': self.action_date,
1272 'action': self.action,
1276 'action': self.action,
1273 }
1277 }
1274
1278
1275 @hybrid_property
1279 @hybrid_property
1276 def entry_id(self):
1280 def entry_id(self):
1277 return self.user_log_id
1281 return self.user_log_id
1278
1282
1279 @property
1283 @property
1280 def action_as_day(self):
1284 def action_as_day(self):
1281 return datetime.date(*self.action_date.timetuple()[:3])
1285 return datetime.date(*self.action_date.timetuple()[:3])
1282
1286
1283 user = relationship('User')
1287 user = relationship('User')
1284 repository = relationship('Repository', cascade='')
1288 repository = relationship('Repository', cascade='')
1285
1289
1286
1290
1287 class UserGroup(Base, BaseModel):
1291 class UserGroup(Base, BaseModel):
1288 __tablename__ = 'users_groups'
1292 __tablename__ = 'users_groups'
1289 __table_args__ = (
1293 __table_args__ = (
1290 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1294 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1291 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1295 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1292 )
1296 )
1293
1297
1294 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1298 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1295 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1299 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1296 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1300 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1297 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1301 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1298 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1302 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1299 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1303 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1300 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1304 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1301 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1305 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1302
1306
1303 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1307 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1304 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1308 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1305 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1309 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1306 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1310 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1307 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1311 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1308 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1312 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1309
1313
1310 user_group_review_rules = relationship('RepoReviewRuleUserGroup', cascade='all')
1314 user_group_review_rules = relationship('RepoReviewRuleUserGroup', cascade='all')
1311 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1315 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1312
1316
1313 @classmethod
1317 @classmethod
1314 def _load_group_data(cls, column):
1318 def _load_group_data(cls, column):
1315 if not column:
1319 if not column:
1316 return {}
1320 return {}
1317
1321
1318 try:
1322 try:
1319 return json.loads(column) or {}
1323 return json.loads(column) or {}
1320 except TypeError:
1324 except TypeError:
1321 return {}
1325 return {}
1322
1326
1323 @hybrid_property
1327 @hybrid_property
1324 def description_safe(self):
1328 def description_safe(self):
1325 from rhodecode.lib import helpers as h
1329 from rhodecode.lib import helpers as h
1326 return h.escape(self.description)
1330 return h.escape(self.description)
1327
1331
1328 @hybrid_property
1332 @hybrid_property
1329 def group_data(self):
1333 def group_data(self):
1330 return self._load_group_data(self._group_data)
1334 return self._load_group_data(self._group_data)
1331
1335
1332 @group_data.expression
1336 @group_data.expression
1333 def group_data(self, **kwargs):
1337 def group_data(self, **kwargs):
1334 return self._group_data
1338 return self._group_data
1335
1339
1336 @group_data.setter
1340 @group_data.setter
1337 def group_data(self, val):
1341 def group_data(self, val):
1338 try:
1342 try:
1339 self._group_data = json.dumps(val)
1343 self._group_data = json.dumps(val)
1340 except Exception:
1344 except Exception:
1341 log.error(traceback.format_exc())
1345 log.error(traceback.format_exc())
1342
1346
1343 def __unicode__(self):
1347 def __unicode__(self):
1344 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1348 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1345 self.users_group_id,
1349 self.users_group_id,
1346 self.users_group_name)
1350 self.users_group_name)
1347
1351
1348 @classmethod
1352 @classmethod
1349 def get_by_group_name(cls, group_name, cache=False,
1353 def get_by_group_name(cls, group_name, cache=False,
1350 case_insensitive=False):
1354 case_insensitive=False):
1351 if case_insensitive:
1355 if case_insensitive:
1352 q = cls.query().filter(func.lower(cls.users_group_name) ==
1356 q = cls.query().filter(func.lower(cls.users_group_name) ==
1353 func.lower(group_name))
1357 func.lower(group_name))
1354
1358
1355 else:
1359 else:
1356 q = cls.query().filter(cls.users_group_name == group_name)
1360 q = cls.query().filter(cls.users_group_name == group_name)
1357 if cache:
1361 if cache:
1358 q = q.options(
1362 q = q.options(
1359 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1363 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1360 return q.scalar()
1364 return q.scalar()
1361
1365
1362 @classmethod
1366 @classmethod
1363 def get(cls, user_group_id, cache=False):
1367 def get(cls, user_group_id, cache=False):
1364 if not user_group_id:
1368 if not user_group_id:
1365 return
1369 return
1366
1370
1367 user_group = cls.query()
1371 user_group = cls.query()
1368 if cache:
1372 if cache:
1369 user_group = user_group.options(
1373 user_group = user_group.options(
1370 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1374 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1371 return user_group.get(user_group_id)
1375 return user_group.get(user_group_id)
1372
1376
1373 def permissions(self, with_admins=True, with_owner=True):
1377 def permissions(self, with_admins=True, with_owner=True):
1374 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1378 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1375 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1379 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1376 joinedload(UserUserGroupToPerm.user),
1380 joinedload(UserUserGroupToPerm.user),
1377 joinedload(UserUserGroupToPerm.permission),)
1381 joinedload(UserUserGroupToPerm.permission),)
1378
1382
1379 # get owners and admins and permissions. We do a trick of re-writing
1383 # get owners and admins and permissions. We do a trick of re-writing
1380 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1384 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1381 # has a global reference and changing one object propagates to all
1385 # has a global reference and changing one object propagates to all
1382 # others. This means if admin is also an owner admin_row that change
1386 # others. This means if admin is also an owner admin_row that change
1383 # would propagate to both objects
1387 # would propagate to both objects
1384 perm_rows = []
1388 perm_rows = []
1385 for _usr in q.all():
1389 for _usr in q.all():
1386 usr = AttributeDict(_usr.user.get_dict())
1390 usr = AttributeDict(_usr.user.get_dict())
1387 usr.permission = _usr.permission.permission_name
1391 usr.permission = _usr.permission.permission_name
1388 perm_rows.append(usr)
1392 perm_rows.append(usr)
1389
1393
1390 # filter the perm rows by 'default' first and then sort them by
1394 # filter the perm rows by 'default' first and then sort them by
1391 # admin,write,read,none permissions sorted again alphabetically in
1395 # admin,write,read,none permissions sorted again alphabetically in
1392 # each group
1396 # each group
1393 perm_rows = sorted(perm_rows, key=display_user_sort)
1397 perm_rows = sorted(perm_rows, key=display_user_sort)
1394
1398
1395 _admin_perm = 'usergroup.admin'
1399 _admin_perm = 'usergroup.admin'
1396 owner_row = []
1400 owner_row = []
1397 if with_owner:
1401 if with_owner:
1398 usr = AttributeDict(self.user.get_dict())
1402 usr = AttributeDict(self.user.get_dict())
1399 usr.owner_row = True
1403 usr.owner_row = True
1400 usr.permission = _admin_perm
1404 usr.permission = _admin_perm
1401 owner_row.append(usr)
1405 owner_row.append(usr)
1402
1406
1403 super_admin_rows = []
1407 super_admin_rows = []
1404 if with_admins:
1408 if with_admins:
1405 for usr in User.get_all_super_admins():
1409 for usr in User.get_all_super_admins():
1406 # if this admin is also owner, don't double the record
1410 # if this admin is also owner, don't double the record
1407 if usr.user_id == owner_row[0].user_id:
1411 if usr.user_id == owner_row[0].user_id:
1408 owner_row[0].admin_row = True
1412 owner_row[0].admin_row = True
1409 else:
1413 else:
1410 usr = AttributeDict(usr.get_dict())
1414 usr = AttributeDict(usr.get_dict())
1411 usr.admin_row = True
1415 usr.admin_row = True
1412 usr.permission = _admin_perm
1416 usr.permission = _admin_perm
1413 super_admin_rows.append(usr)
1417 super_admin_rows.append(usr)
1414
1418
1415 return super_admin_rows + owner_row + perm_rows
1419 return super_admin_rows + owner_row + perm_rows
1416
1420
1417 def permission_user_groups(self):
1421 def permission_user_groups(self):
1418 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1422 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1419 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1423 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1420 joinedload(UserGroupUserGroupToPerm.target_user_group),
1424 joinedload(UserGroupUserGroupToPerm.target_user_group),
1421 joinedload(UserGroupUserGroupToPerm.permission),)
1425 joinedload(UserGroupUserGroupToPerm.permission),)
1422
1426
1423 perm_rows = []
1427 perm_rows = []
1424 for _user_group in q.all():
1428 for _user_group in q.all():
1425 usr = AttributeDict(_user_group.user_group.get_dict())
1429 usr = AttributeDict(_user_group.user_group.get_dict())
1426 usr.permission = _user_group.permission.permission_name
1430 usr.permission = _user_group.permission.permission_name
1427 perm_rows.append(usr)
1431 perm_rows.append(usr)
1428
1432
1429 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1433 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1430 return perm_rows
1434 return perm_rows
1431
1435
1432 def _get_default_perms(self, user_group, suffix=''):
1436 def _get_default_perms(self, user_group, suffix=''):
1433 from rhodecode.model.permission import PermissionModel
1437 from rhodecode.model.permission import PermissionModel
1434 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1438 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1435
1439
1436 def get_default_perms(self, suffix=''):
1440 def get_default_perms(self, suffix=''):
1437 return self._get_default_perms(self, suffix)
1441 return self._get_default_perms(self, suffix)
1438
1442
1439 def get_api_data(self, with_group_members=True, include_secrets=False):
1443 def get_api_data(self, with_group_members=True, include_secrets=False):
1440 """
1444 """
1441 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1445 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1442 basically forwarded.
1446 basically forwarded.
1443
1447
1444 """
1448 """
1445 user_group = self
1449 user_group = self
1446 data = {
1450 data = {
1447 'users_group_id': user_group.users_group_id,
1451 'users_group_id': user_group.users_group_id,
1448 'group_name': user_group.users_group_name,
1452 'group_name': user_group.users_group_name,
1449 'group_description': user_group.user_group_description,
1453 'group_description': user_group.user_group_description,
1450 'active': user_group.users_group_active,
1454 'active': user_group.users_group_active,
1451 'owner': user_group.user.username,
1455 'owner': user_group.user.username,
1452 'owner_email': user_group.user.email,
1456 'owner_email': user_group.user.email,
1453 }
1457 }
1454
1458
1455 if with_group_members:
1459 if with_group_members:
1456 users = []
1460 users = []
1457 for user in user_group.members:
1461 for user in user_group.members:
1458 user = user.user
1462 user = user.user
1459 users.append(user.get_api_data(include_secrets=include_secrets))
1463 users.append(user.get_api_data(include_secrets=include_secrets))
1460 data['users'] = users
1464 data['users'] = users
1461
1465
1462 return data
1466 return data
1463
1467
1464
1468
1465 class UserGroupMember(Base, BaseModel):
1469 class UserGroupMember(Base, BaseModel):
1466 __tablename__ = 'users_groups_members'
1470 __tablename__ = 'users_groups_members'
1467 __table_args__ = (
1471 __table_args__ = (
1468 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1472 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1469 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1473 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1470 )
1474 )
1471
1475
1472 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1476 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1473 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1477 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1474 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1478 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1475
1479
1476 user = relationship('User', lazy='joined')
1480 user = relationship('User', lazy='joined')
1477 users_group = relationship('UserGroup')
1481 users_group = relationship('UserGroup')
1478
1482
1479 def __init__(self, gr_id='', u_id=''):
1483 def __init__(self, gr_id='', u_id=''):
1480 self.users_group_id = gr_id
1484 self.users_group_id = gr_id
1481 self.user_id = u_id
1485 self.user_id = u_id
1482
1486
1483
1487
1484 class RepositoryField(Base, BaseModel):
1488 class RepositoryField(Base, BaseModel):
1485 __tablename__ = 'repositories_fields'
1489 __tablename__ = 'repositories_fields'
1486 __table_args__ = (
1490 __table_args__ = (
1487 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1491 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1488 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1492 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1489 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1493 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1490 )
1494 )
1491 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1495 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1492
1496
1493 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1497 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1494 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1498 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1495 field_key = Column("field_key", String(250))
1499 field_key = Column("field_key", String(250))
1496 field_label = Column("field_label", String(1024), nullable=False)
1500 field_label = Column("field_label", String(1024), nullable=False)
1497 field_value = Column("field_value", String(10000), nullable=False)
1501 field_value = Column("field_value", String(10000), nullable=False)
1498 field_desc = Column("field_desc", String(1024), nullable=False)
1502 field_desc = Column("field_desc", String(1024), nullable=False)
1499 field_type = Column("field_type", String(255), nullable=False, unique=None)
1503 field_type = Column("field_type", String(255), nullable=False, unique=None)
1500 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1504 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1501
1505
1502 repository = relationship('Repository')
1506 repository = relationship('Repository')
1503
1507
1504 @property
1508 @property
1505 def field_key_prefixed(self):
1509 def field_key_prefixed(self):
1506 return 'ex_%s' % self.field_key
1510 return 'ex_%s' % self.field_key
1507
1511
1508 @classmethod
1512 @classmethod
1509 def un_prefix_key(cls, key):
1513 def un_prefix_key(cls, key):
1510 if key.startswith(cls.PREFIX):
1514 if key.startswith(cls.PREFIX):
1511 return key[len(cls.PREFIX):]
1515 return key[len(cls.PREFIX):]
1512 return key
1516 return key
1513
1517
1514 @classmethod
1518 @classmethod
1515 def get_by_key_name(cls, key, repo):
1519 def get_by_key_name(cls, key, repo):
1516 row = cls.query()\
1520 row = cls.query()\
1517 .filter(cls.repository == repo)\
1521 .filter(cls.repository == repo)\
1518 .filter(cls.field_key == key).scalar()
1522 .filter(cls.field_key == key).scalar()
1519 return row
1523 return row
1520
1524
1521
1525
1522 class Repository(Base, BaseModel):
1526 class Repository(Base, BaseModel):
1523 __tablename__ = 'repositories'
1527 __tablename__ = 'repositories'
1524 __table_args__ = (
1528 __table_args__ = (
1525 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1529 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1526 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1530 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1527 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1531 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1528 )
1532 )
1529 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1533 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1530 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1534 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1531
1535
1532 STATE_CREATED = 'repo_state_created'
1536 STATE_CREATED = 'repo_state_created'
1533 STATE_PENDING = 'repo_state_pending'
1537 STATE_PENDING = 'repo_state_pending'
1534 STATE_ERROR = 'repo_state_error'
1538 STATE_ERROR = 'repo_state_error'
1535
1539
1536 LOCK_AUTOMATIC = 'lock_auto'
1540 LOCK_AUTOMATIC = 'lock_auto'
1537 LOCK_API = 'lock_api'
1541 LOCK_API = 'lock_api'
1538 LOCK_WEB = 'lock_web'
1542 LOCK_WEB = 'lock_web'
1539 LOCK_PULL = 'lock_pull'
1543 LOCK_PULL = 'lock_pull'
1540
1544
1541 NAME_SEP = URL_SEP
1545 NAME_SEP = URL_SEP
1542
1546
1543 repo_id = Column(
1547 repo_id = Column(
1544 "repo_id", Integer(), nullable=False, unique=True, default=None,
1548 "repo_id", Integer(), nullable=False, unique=True, default=None,
1545 primary_key=True)
1549 primary_key=True)
1546 _repo_name = Column(
1550 _repo_name = Column(
1547 "repo_name", Text(), nullable=False, default=None)
1551 "repo_name", Text(), nullable=False, default=None)
1548 _repo_name_hash = Column(
1552 _repo_name_hash = Column(
1549 "repo_name_hash", String(255), nullable=False, unique=True)
1553 "repo_name_hash", String(255), nullable=False, unique=True)
1550 repo_state = Column("repo_state", String(255), nullable=True)
1554 repo_state = Column("repo_state", String(255), nullable=True)
1551
1555
1552 clone_uri = Column(
1556 clone_uri = Column(
1553 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1557 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1554 default=None)
1558 default=None)
1555 repo_type = Column(
1559 repo_type = Column(
1556 "repo_type", String(255), nullable=False, unique=False, default=None)
1560 "repo_type", String(255), nullable=False, unique=False, default=None)
1557 user_id = Column(
1561 user_id = Column(
1558 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1562 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1559 unique=False, default=None)
1563 unique=False, default=None)
1560 private = Column(
1564 private = Column(
1561 "private", Boolean(), nullable=True, unique=None, default=None)
1565 "private", Boolean(), nullable=True, unique=None, default=None)
1562 enable_statistics = Column(
1566 enable_statistics = Column(
1563 "statistics", Boolean(), nullable=True, unique=None, default=True)
1567 "statistics", Boolean(), nullable=True, unique=None, default=True)
1564 enable_downloads = Column(
1568 enable_downloads = Column(
1565 "downloads", Boolean(), nullable=True, unique=None, default=True)
1569 "downloads", Boolean(), nullable=True, unique=None, default=True)
1566 description = Column(
1570 description = Column(
1567 "description", String(10000), nullable=True, unique=None, default=None)
1571 "description", String(10000), nullable=True, unique=None, default=None)
1568 created_on = Column(
1572 created_on = Column(
1569 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1573 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1570 default=datetime.datetime.now)
1574 default=datetime.datetime.now)
1571 updated_on = Column(
1575 updated_on = Column(
1572 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1576 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1573 default=datetime.datetime.now)
1577 default=datetime.datetime.now)
1574 _landing_revision = Column(
1578 _landing_revision = Column(
1575 "landing_revision", String(255), nullable=False, unique=False,
1579 "landing_revision", String(255), nullable=False, unique=False,
1576 default=None)
1580 default=None)
1577 enable_locking = Column(
1581 enable_locking = Column(
1578 "enable_locking", Boolean(), nullable=False, unique=None,
1582 "enable_locking", Boolean(), nullable=False, unique=None,
1579 default=False)
1583 default=False)
1580 _locked = Column(
1584 _locked = Column(
1581 "locked", String(255), nullable=True, unique=False, default=None)
1585 "locked", String(255), nullable=True, unique=False, default=None)
1582 _changeset_cache = Column(
1586 _changeset_cache = Column(
1583 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1587 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1584
1588
1585 fork_id = Column(
1589 fork_id = Column(
1586 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1590 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1587 nullable=True, unique=False, default=None)
1591 nullable=True, unique=False, default=None)
1588 group_id = Column(
1592 group_id = Column(
1589 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1593 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1590 unique=False, default=None)
1594 unique=False, default=None)
1591
1595
1592 user = relationship('User', lazy='joined')
1596 user = relationship('User', lazy='joined')
1593 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1597 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1594 group = relationship('RepoGroup', lazy='joined')
1598 group = relationship('RepoGroup', lazy='joined')
1595 repo_to_perm = relationship(
1599 repo_to_perm = relationship(
1596 'UserRepoToPerm', cascade='all',
1600 'UserRepoToPerm', cascade='all',
1597 order_by='UserRepoToPerm.repo_to_perm_id')
1601 order_by='UserRepoToPerm.repo_to_perm_id')
1598 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1602 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1599 stats = relationship('Statistics', cascade='all', uselist=False)
1603 stats = relationship('Statistics', cascade='all', uselist=False)
1600
1604
1601 followers = relationship(
1605 followers = relationship(
1602 'UserFollowing',
1606 'UserFollowing',
1603 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1607 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1604 cascade='all')
1608 cascade='all')
1605 extra_fields = relationship(
1609 extra_fields = relationship(
1606 'RepositoryField', cascade="all, delete, delete-orphan")
1610 'RepositoryField', cascade="all, delete, delete-orphan")
1607 logs = relationship('UserLog')
1611 logs = relationship('UserLog')
1608 comments = relationship(
1612 comments = relationship(
1609 'ChangesetComment', cascade="all, delete, delete-orphan")
1613 'ChangesetComment', cascade="all, delete, delete-orphan")
1610 pull_requests_source = relationship(
1614 pull_requests_source = relationship(
1611 'PullRequest',
1615 'PullRequest',
1612 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1616 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1613 cascade="all, delete, delete-orphan")
1617 cascade="all, delete, delete-orphan")
1614 pull_requests_target = relationship(
1618 pull_requests_target = relationship(
1615 'PullRequest',
1619 'PullRequest',
1616 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1620 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1617 cascade="all, delete, delete-orphan")
1621 cascade="all, delete, delete-orphan")
1618 ui = relationship('RepoRhodeCodeUi', cascade="all")
1622 ui = relationship('RepoRhodeCodeUi', cascade="all")
1619 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1623 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1620 integrations = relationship('Integration',
1624 integrations = relationship('Integration',
1621 cascade="all, delete, delete-orphan")
1625 cascade="all, delete, delete-orphan")
1622
1626
1623 def __unicode__(self):
1627 def __unicode__(self):
1624 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1628 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1625 safe_unicode(self.repo_name))
1629 safe_unicode(self.repo_name))
1626
1630
1627 @hybrid_property
1631 @hybrid_property
1628 def description_safe(self):
1632 def description_safe(self):
1629 from rhodecode.lib import helpers as h
1633 from rhodecode.lib import helpers as h
1630 return h.escape(self.description)
1634 return h.escape(self.description)
1631
1635
1632 @hybrid_property
1636 @hybrid_property
1633 def landing_rev(self):
1637 def landing_rev(self):
1634 # always should return [rev_type, rev]
1638 # always should return [rev_type, rev]
1635 if self._landing_revision:
1639 if self._landing_revision:
1636 _rev_info = self._landing_revision.split(':')
1640 _rev_info = self._landing_revision.split(':')
1637 if len(_rev_info) < 2:
1641 if len(_rev_info) < 2:
1638 _rev_info.insert(0, 'rev')
1642 _rev_info.insert(0, 'rev')
1639 return [_rev_info[0], _rev_info[1]]
1643 return [_rev_info[0], _rev_info[1]]
1640 return [None, None]
1644 return [None, None]
1641
1645
1642 @landing_rev.setter
1646 @landing_rev.setter
1643 def landing_rev(self, val):
1647 def landing_rev(self, val):
1644 if ':' not in val:
1648 if ':' not in val:
1645 raise ValueError('value must be delimited with `:` and consist '
1649 raise ValueError('value must be delimited with `:` and consist '
1646 'of <rev_type>:<rev>, got %s instead' % val)
1650 'of <rev_type>:<rev>, got %s instead' % val)
1647 self._landing_revision = val
1651 self._landing_revision = val
1648
1652
1649 @hybrid_property
1653 @hybrid_property
1650 def locked(self):
1654 def locked(self):
1651 if self._locked:
1655 if self._locked:
1652 user_id, timelocked, reason = self._locked.split(':')
1656 user_id, timelocked, reason = self._locked.split(':')
1653 lock_values = int(user_id), timelocked, reason
1657 lock_values = int(user_id), timelocked, reason
1654 else:
1658 else:
1655 lock_values = [None, None, None]
1659 lock_values = [None, None, None]
1656 return lock_values
1660 return lock_values
1657
1661
1658 @locked.setter
1662 @locked.setter
1659 def locked(self, val):
1663 def locked(self, val):
1660 if val and isinstance(val, (list, tuple)):
1664 if val and isinstance(val, (list, tuple)):
1661 self._locked = ':'.join(map(str, val))
1665 self._locked = ':'.join(map(str, val))
1662 else:
1666 else:
1663 self._locked = None
1667 self._locked = None
1664
1668
1665 @hybrid_property
1669 @hybrid_property
1666 def changeset_cache(self):
1670 def changeset_cache(self):
1667 from rhodecode.lib.vcs.backends.base import EmptyCommit
1671 from rhodecode.lib.vcs.backends.base import EmptyCommit
1668 dummy = EmptyCommit().__json__()
1672 dummy = EmptyCommit().__json__()
1669 if not self._changeset_cache:
1673 if not self._changeset_cache:
1670 return dummy
1674 return dummy
1671 try:
1675 try:
1672 return json.loads(self._changeset_cache)
1676 return json.loads(self._changeset_cache)
1673 except TypeError:
1677 except TypeError:
1674 return dummy
1678 return dummy
1675 except Exception:
1679 except Exception:
1676 log.error(traceback.format_exc())
1680 log.error(traceback.format_exc())
1677 return dummy
1681 return dummy
1678
1682
1679 @changeset_cache.setter
1683 @changeset_cache.setter
1680 def changeset_cache(self, val):
1684 def changeset_cache(self, val):
1681 try:
1685 try:
1682 self._changeset_cache = json.dumps(val)
1686 self._changeset_cache = json.dumps(val)
1683 except Exception:
1687 except Exception:
1684 log.error(traceback.format_exc())
1688 log.error(traceback.format_exc())
1685
1689
1686 @hybrid_property
1690 @hybrid_property
1687 def repo_name(self):
1691 def repo_name(self):
1688 return self._repo_name
1692 return self._repo_name
1689
1693
1690 @repo_name.setter
1694 @repo_name.setter
1691 def repo_name(self, value):
1695 def repo_name(self, value):
1692 self._repo_name = value
1696 self._repo_name = value
1693 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1697 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1694
1698
1695 @classmethod
1699 @classmethod
1696 def normalize_repo_name(cls, repo_name):
1700 def normalize_repo_name(cls, repo_name):
1697 """
1701 """
1698 Normalizes os specific repo_name to the format internally stored inside
1702 Normalizes os specific repo_name to the format internally stored inside
1699 database using URL_SEP
1703 database using URL_SEP
1700
1704
1701 :param cls:
1705 :param cls:
1702 :param repo_name:
1706 :param repo_name:
1703 """
1707 """
1704 return cls.NAME_SEP.join(repo_name.split(os.sep))
1708 return cls.NAME_SEP.join(repo_name.split(os.sep))
1705
1709
1706 @classmethod
1710 @classmethod
1707 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1711 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1708 session = Session()
1712 session = Session()
1709 q = session.query(cls).filter(cls.repo_name == repo_name)
1713 q = session.query(cls).filter(cls.repo_name == repo_name)
1710
1714
1711 if cache:
1715 if cache:
1712 if identity_cache:
1716 if identity_cache:
1713 val = cls.identity_cache(session, 'repo_name', repo_name)
1717 val = cls.identity_cache(session, 'repo_name', repo_name)
1714 if val:
1718 if val:
1715 return val
1719 return val
1716 else:
1720 else:
1717 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1721 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1718 q = q.options(
1722 q = q.options(
1719 FromCache("sql_cache_short", cache_key))
1723 FromCache("sql_cache_short", cache_key))
1720
1724
1721 return q.scalar()
1725 return q.scalar()
1722
1726
1723 @classmethod
1727 @classmethod
1724 def get_by_full_path(cls, repo_full_path):
1728 def get_by_full_path(cls, repo_full_path):
1725 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1729 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1726 repo_name = cls.normalize_repo_name(repo_name)
1730 repo_name = cls.normalize_repo_name(repo_name)
1727 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1731 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1728
1732
1729 @classmethod
1733 @classmethod
1730 def get_repo_forks(cls, repo_id):
1734 def get_repo_forks(cls, repo_id):
1731 return cls.query().filter(Repository.fork_id == repo_id)
1735 return cls.query().filter(Repository.fork_id == repo_id)
1732
1736
1733 @classmethod
1737 @classmethod
1734 def base_path(cls):
1738 def base_path(cls):
1735 """
1739 """
1736 Returns base path when all repos are stored
1740 Returns base path when all repos are stored
1737
1741
1738 :param cls:
1742 :param cls:
1739 """
1743 """
1740 q = Session().query(RhodeCodeUi)\
1744 q = Session().query(RhodeCodeUi)\
1741 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1745 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1742 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1746 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1743 return q.one().ui_value
1747 return q.one().ui_value
1744
1748
1745 @classmethod
1749 @classmethod
1746 def is_valid(cls, repo_name):
1750 def is_valid(cls, repo_name):
1747 """
1751 """
1748 returns True if given repo name is a valid filesystem repository
1752 returns True if given repo name is a valid filesystem repository
1749
1753
1750 :param cls:
1754 :param cls:
1751 :param repo_name:
1755 :param repo_name:
1752 """
1756 """
1753 from rhodecode.lib.utils import is_valid_repo
1757 from rhodecode.lib.utils import is_valid_repo
1754
1758
1755 return is_valid_repo(repo_name, cls.base_path())
1759 return is_valid_repo(repo_name, cls.base_path())
1756
1760
1757 @classmethod
1761 @classmethod
1758 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1762 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1759 case_insensitive=True):
1763 case_insensitive=True):
1760 q = Repository.query()
1764 q = Repository.query()
1761
1765
1762 if not isinstance(user_id, Optional):
1766 if not isinstance(user_id, Optional):
1763 q = q.filter(Repository.user_id == user_id)
1767 q = q.filter(Repository.user_id == user_id)
1764
1768
1765 if not isinstance(group_id, Optional):
1769 if not isinstance(group_id, Optional):
1766 q = q.filter(Repository.group_id == group_id)
1770 q = q.filter(Repository.group_id == group_id)
1767
1771
1768 if case_insensitive:
1772 if case_insensitive:
1769 q = q.order_by(func.lower(Repository.repo_name))
1773 q = q.order_by(func.lower(Repository.repo_name))
1770 else:
1774 else:
1771 q = q.order_by(Repository.repo_name)
1775 q = q.order_by(Repository.repo_name)
1772 return q.all()
1776 return q.all()
1773
1777
1774 @property
1778 @property
1775 def forks(self):
1779 def forks(self):
1776 """
1780 """
1777 Return forks of this repo
1781 Return forks of this repo
1778 """
1782 """
1779 return Repository.get_repo_forks(self.repo_id)
1783 return Repository.get_repo_forks(self.repo_id)
1780
1784
1781 @property
1785 @property
1782 def parent(self):
1786 def parent(self):
1783 """
1787 """
1784 Returns fork parent
1788 Returns fork parent
1785 """
1789 """
1786 return self.fork
1790 return self.fork
1787
1791
1788 @property
1792 @property
1789 def just_name(self):
1793 def just_name(self):
1790 return self.repo_name.split(self.NAME_SEP)[-1]
1794 return self.repo_name.split(self.NAME_SEP)[-1]
1791
1795
1792 @property
1796 @property
1793 def groups_with_parents(self):
1797 def groups_with_parents(self):
1794 groups = []
1798 groups = []
1795 if self.group is None:
1799 if self.group is None:
1796 return groups
1800 return groups
1797
1801
1798 cur_gr = self.group
1802 cur_gr = self.group
1799 groups.insert(0, cur_gr)
1803 groups.insert(0, cur_gr)
1800 while 1:
1804 while 1:
1801 gr = getattr(cur_gr, 'parent_group', None)
1805 gr = getattr(cur_gr, 'parent_group', None)
1802 cur_gr = cur_gr.parent_group
1806 cur_gr = cur_gr.parent_group
1803 if gr is None:
1807 if gr is None:
1804 break
1808 break
1805 groups.insert(0, gr)
1809 groups.insert(0, gr)
1806
1810
1807 return groups
1811 return groups
1808
1812
1809 @property
1813 @property
1810 def groups_and_repo(self):
1814 def groups_and_repo(self):
1811 return self.groups_with_parents, self
1815 return self.groups_with_parents, self
1812
1816
1813 @LazyProperty
1817 @LazyProperty
1814 def repo_path(self):
1818 def repo_path(self):
1815 """
1819 """
1816 Returns base full path for that repository means where it actually
1820 Returns base full path for that repository means where it actually
1817 exists on a filesystem
1821 exists on a filesystem
1818 """
1822 """
1819 q = Session().query(RhodeCodeUi).filter(
1823 q = Session().query(RhodeCodeUi).filter(
1820 RhodeCodeUi.ui_key == self.NAME_SEP)
1824 RhodeCodeUi.ui_key == self.NAME_SEP)
1821 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1825 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1822 return q.one().ui_value
1826 return q.one().ui_value
1823
1827
1824 @property
1828 @property
1825 def repo_full_path(self):
1829 def repo_full_path(self):
1826 p = [self.repo_path]
1830 p = [self.repo_path]
1827 # we need to split the name by / since this is how we store the
1831 # we need to split the name by / since this is how we store the
1828 # names in the database, but that eventually needs to be converted
1832 # names in the database, but that eventually needs to be converted
1829 # into a valid system path
1833 # into a valid system path
1830 p += self.repo_name.split(self.NAME_SEP)
1834 p += self.repo_name.split(self.NAME_SEP)
1831 return os.path.join(*map(safe_unicode, p))
1835 return os.path.join(*map(safe_unicode, p))
1832
1836
1833 @property
1837 @property
1834 def cache_keys(self):
1838 def cache_keys(self):
1835 """
1839 """
1836 Returns associated cache keys for that repo
1840 Returns associated cache keys for that repo
1837 """
1841 """
1838 return CacheKey.query()\
1842 return CacheKey.query()\
1839 .filter(CacheKey.cache_args == self.repo_name)\
1843 .filter(CacheKey.cache_args == self.repo_name)\
1840 .order_by(CacheKey.cache_key)\
1844 .order_by(CacheKey.cache_key)\
1841 .all()
1845 .all()
1842
1846
1843 def get_new_name(self, repo_name):
1847 def get_new_name(self, repo_name):
1844 """
1848 """
1845 returns new full repository name based on assigned group and new new
1849 returns new full repository name based on assigned group and new new
1846
1850
1847 :param group_name:
1851 :param group_name:
1848 """
1852 """
1849 path_prefix = self.group.full_path_splitted if self.group else []
1853 path_prefix = self.group.full_path_splitted if self.group else []
1850 return self.NAME_SEP.join(path_prefix + [repo_name])
1854 return self.NAME_SEP.join(path_prefix + [repo_name])
1851
1855
1852 @property
1856 @property
1853 def _config(self):
1857 def _config(self):
1854 """
1858 """
1855 Returns db based config object.
1859 Returns db based config object.
1856 """
1860 """
1857 from rhodecode.lib.utils import make_db_config
1861 from rhodecode.lib.utils import make_db_config
1858 return make_db_config(clear_session=False, repo=self)
1862 return make_db_config(clear_session=False, repo=self)
1859
1863
1860 def permissions(self, with_admins=True, with_owner=True):
1864 def permissions(self, with_admins=True, with_owner=True):
1861 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1865 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1862 q = q.options(joinedload(UserRepoToPerm.repository),
1866 q = q.options(joinedload(UserRepoToPerm.repository),
1863 joinedload(UserRepoToPerm.user),
1867 joinedload(UserRepoToPerm.user),
1864 joinedload(UserRepoToPerm.permission),)
1868 joinedload(UserRepoToPerm.permission),)
1865
1869
1866 # get owners and admins and permissions. We do a trick of re-writing
1870 # get owners and admins and permissions. We do a trick of re-writing
1867 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1871 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1868 # has a global reference and changing one object propagates to all
1872 # has a global reference and changing one object propagates to all
1869 # others. This means if admin is also an owner admin_row that change
1873 # others. This means if admin is also an owner admin_row that change
1870 # would propagate to both objects
1874 # would propagate to both objects
1871 perm_rows = []
1875 perm_rows = []
1872 for _usr in q.all():
1876 for _usr in q.all():
1873 usr = AttributeDict(_usr.user.get_dict())
1877 usr = AttributeDict(_usr.user.get_dict())
1874 usr.permission = _usr.permission.permission_name
1878 usr.permission = _usr.permission.permission_name
1875 perm_rows.append(usr)
1879 perm_rows.append(usr)
1876
1880
1877 # filter the perm rows by 'default' first and then sort them by
1881 # filter the perm rows by 'default' first and then sort them by
1878 # admin,write,read,none permissions sorted again alphabetically in
1882 # admin,write,read,none permissions sorted again alphabetically in
1879 # each group
1883 # each group
1880 perm_rows = sorted(perm_rows, key=display_user_sort)
1884 perm_rows = sorted(perm_rows, key=display_user_sort)
1881
1885
1882 _admin_perm = 'repository.admin'
1886 _admin_perm = 'repository.admin'
1883 owner_row = []
1887 owner_row = []
1884 if with_owner:
1888 if with_owner:
1885 usr = AttributeDict(self.user.get_dict())
1889 usr = AttributeDict(self.user.get_dict())
1886 usr.owner_row = True
1890 usr.owner_row = True
1887 usr.permission = _admin_perm
1891 usr.permission = _admin_perm
1888 owner_row.append(usr)
1892 owner_row.append(usr)
1889
1893
1890 super_admin_rows = []
1894 super_admin_rows = []
1891 if with_admins:
1895 if with_admins:
1892 for usr in User.get_all_super_admins():
1896 for usr in User.get_all_super_admins():
1893 # if this admin is also owner, don't double the record
1897 # if this admin is also owner, don't double the record
1894 if usr.user_id == owner_row[0].user_id:
1898 if usr.user_id == owner_row[0].user_id:
1895 owner_row[0].admin_row = True
1899 owner_row[0].admin_row = True
1896 else:
1900 else:
1897 usr = AttributeDict(usr.get_dict())
1901 usr = AttributeDict(usr.get_dict())
1898 usr.admin_row = True
1902 usr.admin_row = True
1899 usr.permission = _admin_perm
1903 usr.permission = _admin_perm
1900 super_admin_rows.append(usr)
1904 super_admin_rows.append(usr)
1901
1905
1902 return super_admin_rows + owner_row + perm_rows
1906 return super_admin_rows + owner_row + perm_rows
1903
1907
1904 def permission_user_groups(self):
1908 def permission_user_groups(self):
1905 q = UserGroupRepoToPerm.query().filter(
1909 q = UserGroupRepoToPerm.query().filter(
1906 UserGroupRepoToPerm.repository == self)
1910 UserGroupRepoToPerm.repository == self)
1907 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1911 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1908 joinedload(UserGroupRepoToPerm.users_group),
1912 joinedload(UserGroupRepoToPerm.users_group),
1909 joinedload(UserGroupRepoToPerm.permission),)
1913 joinedload(UserGroupRepoToPerm.permission),)
1910
1914
1911 perm_rows = []
1915 perm_rows = []
1912 for _user_group in q.all():
1916 for _user_group in q.all():
1913 usr = AttributeDict(_user_group.users_group.get_dict())
1917 usr = AttributeDict(_user_group.users_group.get_dict())
1914 usr.permission = _user_group.permission.permission_name
1918 usr.permission = _user_group.permission.permission_name
1915 perm_rows.append(usr)
1919 perm_rows.append(usr)
1916
1920
1917 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1921 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1918 return perm_rows
1922 return perm_rows
1919
1923
1920 def get_api_data(self, include_secrets=False):
1924 def get_api_data(self, include_secrets=False):
1921 """
1925 """
1922 Common function for generating repo api data
1926 Common function for generating repo api data
1923
1927
1924 :param include_secrets: See :meth:`User.get_api_data`.
1928 :param include_secrets: See :meth:`User.get_api_data`.
1925
1929
1926 """
1930 """
1927 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1931 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1928 # move this methods on models level.
1932 # move this methods on models level.
1929 from rhodecode.model.settings import SettingsModel
1933 from rhodecode.model.settings import SettingsModel
1930 from rhodecode.model.repo import RepoModel
1934 from rhodecode.model.repo import RepoModel
1931
1935
1932 repo = self
1936 repo = self
1933 _user_id, _time, _reason = self.locked
1937 _user_id, _time, _reason = self.locked
1934
1938
1935 data = {
1939 data = {
1936 'repo_id': repo.repo_id,
1940 'repo_id': repo.repo_id,
1937 'repo_name': repo.repo_name,
1941 'repo_name': repo.repo_name,
1938 'repo_type': repo.repo_type,
1942 'repo_type': repo.repo_type,
1939 'clone_uri': repo.clone_uri or '',
1943 'clone_uri': repo.clone_uri or '',
1940 'url': RepoModel().get_url(self),
1944 'url': RepoModel().get_url(self),
1941 'private': repo.private,
1945 'private': repo.private,
1942 'created_on': repo.created_on,
1946 'created_on': repo.created_on,
1943 'description': repo.description_safe,
1947 'description': repo.description_safe,
1944 'landing_rev': repo.landing_rev,
1948 'landing_rev': repo.landing_rev,
1945 'owner': repo.user.username,
1949 'owner': repo.user.username,
1946 'fork_of': repo.fork.repo_name if repo.fork else None,
1950 'fork_of': repo.fork.repo_name if repo.fork else None,
1947 'fork_of_id': repo.fork.repo_id if repo.fork else None,
1951 'fork_of_id': repo.fork.repo_id if repo.fork else None,
1948 'enable_statistics': repo.enable_statistics,
1952 'enable_statistics': repo.enable_statistics,
1949 'enable_locking': repo.enable_locking,
1953 'enable_locking': repo.enable_locking,
1950 'enable_downloads': repo.enable_downloads,
1954 'enable_downloads': repo.enable_downloads,
1951 'last_changeset': repo.changeset_cache,
1955 'last_changeset': repo.changeset_cache,
1952 'locked_by': User.get(_user_id).get_api_data(
1956 'locked_by': User.get(_user_id).get_api_data(
1953 include_secrets=include_secrets) if _user_id else None,
1957 include_secrets=include_secrets) if _user_id else None,
1954 'locked_date': time_to_datetime(_time) if _time else None,
1958 'locked_date': time_to_datetime(_time) if _time else None,
1955 'lock_reason': _reason if _reason else None,
1959 'lock_reason': _reason if _reason else None,
1956 }
1960 }
1957
1961
1958 # TODO: mikhail: should be per-repo settings here
1962 # TODO: mikhail: should be per-repo settings here
1959 rc_config = SettingsModel().get_all_settings()
1963 rc_config = SettingsModel().get_all_settings()
1960 repository_fields = str2bool(
1964 repository_fields = str2bool(
1961 rc_config.get('rhodecode_repository_fields'))
1965 rc_config.get('rhodecode_repository_fields'))
1962 if repository_fields:
1966 if repository_fields:
1963 for f in self.extra_fields:
1967 for f in self.extra_fields:
1964 data[f.field_key_prefixed] = f.field_value
1968 data[f.field_key_prefixed] = f.field_value
1965
1969
1966 return data
1970 return data
1967
1971
1968 @classmethod
1972 @classmethod
1969 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
1973 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
1970 if not lock_time:
1974 if not lock_time:
1971 lock_time = time.time()
1975 lock_time = time.time()
1972 if not lock_reason:
1976 if not lock_reason:
1973 lock_reason = cls.LOCK_AUTOMATIC
1977 lock_reason = cls.LOCK_AUTOMATIC
1974 repo.locked = [user_id, lock_time, lock_reason]
1978 repo.locked = [user_id, lock_time, lock_reason]
1975 Session().add(repo)
1979 Session().add(repo)
1976 Session().commit()
1980 Session().commit()
1977
1981
1978 @classmethod
1982 @classmethod
1979 def unlock(cls, repo):
1983 def unlock(cls, repo):
1980 repo.locked = None
1984 repo.locked = None
1981 Session().add(repo)
1985 Session().add(repo)
1982 Session().commit()
1986 Session().commit()
1983
1987
1984 @classmethod
1988 @classmethod
1985 def getlock(cls, repo):
1989 def getlock(cls, repo):
1986 return repo.locked
1990 return repo.locked
1987
1991
1988 def is_user_lock(self, user_id):
1992 def is_user_lock(self, user_id):
1989 if self.lock[0]:
1993 if self.lock[0]:
1990 lock_user_id = safe_int(self.lock[0])
1994 lock_user_id = safe_int(self.lock[0])
1991 user_id = safe_int(user_id)
1995 user_id = safe_int(user_id)
1992 # both are ints, and they are equal
1996 # both are ints, and they are equal
1993 return all([lock_user_id, user_id]) and lock_user_id == user_id
1997 return all([lock_user_id, user_id]) and lock_user_id == user_id
1994
1998
1995 return False
1999 return False
1996
2000
1997 def get_locking_state(self, action, user_id, only_when_enabled=True):
2001 def get_locking_state(self, action, user_id, only_when_enabled=True):
1998 """
2002 """
1999 Checks locking on this repository, if locking is enabled and lock is
2003 Checks locking on this repository, if locking is enabled and lock is
2000 present returns a tuple of make_lock, locked, locked_by.
2004 present returns a tuple of make_lock, locked, locked_by.
2001 make_lock can have 3 states None (do nothing) True, make lock
2005 make_lock can have 3 states None (do nothing) True, make lock
2002 False release lock, This value is later propagated to hooks, which
2006 False release lock, This value is later propagated to hooks, which
2003 do the locking. Think about this as signals passed to hooks what to do.
2007 do the locking. Think about this as signals passed to hooks what to do.
2004
2008
2005 """
2009 """
2006 # TODO: johbo: This is part of the business logic and should be moved
2010 # TODO: johbo: This is part of the business logic and should be moved
2007 # into the RepositoryModel.
2011 # into the RepositoryModel.
2008
2012
2009 if action not in ('push', 'pull'):
2013 if action not in ('push', 'pull'):
2010 raise ValueError("Invalid action value: %s" % repr(action))
2014 raise ValueError("Invalid action value: %s" % repr(action))
2011
2015
2012 # defines if locked error should be thrown to user
2016 # defines if locked error should be thrown to user
2013 currently_locked = False
2017 currently_locked = False
2014 # defines if new lock should be made, tri-state
2018 # defines if new lock should be made, tri-state
2015 make_lock = None
2019 make_lock = None
2016 repo = self
2020 repo = self
2017 user = User.get(user_id)
2021 user = User.get(user_id)
2018
2022
2019 lock_info = repo.locked
2023 lock_info = repo.locked
2020
2024
2021 if repo and (repo.enable_locking or not only_when_enabled):
2025 if repo and (repo.enable_locking or not only_when_enabled):
2022 if action == 'push':
2026 if action == 'push':
2023 # check if it's already locked !, if it is compare users
2027 # check if it's already locked !, if it is compare users
2024 locked_by_user_id = lock_info[0]
2028 locked_by_user_id = lock_info[0]
2025 if user.user_id == locked_by_user_id:
2029 if user.user_id == locked_by_user_id:
2026 log.debug(
2030 log.debug(
2027 'Got `push` action from user %s, now unlocking', user)
2031 'Got `push` action from user %s, now unlocking', user)
2028 # unlock if we have push from user who locked
2032 # unlock if we have push from user who locked
2029 make_lock = False
2033 make_lock = False
2030 else:
2034 else:
2031 # we're not the same user who locked, ban with
2035 # we're not the same user who locked, ban with
2032 # code defined in settings (default is 423 HTTP Locked) !
2036 # code defined in settings (default is 423 HTTP Locked) !
2033 log.debug('Repo %s is currently locked by %s', repo, user)
2037 log.debug('Repo %s is currently locked by %s', repo, user)
2034 currently_locked = True
2038 currently_locked = True
2035 elif action == 'pull':
2039 elif action == 'pull':
2036 # [0] user [1] date
2040 # [0] user [1] date
2037 if lock_info[0] and lock_info[1]:
2041 if lock_info[0] and lock_info[1]:
2038 log.debug('Repo %s is currently locked by %s', repo, user)
2042 log.debug('Repo %s is currently locked by %s', repo, user)
2039 currently_locked = True
2043 currently_locked = True
2040 else:
2044 else:
2041 log.debug('Setting lock on repo %s by %s', repo, user)
2045 log.debug('Setting lock on repo %s by %s', repo, user)
2042 make_lock = True
2046 make_lock = True
2043
2047
2044 else:
2048 else:
2045 log.debug('Repository %s do not have locking enabled', repo)
2049 log.debug('Repository %s do not have locking enabled', repo)
2046
2050
2047 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
2051 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
2048 make_lock, currently_locked, lock_info)
2052 make_lock, currently_locked, lock_info)
2049
2053
2050 from rhodecode.lib.auth import HasRepoPermissionAny
2054 from rhodecode.lib.auth import HasRepoPermissionAny
2051 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
2055 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
2052 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
2056 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
2053 # if we don't have at least write permission we cannot make a lock
2057 # if we don't have at least write permission we cannot make a lock
2054 log.debug('lock state reset back to FALSE due to lack '
2058 log.debug('lock state reset back to FALSE due to lack '
2055 'of at least read permission')
2059 'of at least read permission')
2056 make_lock = False
2060 make_lock = False
2057
2061
2058 return make_lock, currently_locked, lock_info
2062 return make_lock, currently_locked, lock_info
2059
2063
2060 @property
2064 @property
2061 def last_db_change(self):
2065 def last_db_change(self):
2062 return self.updated_on
2066 return self.updated_on
2063
2067
2064 @property
2068 @property
2065 def clone_uri_hidden(self):
2069 def clone_uri_hidden(self):
2066 clone_uri = self.clone_uri
2070 clone_uri = self.clone_uri
2067 if clone_uri:
2071 if clone_uri:
2068 import urlobject
2072 import urlobject
2069 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2073 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2070 if url_obj.password:
2074 if url_obj.password:
2071 clone_uri = url_obj.with_password('*****')
2075 clone_uri = url_obj.with_password('*****')
2072 return clone_uri
2076 return clone_uri
2073
2077
2074 def clone_url(self, **override):
2078 def clone_url(self, **override):
2075 from rhodecode.model.settings import SettingsModel
2079 from rhodecode.model.settings import SettingsModel
2076
2080
2077 uri_tmpl = None
2081 uri_tmpl = None
2078 if 'with_id' in override:
2082 if 'with_id' in override:
2079 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2083 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2080 del override['with_id']
2084 del override['with_id']
2081
2085
2082 if 'uri_tmpl' in override:
2086 if 'uri_tmpl' in override:
2083 uri_tmpl = override['uri_tmpl']
2087 uri_tmpl = override['uri_tmpl']
2084 del override['uri_tmpl']
2088 del override['uri_tmpl']
2085
2089
2086 # we didn't override our tmpl from **overrides
2090 # we didn't override our tmpl from **overrides
2087 if not uri_tmpl:
2091 if not uri_tmpl:
2088 rc_config = SettingsModel().get_all_settings(cache=True)
2092 rc_config = SettingsModel().get_all_settings(cache=True)
2089 uri_tmpl = rc_config.get(
2093 uri_tmpl = rc_config.get(
2090 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2094 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2091
2095
2092 request = get_current_request()
2096 request = get_current_request()
2093 return get_clone_url(request=request,
2097 return get_clone_url(request=request,
2094 uri_tmpl=uri_tmpl,
2098 uri_tmpl=uri_tmpl,
2095 repo_name=self.repo_name,
2099 repo_name=self.repo_name,
2096 repo_id=self.repo_id, **override)
2100 repo_id=self.repo_id, **override)
2097
2101
2098 def set_state(self, state):
2102 def set_state(self, state):
2099 self.repo_state = state
2103 self.repo_state = state
2100 Session().add(self)
2104 Session().add(self)
2101 #==========================================================================
2105 #==========================================================================
2102 # SCM PROPERTIES
2106 # SCM PROPERTIES
2103 #==========================================================================
2107 #==========================================================================
2104
2108
2105 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2109 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2106 return get_commit_safe(
2110 return get_commit_safe(
2107 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2111 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2108
2112
2109 def get_changeset(self, rev=None, pre_load=None):
2113 def get_changeset(self, rev=None, pre_load=None):
2110 warnings.warn("Use get_commit", DeprecationWarning)
2114 warnings.warn("Use get_commit", DeprecationWarning)
2111 commit_id = None
2115 commit_id = None
2112 commit_idx = None
2116 commit_idx = None
2113 if isinstance(rev, basestring):
2117 if isinstance(rev, basestring):
2114 commit_id = rev
2118 commit_id = rev
2115 else:
2119 else:
2116 commit_idx = rev
2120 commit_idx = rev
2117 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2121 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2118 pre_load=pre_load)
2122 pre_load=pre_load)
2119
2123
2120 def get_landing_commit(self):
2124 def get_landing_commit(self):
2121 """
2125 """
2122 Returns landing commit, or if that doesn't exist returns the tip
2126 Returns landing commit, or if that doesn't exist returns the tip
2123 """
2127 """
2124 _rev_type, _rev = self.landing_rev
2128 _rev_type, _rev = self.landing_rev
2125 commit = self.get_commit(_rev)
2129 commit = self.get_commit(_rev)
2126 if isinstance(commit, EmptyCommit):
2130 if isinstance(commit, EmptyCommit):
2127 return self.get_commit()
2131 return self.get_commit()
2128 return commit
2132 return commit
2129
2133
2130 def update_commit_cache(self, cs_cache=None, config=None):
2134 def update_commit_cache(self, cs_cache=None, config=None):
2131 """
2135 """
2132 Update cache of last changeset for repository, keys should be::
2136 Update cache of last changeset for repository, keys should be::
2133
2137
2134 short_id
2138 short_id
2135 raw_id
2139 raw_id
2136 revision
2140 revision
2137 parents
2141 parents
2138 message
2142 message
2139 date
2143 date
2140 author
2144 author
2141
2145
2142 :param cs_cache:
2146 :param cs_cache:
2143 """
2147 """
2144 from rhodecode.lib.vcs.backends.base import BaseChangeset
2148 from rhodecode.lib.vcs.backends.base import BaseChangeset
2145 if cs_cache is None:
2149 if cs_cache is None:
2146 # use no-cache version here
2150 # use no-cache version here
2147 scm_repo = self.scm_instance(cache=False, config=config)
2151 scm_repo = self.scm_instance(cache=False, config=config)
2148 if scm_repo:
2152 if scm_repo:
2149 cs_cache = scm_repo.get_commit(
2153 cs_cache = scm_repo.get_commit(
2150 pre_load=["author", "date", "message", "parents"])
2154 pre_load=["author", "date", "message", "parents"])
2151 else:
2155 else:
2152 cs_cache = EmptyCommit()
2156 cs_cache = EmptyCommit()
2153
2157
2154 if isinstance(cs_cache, BaseChangeset):
2158 if isinstance(cs_cache, BaseChangeset):
2155 cs_cache = cs_cache.__json__()
2159 cs_cache = cs_cache.__json__()
2156
2160
2157 def is_outdated(new_cs_cache):
2161 def is_outdated(new_cs_cache):
2158 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2162 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2159 new_cs_cache['revision'] != self.changeset_cache['revision']):
2163 new_cs_cache['revision'] != self.changeset_cache['revision']):
2160 return True
2164 return True
2161 return False
2165 return False
2162
2166
2163 # check if we have maybe already latest cached revision
2167 # check if we have maybe already latest cached revision
2164 if is_outdated(cs_cache) or not self.changeset_cache:
2168 if is_outdated(cs_cache) or not self.changeset_cache:
2165 _default = datetime.datetime.fromtimestamp(0)
2169 _default = datetime.datetime.fromtimestamp(0)
2166 last_change = cs_cache.get('date') or _default
2170 last_change = cs_cache.get('date') or _default
2167 log.debug('updated repo %s with new cs cache %s',
2171 log.debug('updated repo %s with new cs cache %s',
2168 self.repo_name, cs_cache)
2172 self.repo_name, cs_cache)
2169 self.updated_on = last_change
2173 self.updated_on = last_change
2170 self.changeset_cache = cs_cache
2174 self.changeset_cache = cs_cache
2171 Session().add(self)
2175 Session().add(self)
2172 Session().commit()
2176 Session().commit()
2173 else:
2177 else:
2174 log.debug('Skipping update_commit_cache for repo:`%s` '
2178 log.debug('Skipping update_commit_cache for repo:`%s` '
2175 'commit already with latest changes', self.repo_name)
2179 'commit already with latest changes', self.repo_name)
2176
2180
2177 @property
2181 @property
2178 def tip(self):
2182 def tip(self):
2179 return self.get_commit('tip')
2183 return self.get_commit('tip')
2180
2184
2181 @property
2185 @property
2182 def author(self):
2186 def author(self):
2183 return self.tip.author
2187 return self.tip.author
2184
2188
2185 @property
2189 @property
2186 def last_change(self):
2190 def last_change(self):
2187 return self.scm_instance().last_change
2191 return self.scm_instance().last_change
2188
2192
2189 def get_comments(self, revisions=None):
2193 def get_comments(self, revisions=None):
2190 """
2194 """
2191 Returns comments for this repository grouped by revisions
2195 Returns comments for this repository grouped by revisions
2192
2196
2193 :param revisions: filter query by revisions only
2197 :param revisions: filter query by revisions only
2194 """
2198 """
2195 cmts = ChangesetComment.query()\
2199 cmts = ChangesetComment.query()\
2196 .filter(ChangesetComment.repo == self)
2200 .filter(ChangesetComment.repo == self)
2197 if revisions:
2201 if revisions:
2198 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2202 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2199 grouped = collections.defaultdict(list)
2203 grouped = collections.defaultdict(list)
2200 for cmt in cmts.all():
2204 for cmt in cmts.all():
2201 grouped[cmt.revision].append(cmt)
2205 grouped[cmt.revision].append(cmt)
2202 return grouped
2206 return grouped
2203
2207
2204 def statuses(self, revisions=None):
2208 def statuses(self, revisions=None):
2205 """
2209 """
2206 Returns statuses for this repository
2210 Returns statuses for this repository
2207
2211
2208 :param revisions: list of revisions to get statuses for
2212 :param revisions: list of revisions to get statuses for
2209 """
2213 """
2210 statuses = ChangesetStatus.query()\
2214 statuses = ChangesetStatus.query()\
2211 .filter(ChangesetStatus.repo == self)\
2215 .filter(ChangesetStatus.repo == self)\
2212 .filter(ChangesetStatus.version == 0)
2216 .filter(ChangesetStatus.version == 0)
2213
2217
2214 if revisions:
2218 if revisions:
2215 # Try doing the filtering in chunks to avoid hitting limits
2219 # Try doing the filtering in chunks to avoid hitting limits
2216 size = 500
2220 size = 500
2217 status_results = []
2221 status_results = []
2218 for chunk in xrange(0, len(revisions), size):
2222 for chunk in xrange(0, len(revisions), size):
2219 status_results += statuses.filter(
2223 status_results += statuses.filter(
2220 ChangesetStatus.revision.in_(
2224 ChangesetStatus.revision.in_(
2221 revisions[chunk: chunk+size])
2225 revisions[chunk: chunk+size])
2222 ).all()
2226 ).all()
2223 else:
2227 else:
2224 status_results = statuses.all()
2228 status_results = statuses.all()
2225
2229
2226 grouped = {}
2230 grouped = {}
2227
2231
2228 # maybe we have open new pullrequest without a status?
2232 # maybe we have open new pullrequest without a status?
2229 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2233 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2230 status_lbl = ChangesetStatus.get_status_lbl(stat)
2234 status_lbl = ChangesetStatus.get_status_lbl(stat)
2231 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2235 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2232 for rev in pr.revisions:
2236 for rev in pr.revisions:
2233 pr_id = pr.pull_request_id
2237 pr_id = pr.pull_request_id
2234 pr_repo = pr.target_repo.repo_name
2238 pr_repo = pr.target_repo.repo_name
2235 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2239 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2236
2240
2237 for stat in status_results:
2241 for stat in status_results:
2238 pr_id = pr_repo = None
2242 pr_id = pr_repo = None
2239 if stat.pull_request:
2243 if stat.pull_request:
2240 pr_id = stat.pull_request.pull_request_id
2244 pr_id = stat.pull_request.pull_request_id
2241 pr_repo = stat.pull_request.target_repo.repo_name
2245 pr_repo = stat.pull_request.target_repo.repo_name
2242 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2246 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2243 pr_id, pr_repo]
2247 pr_id, pr_repo]
2244 return grouped
2248 return grouped
2245
2249
2246 # ==========================================================================
2250 # ==========================================================================
2247 # SCM CACHE INSTANCE
2251 # SCM CACHE INSTANCE
2248 # ==========================================================================
2252 # ==========================================================================
2249
2253
2250 def scm_instance(self, **kwargs):
2254 def scm_instance(self, **kwargs):
2251 import rhodecode
2255 import rhodecode
2252
2256
2253 # Passing a config will not hit the cache currently only used
2257 # Passing a config will not hit the cache currently only used
2254 # for repo2dbmapper
2258 # for repo2dbmapper
2255 config = kwargs.pop('config', None)
2259 config = kwargs.pop('config', None)
2256 cache = kwargs.pop('cache', None)
2260 cache = kwargs.pop('cache', None)
2257 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2261 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2258 # if cache is NOT defined use default global, else we have a full
2262 # if cache is NOT defined use default global, else we have a full
2259 # control over cache behaviour
2263 # control over cache behaviour
2260 if cache is None and full_cache and not config:
2264 if cache is None and full_cache and not config:
2261 return self._get_instance_cached()
2265 return self._get_instance_cached()
2262 return self._get_instance(cache=bool(cache), config=config)
2266 return self._get_instance(cache=bool(cache), config=config)
2263
2267
2264 def _get_instance_cached(self):
2268 def _get_instance_cached(self):
2265 @cache_region('long_term')
2269 @cache_region('long_term')
2266 def _get_repo(cache_key):
2270 def _get_repo(cache_key):
2267 return self._get_instance()
2271 return self._get_instance()
2268
2272
2269 invalidator_context = CacheKey.repo_context_cache(
2273 invalidator_context = CacheKey.repo_context_cache(
2270 _get_repo, self.repo_name, None, thread_scoped=True)
2274 _get_repo, self.repo_name, None, thread_scoped=True)
2271
2275
2272 with invalidator_context as context:
2276 with invalidator_context as context:
2273 context.invalidate()
2277 context.invalidate()
2274 repo = context.compute()
2278 repo = context.compute()
2275
2279
2276 return repo
2280 return repo
2277
2281
2278 def _get_instance(self, cache=True, config=None):
2282 def _get_instance(self, cache=True, config=None):
2279 config = config or self._config
2283 config = config or self._config
2280 custom_wire = {
2284 custom_wire = {
2281 'cache': cache # controls the vcs.remote cache
2285 'cache': cache # controls the vcs.remote cache
2282 }
2286 }
2283 repo = get_vcs_instance(
2287 repo = get_vcs_instance(
2284 repo_path=safe_str(self.repo_full_path),
2288 repo_path=safe_str(self.repo_full_path),
2285 config=config,
2289 config=config,
2286 with_wire=custom_wire,
2290 with_wire=custom_wire,
2287 create=False,
2291 create=False,
2288 _vcs_alias=self.repo_type)
2292 _vcs_alias=self.repo_type)
2289
2293
2290 return repo
2294 return repo
2291
2295
2292 def __json__(self):
2296 def __json__(self):
2293 return {'landing_rev': self.landing_rev}
2297 return {'landing_rev': self.landing_rev}
2294
2298
2295 def get_dict(self):
2299 def get_dict(self):
2296
2300
2297 # Since we transformed `repo_name` to a hybrid property, we need to
2301 # Since we transformed `repo_name` to a hybrid property, we need to
2298 # keep compatibility with the code which uses `repo_name` field.
2302 # keep compatibility with the code which uses `repo_name` field.
2299
2303
2300 result = super(Repository, self).get_dict()
2304 result = super(Repository, self).get_dict()
2301 result['repo_name'] = result.pop('_repo_name', None)
2305 result['repo_name'] = result.pop('_repo_name', None)
2302 return result
2306 return result
2303
2307
2304
2308
2305 class RepoGroup(Base, BaseModel):
2309 class RepoGroup(Base, BaseModel):
2306 __tablename__ = 'groups'
2310 __tablename__ = 'groups'
2307 __table_args__ = (
2311 __table_args__ = (
2308 UniqueConstraint('group_name', 'group_parent_id'),
2312 UniqueConstraint('group_name', 'group_parent_id'),
2309 CheckConstraint('group_id != group_parent_id'),
2313 CheckConstraint('group_id != group_parent_id'),
2310 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2314 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2311 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2315 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2312 )
2316 )
2313 __mapper_args__ = {'order_by': 'group_name'}
2317 __mapper_args__ = {'order_by': 'group_name'}
2314
2318
2315 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2319 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2316
2320
2317 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2321 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2318 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2322 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2319 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2323 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2320 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2324 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2321 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2325 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2322 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2326 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2323 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2327 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2324 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2328 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2325 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2329 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2326
2330
2327 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2331 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2328 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2332 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2329 parent_group = relationship('RepoGroup', remote_side=group_id)
2333 parent_group = relationship('RepoGroup', remote_side=group_id)
2330 user = relationship('User')
2334 user = relationship('User')
2331 integrations = relationship('Integration',
2335 integrations = relationship('Integration',
2332 cascade="all, delete, delete-orphan")
2336 cascade="all, delete, delete-orphan")
2333
2337
2334 def __init__(self, group_name='', parent_group=None):
2338 def __init__(self, group_name='', parent_group=None):
2335 self.group_name = group_name
2339 self.group_name = group_name
2336 self.parent_group = parent_group
2340 self.parent_group = parent_group
2337
2341
2338 def __unicode__(self):
2342 def __unicode__(self):
2339 return u"<%s('id:%s:%s')>" % (
2343 return u"<%s('id:%s:%s')>" % (
2340 self.__class__.__name__, self.group_id, self.group_name)
2344 self.__class__.__name__, self.group_id, self.group_name)
2341
2345
2342 @hybrid_property
2346 @hybrid_property
2343 def description_safe(self):
2347 def description_safe(self):
2344 from rhodecode.lib import helpers as h
2348 from rhodecode.lib import helpers as h
2345 return h.escape(self.group_description)
2349 return h.escape(self.group_description)
2346
2350
2347 @classmethod
2351 @classmethod
2348 def _generate_choice(cls, repo_group):
2352 def _generate_choice(cls, repo_group):
2349 from webhelpers.html import literal as _literal
2353 from webhelpers.html import literal as _literal
2350 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2354 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2351 return repo_group.group_id, _name(repo_group.full_path_splitted)
2355 return repo_group.group_id, _name(repo_group.full_path_splitted)
2352
2356
2353 @classmethod
2357 @classmethod
2354 def groups_choices(cls, groups=None, show_empty_group=True):
2358 def groups_choices(cls, groups=None, show_empty_group=True):
2355 if not groups:
2359 if not groups:
2356 groups = cls.query().all()
2360 groups = cls.query().all()
2357
2361
2358 repo_groups = []
2362 repo_groups = []
2359 if show_empty_group:
2363 if show_empty_group:
2360 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2364 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2361
2365
2362 repo_groups.extend([cls._generate_choice(x) for x in groups])
2366 repo_groups.extend([cls._generate_choice(x) for x in groups])
2363
2367
2364 repo_groups = sorted(
2368 repo_groups = sorted(
2365 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2369 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2366 return repo_groups
2370 return repo_groups
2367
2371
2368 @classmethod
2372 @classmethod
2369 def url_sep(cls):
2373 def url_sep(cls):
2370 return URL_SEP
2374 return URL_SEP
2371
2375
2372 @classmethod
2376 @classmethod
2373 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2377 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2374 if case_insensitive:
2378 if case_insensitive:
2375 gr = cls.query().filter(func.lower(cls.group_name)
2379 gr = cls.query().filter(func.lower(cls.group_name)
2376 == func.lower(group_name))
2380 == func.lower(group_name))
2377 else:
2381 else:
2378 gr = cls.query().filter(cls.group_name == group_name)
2382 gr = cls.query().filter(cls.group_name == group_name)
2379 if cache:
2383 if cache:
2380 name_key = _hash_key(group_name)
2384 name_key = _hash_key(group_name)
2381 gr = gr.options(
2385 gr = gr.options(
2382 FromCache("sql_cache_short", "get_group_%s" % name_key))
2386 FromCache("sql_cache_short", "get_group_%s" % name_key))
2383 return gr.scalar()
2387 return gr.scalar()
2384
2388
2385 @classmethod
2389 @classmethod
2386 def get_user_personal_repo_group(cls, user_id):
2390 def get_user_personal_repo_group(cls, user_id):
2387 user = User.get(user_id)
2391 user = User.get(user_id)
2388 if user.username == User.DEFAULT_USER:
2392 if user.username == User.DEFAULT_USER:
2389 return None
2393 return None
2390
2394
2391 return cls.query()\
2395 return cls.query()\
2392 .filter(cls.personal == true()) \
2396 .filter(cls.personal == true()) \
2393 .filter(cls.user == user).scalar()
2397 .filter(cls.user == user).scalar()
2394
2398
2395 @classmethod
2399 @classmethod
2396 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2400 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2397 case_insensitive=True):
2401 case_insensitive=True):
2398 q = RepoGroup.query()
2402 q = RepoGroup.query()
2399
2403
2400 if not isinstance(user_id, Optional):
2404 if not isinstance(user_id, Optional):
2401 q = q.filter(RepoGroup.user_id == user_id)
2405 q = q.filter(RepoGroup.user_id == user_id)
2402
2406
2403 if not isinstance(group_id, Optional):
2407 if not isinstance(group_id, Optional):
2404 q = q.filter(RepoGroup.group_parent_id == group_id)
2408 q = q.filter(RepoGroup.group_parent_id == group_id)
2405
2409
2406 if case_insensitive:
2410 if case_insensitive:
2407 q = q.order_by(func.lower(RepoGroup.group_name))
2411 q = q.order_by(func.lower(RepoGroup.group_name))
2408 else:
2412 else:
2409 q = q.order_by(RepoGroup.group_name)
2413 q = q.order_by(RepoGroup.group_name)
2410 return q.all()
2414 return q.all()
2411
2415
2412 @property
2416 @property
2413 def parents(self):
2417 def parents(self):
2414 parents_recursion_limit = 10
2418 parents_recursion_limit = 10
2415 groups = []
2419 groups = []
2416 if self.parent_group is None:
2420 if self.parent_group is None:
2417 return groups
2421 return groups
2418 cur_gr = self.parent_group
2422 cur_gr = self.parent_group
2419 groups.insert(0, cur_gr)
2423 groups.insert(0, cur_gr)
2420 cnt = 0
2424 cnt = 0
2421 while 1:
2425 while 1:
2422 cnt += 1
2426 cnt += 1
2423 gr = getattr(cur_gr, 'parent_group', None)
2427 gr = getattr(cur_gr, 'parent_group', None)
2424 cur_gr = cur_gr.parent_group
2428 cur_gr = cur_gr.parent_group
2425 if gr is None:
2429 if gr is None:
2426 break
2430 break
2427 if cnt == parents_recursion_limit:
2431 if cnt == parents_recursion_limit:
2428 # this will prevent accidental infinit loops
2432 # this will prevent accidental infinit loops
2429 log.error(('more than %s parents found for group %s, stopping '
2433 log.error(('more than %s parents found for group %s, stopping '
2430 'recursive parent fetching' % (parents_recursion_limit, self)))
2434 'recursive parent fetching' % (parents_recursion_limit, self)))
2431 break
2435 break
2432
2436
2433 groups.insert(0, gr)
2437 groups.insert(0, gr)
2434 return groups
2438 return groups
2435
2439
2436 @property
2440 @property
2437 def last_db_change(self):
2441 def last_db_change(self):
2438 return self.updated_on
2442 return self.updated_on
2439
2443
2440 @property
2444 @property
2441 def children(self):
2445 def children(self):
2442 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2446 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2443
2447
2444 @property
2448 @property
2445 def name(self):
2449 def name(self):
2446 return self.group_name.split(RepoGroup.url_sep())[-1]
2450 return self.group_name.split(RepoGroup.url_sep())[-1]
2447
2451
2448 @property
2452 @property
2449 def full_path(self):
2453 def full_path(self):
2450 return self.group_name
2454 return self.group_name
2451
2455
2452 @property
2456 @property
2453 def full_path_splitted(self):
2457 def full_path_splitted(self):
2454 return self.group_name.split(RepoGroup.url_sep())
2458 return self.group_name.split(RepoGroup.url_sep())
2455
2459
2456 @property
2460 @property
2457 def repositories(self):
2461 def repositories(self):
2458 return Repository.query()\
2462 return Repository.query()\
2459 .filter(Repository.group == self)\
2463 .filter(Repository.group == self)\
2460 .order_by(Repository.repo_name)
2464 .order_by(Repository.repo_name)
2461
2465
2462 @property
2466 @property
2463 def repositories_recursive_count(self):
2467 def repositories_recursive_count(self):
2464 cnt = self.repositories.count()
2468 cnt = self.repositories.count()
2465
2469
2466 def children_count(group):
2470 def children_count(group):
2467 cnt = 0
2471 cnt = 0
2468 for child in group.children:
2472 for child in group.children:
2469 cnt += child.repositories.count()
2473 cnt += child.repositories.count()
2470 cnt += children_count(child)
2474 cnt += children_count(child)
2471 return cnt
2475 return cnt
2472
2476
2473 return cnt + children_count(self)
2477 return cnt + children_count(self)
2474
2478
2475 def _recursive_objects(self, include_repos=True):
2479 def _recursive_objects(self, include_repos=True):
2476 all_ = []
2480 all_ = []
2477
2481
2478 def _get_members(root_gr):
2482 def _get_members(root_gr):
2479 if include_repos:
2483 if include_repos:
2480 for r in root_gr.repositories:
2484 for r in root_gr.repositories:
2481 all_.append(r)
2485 all_.append(r)
2482 childs = root_gr.children.all()
2486 childs = root_gr.children.all()
2483 if childs:
2487 if childs:
2484 for gr in childs:
2488 for gr in childs:
2485 all_.append(gr)
2489 all_.append(gr)
2486 _get_members(gr)
2490 _get_members(gr)
2487
2491
2488 _get_members(self)
2492 _get_members(self)
2489 return [self] + all_
2493 return [self] + all_
2490
2494
2491 def recursive_groups_and_repos(self):
2495 def recursive_groups_and_repos(self):
2492 """
2496 """
2493 Recursive return all groups, with repositories in those groups
2497 Recursive return all groups, with repositories in those groups
2494 """
2498 """
2495 return self._recursive_objects()
2499 return self._recursive_objects()
2496
2500
2497 def recursive_groups(self):
2501 def recursive_groups(self):
2498 """
2502 """
2499 Returns all children groups for this group including children of children
2503 Returns all children groups for this group including children of children
2500 """
2504 """
2501 return self._recursive_objects(include_repos=False)
2505 return self._recursive_objects(include_repos=False)
2502
2506
2503 def get_new_name(self, group_name):
2507 def get_new_name(self, group_name):
2504 """
2508 """
2505 returns new full group name based on parent and new name
2509 returns new full group name based on parent and new name
2506
2510
2507 :param group_name:
2511 :param group_name:
2508 """
2512 """
2509 path_prefix = (self.parent_group.full_path_splitted if
2513 path_prefix = (self.parent_group.full_path_splitted if
2510 self.parent_group else [])
2514 self.parent_group else [])
2511 return RepoGroup.url_sep().join(path_prefix + [group_name])
2515 return RepoGroup.url_sep().join(path_prefix + [group_name])
2512
2516
2513 def permissions(self, with_admins=True, with_owner=True):
2517 def permissions(self, with_admins=True, with_owner=True):
2514 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2518 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2515 q = q.options(joinedload(UserRepoGroupToPerm.group),
2519 q = q.options(joinedload(UserRepoGroupToPerm.group),
2516 joinedload(UserRepoGroupToPerm.user),
2520 joinedload(UserRepoGroupToPerm.user),
2517 joinedload(UserRepoGroupToPerm.permission),)
2521 joinedload(UserRepoGroupToPerm.permission),)
2518
2522
2519 # get owners and admins and permissions. We do a trick of re-writing
2523 # get owners and admins and permissions. We do a trick of re-writing
2520 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2524 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2521 # has a global reference and changing one object propagates to all
2525 # has a global reference and changing one object propagates to all
2522 # others. This means if admin is also an owner admin_row that change
2526 # others. This means if admin is also an owner admin_row that change
2523 # would propagate to both objects
2527 # would propagate to both objects
2524 perm_rows = []
2528 perm_rows = []
2525 for _usr in q.all():
2529 for _usr in q.all():
2526 usr = AttributeDict(_usr.user.get_dict())
2530 usr = AttributeDict(_usr.user.get_dict())
2527 usr.permission = _usr.permission.permission_name
2531 usr.permission = _usr.permission.permission_name
2528 perm_rows.append(usr)
2532 perm_rows.append(usr)
2529
2533
2530 # filter the perm rows by 'default' first and then sort them by
2534 # filter the perm rows by 'default' first and then sort them by
2531 # admin,write,read,none permissions sorted again alphabetically in
2535 # admin,write,read,none permissions sorted again alphabetically in
2532 # each group
2536 # each group
2533 perm_rows = sorted(perm_rows, key=display_user_sort)
2537 perm_rows = sorted(perm_rows, key=display_user_sort)
2534
2538
2535 _admin_perm = 'group.admin'
2539 _admin_perm = 'group.admin'
2536 owner_row = []
2540 owner_row = []
2537 if with_owner:
2541 if with_owner:
2538 usr = AttributeDict(self.user.get_dict())
2542 usr = AttributeDict(self.user.get_dict())
2539 usr.owner_row = True
2543 usr.owner_row = True
2540 usr.permission = _admin_perm
2544 usr.permission = _admin_perm
2541 owner_row.append(usr)
2545 owner_row.append(usr)
2542
2546
2543 super_admin_rows = []
2547 super_admin_rows = []
2544 if with_admins:
2548 if with_admins:
2545 for usr in User.get_all_super_admins():
2549 for usr in User.get_all_super_admins():
2546 # if this admin is also owner, don't double the record
2550 # if this admin is also owner, don't double the record
2547 if usr.user_id == owner_row[0].user_id:
2551 if usr.user_id == owner_row[0].user_id:
2548 owner_row[0].admin_row = True
2552 owner_row[0].admin_row = True
2549 else:
2553 else:
2550 usr = AttributeDict(usr.get_dict())
2554 usr = AttributeDict(usr.get_dict())
2551 usr.admin_row = True
2555 usr.admin_row = True
2552 usr.permission = _admin_perm
2556 usr.permission = _admin_perm
2553 super_admin_rows.append(usr)
2557 super_admin_rows.append(usr)
2554
2558
2555 return super_admin_rows + owner_row + perm_rows
2559 return super_admin_rows + owner_row + perm_rows
2556
2560
2557 def permission_user_groups(self):
2561 def permission_user_groups(self):
2558 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2562 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2559 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2563 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2560 joinedload(UserGroupRepoGroupToPerm.users_group),
2564 joinedload(UserGroupRepoGroupToPerm.users_group),
2561 joinedload(UserGroupRepoGroupToPerm.permission),)
2565 joinedload(UserGroupRepoGroupToPerm.permission),)
2562
2566
2563 perm_rows = []
2567 perm_rows = []
2564 for _user_group in q.all():
2568 for _user_group in q.all():
2565 usr = AttributeDict(_user_group.users_group.get_dict())
2569 usr = AttributeDict(_user_group.users_group.get_dict())
2566 usr.permission = _user_group.permission.permission_name
2570 usr.permission = _user_group.permission.permission_name
2567 perm_rows.append(usr)
2571 perm_rows.append(usr)
2568
2572
2569 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2573 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2570 return perm_rows
2574 return perm_rows
2571
2575
2572 def get_api_data(self):
2576 def get_api_data(self):
2573 """
2577 """
2574 Common function for generating api data
2578 Common function for generating api data
2575
2579
2576 """
2580 """
2577 group = self
2581 group = self
2578 data = {
2582 data = {
2579 'group_id': group.group_id,
2583 'group_id': group.group_id,
2580 'group_name': group.group_name,
2584 'group_name': group.group_name,
2581 'group_description': group.description_safe,
2585 'group_description': group.description_safe,
2582 'parent_group': group.parent_group.group_name if group.parent_group else None,
2586 'parent_group': group.parent_group.group_name if group.parent_group else None,
2583 'repositories': [x.repo_name for x in group.repositories],
2587 'repositories': [x.repo_name for x in group.repositories],
2584 'owner': group.user.username,
2588 'owner': group.user.username,
2585 }
2589 }
2586 return data
2590 return data
2587
2591
2588
2592
2589 class Permission(Base, BaseModel):
2593 class Permission(Base, BaseModel):
2590 __tablename__ = 'permissions'
2594 __tablename__ = 'permissions'
2591 __table_args__ = (
2595 __table_args__ = (
2592 Index('p_perm_name_idx', 'permission_name'),
2596 Index('p_perm_name_idx', 'permission_name'),
2593 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2597 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2594 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2598 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2595 )
2599 )
2596 PERMS = [
2600 PERMS = [
2597 ('hg.admin', _('RhodeCode Super Administrator')),
2601 ('hg.admin', _('RhodeCode Super Administrator')),
2598
2602
2599 ('repository.none', _('Repository no access')),
2603 ('repository.none', _('Repository no access')),
2600 ('repository.read', _('Repository read access')),
2604 ('repository.read', _('Repository read access')),
2601 ('repository.write', _('Repository write access')),
2605 ('repository.write', _('Repository write access')),
2602 ('repository.admin', _('Repository admin access')),
2606 ('repository.admin', _('Repository admin access')),
2603
2607
2604 ('group.none', _('Repository group no access')),
2608 ('group.none', _('Repository group no access')),
2605 ('group.read', _('Repository group read access')),
2609 ('group.read', _('Repository group read access')),
2606 ('group.write', _('Repository group write access')),
2610 ('group.write', _('Repository group write access')),
2607 ('group.admin', _('Repository group admin access')),
2611 ('group.admin', _('Repository group admin access')),
2608
2612
2609 ('usergroup.none', _('User group no access')),
2613 ('usergroup.none', _('User group no access')),
2610 ('usergroup.read', _('User group read access')),
2614 ('usergroup.read', _('User group read access')),
2611 ('usergroup.write', _('User group write access')),
2615 ('usergroup.write', _('User group write access')),
2612 ('usergroup.admin', _('User group admin access')),
2616 ('usergroup.admin', _('User group admin access')),
2613
2617
2614 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2618 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2615 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2619 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2616
2620
2617 ('hg.usergroup.create.false', _('User Group creation disabled')),
2621 ('hg.usergroup.create.false', _('User Group creation disabled')),
2618 ('hg.usergroup.create.true', _('User Group creation enabled')),
2622 ('hg.usergroup.create.true', _('User Group creation enabled')),
2619
2623
2620 ('hg.create.none', _('Repository creation disabled')),
2624 ('hg.create.none', _('Repository creation disabled')),
2621 ('hg.create.repository', _('Repository creation enabled')),
2625 ('hg.create.repository', _('Repository creation enabled')),
2622 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2626 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2623 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2627 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2624
2628
2625 ('hg.fork.none', _('Repository forking disabled')),
2629 ('hg.fork.none', _('Repository forking disabled')),
2626 ('hg.fork.repository', _('Repository forking enabled')),
2630 ('hg.fork.repository', _('Repository forking enabled')),
2627
2631
2628 ('hg.register.none', _('Registration disabled')),
2632 ('hg.register.none', _('Registration disabled')),
2629 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2633 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2630 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2634 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2631
2635
2632 ('hg.password_reset.enabled', _('Password reset enabled')),
2636 ('hg.password_reset.enabled', _('Password reset enabled')),
2633 ('hg.password_reset.hidden', _('Password reset hidden')),
2637 ('hg.password_reset.hidden', _('Password reset hidden')),
2634 ('hg.password_reset.disabled', _('Password reset disabled')),
2638 ('hg.password_reset.disabled', _('Password reset disabled')),
2635
2639
2636 ('hg.extern_activate.manual', _('Manual activation of external account')),
2640 ('hg.extern_activate.manual', _('Manual activation of external account')),
2637 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2641 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2638
2642
2639 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2643 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2640 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2644 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2641 ]
2645 ]
2642
2646
2643 # definition of system default permissions for DEFAULT user
2647 # definition of system default permissions for DEFAULT user
2644 DEFAULT_USER_PERMISSIONS = [
2648 DEFAULT_USER_PERMISSIONS = [
2645 'repository.read',
2649 'repository.read',
2646 'group.read',
2650 'group.read',
2647 'usergroup.read',
2651 'usergroup.read',
2648 'hg.create.repository',
2652 'hg.create.repository',
2649 'hg.repogroup.create.false',
2653 'hg.repogroup.create.false',
2650 'hg.usergroup.create.false',
2654 'hg.usergroup.create.false',
2651 'hg.create.write_on_repogroup.true',
2655 'hg.create.write_on_repogroup.true',
2652 'hg.fork.repository',
2656 'hg.fork.repository',
2653 'hg.register.manual_activate',
2657 'hg.register.manual_activate',
2654 'hg.password_reset.enabled',
2658 'hg.password_reset.enabled',
2655 'hg.extern_activate.auto',
2659 'hg.extern_activate.auto',
2656 'hg.inherit_default_perms.true',
2660 'hg.inherit_default_perms.true',
2657 ]
2661 ]
2658
2662
2659 # defines which permissions are more important higher the more important
2663 # defines which permissions are more important higher the more important
2660 # Weight defines which permissions are more important.
2664 # Weight defines which permissions are more important.
2661 # The higher number the more important.
2665 # The higher number the more important.
2662 PERM_WEIGHTS = {
2666 PERM_WEIGHTS = {
2663 'repository.none': 0,
2667 'repository.none': 0,
2664 'repository.read': 1,
2668 'repository.read': 1,
2665 'repository.write': 3,
2669 'repository.write': 3,
2666 'repository.admin': 4,
2670 'repository.admin': 4,
2667
2671
2668 'group.none': 0,
2672 'group.none': 0,
2669 'group.read': 1,
2673 'group.read': 1,
2670 'group.write': 3,
2674 'group.write': 3,
2671 'group.admin': 4,
2675 'group.admin': 4,
2672
2676
2673 'usergroup.none': 0,
2677 'usergroup.none': 0,
2674 'usergroup.read': 1,
2678 'usergroup.read': 1,
2675 'usergroup.write': 3,
2679 'usergroup.write': 3,
2676 'usergroup.admin': 4,
2680 'usergroup.admin': 4,
2677
2681
2678 'hg.repogroup.create.false': 0,
2682 'hg.repogroup.create.false': 0,
2679 'hg.repogroup.create.true': 1,
2683 'hg.repogroup.create.true': 1,
2680
2684
2681 'hg.usergroup.create.false': 0,
2685 'hg.usergroup.create.false': 0,
2682 'hg.usergroup.create.true': 1,
2686 'hg.usergroup.create.true': 1,
2683
2687
2684 'hg.fork.none': 0,
2688 'hg.fork.none': 0,
2685 'hg.fork.repository': 1,
2689 'hg.fork.repository': 1,
2686 'hg.create.none': 0,
2690 'hg.create.none': 0,
2687 'hg.create.repository': 1
2691 'hg.create.repository': 1
2688 }
2692 }
2689
2693
2690 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2694 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2691 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2695 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2692 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2696 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2693
2697
2694 def __unicode__(self):
2698 def __unicode__(self):
2695 return u"<%s('%s:%s')>" % (
2699 return u"<%s('%s:%s')>" % (
2696 self.__class__.__name__, self.permission_id, self.permission_name
2700 self.__class__.__name__, self.permission_id, self.permission_name
2697 )
2701 )
2698
2702
2699 @classmethod
2703 @classmethod
2700 def get_by_key(cls, key):
2704 def get_by_key(cls, key):
2701 return cls.query().filter(cls.permission_name == key).scalar()
2705 return cls.query().filter(cls.permission_name == key).scalar()
2702
2706
2703 @classmethod
2707 @classmethod
2704 def get_default_repo_perms(cls, user_id, repo_id=None):
2708 def get_default_repo_perms(cls, user_id, repo_id=None):
2705 q = Session().query(UserRepoToPerm, Repository, Permission)\
2709 q = Session().query(UserRepoToPerm, Repository, Permission)\
2706 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2710 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2707 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2711 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2708 .filter(UserRepoToPerm.user_id == user_id)
2712 .filter(UserRepoToPerm.user_id == user_id)
2709 if repo_id:
2713 if repo_id:
2710 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2714 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2711 return q.all()
2715 return q.all()
2712
2716
2713 @classmethod
2717 @classmethod
2714 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2718 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2715 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2719 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2716 .join(
2720 .join(
2717 Permission,
2721 Permission,
2718 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2722 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2719 .join(
2723 .join(
2720 Repository,
2724 Repository,
2721 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2725 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2722 .join(
2726 .join(
2723 UserGroup,
2727 UserGroup,
2724 UserGroupRepoToPerm.users_group_id ==
2728 UserGroupRepoToPerm.users_group_id ==
2725 UserGroup.users_group_id)\
2729 UserGroup.users_group_id)\
2726 .join(
2730 .join(
2727 UserGroupMember,
2731 UserGroupMember,
2728 UserGroupRepoToPerm.users_group_id ==
2732 UserGroupRepoToPerm.users_group_id ==
2729 UserGroupMember.users_group_id)\
2733 UserGroupMember.users_group_id)\
2730 .filter(
2734 .filter(
2731 UserGroupMember.user_id == user_id,
2735 UserGroupMember.user_id == user_id,
2732 UserGroup.users_group_active == true())
2736 UserGroup.users_group_active == true())
2733 if repo_id:
2737 if repo_id:
2734 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2738 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2735 return q.all()
2739 return q.all()
2736
2740
2737 @classmethod
2741 @classmethod
2738 def get_default_group_perms(cls, user_id, repo_group_id=None):
2742 def get_default_group_perms(cls, user_id, repo_group_id=None):
2739 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2743 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2740 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2744 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2741 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2745 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2742 .filter(UserRepoGroupToPerm.user_id == user_id)
2746 .filter(UserRepoGroupToPerm.user_id == user_id)
2743 if repo_group_id:
2747 if repo_group_id:
2744 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2748 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2745 return q.all()
2749 return q.all()
2746
2750
2747 @classmethod
2751 @classmethod
2748 def get_default_group_perms_from_user_group(
2752 def get_default_group_perms_from_user_group(
2749 cls, user_id, repo_group_id=None):
2753 cls, user_id, repo_group_id=None):
2750 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2754 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2751 .join(
2755 .join(
2752 Permission,
2756 Permission,
2753 UserGroupRepoGroupToPerm.permission_id ==
2757 UserGroupRepoGroupToPerm.permission_id ==
2754 Permission.permission_id)\
2758 Permission.permission_id)\
2755 .join(
2759 .join(
2756 RepoGroup,
2760 RepoGroup,
2757 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2761 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2758 .join(
2762 .join(
2759 UserGroup,
2763 UserGroup,
2760 UserGroupRepoGroupToPerm.users_group_id ==
2764 UserGroupRepoGroupToPerm.users_group_id ==
2761 UserGroup.users_group_id)\
2765 UserGroup.users_group_id)\
2762 .join(
2766 .join(
2763 UserGroupMember,
2767 UserGroupMember,
2764 UserGroupRepoGroupToPerm.users_group_id ==
2768 UserGroupRepoGroupToPerm.users_group_id ==
2765 UserGroupMember.users_group_id)\
2769 UserGroupMember.users_group_id)\
2766 .filter(
2770 .filter(
2767 UserGroupMember.user_id == user_id,
2771 UserGroupMember.user_id == user_id,
2768 UserGroup.users_group_active == true())
2772 UserGroup.users_group_active == true())
2769 if repo_group_id:
2773 if repo_group_id:
2770 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2774 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2771 return q.all()
2775 return q.all()
2772
2776
2773 @classmethod
2777 @classmethod
2774 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2778 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2775 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2779 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2776 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2780 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2777 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2781 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2778 .filter(UserUserGroupToPerm.user_id == user_id)
2782 .filter(UserUserGroupToPerm.user_id == user_id)
2779 if user_group_id:
2783 if user_group_id:
2780 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2784 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2781 return q.all()
2785 return q.all()
2782
2786
2783 @classmethod
2787 @classmethod
2784 def get_default_user_group_perms_from_user_group(
2788 def get_default_user_group_perms_from_user_group(
2785 cls, user_id, user_group_id=None):
2789 cls, user_id, user_group_id=None):
2786 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2790 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2787 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2791 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2788 .join(
2792 .join(
2789 Permission,
2793 Permission,
2790 UserGroupUserGroupToPerm.permission_id ==
2794 UserGroupUserGroupToPerm.permission_id ==
2791 Permission.permission_id)\
2795 Permission.permission_id)\
2792 .join(
2796 .join(
2793 TargetUserGroup,
2797 TargetUserGroup,
2794 UserGroupUserGroupToPerm.target_user_group_id ==
2798 UserGroupUserGroupToPerm.target_user_group_id ==
2795 TargetUserGroup.users_group_id)\
2799 TargetUserGroup.users_group_id)\
2796 .join(
2800 .join(
2797 UserGroup,
2801 UserGroup,
2798 UserGroupUserGroupToPerm.user_group_id ==
2802 UserGroupUserGroupToPerm.user_group_id ==
2799 UserGroup.users_group_id)\
2803 UserGroup.users_group_id)\
2800 .join(
2804 .join(
2801 UserGroupMember,
2805 UserGroupMember,
2802 UserGroupUserGroupToPerm.user_group_id ==
2806 UserGroupUserGroupToPerm.user_group_id ==
2803 UserGroupMember.users_group_id)\
2807 UserGroupMember.users_group_id)\
2804 .filter(
2808 .filter(
2805 UserGroupMember.user_id == user_id,
2809 UserGroupMember.user_id == user_id,
2806 UserGroup.users_group_active == true())
2810 UserGroup.users_group_active == true())
2807 if user_group_id:
2811 if user_group_id:
2808 q = q.filter(
2812 q = q.filter(
2809 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2813 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2810
2814
2811 return q.all()
2815 return q.all()
2812
2816
2813
2817
2814 class UserRepoToPerm(Base, BaseModel):
2818 class UserRepoToPerm(Base, BaseModel):
2815 __tablename__ = 'repo_to_perm'
2819 __tablename__ = 'repo_to_perm'
2816 __table_args__ = (
2820 __table_args__ = (
2817 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2821 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2818 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2822 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2819 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2823 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2820 )
2824 )
2821 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2825 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2822 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2826 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2823 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2827 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2824 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2828 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2825
2829
2826 user = relationship('User')
2830 user = relationship('User')
2827 repository = relationship('Repository')
2831 repository = relationship('Repository')
2828 permission = relationship('Permission')
2832 permission = relationship('Permission')
2829
2833
2830 @classmethod
2834 @classmethod
2831 def create(cls, user, repository, permission):
2835 def create(cls, user, repository, permission):
2832 n = cls()
2836 n = cls()
2833 n.user = user
2837 n.user = user
2834 n.repository = repository
2838 n.repository = repository
2835 n.permission = permission
2839 n.permission = permission
2836 Session().add(n)
2840 Session().add(n)
2837 return n
2841 return n
2838
2842
2839 def __unicode__(self):
2843 def __unicode__(self):
2840 return u'<%s => %s >' % (self.user, self.repository)
2844 return u'<%s => %s >' % (self.user, self.repository)
2841
2845
2842
2846
2843 class UserUserGroupToPerm(Base, BaseModel):
2847 class UserUserGroupToPerm(Base, BaseModel):
2844 __tablename__ = 'user_user_group_to_perm'
2848 __tablename__ = 'user_user_group_to_perm'
2845 __table_args__ = (
2849 __table_args__ = (
2846 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2850 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2847 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2851 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2848 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2852 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2849 )
2853 )
2850 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2854 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2851 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2855 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2852 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2856 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2853 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2857 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2854
2858
2855 user = relationship('User')
2859 user = relationship('User')
2856 user_group = relationship('UserGroup')
2860 user_group = relationship('UserGroup')
2857 permission = relationship('Permission')
2861 permission = relationship('Permission')
2858
2862
2859 @classmethod
2863 @classmethod
2860 def create(cls, user, user_group, permission):
2864 def create(cls, user, user_group, permission):
2861 n = cls()
2865 n = cls()
2862 n.user = user
2866 n.user = user
2863 n.user_group = user_group
2867 n.user_group = user_group
2864 n.permission = permission
2868 n.permission = permission
2865 Session().add(n)
2869 Session().add(n)
2866 return n
2870 return n
2867
2871
2868 def __unicode__(self):
2872 def __unicode__(self):
2869 return u'<%s => %s >' % (self.user, self.user_group)
2873 return u'<%s => %s >' % (self.user, self.user_group)
2870
2874
2871
2875
2872 class UserToPerm(Base, BaseModel):
2876 class UserToPerm(Base, BaseModel):
2873 __tablename__ = 'user_to_perm'
2877 __tablename__ = 'user_to_perm'
2874 __table_args__ = (
2878 __table_args__ = (
2875 UniqueConstraint('user_id', 'permission_id'),
2879 UniqueConstraint('user_id', 'permission_id'),
2876 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2880 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2877 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2881 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2878 )
2882 )
2879 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2883 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2880 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2884 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2881 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2885 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2882
2886
2883 user = relationship('User')
2887 user = relationship('User')
2884 permission = relationship('Permission', lazy='joined')
2888 permission = relationship('Permission', lazy='joined')
2885
2889
2886 def __unicode__(self):
2890 def __unicode__(self):
2887 return u'<%s => %s >' % (self.user, self.permission)
2891 return u'<%s => %s >' % (self.user, self.permission)
2888
2892
2889
2893
2890 class UserGroupRepoToPerm(Base, BaseModel):
2894 class UserGroupRepoToPerm(Base, BaseModel):
2891 __tablename__ = 'users_group_repo_to_perm'
2895 __tablename__ = 'users_group_repo_to_perm'
2892 __table_args__ = (
2896 __table_args__ = (
2893 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2897 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2894 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2898 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2895 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2899 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2896 )
2900 )
2897 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2901 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2898 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2902 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2899 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2903 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2900 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2904 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2901
2905
2902 users_group = relationship('UserGroup')
2906 users_group = relationship('UserGroup')
2903 permission = relationship('Permission')
2907 permission = relationship('Permission')
2904 repository = relationship('Repository')
2908 repository = relationship('Repository')
2905
2909
2906 @classmethod
2910 @classmethod
2907 def create(cls, users_group, repository, permission):
2911 def create(cls, users_group, repository, permission):
2908 n = cls()
2912 n = cls()
2909 n.users_group = users_group
2913 n.users_group = users_group
2910 n.repository = repository
2914 n.repository = repository
2911 n.permission = permission
2915 n.permission = permission
2912 Session().add(n)
2916 Session().add(n)
2913 return n
2917 return n
2914
2918
2915 def __unicode__(self):
2919 def __unicode__(self):
2916 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2920 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2917
2921
2918
2922
2919 class UserGroupUserGroupToPerm(Base, BaseModel):
2923 class UserGroupUserGroupToPerm(Base, BaseModel):
2920 __tablename__ = 'user_group_user_group_to_perm'
2924 __tablename__ = 'user_group_user_group_to_perm'
2921 __table_args__ = (
2925 __table_args__ = (
2922 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2926 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2923 CheckConstraint('target_user_group_id != user_group_id'),
2927 CheckConstraint('target_user_group_id != user_group_id'),
2924 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2928 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2925 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2929 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2926 )
2930 )
2927 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2931 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2928 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2932 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2929 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2933 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2930 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2934 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2931
2935
2932 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
2936 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
2933 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
2937 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
2934 permission = relationship('Permission')
2938 permission = relationship('Permission')
2935
2939
2936 @classmethod
2940 @classmethod
2937 def create(cls, target_user_group, user_group, permission):
2941 def create(cls, target_user_group, user_group, permission):
2938 n = cls()
2942 n = cls()
2939 n.target_user_group = target_user_group
2943 n.target_user_group = target_user_group
2940 n.user_group = user_group
2944 n.user_group = user_group
2941 n.permission = permission
2945 n.permission = permission
2942 Session().add(n)
2946 Session().add(n)
2943 return n
2947 return n
2944
2948
2945 def __unicode__(self):
2949 def __unicode__(self):
2946 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
2950 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
2947
2951
2948
2952
2949 class UserGroupToPerm(Base, BaseModel):
2953 class UserGroupToPerm(Base, BaseModel):
2950 __tablename__ = 'users_group_to_perm'
2954 __tablename__ = 'users_group_to_perm'
2951 __table_args__ = (
2955 __table_args__ = (
2952 UniqueConstraint('users_group_id', 'permission_id',),
2956 UniqueConstraint('users_group_id', 'permission_id',),
2953 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2957 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2954 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2958 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2955 )
2959 )
2956 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2960 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2957 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2961 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2958 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2962 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2959
2963
2960 users_group = relationship('UserGroup')
2964 users_group = relationship('UserGroup')
2961 permission = relationship('Permission')
2965 permission = relationship('Permission')
2962
2966
2963
2967
2964 class UserRepoGroupToPerm(Base, BaseModel):
2968 class UserRepoGroupToPerm(Base, BaseModel):
2965 __tablename__ = 'user_repo_group_to_perm'
2969 __tablename__ = 'user_repo_group_to_perm'
2966 __table_args__ = (
2970 __table_args__ = (
2967 UniqueConstraint('user_id', 'group_id', 'permission_id'),
2971 UniqueConstraint('user_id', 'group_id', 'permission_id'),
2968 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2972 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2969 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2973 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2970 )
2974 )
2971
2975
2972 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2976 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2973 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2977 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2974 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2978 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2975 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2979 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2976
2980
2977 user = relationship('User')
2981 user = relationship('User')
2978 group = relationship('RepoGroup')
2982 group = relationship('RepoGroup')
2979 permission = relationship('Permission')
2983 permission = relationship('Permission')
2980
2984
2981 @classmethod
2985 @classmethod
2982 def create(cls, user, repository_group, permission):
2986 def create(cls, user, repository_group, permission):
2983 n = cls()
2987 n = cls()
2984 n.user = user
2988 n.user = user
2985 n.group = repository_group
2989 n.group = repository_group
2986 n.permission = permission
2990 n.permission = permission
2987 Session().add(n)
2991 Session().add(n)
2988 return n
2992 return n
2989
2993
2990
2994
2991 class UserGroupRepoGroupToPerm(Base, BaseModel):
2995 class UserGroupRepoGroupToPerm(Base, BaseModel):
2992 __tablename__ = 'users_group_repo_group_to_perm'
2996 __tablename__ = 'users_group_repo_group_to_perm'
2993 __table_args__ = (
2997 __table_args__ = (
2994 UniqueConstraint('users_group_id', 'group_id'),
2998 UniqueConstraint('users_group_id', 'group_id'),
2995 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2999 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2996 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3000 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2997 )
3001 )
2998
3002
2999 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3003 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3000 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3004 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
3001 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3005 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
3002 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3006 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
3003
3007
3004 users_group = relationship('UserGroup')
3008 users_group = relationship('UserGroup')
3005 permission = relationship('Permission')
3009 permission = relationship('Permission')
3006 group = relationship('RepoGroup')
3010 group = relationship('RepoGroup')
3007
3011
3008 @classmethod
3012 @classmethod
3009 def create(cls, user_group, repository_group, permission):
3013 def create(cls, user_group, repository_group, permission):
3010 n = cls()
3014 n = cls()
3011 n.users_group = user_group
3015 n.users_group = user_group
3012 n.group = repository_group
3016 n.group = repository_group
3013 n.permission = permission
3017 n.permission = permission
3014 Session().add(n)
3018 Session().add(n)
3015 return n
3019 return n
3016
3020
3017 def __unicode__(self):
3021 def __unicode__(self):
3018 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
3022 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
3019
3023
3020
3024
3021 class Statistics(Base, BaseModel):
3025 class Statistics(Base, BaseModel):
3022 __tablename__ = 'statistics'
3026 __tablename__ = 'statistics'
3023 __table_args__ = (
3027 __table_args__ = (
3024 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3028 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3025 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3029 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3026 )
3030 )
3027 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3031 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3028 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
3032 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
3029 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
3033 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
3030 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
3034 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
3031 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
3035 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
3032 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
3036 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
3033
3037
3034 repository = relationship('Repository', single_parent=True)
3038 repository = relationship('Repository', single_parent=True)
3035
3039
3036
3040
3037 class UserFollowing(Base, BaseModel):
3041 class UserFollowing(Base, BaseModel):
3038 __tablename__ = 'user_followings'
3042 __tablename__ = 'user_followings'
3039 __table_args__ = (
3043 __table_args__ = (
3040 UniqueConstraint('user_id', 'follows_repository_id'),
3044 UniqueConstraint('user_id', 'follows_repository_id'),
3041 UniqueConstraint('user_id', 'follows_user_id'),
3045 UniqueConstraint('user_id', 'follows_user_id'),
3042 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3046 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3043 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3047 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3044 )
3048 )
3045
3049
3046 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3050 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3047 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3051 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
3048 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
3052 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
3049 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
3053 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
3050 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
3054 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
3051
3055
3052 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
3056 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
3053
3057
3054 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
3058 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
3055 follows_repository = relationship('Repository', order_by='Repository.repo_name')
3059 follows_repository = relationship('Repository', order_by='Repository.repo_name')
3056
3060
3057 @classmethod
3061 @classmethod
3058 def get_repo_followers(cls, repo_id):
3062 def get_repo_followers(cls, repo_id):
3059 return cls.query().filter(cls.follows_repo_id == repo_id)
3063 return cls.query().filter(cls.follows_repo_id == repo_id)
3060
3064
3061
3065
3062 class CacheKey(Base, BaseModel):
3066 class CacheKey(Base, BaseModel):
3063 __tablename__ = 'cache_invalidation'
3067 __tablename__ = 'cache_invalidation'
3064 __table_args__ = (
3068 __table_args__ = (
3065 UniqueConstraint('cache_key'),
3069 UniqueConstraint('cache_key'),
3066 Index('key_idx', 'cache_key'),
3070 Index('key_idx', 'cache_key'),
3067 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3071 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3068 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3072 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3069 )
3073 )
3070 CACHE_TYPE_ATOM = 'ATOM'
3074 CACHE_TYPE_ATOM = 'ATOM'
3071 CACHE_TYPE_RSS = 'RSS'
3075 CACHE_TYPE_RSS = 'RSS'
3072 CACHE_TYPE_README = 'README'
3076 CACHE_TYPE_README = 'README'
3073
3077
3074 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3078 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3075 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3079 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3076 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3080 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3077 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3081 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3078
3082
3079 def __init__(self, cache_key, cache_args=''):
3083 def __init__(self, cache_key, cache_args=''):
3080 self.cache_key = cache_key
3084 self.cache_key = cache_key
3081 self.cache_args = cache_args
3085 self.cache_args = cache_args
3082 self.cache_active = False
3086 self.cache_active = False
3083
3087
3084 def __unicode__(self):
3088 def __unicode__(self):
3085 return u"<%s('%s:%s[%s]')>" % (
3089 return u"<%s('%s:%s[%s]')>" % (
3086 self.__class__.__name__,
3090 self.__class__.__name__,
3087 self.cache_id, self.cache_key, self.cache_active)
3091 self.cache_id, self.cache_key, self.cache_active)
3088
3092
3089 def _cache_key_partition(self):
3093 def _cache_key_partition(self):
3090 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3094 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3091 return prefix, repo_name, suffix
3095 return prefix, repo_name, suffix
3092
3096
3093 def get_prefix(self):
3097 def get_prefix(self):
3094 """
3098 """
3095 Try to extract prefix from existing cache key. The key could consist
3099 Try to extract prefix from existing cache key. The key could consist
3096 of prefix, repo_name, suffix
3100 of prefix, repo_name, suffix
3097 """
3101 """
3098 # this returns prefix, repo_name, suffix
3102 # this returns prefix, repo_name, suffix
3099 return self._cache_key_partition()[0]
3103 return self._cache_key_partition()[0]
3100
3104
3101 def get_suffix(self):
3105 def get_suffix(self):
3102 """
3106 """
3103 get suffix that might have been used in _get_cache_key to
3107 get suffix that might have been used in _get_cache_key to
3104 generate self.cache_key. Only used for informational purposes
3108 generate self.cache_key. Only used for informational purposes
3105 in repo_edit.mako.
3109 in repo_edit.mako.
3106 """
3110 """
3107 # prefix, repo_name, suffix
3111 # prefix, repo_name, suffix
3108 return self._cache_key_partition()[2]
3112 return self._cache_key_partition()[2]
3109
3113
3110 @classmethod
3114 @classmethod
3111 def delete_all_cache(cls):
3115 def delete_all_cache(cls):
3112 """
3116 """
3113 Delete all cache keys from database.
3117 Delete all cache keys from database.
3114 Should only be run when all instances are down and all entries
3118 Should only be run when all instances are down and all entries
3115 thus stale.
3119 thus stale.
3116 """
3120 """
3117 cls.query().delete()
3121 cls.query().delete()
3118 Session().commit()
3122 Session().commit()
3119
3123
3120 @classmethod
3124 @classmethod
3121 def get_cache_key(cls, repo_name, cache_type):
3125 def get_cache_key(cls, repo_name, cache_type):
3122 """
3126 """
3123
3127
3124 Generate a cache key for this process of RhodeCode instance.
3128 Generate a cache key for this process of RhodeCode instance.
3125 Prefix most likely will be process id or maybe explicitly set
3129 Prefix most likely will be process id or maybe explicitly set
3126 instance_id from .ini file.
3130 instance_id from .ini file.
3127 """
3131 """
3128 import rhodecode
3132 import rhodecode
3129 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
3133 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
3130
3134
3131 repo_as_unicode = safe_unicode(repo_name)
3135 repo_as_unicode = safe_unicode(repo_name)
3132 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
3136 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
3133 if cache_type else repo_as_unicode
3137 if cache_type else repo_as_unicode
3134
3138
3135 return u'{}{}'.format(prefix, key)
3139 return u'{}{}'.format(prefix, key)
3136
3140
3137 @classmethod
3141 @classmethod
3138 def set_invalidate(cls, repo_name, delete=False):
3142 def set_invalidate(cls, repo_name, delete=False):
3139 """
3143 """
3140 Mark all caches of a repo as invalid in the database.
3144 Mark all caches of a repo as invalid in the database.
3141 """
3145 """
3142
3146
3143 try:
3147 try:
3144 qry = Session().query(cls).filter(cls.cache_args == repo_name)
3148 qry = Session().query(cls).filter(cls.cache_args == repo_name)
3145 if delete:
3149 if delete:
3146 log.debug('cache objects deleted for repo %s',
3150 log.debug('cache objects deleted for repo %s',
3147 safe_str(repo_name))
3151 safe_str(repo_name))
3148 qry.delete()
3152 qry.delete()
3149 else:
3153 else:
3150 log.debug('cache objects marked as invalid for repo %s',
3154 log.debug('cache objects marked as invalid for repo %s',
3151 safe_str(repo_name))
3155 safe_str(repo_name))
3152 qry.update({"cache_active": False})
3156 qry.update({"cache_active": False})
3153
3157
3154 Session().commit()
3158 Session().commit()
3155 except Exception:
3159 except Exception:
3156 log.exception(
3160 log.exception(
3157 'Cache key invalidation failed for repository %s',
3161 'Cache key invalidation failed for repository %s',
3158 safe_str(repo_name))
3162 safe_str(repo_name))
3159 Session().rollback()
3163 Session().rollback()
3160
3164
3161 @classmethod
3165 @classmethod
3162 def get_active_cache(cls, cache_key):
3166 def get_active_cache(cls, cache_key):
3163 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3167 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3164 if inv_obj:
3168 if inv_obj:
3165 return inv_obj
3169 return inv_obj
3166 return None
3170 return None
3167
3171
3168 @classmethod
3172 @classmethod
3169 def repo_context_cache(cls, compute_func, repo_name, cache_type,
3173 def repo_context_cache(cls, compute_func, repo_name, cache_type,
3170 thread_scoped=False):
3174 thread_scoped=False):
3171 """
3175 """
3172 @cache_region('long_term')
3176 @cache_region('long_term')
3173 def _heavy_calculation(cache_key):
3177 def _heavy_calculation(cache_key):
3174 return 'result'
3178 return 'result'
3175
3179
3176 cache_context = CacheKey.repo_context_cache(
3180 cache_context = CacheKey.repo_context_cache(
3177 _heavy_calculation, repo_name, cache_type)
3181 _heavy_calculation, repo_name, cache_type)
3178
3182
3179 with cache_context as context:
3183 with cache_context as context:
3180 context.invalidate()
3184 context.invalidate()
3181 computed = context.compute()
3185 computed = context.compute()
3182
3186
3183 assert computed == 'result'
3187 assert computed == 'result'
3184 """
3188 """
3185 from rhodecode.lib import caches
3189 from rhodecode.lib import caches
3186 return caches.InvalidationContext(
3190 return caches.InvalidationContext(
3187 compute_func, repo_name, cache_type, thread_scoped=thread_scoped)
3191 compute_func, repo_name, cache_type, thread_scoped=thread_scoped)
3188
3192
3189
3193
3190 class ChangesetComment(Base, BaseModel):
3194 class ChangesetComment(Base, BaseModel):
3191 __tablename__ = 'changeset_comments'
3195 __tablename__ = 'changeset_comments'
3192 __table_args__ = (
3196 __table_args__ = (
3193 Index('cc_revision_idx', 'revision'),
3197 Index('cc_revision_idx', 'revision'),
3194 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3198 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3195 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3199 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3196 )
3200 )
3197
3201
3198 COMMENT_OUTDATED = u'comment_outdated'
3202 COMMENT_OUTDATED = u'comment_outdated'
3199 COMMENT_TYPE_NOTE = u'note'
3203 COMMENT_TYPE_NOTE = u'note'
3200 COMMENT_TYPE_TODO = u'todo'
3204 COMMENT_TYPE_TODO = u'todo'
3201 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3205 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3202
3206
3203 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3207 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3204 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3208 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3205 revision = Column('revision', String(40), nullable=True)
3209 revision = Column('revision', String(40), nullable=True)
3206 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3210 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3207 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3211 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3208 line_no = Column('line_no', Unicode(10), nullable=True)
3212 line_no = Column('line_no', Unicode(10), nullable=True)
3209 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3213 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3210 f_path = Column('f_path', Unicode(1000), nullable=True)
3214 f_path = Column('f_path', Unicode(1000), nullable=True)
3211 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3215 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3212 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3216 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3213 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3217 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3214 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3218 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3215 renderer = Column('renderer', Unicode(64), nullable=True)
3219 renderer = Column('renderer', Unicode(64), nullable=True)
3216 display_state = Column('display_state', Unicode(128), nullable=True)
3220 display_state = Column('display_state', Unicode(128), nullable=True)
3217
3221
3218 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3222 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3219 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3223 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3220 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, backref='resolved_by')
3224 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, backref='resolved_by')
3221 author = relationship('User', lazy='joined')
3225 author = relationship('User', lazy='joined')
3222 repo = relationship('Repository')
3226 repo = relationship('Repository')
3223 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3227 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3224 pull_request = relationship('PullRequest', lazy='joined')
3228 pull_request = relationship('PullRequest', lazy='joined')
3225 pull_request_version = relationship('PullRequestVersion')
3229 pull_request_version = relationship('PullRequestVersion')
3226
3230
3227 @classmethod
3231 @classmethod
3228 def get_users(cls, revision=None, pull_request_id=None):
3232 def get_users(cls, revision=None, pull_request_id=None):
3229 """
3233 """
3230 Returns user associated with this ChangesetComment. ie those
3234 Returns user associated with this ChangesetComment. ie those
3231 who actually commented
3235 who actually commented
3232
3236
3233 :param cls:
3237 :param cls:
3234 :param revision:
3238 :param revision:
3235 """
3239 """
3236 q = Session().query(User)\
3240 q = Session().query(User)\
3237 .join(ChangesetComment.author)
3241 .join(ChangesetComment.author)
3238 if revision:
3242 if revision:
3239 q = q.filter(cls.revision == revision)
3243 q = q.filter(cls.revision == revision)
3240 elif pull_request_id:
3244 elif pull_request_id:
3241 q = q.filter(cls.pull_request_id == pull_request_id)
3245 q = q.filter(cls.pull_request_id == pull_request_id)
3242 return q.all()
3246 return q.all()
3243
3247
3244 @classmethod
3248 @classmethod
3245 def get_index_from_version(cls, pr_version, versions):
3249 def get_index_from_version(cls, pr_version, versions):
3246 num_versions = [x.pull_request_version_id for x in versions]
3250 num_versions = [x.pull_request_version_id for x in versions]
3247 try:
3251 try:
3248 return num_versions.index(pr_version) +1
3252 return num_versions.index(pr_version) +1
3249 except (IndexError, ValueError):
3253 except (IndexError, ValueError):
3250 return
3254 return
3251
3255
3252 @property
3256 @property
3253 def outdated(self):
3257 def outdated(self):
3254 return self.display_state == self.COMMENT_OUTDATED
3258 return self.display_state == self.COMMENT_OUTDATED
3255
3259
3256 def outdated_at_version(self, version):
3260 def outdated_at_version(self, version):
3257 """
3261 """
3258 Checks if comment is outdated for given pull request version
3262 Checks if comment is outdated for given pull request version
3259 """
3263 """
3260 return self.outdated and self.pull_request_version_id != version
3264 return self.outdated and self.pull_request_version_id != version
3261
3265
3262 def older_than_version(self, version):
3266 def older_than_version(self, version):
3263 """
3267 """
3264 Checks if comment is made from previous version than given
3268 Checks if comment is made from previous version than given
3265 """
3269 """
3266 if version is None:
3270 if version is None:
3267 return self.pull_request_version_id is not None
3271 return self.pull_request_version_id is not None
3268
3272
3269 return self.pull_request_version_id < version
3273 return self.pull_request_version_id < version
3270
3274
3271 @property
3275 @property
3272 def resolved(self):
3276 def resolved(self):
3273 return self.resolved_by[0] if self.resolved_by else None
3277 return self.resolved_by[0] if self.resolved_by else None
3274
3278
3275 @property
3279 @property
3276 def is_todo(self):
3280 def is_todo(self):
3277 return self.comment_type == self.COMMENT_TYPE_TODO
3281 return self.comment_type == self.COMMENT_TYPE_TODO
3278
3282
3279 @property
3283 @property
3280 def is_inline(self):
3284 def is_inline(self):
3281 return self.line_no and self.f_path
3285 return self.line_no and self.f_path
3282
3286
3283 def get_index_version(self, versions):
3287 def get_index_version(self, versions):
3284 return self.get_index_from_version(
3288 return self.get_index_from_version(
3285 self.pull_request_version_id, versions)
3289 self.pull_request_version_id, versions)
3286
3290
3287 def __repr__(self):
3291 def __repr__(self):
3288 if self.comment_id:
3292 if self.comment_id:
3289 return '<DB:Comment #%s>' % self.comment_id
3293 return '<DB:Comment #%s>' % self.comment_id
3290 else:
3294 else:
3291 return '<DB:Comment at %#x>' % id(self)
3295 return '<DB:Comment at %#x>' % id(self)
3292
3296
3293 def get_api_data(self):
3297 def get_api_data(self):
3294 comment = self
3298 comment = self
3295 data = {
3299 data = {
3296 'comment_id': comment.comment_id,
3300 'comment_id': comment.comment_id,
3297 'comment_type': comment.comment_type,
3301 'comment_type': comment.comment_type,
3298 'comment_text': comment.text,
3302 'comment_text': comment.text,
3299 'comment_status': comment.status_change,
3303 'comment_status': comment.status_change,
3300 'comment_f_path': comment.f_path,
3304 'comment_f_path': comment.f_path,
3301 'comment_lineno': comment.line_no,
3305 'comment_lineno': comment.line_no,
3302 'comment_author': comment.author,
3306 'comment_author': comment.author,
3303 'comment_created_on': comment.created_on
3307 'comment_created_on': comment.created_on
3304 }
3308 }
3305 return data
3309 return data
3306
3310
3307 def __json__(self):
3311 def __json__(self):
3308 data = dict()
3312 data = dict()
3309 data.update(self.get_api_data())
3313 data.update(self.get_api_data())
3310 return data
3314 return data
3311
3315
3312
3316
3313 class ChangesetStatus(Base, BaseModel):
3317 class ChangesetStatus(Base, BaseModel):
3314 __tablename__ = 'changeset_statuses'
3318 __tablename__ = 'changeset_statuses'
3315 __table_args__ = (
3319 __table_args__ = (
3316 Index('cs_revision_idx', 'revision'),
3320 Index('cs_revision_idx', 'revision'),
3317 Index('cs_version_idx', 'version'),
3321 Index('cs_version_idx', 'version'),
3318 UniqueConstraint('repo_id', 'revision', 'version'),
3322 UniqueConstraint('repo_id', 'revision', 'version'),
3319 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3323 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3320 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3324 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3321 )
3325 )
3322 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3326 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3323 STATUS_APPROVED = 'approved'
3327 STATUS_APPROVED = 'approved'
3324 STATUS_REJECTED = 'rejected'
3328 STATUS_REJECTED = 'rejected'
3325 STATUS_UNDER_REVIEW = 'under_review'
3329 STATUS_UNDER_REVIEW = 'under_review'
3326
3330
3327 STATUSES = [
3331 STATUSES = [
3328 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3332 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3329 (STATUS_APPROVED, _("Approved")),
3333 (STATUS_APPROVED, _("Approved")),
3330 (STATUS_REJECTED, _("Rejected")),
3334 (STATUS_REJECTED, _("Rejected")),
3331 (STATUS_UNDER_REVIEW, _("Under Review")),
3335 (STATUS_UNDER_REVIEW, _("Under Review")),
3332 ]
3336 ]
3333
3337
3334 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3338 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3335 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3339 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3336 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3340 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3337 revision = Column('revision', String(40), nullable=False)
3341 revision = Column('revision', String(40), nullable=False)
3338 status = Column('status', String(128), nullable=False, default=DEFAULT)
3342 status = Column('status', String(128), nullable=False, default=DEFAULT)
3339 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3343 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3340 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3344 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3341 version = Column('version', Integer(), nullable=False, default=0)
3345 version = Column('version', Integer(), nullable=False, default=0)
3342 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3346 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3343
3347
3344 author = relationship('User', lazy='joined')
3348 author = relationship('User', lazy='joined')
3345 repo = relationship('Repository')
3349 repo = relationship('Repository')
3346 comment = relationship('ChangesetComment', lazy='joined')
3350 comment = relationship('ChangesetComment', lazy='joined')
3347 pull_request = relationship('PullRequest', lazy='joined')
3351 pull_request = relationship('PullRequest', lazy='joined')
3348
3352
3349 def __unicode__(self):
3353 def __unicode__(self):
3350 return u"<%s('%s[v%s]:%s')>" % (
3354 return u"<%s('%s[v%s]:%s')>" % (
3351 self.__class__.__name__,
3355 self.__class__.__name__,
3352 self.status, self.version, self.author
3356 self.status, self.version, self.author
3353 )
3357 )
3354
3358
3355 @classmethod
3359 @classmethod
3356 def get_status_lbl(cls, value):
3360 def get_status_lbl(cls, value):
3357 return dict(cls.STATUSES).get(value)
3361 return dict(cls.STATUSES).get(value)
3358
3362
3359 @property
3363 @property
3360 def status_lbl(self):
3364 def status_lbl(self):
3361 return ChangesetStatus.get_status_lbl(self.status)
3365 return ChangesetStatus.get_status_lbl(self.status)
3362
3366
3363 def get_api_data(self):
3367 def get_api_data(self):
3364 status = self
3368 status = self
3365 data = {
3369 data = {
3366 'status_id': status.changeset_status_id,
3370 'status_id': status.changeset_status_id,
3367 'status': status.status,
3371 'status': status.status,
3368 }
3372 }
3369 return data
3373 return data
3370
3374
3371 def __json__(self):
3375 def __json__(self):
3372 data = dict()
3376 data = dict()
3373 data.update(self.get_api_data())
3377 data.update(self.get_api_data())
3374 return data
3378 return data
3375
3379
3376
3380
3377 class _PullRequestBase(BaseModel):
3381 class _PullRequestBase(BaseModel):
3378 """
3382 """
3379 Common attributes of pull request and version entries.
3383 Common attributes of pull request and version entries.
3380 """
3384 """
3381
3385
3382 # .status values
3386 # .status values
3383 STATUS_NEW = u'new'
3387 STATUS_NEW = u'new'
3384 STATUS_OPEN = u'open'
3388 STATUS_OPEN = u'open'
3385 STATUS_CLOSED = u'closed'
3389 STATUS_CLOSED = u'closed'
3386
3390
3387 title = Column('title', Unicode(255), nullable=True)
3391 title = Column('title', Unicode(255), nullable=True)
3388 description = Column(
3392 description = Column(
3389 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3393 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3390 nullable=True)
3394 nullable=True)
3391 # new/open/closed status of pull request (not approve/reject/etc)
3395 # new/open/closed status of pull request (not approve/reject/etc)
3392 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3396 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3393 created_on = Column(
3397 created_on = Column(
3394 'created_on', DateTime(timezone=False), nullable=False,
3398 'created_on', DateTime(timezone=False), nullable=False,
3395 default=datetime.datetime.now)
3399 default=datetime.datetime.now)
3396 updated_on = Column(
3400 updated_on = Column(
3397 'updated_on', DateTime(timezone=False), nullable=False,
3401 'updated_on', DateTime(timezone=False), nullable=False,
3398 default=datetime.datetime.now)
3402 default=datetime.datetime.now)
3399
3403
3400 @declared_attr
3404 @declared_attr
3401 def user_id(cls):
3405 def user_id(cls):
3402 return Column(
3406 return Column(
3403 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3407 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3404 unique=None)
3408 unique=None)
3405
3409
3406 # 500 revisions max
3410 # 500 revisions max
3407 _revisions = Column(
3411 _revisions = Column(
3408 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3412 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3409
3413
3410 @declared_attr
3414 @declared_attr
3411 def source_repo_id(cls):
3415 def source_repo_id(cls):
3412 # TODO: dan: rename column to source_repo_id
3416 # TODO: dan: rename column to source_repo_id
3413 return Column(
3417 return Column(
3414 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3418 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3415 nullable=False)
3419 nullable=False)
3416
3420
3417 source_ref = Column('org_ref', Unicode(255), nullable=False)
3421 source_ref = Column('org_ref', Unicode(255), nullable=False)
3418
3422
3419 @declared_attr
3423 @declared_attr
3420 def target_repo_id(cls):
3424 def target_repo_id(cls):
3421 # TODO: dan: rename column to target_repo_id
3425 # TODO: dan: rename column to target_repo_id
3422 return Column(
3426 return Column(
3423 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3427 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3424 nullable=False)
3428 nullable=False)
3425
3429
3426 target_ref = Column('other_ref', Unicode(255), nullable=False)
3430 target_ref = Column('other_ref', Unicode(255), nullable=False)
3427 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3431 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3428
3432
3429 # TODO: dan: rename column to last_merge_source_rev
3433 # TODO: dan: rename column to last_merge_source_rev
3430 _last_merge_source_rev = Column(
3434 _last_merge_source_rev = Column(
3431 'last_merge_org_rev', String(40), nullable=True)
3435 'last_merge_org_rev', String(40), nullable=True)
3432 # TODO: dan: rename column to last_merge_target_rev
3436 # TODO: dan: rename column to last_merge_target_rev
3433 _last_merge_target_rev = Column(
3437 _last_merge_target_rev = Column(
3434 'last_merge_other_rev', String(40), nullable=True)
3438 'last_merge_other_rev', String(40), nullable=True)
3435 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3439 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3436 merge_rev = Column('merge_rev', String(40), nullable=True)
3440 merge_rev = Column('merge_rev', String(40), nullable=True)
3437
3441
3438 reviewer_data = Column(
3442 reviewer_data = Column(
3439 'reviewer_data_json', MutationObj.as_mutable(
3443 'reviewer_data_json', MutationObj.as_mutable(
3440 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3444 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3441
3445
3442 @property
3446 @property
3443 def reviewer_data_json(self):
3447 def reviewer_data_json(self):
3444 return json.dumps(self.reviewer_data)
3448 return json.dumps(self.reviewer_data)
3445
3449
3446 @hybrid_property
3450 @hybrid_property
3447 def description_safe(self):
3451 def description_safe(self):
3448 from rhodecode.lib import helpers as h
3452 from rhodecode.lib import helpers as h
3449 return h.escape(self.description)
3453 return h.escape(self.description)
3450
3454
3451 @hybrid_property
3455 @hybrid_property
3452 def revisions(self):
3456 def revisions(self):
3453 return self._revisions.split(':') if self._revisions else []
3457 return self._revisions.split(':') if self._revisions else []
3454
3458
3455 @revisions.setter
3459 @revisions.setter
3456 def revisions(self, val):
3460 def revisions(self, val):
3457 self._revisions = ':'.join(val)
3461 self._revisions = ':'.join(val)
3458
3462
3459 @hybrid_property
3463 @hybrid_property
3460 def last_merge_status(self):
3464 def last_merge_status(self):
3461 return safe_int(self._last_merge_status)
3465 return safe_int(self._last_merge_status)
3462
3466
3463 @last_merge_status.setter
3467 @last_merge_status.setter
3464 def last_merge_status(self, val):
3468 def last_merge_status(self, val):
3465 self._last_merge_status = val
3469 self._last_merge_status = val
3466
3470
3467 @declared_attr
3471 @declared_attr
3468 def author(cls):
3472 def author(cls):
3469 return relationship('User', lazy='joined')
3473 return relationship('User', lazy='joined')
3470
3474
3471 @declared_attr
3475 @declared_attr
3472 def source_repo(cls):
3476 def source_repo(cls):
3473 return relationship(
3477 return relationship(
3474 'Repository',
3478 'Repository',
3475 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3479 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3476
3480
3477 @property
3481 @property
3478 def source_ref_parts(self):
3482 def source_ref_parts(self):
3479 return self.unicode_to_reference(self.source_ref)
3483 return self.unicode_to_reference(self.source_ref)
3480
3484
3481 @declared_attr
3485 @declared_attr
3482 def target_repo(cls):
3486 def target_repo(cls):
3483 return relationship(
3487 return relationship(
3484 'Repository',
3488 'Repository',
3485 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3489 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3486
3490
3487 @property
3491 @property
3488 def target_ref_parts(self):
3492 def target_ref_parts(self):
3489 return self.unicode_to_reference(self.target_ref)
3493 return self.unicode_to_reference(self.target_ref)
3490
3494
3491 @property
3495 @property
3492 def shadow_merge_ref(self):
3496 def shadow_merge_ref(self):
3493 return self.unicode_to_reference(self._shadow_merge_ref)
3497 return self.unicode_to_reference(self._shadow_merge_ref)
3494
3498
3495 @shadow_merge_ref.setter
3499 @shadow_merge_ref.setter
3496 def shadow_merge_ref(self, ref):
3500 def shadow_merge_ref(self, ref):
3497 self._shadow_merge_ref = self.reference_to_unicode(ref)
3501 self._shadow_merge_ref = self.reference_to_unicode(ref)
3498
3502
3499 def unicode_to_reference(self, raw):
3503 def unicode_to_reference(self, raw):
3500 """
3504 """
3501 Convert a unicode (or string) to a reference object.
3505 Convert a unicode (or string) to a reference object.
3502 If unicode evaluates to False it returns None.
3506 If unicode evaluates to False it returns None.
3503 """
3507 """
3504 if raw:
3508 if raw:
3505 refs = raw.split(':')
3509 refs = raw.split(':')
3506 return Reference(*refs)
3510 return Reference(*refs)
3507 else:
3511 else:
3508 return None
3512 return None
3509
3513
3510 def reference_to_unicode(self, ref):
3514 def reference_to_unicode(self, ref):
3511 """
3515 """
3512 Convert a reference object to unicode.
3516 Convert a reference object to unicode.
3513 If reference is None it returns None.
3517 If reference is None it returns None.
3514 """
3518 """
3515 if ref:
3519 if ref:
3516 return u':'.join(ref)
3520 return u':'.join(ref)
3517 else:
3521 else:
3518 return None
3522 return None
3519
3523
3520 def get_api_data(self, with_merge_state=True):
3524 def get_api_data(self, with_merge_state=True):
3521 from rhodecode.model.pull_request import PullRequestModel
3525 from rhodecode.model.pull_request import PullRequestModel
3522
3526
3523 pull_request = self
3527 pull_request = self
3524 if with_merge_state:
3528 if with_merge_state:
3525 merge_status = PullRequestModel().merge_status(pull_request)
3529 merge_status = PullRequestModel().merge_status(pull_request)
3526 merge_state = {
3530 merge_state = {
3527 'status': merge_status[0],
3531 'status': merge_status[0],
3528 'message': safe_unicode(merge_status[1]),
3532 'message': safe_unicode(merge_status[1]),
3529 }
3533 }
3530 else:
3534 else:
3531 merge_state = {'status': 'not_available',
3535 merge_state = {'status': 'not_available',
3532 'message': 'not_available'}
3536 'message': 'not_available'}
3533
3537
3534 merge_data = {
3538 merge_data = {
3535 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3539 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3536 'reference': (
3540 'reference': (
3537 pull_request.shadow_merge_ref._asdict()
3541 pull_request.shadow_merge_ref._asdict()
3538 if pull_request.shadow_merge_ref else None),
3542 if pull_request.shadow_merge_ref else None),
3539 }
3543 }
3540
3544
3541 data = {
3545 data = {
3542 'pull_request_id': pull_request.pull_request_id,
3546 'pull_request_id': pull_request.pull_request_id,
3543 'url': PullRequestModel().get_url(pull_request),
3547 'url': PullRequestModel().get_url(pull_request),
3544 'title': pull_request.title,
3548 'title': pull_request.title,
3545 'description': pull_request.description,
3549 'description': pull_request.description,
3546 'status': pull_request.status,
3550 'status': pull_request.status,
3547 'created_on': pull_request.created_on,
3551 'created_on': pull_request.created_on,
3548 'updated_on': pull_request.updated_on,
3552 'updated_on': pull_request.updated_on,
3549 'commit_ids': pull_request.revisions,
3553 'commit_ids': pull_request.revisions,
3550 'review_status': pull_request.calculated_review_status(),
3554 'review_status': pull_request.calculated_review_status(),
3551 'mergeable': merge_state,
3555 'mergeable': merge_state,
3552 'source': {
3556 'source': {
3553 'clone_url': pull_request.source_repo.clone_url(),
3557 'clone_url': pull_request.source_repo.clone_url(),
3554 'repository': pull_request.source_repo.repo_name,
3558 'repository': pull_request.source_repo.repo_name,
3555 'reference': {
3559 'reference': {
3556 'name': pull_request.source_ref_parts.name,
3560 'name': pull_request.source_ref_parts.name,
3557 'type': pull_request.source_ref_parts.type,
3561 'type': pull_request.source_ref_parts.type,
3558 'commit_id': pull_request.source_ref_parts.commit_id,
3562 'commit_id': pull_request.source_ref_parts.commit_id,
3559 },
3563 },
3560 },
3564 },
3561 'target': {
3565 'target': {
3562 'clone_url': pull_request.target_repo.clone_url(),
3566 'clone_url': pull_request.target_repo.clone_url(),
3563 'repository': pull_request.target_repo.repo_name,
3567 'repository': pull_request.target_repo.repo_name,
3564 'reference': {
3568 'reference': {
3565 'name': pull_request.target_ref_parts.name,
3569 'name': pull_request.target_ref_parts.name,
3566 'type': pull_request.target_ref_parts.type,
3570 'type': pull_request.target_ref_parts.type,
3567 'commit_id': pull_request.target_ref_parts.commit_id,
3571 'commit_id': pull_request.target_ref_parts.commit_id,
3568 },
3572 },
3569 },
3573 },
3570 'merge': merge_data,
3574 'merge': merge_data,
3571 'author': pull_request.author.get_api_data(include_secrets=False,
3575 'author': pull_request.author.get_api_data(include_secrets=False,
3572 details='basic'),
3576 details='basic'),
3573 'reviewers': [
3577 'reviewers': [
3574 {
3578 {
3575 'user': reviewer.get_api_data(include_secrets=False,
3579 'user': reviewer.get_api_data(include_secrets=False,
3576 details='basic'),
3580 details='basic'),
3577 'reasons': reasons,
3581 'reasons': reasons,
3578 'review_status': st[0][1].status if st else 'not_reviewed',
3582 'review_status': st[0][1].status if st else 'not_reviewed',
3579 }
3583 }
3580 for reviewer, reasons, mandatory, st in
3584 for reviewer, reasons, mandatory, st in
3581 pull_request.reviewers_statuses()
3585 pull_request.reviewers_statuses()
3582 ]
3586 ]
3583 }
3587 }
3584
3588
3585 return data
3589 return data
3586
3590
3587
3591
3588 class PullRequest(Base, _PullRequestBase):
3592 class PullRequest(Base, _PullRequestBase):
3589 __tablename__ = 'pull_requests'
3593 __tablename__ = 'pull_requests'
3590 __table_args__ = (
3594 __table_args__ = (
3591 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3595 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3592 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3596 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3593 )
3597 )
3594
3598
3595 pull_request_id = Column(
3599 pull_request_id = Column(
3596 'pull_request_id', Integer(), nullable=False, primary_key=True)
3600 'pull_request_id', Integer(), nullable=False, primary_key=True)
3597
3601
3598 def __repr__(self):
3602 def __repr__(self):
3599 if self.pull_request_id:
3603 if self.pull_request_id:
3600 return '<DB:PullRequest #%s>' % self.pull_request_id
3604 return '<DB:PullRequest #%s>' % self.pull_request_id
3601 else:
3605 else:
3602 return '<DB:PullRequest at %#x>' % id(self)
3606 return '<DB:PullRequest at %#x>' % id(self)
3603
3607
3604 reviewers = relationship('PullRequestReviewers',
3608 reviewers = relationship('PullRequestReviewers',
3605 cascade="all, delete, delete-orphan")
3609 cascade="all, delete, delete-orphan")
3606 statuses = relationship('ChangesetStatus',
3610 statuses = relationship('ChangesetStatus',
3607 cascade="all, delete, delete-orphan")
3611 cascade="all, delete, delete-orphan")
3608 comments = relationship('ChangesetComment',
3612 comments = relationship('ChangesetComment',
3609 cascade="all, delete, delete-orphan")
3613 cascade="all, delete, delete-orphan")
3610 versions = relationship('PullRequestVersion',
3614 versions = relationship('PullRequestVersion',
3611 cascade="all, delete, delete-orphan",
3615 cascade="all, delete, delete-orphan",
3612 lazy='dynamic')
3616 lazy='dynamic')
3613
3617
3614 @classmethod
3618 @classmethod
3615 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3619 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3616 internal_methods=None):
3620 internal_methods=None):
3617
3621
3618 class PullRequestDisplay(object):
3622 class PullRequestDisplay(object):
3619 """
3623 """
3620 Special object wrapper for showing PullRequest data via Versions
3624 Special object wrapper for showing PullRequest data via Versions
3621 It mimics PR object as close as possible. This is read only object
3625 It mimics PR object as close as possible. This is read only object
3622 just for display
3626 just for display
3623 """
3627 """
3624
3628
3625 def __init__(self, attrs, internal=None):
3629 def __init__(self, attrs, internal=None):
3626 self.attrs = attrs
3630 self.attrs = attrs
3627 # internal have priority over the given ones via attrs
3631 # internal have priority over the given ones via attrs
3628 self.internal = internal or ['versions']
3632 self.internal = internal or ['versions']
3629
3633
3630 def __getattr__(self, item):
3634 def __getattr__(self, item):
3631 if item in self.internal:
3635 if item in self.internal:
3632 return getattr(self, item)
3636 return getattr(self, item)
3633 try:
3637 try:
3634 return self.attrs[item]
3638 return self.attrs[item]
3635 except KeyError:
3639 except KeyError:
3636 raise AttributeError(
3640 raise AttributeError(
3637 '%s object has no attribute %s' % (self, item))
3641 '%s object has no attribute %s' % (self, item))
3638
3642
3639 def __repr__(self):
3643 def __repr__(self):
3640 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3644 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3641
3645
3642 def versions(self):
3646 def versions(self):
3643 return pull_request_obj.versions.order_by(
3647 return pull_request_obj.versions.order_by(
3644 PullRequestVersion.pull_request_version_id).all()
3648 PullRequestVersion.pull_request_version_id).all()
3645
3649
3646 def is_closed(self):
3650 def is_closed(self):
3647 return pull_request_obj.is_closed()
3651 return pull_request_obj.is_closed()
3648
3652
3649 @property
3653 @property
3650 def pull_request_version_id(self):
3654 def pull_request_version_id(self):
3651 return getattr(pull_request_obj, 'pull_request_version_id', None)
3655 return getattr(pull_request_obj, 'pull_request_version_id', None)
3652
3656
3653 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3657 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3654
3658
3655 attrs.author = StrictAttributeDict(
3659 attrs.author = StrictAttributeDict(
3656 pull_request_obj.author.get_api_data())
3660 pull_request_obj.author.get_api_data())
3657 if pull_request_obj.target_repo:
3661 if pull_request_obj.target_repo:
3658 attrs.target_repo = StrictAttributeDict(
3662 attrs.target_repo = StrictAttributeDict(
3659 pull_request_obj.target_repo.get_api_data())
3663 pull_request_obj.target_repo.get_api_data())
3660 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3664 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3661
3665
3662 if pull_request_obj.source_repo:
3666 if pull_request_obj.source_repo:
3663 attrs.source_repo = StrictAttributeDict(
3667 attrs.source_repo = StrictAttributeDict(
3664 pull_request_obj.source_repo.get_api_data())
3668 pull_request_obj.source_repo.get_api_data())
3665 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3669 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3666
3670
3667 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3671 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3668 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3672 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3669 attrs.revisions = pull_request_obj.revisions
3673 attrs.revisions = pull_request_obj.revisions
3670
3674
3671 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3675 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3672 attrs.reviewer_data = org_pull_request_obj.reviewer_data
3676 attrs.reviewer_data = org_pull_request_obj.reviewer_data
3673 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
3677 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
3674
3678
3675 return PullRequestDisplay(attrs, internal=internal_methods)
3679 return PullRequestDisplay(attrs, internal=internal_methods)
3676
3680
3677 def is_closed(self):
3681 def is_closed(self):
3678 return self.status == self.STATUS_CLOSED
3682 return self.status == self.STATUS_CLOSED
3679
3683
3680 def __json__(self):
3684 def __json__(self):
3681 return {
3685 return {
3682 'revisions': self.revisions,
3686 'revisions': self.revisions,
3683 }
3687 }
3684
3688
3685 def calculated_review_status(self):
3689 def calculated_review_status(self):
3686 from rhodecode.model.changeset_status import ChangesetStatusModel
3690 from rhodecode.model.changeset_status import ChangesetStatusModel
3687 return ChangesetStatusModel().calculated_review_status(self)
3691 return ChangesetStatusModel().calculated_review_status(self)
3688
3692
3689 def reviewers_statuses(self):
3693 def reviewers_statuses(self):
3690 from rhodecode.model.changeset_status import ChangesetStatusModel
3694 from rhodecode.model.changeset_status import ChangesetStatusModel
3691 return ChangesetStatusModel().reviewers_statuses(self)
3695 return ChangesetStatusModel().reviewers_statuses(self)
3692
3696
3693 @property
3697 @property
3694 def workspace_id(self):
3698 def workspace_id(self):
3695 from rhodecode.model.pull_request import PullRequestModel
3699 from rhodecode.model.pull_request import PullRequestModel
3696 return PullRequestModel()._workspace_id(self)
3700 return PullRequestModel()._workspace_id(self)
3697
3701
3698 def get_shadow_repo(self):
3702 def get_shadow_repo(self):
3699 workspace_id = self.workspace_id
3703 workspace_id = self.workspace_id
3700 vcs_obj = self.target_repo.scm_instance()
3704 vcs_obj = self.target_repo.scm_instance()
3701 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3705 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3702 workspace_id)
3706 workspace_id)
3703 return vcs_obj._get_shadow_instance(shadow_repository_path)
3707 return vcs_obj._get_shadow_instance(shadow_repository_path)
3704
3708
3705
3709
3706 class PullRequestVersion(Base, _PullRequestBase):
3710 class PullRequestVersion(Base, _PullRequestBase):
3707 __tablename__ = 'pull_request_versions'
3711 __tablename__ = 'pull_request_versions'
3708 __table_args__ = (
3712 __table_args__ = (
3709 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3713 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3710 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3714 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3711 )
3715 )
3712
3716
3713 pull_request_version_id = Column(
3717 pull_request_version_id = Column(
3714 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3718 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3715 pull_request_id = Column(
3719 pull_request_id = Column(
3716 'pull_request_id', Integer(),
3720 'pull_request_id', Integer(),
3717 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3721 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3718 pull_request = relationship('PullRequest')
3722 pull_request = relationship('PullRequest')
3719
3723
3720 def __repr__(self):
3724 def __repr__(self):
3721 if self.pull_request_version_id:
3725 if self.pull_request_version_id:
3722 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3726 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3723 else:
3727 else:
3724 return '<DB:PullRequestVersion at %#x>' % id(self)
3728 return '<DB:PullRequestVersion at %#x>' % id(self)
3725
3729
3726 @property
3730 @property
3727 def reviewers(self):
3731 def reviewers(self):
3728 return self.pull_request.reviewers
3732 return self.pull_request.reviewers
3729
3733
3730 @property
3734 @property
3731 def versions(self):
3735 def versions(self):
3732 return self.pull_request.versions
3736 return self.pull_request.versions
3733
3737
3734 def is_closed(self):
3738 def is_closed(self):
3735 # calculate from original
3739 # calculate from original
3736 return self.pull_request.status == self.STATUS_CLOSED
3740 return self.pull_request.status == self.STATUS_CLOSED
3737
3741
3738 def calculated_review_status(self):
3742 def calculated_review_status(self):
3739 return self.pull_request.calculated_review_status()
3743 return self.pull_request.calculated_review_status()
3740
3744
3741 def reviewers_statuses(self):
3745 def reviewers_statuses(self):
3742 return self.pull_request.reviewers_statuses()
3746 return self.pull_request.reviewers_statuses()
3743
3747
3744
3748
3745 class PullRequestReviewers(Base, BaseModel):
3749 class PullRequestReviewers(Base, BaseModel):
3746 __tablename__ = 'pull_request_reviewers'
3750 __tablename__ = 'pull_request_reviewers'
3747 __table_args__ = (
3751 __table_args__ = (
3748 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3752 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3749 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3753 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3750 )
3754 )
3751
3755
3752 @hybrid_property
3756 @hybrid_property
3753 def reasons(self):
3757 def reasons(self):
3754 if not self._reasons:
3758 if not self._reasons:
3755 return []
3759 return []
3756 return self._reasons
3760 return self._reasons
3757
3761
3758 @reasons.setter
3762 @reasons.setter
3759 def reasons(self, val):
3763 def reasons(self, val):
3760 val = val or []
3764 val = val or []
3761 if any(not isinstance(x, basestring) for x in val):
3765 if any(not isinstance(x, basestring) for x in val):
3762 raise Exception('invalid reasons type, must be list of strings')
3766 raise Exception('invalid reasons type, must be list of strings')
3763 self._reasons = val
3767 self._reasons = val
3764
3768
3765 pull_requests_reviewers_id = Column(
3769 pull_requests_reviewers_id = Column(
3766 'pull_requests_reviewers_id', Integer(), nullable=False,
3770 'pull_requests_reviewers_id', Integer(), nullable=False,
3767 primary_key=True)
3771 primary_key=True)
3768 pull_request_id = Column(
3772 pull_request_id = Column(
3769 "pull_request_id", Integer(),
3773 "pull_request_id", Integer(),
3770 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3774 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3771 user_id = Column(
3775 user_id = Column(
3772 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3776 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3773 _reasons = Column(
3777 _reasons = Column(
3774 'reason', MutationList.as_mutable(
3778 'reason', MutationList.as_mutable(
3775 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3779 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3776 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
3780 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
3777 user = relationship('User')
3781 user = relationship('User')
3778 pull_request = relationship('PullRequest')
3782 pull_request = relationship('PullRequest')
3779
3783
3780
3784
3781 class Notification(Base, BaseModel):
3785 class Notification(Base, BaseModel):
3782 __tablename__ = 'notifications'
3786 __tablename__ = 'notifications'
3783 __table_args__ = (
3787 __table_args__ = (
3784 Index('notification_type_idx', 'type'),
3788 Index('notification_type_idx', 'type'),
3785 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3789 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3786 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3790 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3787 )
3791 )
3788
3792
3789 TYPE_CHANGESET_COMMENT = u'cs_comment'
3793 TYPE_CHANGESET_COMMENT = u'cs_comment'
3790 TYPE_MESSAGE = u'message'
3794 TYPE_MESSAGE = u'message'
3791 TYPE_MENTION = u'mention'
3795 TYPE_MENTION = u'mention'
3792 TYPE_REGISTRATION = u'registration'
3796 TYPE_REGISTRATION = u'registration'
3793 TYPE_PULL_REQUEST = u'pull_request'
3797 TYPE_PULL_REQUEST = u'pull_request'
3794 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3798 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3795
3799
3796 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3800 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3797 subject = Column('subject', Unicode(512), nullable=True)
3801 subject = Column('subject', Unicode(512), nullable=True)
3798 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3802 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3799 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3803 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3800 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3804 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3801 type_ = Column('type', Unicode(255))
3805 type_ = Column('type', Unicode(255))
3802
3806
3803 created_by_user = relationship('User')
3807 created_by_user = relationship('User')
3804 notifications_to_users = relationship('UserNotification', lazy='joined',
3808 notifications_to_users = relationship('UserNotification', lazy='joined',
3805 cascade="all, delete, delete-orphan")
3809 cascade="all, delete, delete-orphan")
3806
3810
3807 @property
3811 @property
3808 def recipients(self):
3812 def recipients(self):
3809 return [x.user for x in UserNotification.query()\
3813 return [x.user for x in UserNotification.query()\
3810 .filter(UserNotification.notification == self)\
3814 .filter(UserNotification.notification == self)\
3811 .order_by(UserNotification.user_id.asc()).all()]
3815 .order_by(UserNotification.user_id.asc()).all()]
3812
3816
3813 @classmethod
3817 @classmethod
3814 def create(cls, created_by, subject, body, recipients, type_=None):
3818 def create(cls, created_by, subject, body, recipients, type_=None):
3815 if type_ is None:
3819 if type_ is None:
3816 type_ = Notification.TYPE_MESSAGE
3820 type_ = Notification.TYPE_MESSAGE
3817
3821
3818 notification = cls()
3822 notification = cls()
3819 notification.created_by_user = created_by
3823 notification.created_by_user = created_by
3820 notification.subject = subject
3824 notification.subject = subject
3821 notification.body = body
3825 notification.body = body
3822 notification.type_ = type_
3826 notification.type_ = type_
3823 notification.created_on = datetime.datetime.now()
3827 notification.created_on = datetime.datetime.now()
3824
3828
3825 for u in recipients:
3829 for u in recipients:
3826 assoc = UserNotification()
3830 assoc = UserNotification()
3827 assoc.notification = notification
3831 assoc.notification = notification
3828
3832
3829 # if created_by is inside recipients mark his notification
3833 # if created_by is inside recipients mark his notification
3830 # as read
3834 # as read
3831 if u.user_id == created_by.user_id:
3835 if u.user_id == created_by.user_id:
3832 assoc.read = True
3836 assoc.read = True
3833
3837
3834 u.notifications.append(assoc)
3838 u.notifications.append(assoc)
3835 Session().add(notification)
3839 Session().add(notification)
3836
3840
3837 return notification
3841 return notification
3838
3842
3839
3843
3840 class UserNotification(Base, BaseModel):
3844 class UserNotification(Base, BaseModel):
3841 __tablename__ = 'user_to_notification'
3845 __tablename__ = 'user_to_notification'
3842 __table_args__ = (
3846 __table_args__ = (
3843 UniqueConstraint('user_id', 'notification_id'),
3847 UniqueConstraint('user_id', 'notification_id'),
3844 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3848 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3845 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3849 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3846 )
3850 )
3847 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3851 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3848 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3852 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3849 read = Column('read', Boolean, default=False)
3853 read = Column('read', Boolean, default=False)
3850 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3854 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3851
3855
3852 user = relationship('User', lazy="joined")
3856 user = relationship('User', lazy="joined")
3853 notification = relationship('Notification', lazy="joined",
3857 notification = relationship('Notification', lazy="joined",
3854 order_by=lambda: Notification.created_on.desc(),)
3858 order_by=lambda: Notification.created_on.desc(),)
3855
3859
3856 def mark_as_read(self):
3860 def mark_as_read(self):
3857 self.read = True
3861 self.read = True
3858 Session().add(self)
3862 Session().add(self)
3859
3863
3860
3864
3861 class Gist(Base, BaseModel):
3865 class Gist(Base, BaseModel):
3862 __tablename__ = 'gists'
3866 __tablename__ = 'gists'
3863 __table_args__ = (
3867 __table_args__ = (
3864 Index('g_gist_access_id_idx', 'gist_access_id'),
3868 Index('g_gist_access_id_idx', 'gist_access_id'),
3865 Index('g_created_on_idx', 'created_on'),
3869 Index('g_created_on_idx', 'created_on'),
3866 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3870 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3867 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3871 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3868 )
3872 )
3869 GIST_PUBLIC = u'public'
3873 GIST_PUBLIC = u'public'
3870 GIST_PRIVATE = u'private'
3874 GIST_PRIVATE = u'private'
3871 DEFAULT_FILENAME = u'gistfile1.txt'
3875 DEFAULT_FILENAME = u'gistfile1.txt'
3872
3876
3873 ACL_LEVEL_PUBLIC = u'acl_public'
3877 ACL_LEVEL_PUBLIC = u'acl_public'
3874 ACL_LEVEL_PRIVATE = u'acl_private'
3878 ACL_LEVEL_PRIVATE = u'acl_private'
3875
3879
3876 gist_id = Column('gist_id', Integer(), primary_key=True)
3880 gist_id = Column('gist_id', Integer(), primary_key=True)
3877 gist_access_id = Column('gist_access_id', Unicode(250))
3881 gist_access_id = Column('gist_access_id', Unicode(250))
3878 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3882 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3879 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3883 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3880 gist_expires = Column('gist_expires', Float(53), nullable=False)
3884 gist_expires = Column('gist_expires', Float(53), nullable=False)
3881 gist_type = Column('gist_type', Unicode(128), nullable=False)
3885 gist_type = Column('gist_type', Unicode(128), nullable=False)
3882 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3886 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3883 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3887 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3884 acl_level = Column('acl_level', Unicode(128), nullable=True)
3888 acl_level = Column('acl_level', Unicode(128), nullable=True)
3885
3889
3886 owner = relationship('User')
3890 owner = relationship('User')
3887
3891
3888 def __repr__(self):
3892 def __repr__(self):
3889 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3893 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3890
3894
3891 @hybrid_property
3895 @hybrid_property
3892 def description_safe(self):
3896 def description_safe(self):
3893 from rhodecode.lib import helpers as h
3897 from rhodecode.lib import helpers as h
3894 return h.escape(self.gist_description)
3898 return h.escape(self.gist_description)
3895
3899
3896 @classmethod
3900 @classmethod
3897 def get_or_404(cls, id_):
3901 def get_or_404(cls, id_):
3898 from pyramid.httpexceptions import HTTPNotFound
3902 from pyramid.httpexceptions import HTTPNotFound
3899
3903
3900 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3904 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3901 if not res:
3905 if not res:
3902 raise HTTPNotFound()
3906 raise HTTPNotFound()
3903 return res
3907 return res
3904
3908
3905 @classmethod
3909 @classmethod
3906 def get_by_access_id(cls, gist_access_id):
3910 def get_by_access_id(cls, gist_access_id):
3907 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3911 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3908
3912
3909 def gist_url(self):
3913 def gist_url(self):
3910 from rhodecode.model.gist import GistModel
3914 from rhodecode.model.gist import GistModel
3911 return GistModel().get_url(self)
3915 return GistModel().get_url(self)
3912
3916
3913 @classmethod
3917 @classmethod
3914 def base_path(cls):
3918 def base_path(cls):
3915 """
3919 """
3916 Returns base path when all gists are stored
3920 Returns base path when all gists are stored
3917
3921
3918 :param cls:
3922 :param cls:
3919 """
3923 """
3920 from rhodecode.model.gist import GIST_STORE_LOC
3924 from rhodecode.model.gist import GIST_STORE_LOC
3921 q = Session().query(RhodeCodeUi)\
3925 q = Session().query(RhodeCodeUi)\
3922 .filter(RhodeCodeUi.ui_key == URL_SEP)
3926 .filter(RhodeCodeUi.ui_key == URL_SEP)
3923 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3927 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3924 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
3928 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
3925
3929
3926 def get_api_data(self):
3930 def get_api_data(self):
3927 """
3931 """
3928 Common function for generating gist related data for API
3932 Common function for generating gist related data for API
3929 """
3933 """
3930 gist = self
3934 gist = self
3931 data = {
3935 data = {
3932 'gist_id': gist.gist_id,
3936 'gist_id': gist.gist_id,
3933 'type': gist.gist_type,
3937 'type': gist.gist_type,
3934 'access_id': gist.gist_access_id,
3938 'access_id': gist.gist_access_id,
3935 'description': gist.gist_description,
3939 'description': gist.gist_description,
3936 'url': gist.gist_url(),
3940 'url': gist.gist_url(),
3937 'expires': gist.gist_expires,
3941 'expires': gist.gist_expires,
3938 'created_on': gist.created_on,
3942 'created_on': gist.created_on,
3939 'modified_at': gist.modified_at,
3943 'modified_at': gist.modified_at,
3940 'content': None,
3944 'content': None,
3941 'acl_level': gist.acl_level,
3945 'acl_level': gist.acl_level,
3942 }
3946 }
3943 return data
3947 return data
3944
3948
3945 def __json__(self):
3949 def __json__(self):
3946 data = dict(
3950 data = dict(
3947 )
3951 )
3948 data.update(self.get_api_data())
3952 data.update(self.get_api_data())
3949 return data
3953 return data
3950 # SCM functions
3954 # SCM functions
3951
3955
3952 def scm_instance(self, **kwargs):
3956 def scm_instance(self, **kwargs):
3953 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
3957 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
3954 return get_vcs_instance(
3958 return get_vcs_instance(
3955 repo_path=safe_str(full_repo_path), create=False)
3959 repo_path=safe_str(full_repo_path), create=False)
3956
3960
3957
3961
3958 class ExternalIdentity(Base, BaseModel):
3962 class ExternalIdentity(Base, BaseModel):
3959 __tablename__ = 'external_identities'
3963 __tablename__ = 'external_identities'
3960 __table_args__ = (
3964 __table_args__ = (
3961 Index('local_user_id_idx', 'local_user_id'),
3965 Index('local_user_id_idx', 'local_user_id'),
3962 Index('external_id_idx', 'external_id'),
3966 Index('external_id_idx', 'external_id'),
3963 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3967 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3964 'mysql_charset': 'utf8'})
3968 'mysql_charset': 'utf8'})
3965
3969
3966 external_id = Column('external_id', Unicode(255), default=u'',
3970 external_id = Column('external_id', Unicode(255), default=u'',
3967 primary_key=True)
3971 primary_key=True)
3968 external_username = Column('external_username', Unicode(1024), default=u'')
3972 external_username = Column('external_username', Unicode(1024), default=u'')
3969 local_user_id = Column('local_user_id', Integer(),
3973 local_user_id = Column('local_user_id', Integer(),
3970 ForeignKey('users.user_id'), primary_key=True)
3974 ForeignKey('users.user_id'), primary_key=True)
3971 provider_name = Column('provider_name', Unicode(255), default=u'',
3975 provider_name = Column('provider_name', Unicode(255), default=u'',
3972 primary_key=True)
3976 primary_key=True)
3973 access_token = Column('access_token', String(1024), default=u'')
3977 access_token = Column('access_token', String(1024), default=u'')
3974 alt_token = Column('alt_token', String(1024), default=u'')
3978 alt_token = Column('alt_token', String(1024), default=u'')
3975 token_secret = Column('token_secret', String(1024), default=u'')
3979 token_secret = Column('token_secret', String(1024), default=u'')
3976
3980
3977 @classmethod
3981 @classmethod
3978 def by_external_id_and_provider(cls, external_id, provider_name,
3982 def by_external_id_and_provider(cls, external_id, provider_name,
3979 local_user_id=None):
3983 local_user_id=None):
3980 """
3984 """
3981 Returns ExternalIdentity instance based on search params
3985 Returns ExternalIdentity instance based on search params
3982
3986
3983 :param external_id:
3987 :param external_id:
3984 :param provider_name:
3988 :param provider_name:
3985 :return: ExternalIdentity
3989 :return: ExternalIdentity
3986 """
3990 """
3987 query = cls.query()
3991 query = cls.query()
3988 query = query.filter(cls.external_id == external_id)
3992 query = query.filter(cls.external_id == external_id)
3989 query = query.filter(cls.provider_name == provider_name)
3993 query = query.filter(cls.provider_name == provider_name)
3990 if local_user_id:
3994 if local_user_id:
3991 query = query.filter(cls.local_user_id == local_user_id)
3995 query = query.filter(cls.local_user_id == local_user_id)
3992 return query.first()
3996 return query.first()
3993
3997
3994 @classmethod
3998 @classmethod
3995 def user_by_external_id_and_provider(cls, external_id, provider_name):
3999 def user_by_external_id_and_provider(cls, external_id, provider_name):
3996 """
4000 """
3997 Returns User instance based on search params
4001 Returns User instance based on search params
3998
4002
3999 :param external_id:
4003 :param external_id:
4000 :param provider_name:
4004 :param provider_name:
4001 :return: User
4005 :return: User
4002 """
4006 """
4003 query = User.query()
4007 query = User.query()
4004 query = query.filter(cls.external_id == external_id)
4008 query = query.filter(cls.external_id == external_id)
4005 query = query.filter(cls.provider_name == provider_name)
4009 query = query.filter(cls.provider_name == provider_name)
4006 query = query.filter(User.user_id == cls.local_user_id)
4010 query = query.filter(User.user_id == cls.local_user_id)
4007 return query.first()
4011 return query.first()
4008
4012
4009 @classmethod
4013 @classmethod
4010 def by_local_user_id(cls, local_user_id):
4014 def by_local_user_id(cls, local_user_id):
4011 """
4015 """
4012 Returns all tokens for user
4016 Returns all tokens for user
4013
4017
4014 :param local_user_id:
4018 :param local_user_id:
4015 :return: ExternalIdentity
4019 :return: ExternalIdentity
4016 """
4020 """
4017 query = cls.query()
4021 query = cls.query()
4018 query = query.filter(cls.local_user_id == local_user_id)
4022 query = query.filter(cls.local_user_id == local_user_id)
4019 return query
4023 return query
4020
4024
4021
4025
4022 class Integration(Base, BaseModel):
4026 class Integration(Base, BaseModel):
4023 __tablename__ = 'integrations'
4027 __tablename__ = 'integrations'
4024 __table_args__ = (
4028 __table_args__ = (
4025 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4029 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4026 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
4030 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
4027 )
4031 )
4028
4032
4029 integration_id = Column('integration_id', Integer(), primary_key=True)
4033 integration_id = Column('integration_id', Integer(), primary_key=True)
4030 integration_type = Column('integration_type', String(255))
4034 integration_type = Column('integration_type', String(255))
4031 enabled = Column('enabled', Boolean(), nullable=False)
4035 enabled = Column('enabled', Boolean(), nullable=False)
4032 name = Column('name', String(255), nullable=False)
4036 name = Column('name', String(255), nullable=False)
4033 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
4037 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
4034 default=False)
4038 default=False)
4035
4039
4036 settings = Column(
4040 settings = Column(
4037 'settings_json', MutationObj.as_mutable(
4041 'settings_json', MutationObj.as_mutable(
4038 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
4042 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
4039 repo_id = Column(
4043 repo_id = Column(
4040 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
4044 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
4041 nullable=True, unique=None, default=None)
4045 nullable=True, unique=None, default=None)
4042 repo = relationship('Repository', lazy='joined')
4046 repo = relationship('Repository', lazy='joined')
4043
4047
4044 repo_group_id = Column(
4048 repo_group_id = Column(
4045 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
4049 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
4046 nullable=True, unique=None, default=None)
4050 nullable=True, unique=None, default=None)
4047 repo_group = relationship('RepoGroup', lazy='joined')
4051 repo_group = relationship('RepoGroup', lazy='joined')
4048
4052
4049 @property
4053 @property
4050 def scope(self):
4054 def scope(self):
4051 if self.repo:
4055 if self.repo:
4052 return repr(self.repo)
4056 return repr(self.repo)
4053 if self.repo_group:
4057 if self.repo_group:
4054 if self.child_repos_only:
4058 if self.child_repos_only:
4055 return repr(self.repo_group) + ' (child repos only)'
4059 return repr(self.repo_group) + ' (child repos only)'
4056 else:
4060 else:
4057 return repr(self.repo_group) + ' (recursive)'
4061 return repr(self.repo_group) + ' (recursive)'
4058 if self.child_repos_only:
4062 if self.child_repos_only:
4059 return 'root_repos'
4063 return 'root_repos'
4060 return 'global'
4064 return 'global'
4061
4065
4062 def __repr__(self):
4066 def __repr__(self):
4063 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4067 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4064
4068
4065
4069
4066 class RepoReviewRuleUser(Base, BaseModel):
4070 class RepoReviewRuleUser(Base, BaseModel):
4067 __tablename__ = 'repo_review_rules_users'
4071 __tablename__ = 'repo_review_rules_users'
4068 __table_args__ = (
4072 __table_args__ = (
4069 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4073 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4070 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4074 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4071 )
4075 )
4072 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4076 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4073 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4077 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4074 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4078 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4075 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4079 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4076 user = relationship('User')
4080 user = relationship('User')
4077
4081
4078 def rule_data(self):
4082 def rule_data(self):
4079 return {
4083 return {
4080 'mandatory': self.mandatory
4084 'mandatory': self.mandatory
4081 }
4085 }
4082
4086
4083
4087
4084 class RepoReviewRuleUserGroup(Base, BaseModel):
4088 class RepoReviewRuleUserGroup(Base, BaseModel):
4085 __tablename__ = 'repo_review_rules_users_groups'
4089 __tablename__ = 'repo_review_rules_users_groups'
4086 __table_args__ = (
4090 __table_args__ = (
4087 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4091 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4088 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4092 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4089 )
4093 )
4090 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4094 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4091 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4095 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4092 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4096 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4093 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4097 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4094 users_group = relationship('UserGroup')
4098 users_group = relationship('UserGroup')
4095
4099
4096 def rule_data(self):
4100 def rule_data(self):
4097 return {
4101 return {
4098 'mandatory': self.mandatory
4102 'mandatory': self.mandatory
4099 }
4103 }
4100
4104
4101
4105
4102 class RepoReviewRule(Base, BaseModel):
4106 class RepoReviewRule(Base, BaseModel):
4103 __tablename__ = 'repo_review_rules'
4107 __tablename__ = 'repo_review_rules'
4104 __table_args__ = (
4108 __table_args__ = (
4105 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4109 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4106 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4110 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4107 )
4111 )
4108
4112
4109 repo_review_rule_id = Column(
4113 repo_review_rule_id = Column(
4110 'repo_review_rule_id', Integer(), primary_key=True)
4114 'repo_review_rule_id', Integer(), primary_key=True)
4111 repo_id = Column(
4115 repo_id = Column(
4112 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4116 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4113 repo = relationship('Repository', backref='review_rules')
4117 repo = relationship('Repository', backref='review_rules')
4114
4118
4115 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4119 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4116 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4120 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4117
4121
4118 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4122 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4119 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4123 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4120 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4124 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4121 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4125 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4122
4126
4123 rule_users = relationship('RepoReviewRuleUser')
4127 rule_users = relationship('RepoReviewRuleUser')
4124 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4128 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4125
4129
4126 @hybrid_property
4130 @hybrid_property
4127 def branch_pattern(self):
4131 def branch_pattern(self):
4128 return self._branch_pattern or '*'
4132 return self._branch_pattern or '*'
4129
4133
4130 def _validate_glob(self, value):
4134 def _validate_glob(self, value):
4131 re.compile('^' + glob2re(value) + '$')
4135 re.compile('^' + glob2re(value) + '$')
4132
4136
4133 @branch_pattern.setter
4137 @branch_pattern.setter
4134 def branch_pattern(self, value):
4138 def branch_pattern(self, value):
4135 self._validate_glob(value)
4139 self._validate_glob(value)
4136 self._branch_pattern = value or '*'
4140 self._branch_pattern = value or '*'
4137
4141
4138 @hybrid_property
4142 @hybrid_property
4139 def file_pattern(self):
4143 def file_pattern(self):
4140 return self._file_pattern or '*'
4144 return self._file_pattern or '*'
4141
4145
4142 @file_pattern.setter
4146 @file_pattern.setter
4143 def file_pattern(self, value):
4147 def file_pattern(self, value):
4144 self._validate_glob(value)
4148 self._validate_glob(value)
4145 self._file_pattern = value or '*'
4149 self._file_pattern = value or '*'
4146
4150
4147 def matches(self, branch, files_changed):
4151 def matches(self, branch, files_changed):
4148 """
4152 """
4149 Check if this review rule matches a branch/files in a pull request
4153 Check if this review rule matches a branch/files in a pull request
4150
4154
4151 :param branch: branch name for the commit
4155 :param branch: branch name for the commit
4152 :param files_changed: list of file paths changed in the pull request
4156 :param files_changed: list of file paths changed in the pull request
4153 """
4157 """
4154
4158
4155 branch = branch or ''
4159 branch = branch or ''
4156 files_changed = files_changed or []
4160 files_changed = files_changed or []
4157
4161
4158 branch_matches = True
4162 branch_matches = True
4159 if branch:
4163 if branch:
4160 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4164 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4161 branch_matches = bool(branch_regex.search(branch))
4165 branch_matches = bool(branch_regex.search(branch))
4162
4166
4163 files_matches = True
4167 files_matches = True
4164 if self.file_pattern != '*':
4168 if self.file_pattern != '*':
4165 files_matches = False
4169 files_matches = False
4166 file_regex = re.compile(glob2re(self.file_pattern))
4170 file_regex = re.compile(glob2re(self.file_pattern))
4167 for filename in files_changed:
4171 for filename in files_changed:
4168 if file_regex.search(filename):
4172 if file_regex.search(filename):
4169 files_matches = True
4173 files_matches = True
4170 break
4174 break
4171
4175
4172 return branch_matches and files_matches
4176 return branch_matches and files_matches
4173
4177
4174 @property
4178 @property
4175 def review_users(self):
4179 def review_users(self):
4176 """ Returns the users which this rule applies to """
4180 """ Returns the users which this rule applies to """
4177
4181
4178 users = collections.OrderedDict()
4182 users = collections.OrderedDict()
4179
4183
4180 for rule_user in self.rule_users:
4184 for rule_user in self.rule_users:
4181 if rule_user.user.active:
4185 if rule_user.user.active:
4182 if rule_user.user not in users:
4186 if rule_user.user not in users:
4183 users[rule_user.user.username] = {
4187 users[rule_user.user.username] = {
4184 'user': rule_user.user,
4188 'user': rule_user.user,
4185 'source': 'user',
4189 'source': 'user',
4186 'source_data': {},
4190 'source_data': {},
4187 'data': rule_user.rule_data()
4191 'data': rule_user.rule_data()
4188 }
4192 }
4189
4193
4190 for rule_user_group in self.rule_user_groups:
4194 for rule_user_group in self.rule_user_groups:
4191 source_data = {
4195 source_data = {
4192 'name': rule_user_group.users_group.users_group_name,
4196 'name': rule_user_group.users_group.users_group_name,
4193 'members': len(rule_user_group.users_group.members)
4197 'members': len(rule_user_group.users_group.members)
4194 }
4198 }
4195 for member in rule_user_group.users_group.members:
4199 for member in rule_user_group.users_group.members:
4196 if member.user.active:
4200 if member.user.active:
4197 users[member.user.username] = {
4201 users[member.user.username] = {
4198 'user': member.user,
4202 'user': member.user,
4199 'source': 'user_group',
4203 'source': 'user_group',
4200 'source_data': source_data,
4204 'source_data': source_data,
4201 'data': rule_user_group.rule_data()
4205 'data': rule_user_group.rule_data()
4202 }
4206 }
4203
4207
4204 return users
4208 return users
4205
4209
4206 def __repr__(self):
4210 def __repr__(self):
4207 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4211 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4208 self.repo_review_rule_id, self.repo)
4212 self.repo_review_rule_id, self.repo)
4209
4213
4210
4214
4211 class ScheduleEntry(Base, BaseModel):
4215 class ScheduleEntry(Base, BaseModel):
4212 __tablename__ = 'schedule_entries'
4216 __tablename__ = 'schedule_entries'
4213 __table_args__ = (
4217 __table_args__ = (
4214 UniqueConstraint('schedule_name', name='s_schedule_name_idx'),
4218 UniqueConstraint('schedule_name', name='s_schedule_name_idx'),
4215 UniqueConstraint('task_uid', name='s_task_uid_idx'),
4219 UniqueConstraint('task_uid', name='s_task_uid_idx'),
4216 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4220 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4217 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4221 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4218 )
4222 )
4219 schedule_types = ['crontab', 'timedelta', 'integer']
4223 schedule_types = ['crontab', 'timedelta', 'integer']
4220 schedule_entry_id = Column('schedule_entry_id', Integer(), primary_key=True)
4224 schedule_entry_id = Column('schedule_entry_id', Integer(), primary_key=True)
4221
4225
4222 schedule_name = Column("schedule_name", String(255), nullable=False, unique=None, default=None)
4226 schedule_name = Column("schedule_name", String(255), nullable=False, unique=None, default=None)
4223 schedule_description = Column("schedule_description", String(10000), nullable=True, unique=None, default=None)
4227 schedule_description = Column("schedule_description", String(10000), nullable=True, unique=None, default=None)
4224 schedule_enabled = Column("schedule_enabled", Boolean(), nullable=False, unique=None, default=True)
4228 schedule_enabled = Column("schedule_enabled", Boolean(), nullable=False, unique=None, default=True)
4225
4229
4226 _schedule_type = Column("schedule_type", String(255), nullable=False, unique=None, default=None)
4230 _schedule_type = Column("schedule_type", String(255), nullable=False, unique=None, default=None)
4227 schedule_definition = Column('schedule_definition_json', MutationObj.as_mutable(JsonType(default=lambda: "", dialect_map=dict(mysql=LONGTEXT()))))
4231 schedule_definition = Column('schedule_definition_json', MutationObj.as_mutable(JsonType(default=lambda: "", dialect_map=dict(mysql=LONGTEXT()))))
4228
4232
4229 schedule_last_run = Column('schedule_last_run', DateTime(timezone=False), nullable=True, unique=None, default=None)
4233 schedule_last_run = Column('schedule_last_run', DateTime(timezone=False), nullable=True, unique=None, default=None)
4230 schedule_total_run_count = Column('schedule_total_run_count', Integer(), nullable=True, unique=None, default=0)
4234 schedule_total_run_count = Column('schedule_total_run_count', Integer(), nullable=True, unique=None, default=0)
4231
4235
4232 # task
4236 # task
4233 task_uid = Column("task_uid", String(255), nullable=False, unique=None, default=None)
4237 task_uid = Column("task_uid", String(255), nullable=False, unique=None, default=None)
4234 task_dot_notation = Column("task_dot_notation", String(4096), nullable=False, unique=None, default=None)
4238 task_dot_notation = Column("task_dot_notation", String(4096), nullable=False, unique=None, default=None)
4235 task_args = Column('task_args_json', MutationObj.as_mutable(JsonType(default=list, dialect_map=dict(mysql=LONGTEXT()))))
4239 task_args = Column('task_args_json', MutationObj.as_mutable(JsonType(default=list, dialect_map=dict(mysql=LONGTEXT()))))
4236 task_kwargs = Column('task_kwargs_json', MutationObj.as_mutable(JsonType(default=dict, dialect_map=dict(mysql=LONGTEXT()))))
4240 task_kwargs = Column('task_kwargs_json', MutationObj.as_mutable(JsonType(default=dict, dialect_map=dict(mysql=LONGTEXT()))))
4237
4241
4238 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4242 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
4239 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=None)
4243 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=None)
4240
4244
4241 @hybrid_property
4245 @hybrid_property
4242 def schedule_type(self):
4246 def schedule_type(self):
4243 return self._schedule_type
4247 return self._schedule_type
4244
4248
4245 @schedule_type.setter
4249 @schedule_type.setter
4246 def schedule_type(self, val):
4250 def schedule_type(self, val):
4247 if val not in self.schedule_types:
4251 if val not in self.schedule_types:
4248 raise ValueError('Value must be on of `{}` and got `{}`'.format(
4252 raise ValueError('Value must be on of `{}` and got `{}`'.format(
4249 val, self.schedule_type))
4253 val, self.schedule_type))
4250
4254
4251 self._schedule_type = val
4255 self._schedule_type = val
4252
4256
4253 @classmethod
4257 @classmethod
4254 def get_uid(cls, obj):
4258 def get_uid(cls, obj):
4255 args = obj.task_args
4259 args = obj.task_args
4256 kwargs = obj.task_kwargs
4260 kwargs = obj.task_kwargs
4257 if isinstance(args, JsonRaw):
4261 if isinstance(args, JsonRaw):
4258 try:
4262 try:
4259 args = json.loads(args)
4263 args = json.loads(args)
4260 except ValueError:
4264 except ValueError:
4261 args = tuple()
4265 args = tuple()
4262
4266
4263 if isinstance(kwargs, JsonRaw):
4267 if isinstance(kwargs, JsonRaw):
4264 try:
4268 try:
4265 kwargs = json.loads(kwargs)
4269 kwargs = json.loads(kwargs)
4266 except ValueError:
4270 except ValueError:
4267 kwargs = dict()
4271 kwargs = dict()
4268
4272
4269 dot_notation = obj.task_dot_notation
4273 dot_notation = obj.task_dot_notation
4270 val = '.'.join(map(safe_str, [
4274 val = '.'.join(map(safe_str, [
4271 sorted(dot_notation), args, sorted(kwargs.items())]))
4275 sorted(dot_notation), args, sorted(kwargs.items())]))
4272 return hashlib.sha1(val).hexdigest()
4276 return hashlib.sha1(val).hexdigest()
4273
4277
4274 @classmethod
4278 @classmethod
4275 def get_by_schedule_name(cls, schedule_name):
4279 def get_by_schedule_name(cls, schedule_name):
4276 return cls.query().filter(cls.schedule_name == schedule_name).scalar()
4280 return cls.query().filter(cls.schedule_name == schedule_name).scalar()
4277
4281
4278 @classmethod
4282 @classmethod
4279 def get_by_schedule_id(cls, schedule_id):
4283 def get_by_schedule_id(cls, schedule_id):
4280 return cls.query().filter(cls.schedule_entry_id == schedule_id).scalar()
4284 return cls.query().filter(cls.schedule_entry_id == schedule_id).scalar()
4281
4285
4282 @property
4286 @property
4283 def task(self):
4287 def task(self):
4284 return self.task_dot_notation
4288 return self.task_dot_notation
4285
4289
4286 @property
4290 @property
4287 def schedule(self):
4291 def schedule(self):
4288 from rhodecode.lib.celerylib.utils import raw_2_schedule
4292 from rhodecode.lib.celerylib.utils import raw_2_schedule
4289 schedule = raw_2_schedule(self.schedule_definition, self.schedule_type)
4293 schedule = raw_2_schedule(self.schedule_definition, self.schedule_type)
4290 return schedule
4294 return schedule
4291
4295
4292 @property
4296 @property
4293 def args(self):
4297 def args(self):
4294 try:
4298 try:
4295 return list(self.task_args or [])
4299 return list(self.task_args or [])
4296 except ValueError:
4300 except ValueError:
4297 return list()
4301 return list()
4298
4302
4299 @property
4303 @property
4300 def kwargs(self):
4304 def kwargs(self):
4301 try:
4305 try:
4302 return dict(self.task_kwargs or {})
4306 return dict(self.task_kwargs or {})
4303 except ValueError:
4307 except ValueError:
4304 return dict()
4308 return dict()
4305
4309
4306 def _as_raw(self, val):
4310 def _as_raw(self, val):
4307 if hasattr(val, 'de_coerce'):
4311 if hasattr(val, 'de_coerce'):
4308 val = val.de_coerce()
4312 val = val.de_coerce()
4309 if val:
4313 if val:
4310 val = json.dumps(val)
4314 val = json.dumps(val)
4311
4315
4312 return val
4316 return val
4313
4317
4314 @property
4318 @property
4315 def schedule_definition_raw(self):
4319 def schedule_definition_raw(self):
4316 return self._as_raw(self.schedule_definition)
4320 return self._as_raw(self.schedule_definition)
4317
4321
4318 @property
4322 @property
4319 def args_raw(self):
4323 def args_raw(self):
4320 return self._as_raw(self.task_args)
4324 return self._as_raw(self.task_args)
4321
4325
4322 @property
4326 @property
4323 def kwargs_raw(self):
4327 def kwargs_raw(self):
4324 return self._as_raw(self.task_kwargs)
4328 return self._as_raw(self.task_kwargs)
4325
4329
4326 def __repr__(self):
4330 def __repr__(self):
4327 return '<DB:ScheduleEntry({}:{})>'.format(
4331 return '<DB:ScheduleEntry({}:{})>'.format(
4328 self.schedule_entry_id, self.schedule_name)
4332 self.schedule_entry_id, self.schedule_name)
4329
4333
4330
4334
4331 @event.listens_for(ScheduleEntry, 'before_update')
4335 @event.listens_for(ScheduleEntry, 'before_update')
4332 def update_task_uid(mapper, connection, target):
4336 def update_task_uid(mapper, connection, target):
4333 target.task_uid = ScheduleEntry.get_uid(target)
4337 target.task_uid = ScheduleEntry.get_uid(target)
4334
4338
4335
4339
4336 @event.listens_for(ScheduleEntry, 'before_insert')
4340 @event.listens_for(ScheduleEntry, 'before_insert')
4337 def set_task_uid(mapper, connection, target):
4341 def set_task_uid(mapper, connection, target):
4338 target.task_uid = ScheduleEntry.get_uid(target)
4342 target.task_uid = ScheduleEntry.get_uid(target)
4339
4343
4340
4344
4341 class DbMigrateVersion(Base, BaseModel):
4345 class DbMigrateVersion(Base, BaseModel):
4342 __tablename__ = 'db_migrate_version'
4346 __tablename__ = 'db_migrate_version'
4343 __table_args__ = (
4347 __table_args__ = (
4344 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4348 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4345 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4349 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4346 )
4350 )
4347 repository_id = Column('repository_id', String(250), primary_key=True)
4351 repository_id = Column('repository_id', String(250), primary_key=True)
4348 repository_path = Column('repository_path', Text)
4352 repository_path = Column('repository_path', Text)
4349 version = Column('version', Integer)
4353 version = Column('version', Integer)
4350
4354
4351
4355
4352 class DbSession(Base, BaseModel):
4356 class DbSession(Base, BaseModel):
4353 __tablename__ = 'db_session'
4357 __tablename__ = 'db_session'
4354 __table_args__ = (
4358 __table_args__ = (
4355 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4359 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4356 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4360 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4357 )
4361 )
4358
4362
4359 def __repr__(self):
4363 def __repr__(self):
4360 return '<DB:DbSession({})>'.format(self.id)
4364 return '<DB:DbSession({})>'.format(self.id)
4361
4365
4362 id = Column('id', Integer())
4366 id = Column('id', Integer())
4363 namespace = Column('namespace', String(255), primary_key=True)
4367 namespace = Column('namespace', String(255), primary_key=True)
4364 accessed = Column('accessed', DateTime, nullable=False)
4368 accessed = Column('accessed', DateTime, nullable=False)
4365 created = Column('created', DateTime, nullable=False)
4369 created = Column('created', DateTime, nullable=False)
4366 data = Column('data', PickleType, nullable=False)
4370 data = Column('data', PickleType, nullable=False)
Show file before | Show file after | Hide comments
@@ -1,911 +1,909 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 users model for RhodeCode
22 users model for RhodeCode
23 """
23 """
24
24
25 import logging
25 import logging
26 import traceback
26 import traceback
27 import datetime
27 import datetime
28 import ipaddress
28 import ipaddress
29
29
30 from pyramid.threadlocal import get_current_request
30 from pyramid.threadlocal import get_current_request
31 from sqlalchemy.exc import DatabaseError
31 from sqlalchemy.exc import DatabaseError
32
32
33 from rhodecode import events
33 from rhodecode import events
34 from rhodecode.lib.user_log_filter import user_log_filter
34 from rhodecode.lib.user_log_filter import user_log_filter
35 from rhodecode.lib.utils2 import (
35 from rhodecode.lib.utils2 import (
36 safe_unicode, get_current_rhodecode_user, action_logger_generic,
36 safe_unicode, get_current_rhodecode_user, action_logger_generic,
37 AttributeDict, str2bool)
37 AttributeDict, str2bool)
38 from rhodecode.lib.exceptions import (
38 from rhodecode.lib.exceptions import (
39 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
39 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
40 UserOwnsUserGroupsException, NotAllowedToCreateUserError)
40 UserOwnsUserGroupsException, NotAllowedToCreateUserError)
41 from rhodecode.lib.caching_query import FromCache
41 from rhodecode.lib.caching_query import FromCache
42 from rhodecode.model import BaseModel
42 from rhodecode.model import BaseModel
43 from rhodecode.model.auth_token import AuthTokenModel
43 from rhodecode.model.auth_token import AuthTokenModel
44 from rhodecode.model.db import (
44 from rhodecode.model.db import (
45 _hash_key, true, false, or_, joinedload, User, UserToPerm,
45 _hash_key, true, false, or_, joinedload, User, UserToPerm,
46 UserEmailMap, UserIpMap, UserLog)
46 UserEmailMap, UserIpMap, UserLog)
47 from rhodecode.model.meta import Session
47 from rhodecode.model.meta import Session
48 from rhodecode.model.repo_group import RepoGroupModel
48 from rhodecode.model.repo_group import RepoGroupModel
49
49
50
50
51 log = logging.getLogger(__name__)
51 log = logging.getLogger(__name__)
52
52
53
53
54 class UserModel(BaseModel):
54 class UserModel(BaseModel):
55 cls = User
55 cls = User
56
56
57 def get(self, user_id, cache=False):
57 def get(self, user_id, cache=False):
58 user = self.sa.query(User)
58 user = self.sa.query(User)
59 if cache:
59 if cache:
60 user = user.options(
60 user = user.options(
61 FromCache("sql_cache_short", "get_user_%s" % user_id))
61 FromCache("sql_cache_short", "get_user_%s" % user_id))
62 return user.get(user_id)
62 return user.get(user_id)
63
63
64 def get_user(self, user):
64 def get_user(self, user):
65 return self._get_user(user)
65 return self._get_user(user)
66
66
67 def _serialize_user(self, user):
67 def _serialize_user(self, user):
68 import rhodecode.lib.helpers as h
68 import rhodecode.lib.helpers as h
69
69
70 return {
70 return {
71 'id': user.user_id,
71 'id': user.user_id,
72 'first_name': user.first_name,
72 'first_name': user.first_name,
73 'last_name': user.last_name,
73 'last_name': user.last_name,
74 'username': user.username,
74 'username': user.username,
75 'email': user.email,
75 'email': user.email,
76 'icon_link': h.gravatar_url(user.email, 30),
76 'icon_link': h.gravatar_url(user.email, 30),
77 'value_display': h.escape(h.person(user)),
77 'value_display': h.escape(h.person(user)),
78 'value': user.username,
78 'value': user.username,
79 'value_type': 'user',
79 'value_type': 'user',
80 'active': user.active,
80 'active': user.active,
81 }
81 }
82
82
83 def get_users(self, name_contains=None, limit=20, only_active=True):
83 def get_users(self, name_contains=None, limit=20, only_active=True):
84
84
85 query = self.sa.query(User)
85 query = self.sa.query(User)
86 if only_active:
86 if only_active:
87 query = query.filter(User.active == true())
87 query = query.filter(User.active == true())
88
88
89 if name_contains:
89 if name_contains:
90 ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
90 ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
91 query = query.filter(
91 query = query.filter(
92 or_(
92 or_(
93 User.name.ilike(ilike_expression),
93 User.name.ilike(ilike_expression),
94 User.lastname.ilike(ilike_expression),
94 User.lastname.ilike(ilike_expression),
95 User.username.ilike(ilike_expression)
95 User.username.ilike(ilike_expression)
96 )
96 )
97 )
97 )
98 query = query.limit(limit)
98 query = query.limit(limit)
99 users = query.all()
99 users = query.all()
100
100
101 _users = [
101 _users = [
102 self._serialize_user(user) for user in users
102 self._serialize_user(user) for user in users
103 ]
103 ]
104 return _users
104 return _users
105
105
106 def get_by_username(self, username, cache=False, case_insensitive=False):
106 def get_by_username(self, username, cache=False, case_insensitive=False):
107
107
108 if case_insensitive:
108 if case_insensitive:
109 user = self.sa.query(User).filter(User.username.ilike(username))
109 user = self.sa.query(User).filter(User.username.ilike(username))
110 else:
110 else:
111 user = self.sa.query(User)\
111 user = self.sa.query(User)\
112 .filter(User.username == username)
112 .filter(User.username == username)
113 if cache:
113 if cache:
114 name_key = _hash_key(username)
114 name_key = _hash_key(username)
115 user = user.options(
115 user = user.options(
116 FromCache("sql_cache_short", "get_user_%s" % name_key))
116 FromCache("sql_cache_short", "get_user_%s" % name_key))
117 return user.scalar()
117 return user.scalar()
118
118
119 def get_by_email(self, email, cache=False, case_insensitive=False):
119 def get_by_email(self, email, cache=False, case_insensitive=False):
120 return User.get_by_email(email, case_insensitive, cache)
120 return User.get_by_email(email, case_insensitive, cache)
121
121
122 def get_by_auth_token(self, auth_token, cache=False):
122 def get_by_auth_token(self, auth_token, cache=False):
123 return User.get_by_auth_token(auth_token, cache)
123 return User.get_by_auth_token(auth_token, cache)
124
124
125 def get_active_user_count(self, cache=False):
125 def get_active_user_count(self, cache=False):
126 return User.query().filter(
126 return User.query().filter(
127 User.active == True).filter(
127 User.active == True).filter(
128 User.username != User.DEFAULT_USER).count()
128 User.username != User.DEFAULT_USER).count()
129
129
130 def create(self, form_data, cur_user=None):
130 def create(self, form_data, cur_user=None):
131 if not cur_user:
131 if not cur_user:
132 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
132 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
133
133
134 user_data = {
134 user_data = {
135 'username': form_data['username'],
135 'username': form_data['username'],
136 'password': form_data['password'],
136 'password': form_data['password'],
137 'email': form_data['email'],
137 'email': form_data['email'],
138 'firstname': form_data['firstname'],
138 'firstname': form_data['firstname'],
139 'lastname': form_data['lastname'],
139 'lastname': form_data['lastname'],
140 'active': form_data['active'],
140 'active': form_data['active'],
141 'extern_type': form_data['extern_type'],
141 'extern_type': form_data['extern_type'],
142 'extern_name': form_data['extern_name'],
142 'extern_name': form_data['extern_name'],
143 'admin': False,
143 'admin': False,
144 'cur_user': cur_user
144 'cur_user': cur_user
145 }
145 }
146
146
147 if 'create_repo_group' in form_data:
147 if 'create_repo_group' in form_data:
148 user_data['create_repo_group'] = str2bool(
148 user_data['create_repo_group'] = str2bool(
149 form_data.get('create_repo_group'))
149 form_data.get('create_repo_group'))
150
150
151 try:
151 try:
152 if form_data.get('password_change'):
152 if form_data.get('password_change'):
153 user_data['force_password_change'] = True
153 user_data['force_password_change'] = True
154 return UserModel().create_or_update(**user_data)
154 return UserModel().create_or_update(**user_data)
155 except Exception:
155 except Exception:
156 log.error(traceback.format_exc())
156 log.error(traceback.format_exc())
157 raise
157 raise
158
158
159 def update_user(self, user, skip_attrs=None, **kwargs):
159 def update_user(self, user, skip_attrs=None, **kwargs):
160 from rhodecode.lib.auth import get_crypt_password
160 from rhodecode.lib.auth import get_crypt_password
161
161
162 user = self._get_user(user)
162 user = self._get_user(user)
163 if user.username == User.DEFAULT_USER:
163 if user.username == User.DEFAULT_USER:
164 raise DefaultUserException(
164 raise DefaultUserException(
165 "You can't edit this user (`%(username)s`) since it's "
165 "You can't edit this user (`%(username)s`) since it's "
166 "crucial for entire application" % {
166 "crucial for entire application" % {
167 'username': user.username})
167 'username': user.username})
168
168
169 # first store only defaults
169 # first store only defaults
170 user_attrs = {
170 user_attrs = {
171 'updating_user_id': user.user_id,
171 'updating_user_id': user.user_id,
172 'username': user.username,
172 'username': user.username,
173 'password': user.password,
173 'password': user.password,
174 'email': user.email,
174 'email': user.email,
175 'firstname': user.name,
175 'firstname': user.name,
176 'lastname': user.lastname,
176 'lastname': user.lastname,
177 'active': user.active,
177 'active': user.active,
178 'admin': user.admin,
178 'admin': user.admin,
179 'extern_name': user.extern_name,
179 'extern_name': user.extern_name,
180 'extern_type': user.extern_type,
180 'extern_type': user.extern_type,
181 'language': user.user_data.get('language')
181 'language': user.user_data.get('language')
182 }
182 }
183
183
184 # in case there's new_password, that comes from form, use it to
184 # in case there's new_password, that comes from form, use it to
185 # store password
185 # store password
186 if kwargs.get('new_password'):
186 if kwargs.get('new_password'):
187 kwargs['password'] = kwargs['new_password']
187 kwargs['password'] = kwargs['new_password']
188
188
189 # cleanups, my_account password change form
189 # cleanups, my_account password change form
190 kwargs.pop('current_password', None)
190 kwargs.pop('current_password', None)
191 kwargs.pop('new_password', None)
191 kwargs.pop('new_password', None)
192
192
193 # cleanups, user edit password change form
193 # cleanups, user edit password change form
194 kwargs.pop('password_confirmation', None)
194 kwargs.pop('password_confirmation', None)
195 kwargs.pop('password_change', None)
195 kwargs.pop('password_change', None)
196
196
197 # create repo group on user creation
197 # create repo group on user creation
198 kwargs.pop('create_repo_group', None)
198 kwargs.pop('create_repo_group', None)
199
199
200 # legacy forms send name, which is the firstname
200 # legacy forms send name, which is the firstname
201 firstname = kwargs.pop('name', None)
201 firstname = kwargs.pop('name', None)
202 if firstname:
202 if firstname:
203 kwargs['firstname'] = firstname
203 kwargs['firstname'] = firstname
204
204
205 for k, v in kwargs.items():
205 for k, v in kwargs.items():
206 # skip if we don't want to update this
206 # skip if we don't want to update this
207 if skip_attrs and k in skip_attrs:
207 if skip_attrs and k in skip_attrs:
208 continue
208 continue
209
209
210 user_attrs[k] = v
210 user_attrs[k] = v
211
211
212 try:
212 try:
213 return self.create_or_update(**user_attrs)
213 return self.create_or_update(**user_attrs)
214 except Exception:
214 except Exception:
215 log.error(traceback.format_exc())
215 log.error(traceback.format_exc())
216 raise
216 raise
217
217
218 def create_or_update(
218 def create_or_update(
219 self, username, password, email, firstname='', lastname='',
219 self, username, password, email, firstname='', lastname='',
220 active=True, admin=False, extern_type=None, extern_name=None,
220 active=True, admin=False, extern_type=None, extern_name=None,
221 cur_user=None, plugin=None, force_password_change=False,
221 cur_user=None, plugin=None, force_password_change=False,
222 allow_to_create_user=True, create_repo_group=None,
222 allow_to_create_user=True, create_repo_group=None,
223 updating_user_id=None, language=None, strict_creation_check=True):
223 updating_user_id=None, language=None, strict_creation_check=True):
224 """
224 """
225 Creates a new instance if not found, or updates current one
225 Creates a new instance if not found, or updates current one
226
226
227 :param username:
227 :param username:
228 :param password:
228 :param password:
229 :param email:
229 :param email:
230 :param firstname:
230 :param firstname:
231 :param lastname:
231 :param lastname:
232 :param active:
232 :param active:
233 :param admin:
233 :param admin:
234 :param extern_type:
234 :param extern_type:
235 :param extern_name:
235 :param extern_name:
236 :param cur_user:
236 :param cur_user:
237 :param plugin: optional plugin this method was called from
237 :param plugin: optional plugin this method was called from
238 :param force_password_change: toggles new or existing user flag
238 :param force_password_change: toggles new or existing user flag
239 for password change
239 for password change
240 :param allow_to_create_user: Defines if the method can actually create
240 :param allow_to_create_user: Defines if the method can actually create
241 new users
241 new users
242 :param create_repo_group: Defines if the method should also
242 :param create_repo_group: Defines if the method should also
243 create an repo group with user name, and owner
243 create an repo group with user name, and owner
244 :param updating_user_id: if we set it up this is the user we want to
244 :param updating_user_id: if we set it up this is the user we want to
245 update this allows to editing username.
245 update this allows to editing username.
246 :param language: language of user from interface.
246 :param language: language of user from interface.
247
247
248 :returns: new User object with injected `is_new_user` attribute.
248 :returns: new User object with injected `is_new_user` attribute.
249 """
249 """
250
250
251 if not cur_user:
251 if not cur_user:
252 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
252 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
253
253
254 from rhodecode.lib.auth import (
254 from rhodecode.lib.auth import (
255 get_crypt_password, check_password, generate_auth_token)
255 get_crypt_password, check_password, generate_auth_token)
256 from rhodecode.lib.hooks_base import (
256 from rhodecode.lib.hooks_base import (
257 log_create_user, check_allowed_create_user)
257 log_create_user, check_allowed_create_user)
258
258
259 def _password_change(new_user, password):
259 def _password_change(new_user, password):
260 old_password = new_user.password or ''
260 old_password = new_user.password or ''
261 # empty password
261 # empty password
262 if not old_password:
262 if not old_password:
263 return False
263 return False
264
264
265 # password check is only needed for RhodeCode internal auth calls
265 # password check is only needed for RhodeCode internal auth calls
266 # in case it's a plugin we don't care
266 # in case it's a plugin we don't care
267 if not plugin:
267 if not plugin:
268
268
269 # first check if we gave crypted password back, and if it
269 # first check if we gave crypted password back, and if it
270 # matches it's not password change
270 # matches it's not password change
271 if new_user.password == password:
271 if new_user.password == password:
272 return False
272 return False
273
273
274 password_match = check_password(password, old_password)
274 password_match = check_password(password, old_password)
275 if not password_match:
275 if not password_match:
276 return True
276 return True
277
277
278 return False
278 return False
279
279
280 # read settings on default personal repo group creation
280 # read settings on default personal repo group creation
281 if create_repo_group is None:
281 if create_repo_group is None:
282 default_create_repo_group = RepoGroupModel()\
282 default_create_repo_group = RepoGroupModel()\
283 .get_default_create_personal_repo_group()
283 .get_default_create_personal_repo_group()
284 create_repo_group = default_create_repo_group
284 create_repo_group = default_create_repo_group
285
285
286 user_data = {
286 user_data = {
287 'username': username,
287 'username': username,
288 'password': password,
288 'password': password,
289 'email': email,
289 'email': email,
290 'firstname': firstname,
290 'firstname': firstname,
291 'lastname': lastname,
291 'lastname': lastname,
292 'active': active,
292 'active': active,
293 'admin': admin
293 'admin': admin
294 }
294 }
295
295
296 if updating_user_id:
296 if updating_user_id:
297 log.debug('Checking for existing account in RhodeCode '
297 log.debug('Checking for existing account in RhodeCode '
298 'database with user_id `%s` ' % (updating_user_id,))
298 'database with user_id `%s` ' % (updating_user_id,))
299 user = User.get(updating_user_id)
299 user = User.get(updating_user_id)
300 else:
300 else:
301 log.debug('Checking for existing account in RhodeCode '
301 log.debug('Checking for existing account in RhodeCode '
302 'database with username `%s` ' % (username,))
302 'database with username `%s` ' % (username,))
303 user = User.get_by_username(username, case_insensitive=True)
303 user = User.get_by_username(username, case_insensitive=True)
304
304
305 if user is None:
305 if user is None:
306 # we check internal flag if this method is actually allowed to
306 # we check internal flag if this method is actually allowed to
307 # create new user
307 # create new user
308 if not allow_to_create_user:
308 if not allow_to_create_user:
309 msg = ('Method wants to create new user, but it is not '
309 msg = ('Method wants to create new user, but it is not '
310 'allowed to do so')
310 'allowed to do so')
311 log.warning(msg)
311 log.warning(msg)
312 raise NotAllowedToCreateUserError(msg)
312 raise NotAllowedToCreateUserError(msg)
313
313
314 log.debug('Creating new user %s', username)
314 log.debug('Creating new user %s', username)
315
315
316 # only if we create user that is active
316 # only if we create user that is active
317 new_active_user = active
317 new_active_user = active
318 if new_active_user and strict_creation_check:
318 if new_active_user and strict_creation_check:
319 # raises UserCreationError if it's not allowed for any reason to
319 # raises UserCreationError if it's not allowed for any reason to
320 # create new active user, this also executes pre-create hooks
320 # create new active user, this also executes pre-create hooks
321 check_allowed_create_user(user_data, cur_user, strict_check=True)
321 check_allowed_create_user(user_data, cur_user, strict_check=True)
322 events.trigger(events.UserPreCreate(user_data))
322 events.trigger(events.UserPreCreate(user_data))
323 new_user = User()
323 new_user = User()
324 edit = False
324 edit = False
325 else:
325 else:
326 log.debug('updating user %s', username)
326 log.debug('updating user %s', username)
327 events.trigger(events.UserPreUpdate(user, user_data))
327 events.trigger(events.UserPreUpdate(user, user_data))
328 new_user = user
328 new_user = user
329 edit = True
329 edit = True
330
330
331 # we're not allowed to edit default user
331 # we're not allowed to edit default user
332 if user.username == User.DEFAULT_USER:
332 if user.username == User.DEFAULT_USER:
333 raise DefaultUserException(
333 raise DefaultUserException(
334 "You can't edit this user (`%(username)s`) since it's "
334 "You can't edit this user (`%(username)s`) since it's "
335 "crucial for entire application"
335 "crucial for entire application"
336 % {'username': user.username})
336 % {'username': user.username})
337
337
338 # inject special attribute that will tell us if User is new or old
338 # inject special attribute that will tell us if User is new or old
339 new_user.is_new_user = not edit
339 new_user.is_new_user = not edit
340 # for users that didn's specify auth type, we use RhodeCode built in
340 # for users that didn's specify auth type, we use RhodeCode built in
341 from rhodecode.authentication.plugins import auth_rhodecode
341 from rhodecode.authentication.plugins import auth_rhodecode
342 extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
342 extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
343 extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
343 extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
344
344
345 try:
345 try:
346 new_user.username = username
346 new_user.username = username
347 new_user.admin = admin
347 new_user.admin = admin
348 new_user.email = email
348 new_user.email = email
349 new_user.active = active
349 new_user.active = active
350 new_user.extern_name = safe_unicode(extern_name)
350 new_user.extern_name = safe_unicode(extern_name)
351 new_user.extern_type = safe_unicode(extern_type)
351 new_user.extern_type = safe_unicode(extern_type)
352 new_user.name = firstname
352 new_user.name = firstname
353 new_user.lastname = lastname
353 new_user.lastname = lastname
354
354
355 # set password only if creating an user or password is changed
355 # set password only if creating an user or password is changed
356 if not edit or _password_change(new_user, password):
356 if not edit or _password_change(new_user, password):
357 reason = 'new password' if edit else 'new user'
357 reason = 'new password' if edit else 'new user'
358 log.debug('Updating password reason=>%s', reason)
358 log.debug('Updating password reason=>%s', reason)
359 new_user.password = get_crypt_password(password) if password else None
359 new_user.password = get_crypt_password(password) if password else None
360
360
361 if force_password_change:
361 if force_password_change:
362 new_user.update_userdata(force_password_change=True)
362 new_user.update_userdata(force_password_change=True)
363 if language:
363 if language:
364 new_user.update_userdata(language=language)
364 new_user.update_userdata(language=language)
365 new_user.update_userdata(notification_status=True)
365 new_user.update_userdata(notification_status=True)
366
366
367 self.sa.add(new_user)
367 self.sa.add(new_user)
368
368
369 if not edit and create_repo_group:
369 if not edit and create_repo_group:
370 RepoGroupModel().create_personal_repo_group(
370 RepoGroupModel().create_personal_repo_group(
371 new_user, commit_early=False)
371 new_user, commit_early=False)
372
372
373 if not edit:
373 if not edit:
374 # add the RSS token
374 # add the RSS token
375 AuthTokenModel().create(username,
375 AuthTokenModel().create(username,
376 description=u'Generated feed token',
376 description=u'Generated feed token',
377 role=AuthTokenModel.cls.ROLE_FEED)
377 role=AuthTokenModel.cls.ROLE_FEED)
378 kwargs = new_user.get_dict()
378 kwargs = new_user.get_dict()
379 # backward compat, require api_keys present
379 # backward compat, require api_keys present
380 kwargs['api_keys'] = kwargs['auth_tokens']
380 kwargs['api_keys'] = kwargs['auth_tokens']
381 log_create_user(created_by=cur_user, **kwargs)
381 log_create_user(created_by=cur_user, **kwargs)
382 events.trigger(events.UserPostCreate(user_data))
382 events.trigger(events.UserPostCreate(user_data))
383 return new_user
383 return new_user
384 except (DatabaseError,):
384 except (DatabaseError,):
385 log.error(traceback.format_exc())
385 log.error(traceback.format_exc())
386 raise
386 raise
387
387
388 def create_registration(self, form_data):
388 def create_registration(self, form_data):
389 from rhodecode.model.notification import NotificationModel
389 from rhodecode.model.notification import NotificationModel
390 from rhodecode.model.notification import EmailNotificationModel
390 from rhodecode.model.notification import EmailNotificationModel
391
391
392 try:
392 try:
393 form_data['admin'] = False
393 form_data['admin'] = False
394 form_data['extern_name'] = 'rhodecode'
394 form_data['extern_name'] = 'rhodecode'
395 form_data['extern_type'] = 'rhodecode'
395 form_data['extern_type'] = 'rhodecode'
396 new_user = self.create(form_data)
396 new_user = self.create(form_data)
397
397
398 self.sa.add(new_user)
398 self.sa.add(new_user)
399 self.sa.flush()
399 self.sa.flush()
400
400
401 user_data = new_user.get_dict()
401 user_data = new_user.get_dict()
402 kwargs = {
402 kwargs = {
403 # use SQLALCHEMY safe dump of user data
403 # use SQLALCHEMY safe dump of user data
404 'user': AttributeDict(user_data),
404 'user': AttributeDict(user_data),
405 'date': datetime.datetime.now()
405 'date': datetime.datetime.now()
406 }
406 }
407 notification_type = EmailNotificationModel.TYPE_REGISTRATION
407 notification_type = EmailNotificationModel.TYPE_REGISTRATION
408 # pre-generate the subject for notification itself
408 # pre-generate the subject for notification itself
409 (subject,
409 (subject,
410 _h, _e, # we don't care about those
410 _h, _e, # we don't care about those
411 body_plaintext) = EmailNotificationModel().render_email(
411 body_plaintext) = EmailNotificationModel().render_email(
412 notification_type, **kwargs)
412 notification_type, **kwargs)
413
413
414 # create notification objects, and emails
414 # create notification objects, and emails
415 NotificationModel().create(
415 NotificationModel().create(
416 created_by=new_user,
416 created_by=new_user,
417 notification_subject=subject,
417 notification_subject=subject,
418 notification_body=body_plaintext,
418 notification_body=body_plaintext,
419 notification_type=notification_type,
419 notification_type=notification_type,
420 recipients=None, # all admins
420 recipients=None, # all admins
421 email_kwargs=kwargs,
421 email_kwargs=kwargs,
422 )
422 )
423
423
424 return new_user
424 return new_user
425 except Exception:
425 except Exception:
426 log.error(traceback.format_exc())
426 log.error(traceback.format_exc())
427 raise
427 raise
428
428
429 def _handle_user_repos(self, username, repositories, handle_mode=None):
429 def _handle_user_repos(self, username, repositories, handle_mode=None):
430 _superadmin = self.cls.get_first_super_admin()
430 _superadmin = self.cls.get_first_super_admin()
431 left_overs = True
431 left_overs = True
432
432
433 from rhodecode.model.repo import RepoModel
433 from rhodecode.model.repo import RepoModel
434
434
435 if handle_mode == 'detach':
435 if handle_mode == 'detach':
436 for obj in repositories:
436 for obj in repositories:
437 obj.user = _superadmin
437 obj.user = _superadmin
438 # set description we know why we super admin now owns
438 # set description we know why we super admin now owns
439 # additional repositories that were orphaned !
439 # additional repositories that were orphaned !
440 obj.description += ' \n::detached repository from deleted user: %s' % (username,)
440 obj.description += ' \n::detached repository from deleted user: %s' % (username,)
441 self.sa.add(obj)
441 self.sa.add(obj)
442 left_overs = False
442 left_overs = False
443 elif handle_mode == 'delete':
443 elif handle_mode == 'delete':
444 for obj in repositories:
444 for obj in repositories:
445 RepoModel().delete(obj, forks='detach')
445 RepoModel().delete(obj, forks='detach')
446 left_overs = False
446 left_overs = False
447
447
448 # if nothing is done we have left overs left
448 # if nothing is done we have left overs left
449 return left_overs
449 return left_overs
450
450
451 def _handle_user_repo_groups(self, username, repository_groups,
451 def _handle_user_repo_groups(self, username, repository_groups,
452 handle_mode=None):
452 handle_mode=None):
453 _superadmin = self.cls.get_first_super_admin()
453 _superadmin = self.cls.get_first_super_admin()
454 left_overs = True
454 left_overs = True
455
455
456 from rhodecode.model.repo_group import RepoGroupModel
456 from rhodecode.model.repo_group import RepoGroupModel
457
457
458 if handle_mode == 'detach':
458 if handle_mode == 'detach':
459 for r in repository_groups:
459 for r in repository_groups:
460 r.user = _superadmin
460 r.user = _superadmin
461 # set description we know why we super admin now owns
461 # set description we know why we super admin now owns
462 # additional repositories that were orphaned !
462 # additional repositories that were orphaned !
463 r.group_description += ' \n::detached repository group from deleted user: %s' % (username,)
463 r.group_description += ' \n::detached repository group from deleted user: %s' % (username,)
464 self.sa.add(r)
464 self.sa.add(r)
465 left_overs = False
465 left_overs = False
466 elif handle_mode == 'delete':
466 elif handle_mode == 'delete':
467 for r in repository_groups:
467 for r in repository_groups:
468 RepoGroupModel().delete(r)
468 RepoGroupModel().delete(r)
469 left_overs = False
469 left_overs = False
470
470
471 # if nothing is done we have left overs left
471 # if nothing is done we have left overs left
472 return left_overs
472 return left_overs
473
473
474 def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
474 def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
475 _superadmin = self.cls.get_first_super_admin()
475 _superadmin = self.cls.get_first_super_admin()
476 left_overs = True
476 left_overs = True
477
477
478 from rhodecode.model.user_group import UserGroupModel
478 from rhodecode.model.user_group import UserGroupModel
479
479
480 if handle_mode == 'detach':
480 if handle_mode == 'detach':
481 for r in user_groups:
481 for r in user_groups:
482 for user_user_group_to_perm in r.user_user_group_to_perm:
482 for user_user_group_to_perm in r.user_user_group_to_perm:
483 if user_user_group_to_perm.user.username == username:
483 if user_user_group_to_perm.user.username == username:
484 user_user_group_to_perm.user = _superadmin
484 user_user_group_to_perm.user = _superadmin
485 r.user = _superadmin
485 r.user = _superadmin
486 # set description we know why we super admin now owns
486 # set description we know why we super admin now owns
487 # additional repositories that were orphaned !
487 # additional repositories that were orphaned !
488 r.user_group_description += ' \n::detached user group from deleted user: %s' % (username,)
488 r.user_group_description += ' \n::detached user group from deleted user: %s' % (username,)
489 self.sa.add(r)
489 self.sa.add(r)
490 left_overs = False
490 left_overs = False
491 elif handle_mode == 'delete':
491 elif handle_mode == 'delete':
492 for r in user_groups:
492 for r in user_groups:
493 UserGroupModel().delete(r)
493 UserGroupModel().delete(r)
494 left_overs = False
494 left_overs = False
495
495
496 # if nothing is done we have left overs left
496 # if nothing is done we have left overs left
497 return left_overs
497 return left_overs
498
498
499 def delete(self, user, cur_user=None, handle_repos=None,
499 def delete(self, user, cur_user=None, handle_repos=None,
500 handle_repo_groups=None, handle_user_groups=None):
500 handle_repo_groups=None, handle_user_groups=None):
501 if not cur_user:
501 if not cur_user:
502 cur_user = getattr(
502 cur_user = getattr(
503 get_current_rhodecode_user(), 'username', None)
503 get_current_rhodecode_user(), 'username', None)
504 user = self._get_user(user)
504 user = self._get_user(user)
505
505
506 try:
506 try:
507 if user.username == User.DEFAULT_USER:
507 if user.username == User.DEFAULT_USER:
508 raise DefaultUserException(
508 raise DefaultUserException(
509 u"You can't remove this user since it's"
509 u"You can't remove this user since it's"
510 u" crucial for entire application")
510 u" crucial for entire application")
511
511
512 left_overs = self._handle_user_repos(
512 left_overs = self._handle_user_repos(
513 user.username, user.repositories, handle_repos)
513 user.username, user.repositories, handle_repos)
514 if left_overs and user.repositories:
514 if left_overs and user.repositories:
515 repos = [x.repo_name for x in user.repositories]
515 repos = [x.repo_name for x in user.repositories]
516 raise UserOwnsReposException(
516 raise UserOwnsReposException(
517 u'user "%(username)s" still owns %(len_repos)s repositories and cannot be '
517 u'user "%(username)s" still owns %(len_repos)s repositories and cannot be '
518 u'removed. Switch owners or remove those repositories:%(list_repos)s'
518 u'removed. Switch owners or remove those repositories:%(list_repos)s'
519 % {'username': user.username, 'len_repos': len(repos),
519 % {'username': user.username, 'len_repos': len(repos),
520 'list_repos': ', '.join(repos)})
520 'list_repos': ', '.join(repos)})
521
521
522 left_overs = self._handle_user_repo_groups(
522 left_overs = self._handle_user_repo_groups(
523 user.username, user.repository_groups, handle_repo_groups)
523 user.username, user.repository_groups, handle_repo_groups)
524 if left_overs and user.repository_groups:
524 if left_overs and user.repository_groups:
525 repo_groups = [x.group_name for x in user.repository_groups]
525 repo_groups = [x.group_name for x in user.repository_groups]
526 raise UserOwnsRepoGroupsException(
526 raise UserOwnsRepoGroupsException(
527 u'user "%(username)s" still owns %(len_repo_groups)s repository groups and cannot be '
527 u'user "%(username)s" still owns %(len_repo_groups)s repository groups and cannot be '
528 u'removed. Switch owners or remove those repository groups:%(list_repo_groups)s'
528 u'removed. Switch owners or remove those repository groups:%(list_repo_groups)s'
529 % {'username': user.username, 'len_repo_groups': len(repo_groups),
529 % {'username': user.username, 'len_repo_groups': len(repo_groups),
530 'list_repo_groups': ', '.join(repo_groups)})
530 'list_repo_groups': ', '.join(repo_groups)})
531
531
532 left_overs = self._handle_user_user_groups(
532 left_overs = self._handle_user_user_groups(
533 user.username, user.user_groups, handle_user_groups)
533 user.username, user.user_groups, handle_user_groups)
534 if left_overs and user.user_groups:
534 if left_overs and user.user_groups:
535 user_groups = [x.users_group_name for x in user.user_groups]
535 user_groups = [x.users_group_name for x in user.user_groups]
536 raise UserOwnsUserGroupsException(
536 raise UserOwnsUserGroupsException(
537 u'user "%s" still owns %s user groups and cannot be '
537 u'user "%s" still owns %s user groups and cannot be '
538 u'removed. Switch owners or remove those user groups:%s'
538 u'removed. Switch owners or remove those user groups:%s'
539 % (user.username, len(user_groups), ', '.join(user_groups)))
539 % (user.username, len(user_groups), ', '.join(user_groups)))
540
540
541 # we might change the user data with detach/delete, make sure
541 # we might change the user data with detach/delete, make sure
542 # the object is marked as expired before actually deleting !
542 # the object is marked as expired before actually deleting !
543 self.sa.expire(user)
543 self.sa.expire(user)
544 self.sa.delete(user)
544 self.sa.delete(user)
545 from rhodecode.lib.hooks_base import log_delete_user
545 from rhodecode.lib.hooks_base import log_delete_user
546 log_delete_user(deleted_by=cur_user, **user.get_dict())
546 log_delete_user(deleted_by=cur_user, **user.get_dict())
547 except Exception:
547 except Exception:
548 log.error(traceback.format_exc())
548 log.error(traceback.format_exc())
549 raise
549 raise
550
550
551 def reset_password_link(self, data, pwd_reset_url):
551 def reset_password_link(self, data, pwd_reset_url):
552 from rhodecode.lib.celerylib import tasks, run_task
552 from rhodecode.lib.celerylib import tasks, run_task
553 from rhodecode.model.notification import EmailNotificationModel
553 from rhodecode.model.notification import EmailNotificationModel
554 user_email = data['email']
554 user_email = data['email']
555 try:
555 try:
556 user = User.get_by_email(user_email)
556 user = User.get_by_email(user_email)
557 if user:
557 if user:
558 log.debug('password reset user found %s', user)
558 log.debug('password reset user found %s', user)
559
559
560 email_kwargs = {
560 email_kwargs = {
561 'password_reset_url': pwd_reset_url,
561 'password_reset_url': pwd_reset_url,
562 'user': user,
562 'user': user,
563 'email': user_email,
563 'email': user_email,
564 'date': datetime.datetime.now()
564 'date': datetime.datetime.now()
565 }
565 }
566
566
567 (subject, headers, email_body,
567 (subject, headers, email_body,
568 email_body_plaintext) = EmailNotificationModel().render_email(
568 email_body_plaintext) = EmailNotificationModel().render_email(
569 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
569 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
570
570
571 recipients = [user_email]
571 recipients = [user_email]
572
572
573 action_logger_generic(
573 action_logger_generic(
574 'sending password reset email to user: {}'.format(
574 'sending password reset email to user: {}'.format(
575 user), namespace='security.password_reset')
575 user), namespace='security.password_reset')
576
576
577 run_task(tasks.send_email, recipients, subject,
577 run_task(tasks.send_email, recipients, subject,
578 email_body_plaintext, email_body)
578 email_body_plaintext, email_body)
579
579
580 else:
580 else:
581 log.debug("password reset email %s not found", user_email)
581 log.debug("password reset email %s not found", user_email)
582 except Exception:
582 except Exception:
583 log.error(traceback.format_exc())
583 log.error(traceback.format_exc())
584 return False
584 return False
585
585
586 return True
586 return True
587
587
588 def reset_password(self, data):
588 def reset_password(self, data):
589 from rhodecode.lib.celerylib import tasks, run_task
589 from rhodecode.lib.celerylib import tasks, run_task
590 from rhodecode.model.notification import EmailNotificationModel
590 from rhodecode.model.notification import EmailNotificationModel
591 from rhodecode.lib import auth
591 from rhodecode.lib import auth
592 user_email = data['email']
592 user_email = data['email']
593 pre_db = True
593 pre_db = True
594 try:
594 try:
595 user = User.get_by_email(user_email)
595 user = User.get_by_email(user_email)
596 new_passwd = auth.PasswordGenerator().gen_password(
596 new_passwd = auth.PasswordGenerator().gen_password(
597 12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
597 12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
598 if user:
598 if user:
599 user.password = auth.get_crypt_password(new_passwd)
599 user.password = auth.get_crypt_password(new_passwd)
600 # also force this user to reset his password !
600 # also force this user to reset his password !
601 user.update_userdata(force_password_change=True)
601 user.update_userdata(force_password_change=True)
602
602
603 Session().add(user)
603 Session().add(user)
604
604
605 # now delete the token in question
605 # now delete the token in question
606 UserApiKeys = AuthTokenModel.cls
606 UserApiKeys = AuthTokenModel.cls
607 UserApiKeys().query().filter(
607 UserApiKeys().query().filter(
608 UserApiKeys.api_key == data['token']).delete()
608 UserApiKeys.api_key == data['token']).delete()
609
609
610 Session().commit()
610 Session().commit()
611 log.info('successfully reset password for `%s`', user_email)
611 log.info('successfully reset password for `%s`', user_email)
612
612
613 if new_passwd is None:
613 if new_passwd is None:
614 raise Exception('unable to generate new password')
614 raise Exception('unable to generate new password')
615
615
616 pre_db = False
616 pre_db = False
617
617
618 email_kwargs = {
618 email_kwargs = {
619 'new_password': new_passwd,
619 'new_password': new_passwd,
620 'user': user,
620 'user': user,
621 'email': user_email,
621 'email': user_email,
622 'date': datetime.datetime.now()
622 'date': datetime.datetime.now()
623 }
623 }
624
624
625 (subject, headers, email_body,
625 (subject, headers, email_body,
626 email_body_plaintext) = EmailNotificationModel().render_email(
626 email_body_plaintext) = EmailNotificationModel().render_email(
627 EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION,
627 EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION,
628 **email_kwargs)
628 **email_kwargs)
629
629
630 recipients = [user_email]
630 recipients = [user_email]
631
631
632 action_logger_generic(
632 action_logger_generic(
633 'sent new password to user: {} with email: {}'.format(
633 'sent new password to user: {} with email: {}'.format(
634 user, user_email), namespace='security.password_reset')
634 user, user_email), namespace='security.password_reset')
635
635
636 run_task(tasks.send_email, recipients, subject,
636 run_task(tasks.send_email, recipients, subject,
637 email_body_plaintext, email_body)
637 email_body_plaintext, email_body)
638
638
639 except Exception:
639 except Exception:
640 log.error('Failed to update user password')
640 log.error('Failed to update user password')
641 log.error(traceback.format_exc())
641 log.error(traceback.format_exc())
642 if pre_db:
642 if pre_db:
643 # we rollback only if local db stuff fails. If it goes into
643 # we rollback only if local db stuff fails. If it goes into
644 # run_task, we're pass rollback state this wouldn't work then
644 # run_task, we're pass rollback state this wouldn't work then
645 Session().rollback()
645 Session().rollback()
646
646
647 return True
647 return True
648
648
649 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
649 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
650 """
650 """
651 Fetches auth_user by user_id,or api_key if present.
651 Fetches auth_user by user_id,or api_key if present.
652 Fills auth_user attributes with those taken from database.
652 Fills auth_user attributes with those taken from database.
653 Additionally set's is_authenitated if lookup fails
653 Additionally set's is_authenitated if lookup fails
654 present in database
654 present in database
655
655
656 :param auth_user: instance of user to set attributes
656 :param auth_user: instance of user to set attributes
657 :param user_id: user id to fetch by
657 :param user_id: user id to fetch by
658 :param api_key: api key to fetch by
658 :param api_key: api key to fetch by
659 :param username: username to fetch by
659 :param username: username to fetch by
660 """
660 """
661 if user_id is None and api_key is None and username is None:
661 if user_id is None and api_key is None and username is None:
662 raise Exception('You need to pass user_id, api_key or username')
662 raise Exception('You need to pass user_id, api_key or username')
663
663
664 log.debug(
664 log.debug(
665 'AuthUser: fill data execution based on: '
665 'AuthUser: fill data execution based on: '
666 'user_id:%s api_key:%s username:%s', user_id, api_key, username)
666 'user_id:%s api_key:%s username:%s', user_id, api_key, username)
667 try:
667 try:
668 dbuser = None
668 dbuser = None
669 if user_id:
669 if user_id:
670 dbuser = self.get(user_id)
670 dbuser = self.get(user_id)
671 elif api_key:
671 elif api_key:
672 dbuser = self.get_by_auth_token(api_key)
672 dbuser = self.get_by_auth_token(api_key)
673 elif username:
673 elif username:
674 dbuser = self.get_by_username(username)
674 dbuser = self.get_by_username(username)
675
675
676 if not dbuser:
676 if not dbuser:
677 log.warning(
677 log.warning(
678 'Unable to lookup user by id:%s api_key:%s username:%s',
678 'Unable to lookup user by id:%s api_key:%s username:%s',
679 user_id, api_key, username)
679 user_id, api_key, username)
680 return False
680 return False
681 if not dbuser.active:
681 if not dbuser.active:
682 log.debug('User `%s:%s` is inactive, skipping fill data',
682 log.debug('User `%s:%s` is inactive, skipping fill data',
683 username, user_id)
683 username, user_id)
684 return False
684 return False
685
685
686 log.debug('AuthUser: filling found user:%s data', dbuser)
686 log.debug('AuthUser: filling found user:%s data', dbuser)
687 user_data = dbuser.get_dict()
687 user_data = dbuser.get_dict()
688
688
689 user_data.update({
689 user_data.update({
690 # set explicit the safe escaped values
690 # set explicit the safe escaped values
691 'first_name': dbuser.first_name,
691 'first_name': dbuser.first_name,
692 'last_name': dbuser.last_name,
692 'last_name': dbuser.last_name,
693 })
693 })
694
694
695 for k, v in user_data.items():
695 for k, v in user_data.items():
696 # properties of auth user we dont update
696 # properties of auth user we dont update
697 if k not in ['auth_tokens', 'permissions']:
697 if k not in ['auth_tokens', 'permissions']:
698 setattr(auth_user, k, v)
698 setattr(auth_user, k, v)
699
699
700 # few extras
701 setattr(auth_user, 'feed_token', dbuser.feed_token)
702 except Exception:
700 except Exception:
703 log.error(traceback.format_exc())
701 log.error(traceback.format_exc())
704 auth_user.is_authenticated = False
702 auth_user.is_authenticated = False
705 return False
703 return False
706
704
707 return True
705 return True
708
706
709 def has_perm(self, user, perm):
707 def has_perm(self, user, perm):
710 perm = self._get_perm(perm)
708 perm = self._get_perm(perm)
711 user = self._get_user(user)
709 user = self._get_user(user)
712
710
713 return UserToPerm.query().filter(UserToPerm.user == user)\
711 return UserToPerm.query().filter(UserToPerm.user == user)\
714 .filter(UserToPerm.permission == perm).scalar() is not None
712 .filter(UserToPerm.permission == perm).scalar() is not None
715
713
716 def grant_perm(self, user, perm):
714 def grant_perm(self, user, perm):
717 """
715 """
718 Grant user global permissions
716 Grant user global permissions
719
717
720 :param user:
718 :param user:
721 :param perm:
719 :param perm:
722 """
720 """
723 user = self._get_user(user)
721 user = self._get_user(user)
724 perm = self._get_perm(perm)
722 perm = self._get_perm(perm)
725 # if this permission is already granted skip it
723 # if this permission is already granted skip it
726 _perm = UserToPerm.query()\
724 _perm = UserToPerm.query()\
727 .filter(UserToPerm.user == user)\
725 .filter(UserToPerm.user == user)\
728 .filter(UserToPerm.permission == perm)\
726 .filter(UserToPerm.permission == perm)\
729 .scalar()
727 .scalar()
730 if _perm:
728 if _perm:
731 return
729 return
732 new = UserToPerm()
730 new = UserToPerm()
733 new.user = user
731 new.user = user
734 new.permission = perm
732 new.permission = perm
735 self.sa.add(new)
733 self.sa.add(new)
736 return new
734 return new
737
735
738 def revoke_perm(self, user, perm):
736 def revoke_perm(self, user, perm):
739 """
737 """
740 Revoke users global permissions
738 Revoke users global permissions
741
739
742 :param user:
740 :param user:
743 :param perm:
741 :param perm:
744 """
742 """
745 user = self._get_user(user)
743 user = self._get_user(user)
746 perm = self._get_perm(perm)
744 perm = self._get_perm(perm)
747
745
748 obj = UserToPerm.query()\
746 obj = UserToPerm.query()\
749 .filter(UserToPerm.user == user)\
747 .filter(UserToPerm.user == user)\
750 .filter(UserToPerm.permission == perm)\
748 .filter(UserToPerm.permission == perm)\
751 .scalar()
749 .scalar()
752 if obj:
750 if obj:
753 self.sa.delete(obj)
751 self.sa.delete(obj)
754
752
755 def add_extra_email(self, user, email):
753 def add_extra_email(self, user, email):
756 """
754 """
757 Adds email address to UserEmailMap
755 Adds email address to UserEmailMap
758
756
759 :param user:
757 :param user:
760 :param email:
758 :param email:
761 """
759 """
762
760
763 user = self._get_user(user)
761 user = self._get_user(user)
764
762
765 obj = UserEmailMap()
763 obj = UserEmailMap()
766 obj.user = user
764 obj.user = user
767 obj.email = email
765 obj.email = email
768 self.sa.add(obj)
766 self.sa.add(obj)
769 return obj
767 return obj
770
768
771 def delete_extra_email(self, user, email_id):
769 def delete_extra_email(self, user, email_id):
772 """
770 """
773 Removes email address from UserEmailMap
771 Removes email address from UserEmailMap
774
772
775 :param user:
773 :param user:
776 :param email_id:
774 :param email_id:
777 """
775 """
778 user = self._get_user(user)
776 user = self._get_user(user)
779 obj = UserEmailMap.query().get(email_id)
777 obj = UserEmailMap.query().get(email_id)
780 if obj and obj.user_id == user.user_id:
778 if obj and obj.user_id == user.user_id:
781 self.sa.delete(obj)
779 self.sa.delete(obj)
782
780
783 def parse_ip_range(self, ip_range):
781 def parse_ip_range(self, ip_range):
784 ip_list = []
782 ip_list = []
785
783
786 def make_unique(value):
784 def make_unique(value):
787 seen = []
785 seen = []
788 return [c for c in value if not (c in seen or seen.append(c))]
786 return [c for c in value if not (c in seen or seen.append(c))]
789
787
790 # firsts split by commas
788 # firsts split by commas
791 for ip_range in ip_range.split(','):
789 for ip_range in ip_range.split(','):
792 if not ip_range:
790 if not ip_range:
793 continue
791 continue
794 ip_range = ip_range.strip()
792 ip_range = ip_range.strip()
795 if '-' in ip_range:
793 if '-' in ip_range:
796 start_ip, end_ip = ip_range.split('-', 1)
794 start_ip, end_ip = ip_range.split('-', 1)
797 start_ip = ipaddress.ip_address(safe_unicode(start_ip.strip()))
795 start_ip = ipaddress.ip_address(safe_unicode(start_ip.strip()))
798 end_ip = ipaddress.ip_address(safe_unicode(end_ip.strip()))
796 end_ip = ipaddress.ip_address(safe_unicode(end_ip.strip()))
799 parsed_ip_range = []
797 parsed_ip_range = []
800
798
801 for index in xrange(int(start_ip), int(end_ip) + 1):
799 for index in xrange(int(start_ip), int(end_ip) + 1):
802 new_ip = ipaddress.ip_address(index)
800 new_ip = ipaddress.ip_address(index)
803 parsed_ip_range.append(str(new_ip))
801 parsed_ip_range.append(str(new_ip))
804 ip_list.extend(parsed_ip_range)
802 ip_list.extend(parsed_ip_range)
805 else:
803 else:
806 ip_list.append(ip_range)
804 ip_list.append(ip_range)
807
805
808 return make_unique(ip_list)
806 return make_unique(ip_list)
809
807
810 def add_extra_ip(self, user, ip, description=None):
808 def add_extra_ip(self, user, ip, description=None):
811 """
809 """
812 Adds ip address to UserIpMap
810 Adds ip address to UserIpMap
813
811
814 :param user:
812 :param user:
815 :param ip:
813 :param ip:
816 """
814 """
817
815
818 user = self._get_user(user)
816 user = self._get_user(user)
819 obj = UserIpMap()
817 obj = UserIpMap()
820 obj.user = user
818 obj.user = user
821 obj.ip_addr = ip
819 obj.ip_addr = ip
822 obj.description = description
820 obj.description = description
823 self.sa.add(obj)
821 self.sa.add(obj)
824 return obj
822 return obj
825
823
826 def delete_extra_ip(self, user, ip_id):
824 def delete_extra_ip(self, user, ip_id):
827 """
825 """
828 Removes ip address from UserIpMap
826 Removes ip address from UserIpMap
829
827
830 :param user:
828 :param user:
831 :param ip_id:
829 :param ip_id:
832 """
830 """
833 user = self._get_user(user)
831 user = self._get_user(user)
834 obj = UserIpMap.query().get(ip_id)
832 obj = UserIpMap.query().get(ip_id)
835 if obj and obj.user_id == user.user_id:
833 if obj and obj.user_id == user.user_id:
836 self.sa.delete(obj)
834 self.sa.delete(obj)
837
835
838 def get_accounts_in_creation_order(self, current_user=None):
836 def get_accounts_in_creation_order(self, current_user=None):
839 """
837 """
840 Get accounts in order of creation for deactivation for license limits
838 Get accounts in order of creation for deactivation for license limits
841
839
842 pick currently logged in user, and append to the list in position 0
840 pick currently logged in user, and append to the list in position 0
843 pick all super-admins in order of creation date and add it to the list
841 pick all super-admins in order of creation date and add it to the list
844 pick all other accounts in order of creation and add it to the list.
842 pick all other accounts in order of creation and add it to the list.
845
843
846 Based on that list, the last accounts can be disabled as they are
844 Based on that list, the last accounts can be disabled as they are
847 created at the end and don't include any of the super admins as well
845 created at the end and don't include any of the super admins as well
848 as the current user.
846 as the current user.
849
847
850 :param current_user: optionally current user running this operation
848 :param current_user: optionally current user running this operation
851 """
849 """
852
850
853 if not current_user:
851 if not current_user:
854 current_user = get_current_rhodecode_user()
852 current_user = get_current_rhodecode_user()
855 active_super_admins = [
853 active_super_admins = [
856 x.user_id for x in User.query()
854 x.user_id for x in User.query()
857 .filter(User.user_id != current_user.user_id)
855 .filter(User.user_id != current_user.user_id)
858 .filter(User.active == true())
856 .filter(User.active == true())
859 .filter(User.admin == true())
857 .filter(User.admin == true())
860 .order_by(User.created_on.asc())]
858 .order_by(User.created_on.asc())]
861
859
862 active_regular_users = [
860 active_regular_users = [
863 x.user_id for x in User.query()
861 x.user_id for x in User.query()
864 .filter(User.user_id != current_user.user_id)
862 .filter(User.user_id != current_user.user_id)
865 .filter(User.active == true())
863 .filter(User.active == true())
866 .filter(User.admin == false())
864 .filter(User.admin == false())
867 .order_by(User.created_on.asc())]
865 .order_by(User.created_on.asc())]
868
866
869 list_of_accounts = [current_user.user_id]
867 list_of_accounts = [current_user.user_id]
870 list_of_accounts += active_super_admins
868 list_of_accounts += active_super_admins
871 list_of_accounts += active_regular_users
869 list_of_accounts += active_regular_users
872
870
873 return list_of_accounts
871 return list_of_accounts
874
872
875 def deactivate_last_users(self, expected_users, current_user=None):
873 def deactivate_last_users(self, expected_users, current_user=None):
876 """
874 """
877 Deactivate accounts that are over the license limits.
875 Deactivate accounts that are over the license limits.
878 Algorithm of which accounts to disabled is based on the formula:
876 Algorithm of which accounts to disabled is based on the formula:
879
877
880 Get current user, then super admins in creation order, then regular
878 Get current user, then super admins in creation order, then regular
881 active users in creation order.
879 active users in creation order.
882
880
883 Using that list we mark all accounts from the end of it as inactive.
881 Using that list we mark all accounts from the end of it as inactive.
884 This way we block only latest created accounts.
882 This way we block only latest created accounts.
885
883
886 :param expected_users: list of users in special order, we deactivate
884 :param expected_users: list of users in special order, we deactivate
887 the end N ammoun of users from that list
885 the end N ammoun of users from that list
888 """
886 """
889
887
890 list_of_accounts = self.get_accounts_in_creation_order(
888 list_of_accounts = self.get_accounts_in_creation_order(
891 current_user=current_user)
889 current_user=current_user)
892
890
893 for acc_id in list_of_accounts[expected_users + 1:]:
891 for acc_id in list_of_accounts[expected_users + 1:]:
894 user = User.get(acc_id)
892 user = User.get(acc_id)
895 log.info('Deactivating account %s for license unlock', user)
893 log.info('Deactivating account %s for license unlock', user)
896 user.active = False
894 user.active = False
897 Session().add(user)
895 Session().add(user)
898 Session().commit()
896 Session().commit()
899
897
900 return
898 return
901
899
902 def get_user_log(self, user, filter_term):
900 def get_user_log(self, user, filter_term):
903 user_log = UserLog.query()\
901 user_log = UserLog.query()\
904 .filter(or_(UserLog.user_id == user.user_id,
902 .filter(or_(UserLog.user_id == user.user_id,
905 UserLog.username == user.username))\
903 UserLog.username == user.username))\
906 .options(joinedload(UserLog.user))\
904 .options(joinedload(UserLog.user))\
907 .options(joinedload(UserLog.repository))\
905 .options(joinedload(UserLog.repository))\
908 .order_by(UserLog.action_date.desc())
906 .order_by(UserLog.action_date.desc())
909
907
910 user_log = user_log_filter(user_log, filter_term)
908 user_log = user_log_filter(user_log, filter_term)
911 return user_log
909 return user_log
General Comments 0
You need to be logged in to leave comments. Login now