admin: made all grids use same partial loading logic...
marcink -
r4146:7a71b271 default
Not Reviewed
Show More
Add another comment
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
@@ -140,7 +140,6
140 name='admin_settings_visual_update',
140 name='admin_settings_visual_update',
141 pattern='/settings/visual/update')
141 pattern='/settings/visual/update')
142
142
143
144 config.add_route(
143 config.add_route(
145 name='admin_settings_issuetracker',
144 name='admin_settings_issuetracker',
146 pattern='/settings/issue-tracker')
145 pattern='/settings/issue-tracker')
@@ -415,6 +414,10
415 pattern='/repos')
414 pattern='/repos')
416
415
417 config.add_route(
416 config.add_route(
417 name='repos_data',
418 pattern='/repos_data')
419
420 config.add_route(
418 name='repo_new',
421 name='repo_new',
419 pattern='/repos/new')
422 pattern='/repos/new')
420
423
@@ -65,7 +65,7
65 # and display only those we have ADMIN right
65 # and display only those we have ADMIN right
66 groups_with_admin_rights = RepoGroupList(
66 groups_with_admin_rights = RepoGroupList(
67 RepoGroup.query().all(),
67 RepoGroup.query().all(),
68 perm_set=['group.admin'])
68 perm_set=['group.admin'], extra_kwargs=dict(user=self._rhodecode_user))
69 c.repo_groups = RepoGroup.groups_choices(
69 c.repo_groups = RepoGroup.groups_choices(
70 groups=groups_with_admin_rights,
70 groups=groups_with_admin_rights,
71 show_empty_group=allow_empty_group)
71 show_empty_group=allow_empty_group)
@@ -150,12 +150,8
150 def user_profile(username):
150 def user_profile(username):
151 return _render('user_profile', username)
151 return _render('user_profile', username)
152
152
153 auth_repo_group_list = RepoGroupList(
153 _perms = ['group.admin']
154 RepoGroup.query().all(), perm_set=['group.admin'])
154 allowed_ids = [-1] + self._rhodecode_user.repo_group_acl_ids_from_stack(_perms)
155
156 allowed_ids = [-1]
157 for repo_group in auth_repo_group_list:
158 allowed_ids.append(repo_group.group_id)
159
155
160 repo_groups_data_total_count = RepoGroup.query()\
156 repo_groups_data_total_count = RepoGroup.query()\
161 .filter(or_(
157 .filter(or_(
@@ -31,7 +31,6
31 from rhodecode.apps._base import BaseAppView, DataGridAppView
31 from rhodecode.apps._base import BaseAppView, DataGridAppView
32 from rhodecode.lib.celerylib.utils import get_task_id
32 from rhodecode.lib.celerylib.utils import get_task_id
33
33
34 from rhodecode.lib.ext_json import json
35 from rhodecode.lib.auth import (
34 from rhodecode.lib.auth import (
36 LoginRequired, CSRFRequired, NotAnonymous,
35 LoginRequired, CSRFRequired, NotAnonymous,
37 HasPermissionAny, HasRepoGroupPermissionAny)
36 HasPermissionAny, HasRepoGroupPermissionAny)
@@ -43,7 +42,8
43 from rhodecode.model.repo import RepoModel
42 from rhodecode.model.repo import RepoModel
44 from rhodecode.model.scm import RepoList, RepoGroupList, ScmModel
43 from rhodecode.model.scm import RepoList, RepoGroupList, ScmModel
45 from rhodecode.model.settings import SettingsModel
44 from rhodecode.model.settings import SettingsModel
46 from rhodecode.model.db import Repository, RepoGroup
45 from rhodecode.model.db import (
46 in_filter_generator, or_, func, Session, Repository, RepoGroup, User)
47
47
48 log = logging.getLogger(__name__)
48 log = logging.getLogger(__name__)
49
49
@@ -70,15 +70,94
70 renderer='rhodecode:templates/admin/repos/repos.mako')
70 renderer='rhodecode:templates/admin/repos/repos.mako')
71 def repository_list(self):
71 def repository_list(self):
72 c = self.load_default_context()
72 c = self.load_default_context()
73 return self._get_template_context(c)
73
74
74 repo_list = Repository.get_all_repos()
75 @LoginRequired()
75 c.repo_list = RepoList(repo_list, perm_set=['repository.admin'])
76 @NotAnonymous()
77 # perms check inside
78 @view_config(
79 route_name='repos_data', request_method='GET',
80 renderer='json_ext', xhr=True)
81 def repository_list_data(self):
82 self.load_default_context()
83 column_map = {
84 'name_raw': 'repo_name',
85 'desc': 'description',
86 'last_change_raw': 'updated_on',
87 'owner': 'user_username',
88 }
89 draw, start, limit = self._extract_chunk(self.request)
90 search_q, order_by, order_dir = self._extract_ordering(
91 self.request, column_map=column_map)
92
93 _perms = ['repository.admin']
94 allowed_ids = [-1] + self._rhodecode_user.repo_acl_ids_from_stack(_perms)
95
96 repos_data_total_count = Repository.query() \
97 .filter(or_(
98 # generate multiple IN to fix limitation problems
99 *in_filter_generator(Repository.repo_id, allowed_ids))
100 ) \
101 .count()
102
103 base_q = Session.query(
104 Repository.repo_id,
105 Repository.repo_name,
106 Repository.description,
107 Repository.repo_type,
108 Repository.repo_state,
109 Repository.private,
110 Repository.archived,
111 Repository.fork,
112 Repository.updated_on,
113 Repository._changeset_cache,
114 User,
115 ) \
116 .filter(or_(
117 # generate multiple IN to fix limitation problems
118 *in_filter_generator(Repository.repo_id, allowed_ids))
119 ) \
120 .join(User, User.user_id == Repository.user_id) \
121 .group_by(Repository, User)
122
123 if search_q:
124 like_expression = u'%{}%'.format(safe_unicode(search_q))
125 base_q = base_q.filter(or_(
126 Repository.repo_name.ilike(like_expression),
127 ))
128
129 repos_data_total_filtered_count = base_q.count()
130
131 sort_defined = False
132 if order_by == 'repo_name':
133 sort_col = func.lower(Repository.repo_name)
134 sort_defined = True
135 elif order_by == 'user_username':
136 sort_col = User.username
137 else:
138 sort_col = getattr(Repository, order_by, None)
139
140 if sort_defined or sort_col:
141 if order_dir == 'asc':
142 sort_col = sort_col.asc()
143 else:
144 sort_col = sort_col.desc()
145
146 base_q = base_q.order_by(sort_col)
147 base_q = base_q.offset(start).limit(limit)
148
149 repos_list = base_q.all()
150
76 repos_data = RepoModel().get_repos_as_dict(
151 repos_data = RepoModel().get_repos_as_dict(
77 repo_list=c.repo_list, admin=True, super_user_actions=True)
152 repo_list=repos_list, admin=True, super_user_actions=True)
78 # json used to render the grid
79 c.data = json.dumps(repos_data)
80
153
81 return self._get_template_context(c)
154 data = ({
155 'draw': draw,
156 'data': repos_data,
157 'recordsTotal': repos_data_total_count,
158 'recordsFiltered': repos_data_total_filtered_count,
159 })
160 return data
82
161
83 @LoginRequired()
162 @LoginRequired()
84 @NotAnonymous()
163 @NotAnonymous()
@@ -99,12 +99,8
99 def user_profile(username):
99 def user_profile(username):
100 return _render('user_profile', username)
100 return _render('user_profile', username)
101
101
102 auth_user_group_list = UserGroupList(
102 _perms = ['usergroup.admin']
103 UserGroup.query().all(), perm_set=['usergroup.admin'])
103 allowed_ids = [-1] + self._rhodecode_user.user_group_acl_ids_from_stack(_perms)
104
105 allowed_ids = [-1]
106 for user_group in auth_user_group_list:
107 allowed_ids.append(user_group.users_group_id)
108
104
109 user_groups_data_total_count = UserGroup.query()\
105 user_groups_data_total_count = UserGroup.query()\
110 .filter(or_(
106 .filter(or_(
@@ -352,23 +352,23
352 `.perm_origin_stack` will return the stack of (perm, origin) set per key
352 `.perm_origin_stack` will return the stack of (perm, origin) set per key
353
353
354 >>> perms = PermOriginDict()
354 >>> perms = PermOriginDict()
355 >>> perms['resource'] = 'read', 'default'
355 >>> perms['resource'] = 'read', 'default', 1
356 >>> perms['resource']
356 >>> perms['resource']
357 'read'
357 'read'
358 >>> perms['resource'] = 'write', 'admin'
358 >>> perms['resource'] = 'write', 'admin', 2
359 >>> perms['resource']
359 >>> perms['resource']
360 'write'
360 'write'
361 >>> perms.perm_origin_stack
361 >>> perms.perm_origin_stack
362 {'resource': [('read', 'default'), ('write', 'admin')]}
362 {'resource': [('read', 'default', 1), ('write', 'admin', 2)]}
363 """
363 """
364
364
365 def __init__(self, *args, **kw):
365 def __init__(self, *args, **kw):
366 dict.__init__(self, *args, **kw)
366 dict.__init__(self, *args, **kw)
367 self.perm_origin_stack = collections.OrderedDict()
367 self.perm_origin_stack = collections.OrderedDict()
368
368
369 def __setitem__(self, key, (perm, origin)):
369 def __setitem__(self, key, (perm, origin, obj_id)):
370 self.perm_origin_stack.setdefault(key, []).append(
370 self.perm_origin_stack.setdefault(key, []).append(
371 (perm, origin))
371 (perm, origin, obj_id))
372 dict.__setitem__(self, key, perm)
372 dict.__setitem__(self, key, perm)
373
373
374
374
@@ -463,26 +463,29
463 # repositories
463 # repositories
464 for perm in self.default_repo_perms:
464 for perm in self.default_repo_perms:
465 r_k = perm.UserRepoToPerm.repository.repo_name
465 r_k = perm.UserRepoToPerm.repository.repo_name
466 obj_id = perm.UserRepoToPerm.repository.repo_id
466 archived = perm.UserRepoToPerm.repository.archived
467 archived = perm.UserRepoToPerm.repository.archived
467 p = 'repository.admin'
468 p = 'repository.admin'
468 self.permissions_repositories[r_k] = p, PermOrigin.SUPER_ADMIN
469 self.permissions_repositories[r_k] = p, PermOrigin.SUPER_ADMIN, obj_id
469 # special case for archived repositories, which we block still even for
470 # special case for archived repositories, which we block still even for
470 # super admins
471 # super admins
471 if archived:
472 if archived:
472 p = 'repository.read'
473 p = 'repository.read'
473 self.permissions_repositories[r_k] = p, PermOrigin.ARCHIVED
474 self.permissions_repositories[r_k] = p, PermOrigin.ARCHIVED, obj_id
474
475
475 # repository groups
476 # repository groups
476 for perm in self.default_repo_groups_perms:
477 for perm in self.default_repo_groups_perms:
477 rg_k = perm.UserRepoGroupToPerm.group.group_name
478 rg_k = perm.UserRepoGroupToPerm.group.group_name
479 obj_id = perm.UserRepoGroupToPerm.group.group_id
478 p = 'group.admin'
480 p = 'group.admin'
479 self.permissions_repository_groups[rg_k] = p, PermOrigin.SUPER_ADMIN
481 self.permissions_repository_groups[rg_k] = p, PermOrigin.SUPER_ADMIN, obj_id
480
482
481 # user groups
483 # user groups
482 for perm in self.default_user_group_perms:
484 for perm in self.default_user_group_perms:
483 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
485 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
486 obj_id = perm.UserUserGroupToPerm.user_group.users_group_id
484 p = 'usergroup.admin'
487 p = 'usergroup.admin'
485 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN
488 self.permissions_user_groups[u_k] = p, PermOrigin.SUPER_ADMIN, obj_id
486
489
487 # branch permissions
490 # branch permissions
488 # since super-admin also can have custom rule permissions
491 # since super-admin also can have custom rule permissions
@@ -578,10 +581,11
578 def _calculate_default_permissions_repositories(self, user_inherit_object_permissions):
581 def _calculate_default_permissions_repositories(self, user_inherit_object_permissions):
579 for perm in self.default_repo_perms:
582 for perm in self.default_repo_perms:
580 r_k = perm.UserRepoToPerm.repository.repo_name
583 r_k = perm.UserRepoToPerm.repository.repo_name
584 obj_id = perm.UserRepoToPerm.repository.repo_id
581 archived = perm.UserRepoToPerm.repository.archived
585 archived = perm.UserRepoToPerm.repository.archived
582 p = perm.Permission.permission_name
586 p = perm.Permission.permission_name
583 o = PermOrigin.REPO_DEFAULT
587 o = PermOrigin.REPO_DEFAULT
584 self.permissions_repositories[r_k] = p, o
588 self.permissions_repositories[r_k] = p, o, obj_id
585
589
586 # if we decide this user isn't inheriting permissions from
590 # if we decide this user isn't inheriting permissions from
587 # default user we set him to .none so only explicit
591 # default user we set him to .none so only explicit
@@ -589,25 +593,25
589 if not user_inherit_object_permissions:
593 if not user_inherit_object_permissions:
590 p = 'repository.none'
594 p = 'repository.none'
591 o = PermOrigin.REPO_DEFAULT_NO_INHERIT
595 o = PermOrigin.REPO_DEFAULT_NO_INHERIT
592 self.permissions_repositories[r_k] = p, o
596 self.permissions_repositories[r_k] = p, o, obj_id
593
597
594 if perm.Repository.private and not (
598 if perm.Repository.private and not (
595 perm.Repository.user_id == self.user_id):
599 perm.Repository.user_id == self.user_id):
596 # disable defaults for private repos,
600 # disable defaults for private repos,
597 p = 'repository.none'
601 p = 'repository.none'
598 o = PermOrigin.REPO_PRIVATE
602 o = PermOrigin.REPO_PRIVATE
599 self.permissions_repositories[r_k] = p, o
603 self.permissions_repositories[r_k] = p, o, obj_id
600
604
601 elif perm.Repository.user_id == self.user_id:
605 elif perm.Repository.user_id == self.user_id:
602 # set admin if owner
606 # set admin if owner
603 p = 'repository.admin'
607 p = 'repository.admin'
604 o = PermOrigin.REPO_OWNER
608 o = PermOrigin.REPO_OWNER
605 self.permissions_repositories[r_k] = p, o
609 self.permissions_repositories[r_k] = p, o, obj_id
606
610
607 if self.user_is_admin:
611 if self.user_is_admin:
608 p = 'repository.admin'
612 p = 'repository.admin'
609 o = PermOrigin.SUPER_ADMIN
613 o = PermOrigin.SUPER_ADMIN
610 self.permissions_repositories[r_k] = p, o
614 self.permissions_repositories[r_k] = p, o, obj_id
611
615
612 # finally in case of archived repositories, we downgrade higher
616 # finally in case of archived repositories, we downgrade higher
613 # permissions to read
617 # permissions to read
@@ -616,7 +620,7
616 if current_perm in ['repository.write', 'repository.admin']:
620 if current_perm in ['repository.write', 'repository.admin']:
617 p = 'repository.read'
621 p = 'repository.read'
618 o = PermOrigin.ARCHIVED
622 o = PermOrigin.ARCHIVED
619 self.permissions_repositories[r_k] = p, o
623 self.permissions_repositories[r_k] = p, o, obj_id
620
624
621 def _calculate_default_permissions_repository_branches(self, user_inherit_object_permissions):
625 def _calculate_default_permissions_repository_branches(self, user_inherit_object_permissions):
622 for perm in self.default_branch_repo_perms:
626 for perm in self.default_branch_repo_perms:
@@ -641,52 +645,54
641 def _calculate_default_permissions_repository_groups(self, user_inherit_object_permissions):
645 def _calculate_default_permissions_repository_groups(self, user_inherit_object_permissions):
642 for perm in self.default_repo_groups_perms:
646 for perm in self.default_repo_groups_perms:
643 rg_k = perm.UserRepoGroupToPerm.group.group_name
647 rg_k = perm.UserRepoGroupToPerm.group.group_name
648 obj_id = perm.UserRepoGroupToPerm.group.group_id
644 p = perm.Permission.permission_name
649 p = perm.Permission.permission_name
645 o = PermOrigin.REPOGROUP_DEFAULT
650 o = PermOrigin.REPOGROUP_DEFAULT
646 self.permissions_repository_groups[rg_k] = p, o
651 self.permissions_repository_groups[rg_k] = p, o, obj_id
647
652
648 # if we decide this user isn't inheriting permissions from default
653 # if we decide this user isn't inheriting permissions from default
649 # user we set him to .none so only explicit permissions work
654 # user we set him to .none so only explicit permissions work
650 if not user_inherit_object_permissions:
655 if not user_inherit_object_permissions:
651 p = 'group.none'
656 p = 'group.none'
652 o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
657 o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
653 self.permissions_repository_groups[rg_k] = p, o
658 self.permissions_repository_groups[rg_k] = p, o, obj_id
654
659
655 if perm.RepoGroup.user_id == self.user_id:
660 if perm.RepoGroup.user_id == self.user_id:
656 # set admin if owner
661 # set admin if owner
657 p = 'group.admin'
662 p = 'group.admin'
658 o = PermOrigin.REPOGROUP_OWNER
663 o = PermOrigin.REPOGROUP_OWNER
659 self.permissions_repository_groups[rg_k] = p, o
664 self.permissions_repository_groups[rg_k] = p, o, obj_id
660
665
661 if self.user_is_admin:
666 if self.user_is_admin:
662 p = 'group.admin'
667 p = 'group.admin'
663 o = PermOrigin.SUPER_ADMIN
668 o = PermOrigin.SUPER_ADMIN
664 self.permissions_repository_groups[rg_k] = p, o
669 self.permissions_repository_groups[rg_k] = p, o, obj_id
665
670
666 def _calculate_default_permissions_user_groups(self, user_inherit_object_permissions):
671 def _calculate_default_permissions_user_groups(self, user_inherit_object_permissions):
667 for perm in self.default_user_group_perms:
672 for perm in self.default_user_group_perms:
668 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
673 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
674 obj_id = perm.UserUserGroupToPerm.user_group.users_group_id
669 p = perm.Permission.permission_name
675 p = perm.Permission.permission_name
670 o = PermOrigin.USERGROUP_DEFAULT
676 o = PermOrigin.USERGROUP_DEFAULT
671 self.permissions_user_groups[u_k] = p, o
677 self.permissions_user_groups[u_k] = p, o, obj_id
672
678
673 # if we decide this user isn't inheriting permissions from default
679 # if we decide this user isn't inheriting permissions from default
674 # user we set him to .none so only explicit permissions work
680 # user we set him to .none so only explicit permissions work
675 if not user_inherit_object_permissions:
681 if not user_inherit_object_permissions:
676 p = 'usergroup.none'
682 p = 'usergroup.none'
677 o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
683 o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
678 self.permissions_user_groups[u_k] = p, o
684 self.permissions_user_groups[u_k] = p, o, obj_id
679
685
680 if perm.UserGroup.user_id == self.user_id:
686 if perm.UserGroup.user_id == self.user_id:
681 # set admin if owner
687 # set admin if owner
682 p = 'usergroup.admin'
688 p = 'usergroup.admin'
683 o = PermOrigin.USERGROUP_OWNER
689 o = PermOrigin.USERGROUP_OWNER
684 self.permissions_user_groups[u_k] = p, o
690 self.permissions_user_groups[u_k] = p, o, obj_id
685
691
686 if self.user_is_admin:
692 if self.user_is_admin:
687 p = 'usergroup.admin'
693 p = 'usergroup.admin'
688 o = PermOrigin.SUPER_ADMIN
694 o = PermOrigin.SUPER_ADMIN
689 self.permissions_user_groups[u_k] = p, o
695 self.permissions_user_groups[u_k] = p, o, obj_id
690
696
691 def _calculate_default_permissions(self):
697 def _calculate_default_permissions(self):
692 """
698 """
@@ -738,6 +744,7
738 multiple_counter = collections.defaultdict(int)
744 multiple_counter = collections.defaultdict(int)
739 for perm in user_repo_perms_from_user_group:
745 for perm in user_repo_perms_from_user_group:
740 r_k = perm.UserGroupRepoToPerm.repository.repo_name
746 r_k = perm.UserGroupRepoToPerm.repository.repo_name
747 obj_id = perm.UserGroupRepoToPerm.repository.repo_id
741 multiple_counter[r_k] += 1
748 multiple_counter[r_k] += 1
742 p = perm.Permission.permission_name
749 p = perm.Permission.permission_name
743 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
750 o = PermOrigin.REPO_USERGROUP % perm.UserGroupRepoToPerm\
@@ -747,18 +754,18
747 cur_perm = self.permissions_repositories[r_k]
754 cur_perm = self.permissions_repositories[r_k]
748 p = self._choose_permission(p, cur_perm)
755 p = self._choose_permission(p, cur_perm)
749
756
750 self.permissions_repositories[r_k] = p, o
757 self.permissions_repositories[r_k] = p, o, obj_id
751
758
752 if perm.Repository.user_id == self.user_id:
759 if perm.Repository.user_id == self.user_id:
753 # set admin if owner
760 # set admin if owner
754 p = 'repository.admin'
761 p = 'repository.admin'
755 o = PermOrigin.REPO_OWNER
762 o = PermOrigin.REPO_OWNER
756 self.permissions_repositories[r_k] = p, o
763 self.permissions_repositories[r_k] = p, o, obj_id
757
764
758 if self.user_is_admin:
765 if self.user_is_admin:
759 p = 'repository.admin'
766 p = 'repository.admin'
760 o = PermOrigin.SUPER_ADMIN
767 o = PermOrigin.SUPER_ADMIN
761 self.permissions_repositories[r_k] = p, o
768 self.permissions_repositories[r_k] = p, o, obj_id
762
769
763 # user explicit permissions for repositories, overrides any specified
770 # user explicit permissions for repositories, overrides any specified
764 # by the group permission
771 # by the group permission
@@ -766,6 +773,7
766 self.user_id, self.scope_repo_id)
773 self.user_id, self.scope_repo_id)
767 for perm in user_repo_perms:
774 for perm in user_repo_perms:
768 r_k = perm.UserRepoToPerm.repository.repo_name
775 r_k = perm.UserRepoToPerm.repository.repo_name
776 obj_id = perm.UserRepoToPerm.repository.repo_id
769 p = perm.Permission.permission_name
777 p = perm.Permission.permission_name
770 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
778 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
771
779
@@ -774,18 +782,18
774 r_k, 'repository.none')
782 r_k, 'repository.none')
775 p = self._choose_permission(p, cur_perm)
783 p = self._choose_permission(p, cur_perm)
776
784
777 self.permissions_repositories[r_k] = p, o
785 self.permissions_repositories[r_k] = p, o, obj_id
778
786
779 if perm.Repository.user_id == self.user_id:
787 if perm.Repository.user_id == self.user_id:
780 # set admin if owner
788 # set admin if owner
781 p = 'repository.admin'
789 p = 'repository.admin'
782 o = PermOrigin.REPO_OWNER
790 o = PermOrigin.REPO_OWNER
783 self.permissions_repositories[r_k] = p, o
791 self.permissions_repositories[r_k] = p, o, obj_id
784
792
785 if self.user_is_admin:
793 if self.user_is_admin:
786 p = 'repository.admin'
794 p = 'repository.admin'
787 o = PermOrigin.SUPER_ADMIN
795 o = PermOrigin.SUPER_ADMIN
788 self.permissions_repositories[r_k] = p, o
796 self.permissions_repositories[r_k] = p, o, obj_id
789
797
790 def _calculate_repository_branch_permissions(self):
798 def _calculate_repository_branch_permissions(self):
791 # user group for repositories permissions
799 # user group for repositories permissions
@@ -847,6 +855,7
847 multiple_counter = collections.defaultdict(int)
855 multiple_counter = collections.defaultdict(int)
848 for perm in user_repo_group_perms_from_user_group:
856 for perm in user_repo_group_perms_from_user_group:
849 rg_k = perm.UserGroupRepoGroupToPerm.group.group_name
857 rg_k = perm.UserGroupRepoGroupToPerm.group.group_name
858 obj_id = perm.UserGroupRepoGroupToPerm.group.group_id
850 multiple_counter[rg_k] += 1
859 multiple_counter[rg_k] += 1
851 o = PermOrigin.REPOGROUP_USERGROUP % perm.UserGroupRepoGroupToPerm\
860 o = PermOrigin.REPOGROUP_USERGROUP % perm.UserGroupRepoGroupToPerm\
852 .users_group.users_group_name
861 .users_group.users_group_name
@@ -855,24 +864,25
855 if multiple_counter[rg_k] > 1:
864 if multiple_counter[rg_k] > 1:
856 cur_perm = self.permissions_repository_groups[rg_k]
865 cur_perm = self.permissions_repository_groups[rg_k]
857 p = self._choose_permission(p, cur_perm)
866 p = self._choose_permission(p, cur_perm)
858 self.permissions_repository_groups[rg_k] = p, o
867 self.permissions_repository_groups[rg_k] = p, o, obj_id
859
868
860 if perm.RepoGroup.user_id == self.user_id:
869 if perm.RepoGroup.user_id == self.user_id:
861 # set admin if owner, even for member of other user group
870 # set admin if owner, even for member of other user group
862 p = 'group.admin'
871 p = 'group.admin'
863 o = PermOrigin.REPOGROUP_OWNER
872 o = PermOrigin.REPOGROUP_OWNER
864 self.permissions_repository_groups[rg_k] = p, o
873 self.permissions_repository_groups[rg_k] = p, o, obj_id
865
874
866 if self.user_is_admin:
875 if self.user_is_admin:
867 p = 'group.admin'
876 p = 'group.admin'
868 o = PermOrigin.SUPER_ADMIN
877 o = PermOrigin.SUPER_ADMIN
869 self.permissions_repository_groups[rg_k] = p, o
878 self.permissions_repository_groups[rg_k] = p, o, obj_id
870
879
871 # user explicit permissions for repository groups
880 # user explicit permissions for repository groups
872 user_repo_groups_perms = Permission.get_default_group_perms(
881 user_repo_groups_perms = Permission.get_default_group_perms(
873 self.user_id, self.scope_repo_group_id)
882 self.user_id, self.scope_repo_group_id)
874 for perm in user_repo_groups_perms:
883 for perm in user_repo_groups_perms:
875 rg_k = perm.UserRepoGroupToPerm.group.group_name
884 rg_k = perm.UserRepoGroupToPerm.group.group_name
885 obj_id = perm.UserRepoGroupToPerm.group.group_id
876 o = PermOrigin.REPOGROUP_USER % perm.UserRepoGroupToPerm\
886 o = PermOrigin.REPOGROUP_USER % perm.UserRepoGroupToPerm\
877 .user.username
887 .user.username
878 p = perm.Permission.permission_name
888 p = perm.Permission.permission_name
@@ -881,18 +891,18
881 cur_perm = self.permissions_repository_groups.get(rg_k, 'group.none')
891 cur_perm = self.permissions_repository_groups.get(rg_k, 'group.none')
882 p = self._choose_permission(p, cur_perm)
892 p = self._choose_permission(p, cur_perm)
883
893
884 self.permissions_repository_groups[rg_k] = p, o
894 self.permissions_repository_groups[rg_k] = p, o, obj_id
885
895
886 if perm.RepoGroup.user_id == self.user_id:
896 if perm.RepoGroup.user_id == self.user_id:
887 # set admin if owner
897 # set admin if owner
888 p = 'group.admin'
898 p = 'group.admin'
889 o = PermOrigin.REPOGROUP_OWNER
899 o = PermOrigin.REPOGROUP_OWNER
890 self.permissions_repository_groups[rg_k] = p, o
900 self.permissions_repository_groups[rg_k] = p, o, obj_id
891
901
892 if self.user_is_admin:
902 if self.user_is_admin:
893 p = 'group.admin'
903 p = 'group.admin'
894 o = PermOrigin.SUPER_ADMIN
904 o = PermOrigin.SUPER_ADMIN
895 self.permissions_repository_groups[rg_k] = p, o
905 self.permissions_repository_groups[rg_k] = p, o, obj_id
896
906
897 def _calculate_user_group_permissions(self):
907 def _calculate_user_group_permissions(self):
898 """
908 """
@@ -905,8 +915,8
905
915
906 multiple_counter = collections.defaultdict(int)
916 multiple_counter = collections.defaultdict(int)
907 for perm in user_group_from_user_group:
917 for perm in user_group_from_user_group:
908 ug_k = perm.UserGroupUserGroupToPerm\
918 ug_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
909 .target_user_group.users_group_name
919 obj_id = perm.UserGroupUserGroupToPerm.target_user_group.users_group_id
910 multiple_counter[ug_k] += 1
920 multiple_counter[ug_k] += 1
911 o = PermOrigin.USERGROUP_USERGROUP % perm.UserGroupUserGroupToPerm\
921 o = PermOrigin.USERGROUP_USERGROUP % perm.UserGroupUserGroupToPerm\
912 .user_group.users_group_name
922 .user_group.users_group_name
@@ -916,24 +926,25
916 cur_perm = self.permissions_user_groups[ug_k]
926 cur_perm = self.permissions_user_groups[ug_k]
917 p = self._choose_permission(p, cur_perm)
927 p = self._choose_permission(p, cur_perm)
918
928
919 self.permissions_user_groups[ug_k] = p, o
929 self.permissions_user_groups[ug_k] = p, o, obj_id
920
930
921 if perm.UserGroup.user_id == self.user_id:
931 if perm.UserGroup.user_id == self.user_id:
922 # set admin if owner, even for member of other user group
932 # set admin if owner, even for member of other user group
923 p = 'usergroup.admin'
933 p = 'usergroup.admin'
924 o = PermOrigin.USERGROUP_OWNER
934 o = PermOrigin.USERGROUP_OWNER
925 self.permissions_user_groups[ug_k] = p, o
935 self.permissions_user_groups[ug_k] = p, o, obj_id
926
936
927 if self.user_is_admin:
937 if self.user_is_admin:
928 p = 'usergroup.admin'
938 p = 'usergroup.admin'
929 o = PermOrigin.SUPER_ADMIN
939 o = PermOrigin.SUPER_ADMIN
930 self.permissions_user_groups[ug_k] = p, o
940 self.permissions_user_groups[ug_k] = p, o, obj_id
931
941
932 # user explicit permission for user groups
942 # user explicit permission for user groups
933 user_user_groups_perms = Permission.get_default_user_group_perms(
943 user_user_groups_perms = Permission.get_default_user_group_perms(
934 self.user_id, self.scope_user_group_id)
944 self.user_id, self.scope_user_group_id)
935 for perm in user_user_groups_perms:
945 for perm in user_user_groups_perms:
936 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
946 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
947 obj_id = perm.UserUserGroupToPerm.user_group.users_group_id
937 o = PermOrigin.USERGROUP_USER % perm.UserUserGroupToPerm\
948 o = PermOrigin.USERGROUP_USER % perm.UserUserGroupToPerm\
938 .user.username
949 .user.username
939 p = perm.Permission.permission_name
950 p = perm.Permission.permission_name
@@ -942,18 +953,18
942 cur_perm = self.permissions_user_groups.get(ug_k, 'usergroup.none')
953 cur_perm = self.permissions_user_groups.get(ug_k, 'usergroup.none')
943 p = self._choose_permission(p, cur_perm)
954 p = self._choose_permission(p, cur_perm)
944
955
945 self.permissions_user_groups[ug_k] = p, o
956 self.permissions_user_groups[ug_k] = p, o, obj_id
946
957
947 if perm.UserGroup.user_id == self.user_id:
958 if perm.UserGroup.user_id == self.user_id:
948 # set admin if owner
959 # set admin if owner
949 p = 'usergroup.admin'
960 p = 'usergroup.admin'
950 o = PermOrigin.USERGROUP_OWNER
961 o = PermOrigin.USERGROUP_OWNER
951 self.permissions_user_groups[ug_k] = p, o
962 self.permissions_user_groups[ug_k] = p, o, obj_id
952
963
953 if self.user_is_admin:
964 if self.user_is_admin:
954 p = 'usergroup.admin'
965 p = 'usergroup.admin'
955 o = PermOrigin.SUPER_ADMIN
966 o = PermOrigin.SUPER_ADMIN
956 self.permissions_user_groups[ug_k] = p, o
967 self.permissions_user_groups[ug_k] = p, o, obj_id
957
968
958 def _choose_permission(self, new_perm, cur_perm):
969 def _choose_permission(self, new_perm, cur_perm):
959 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
970 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
@@ -1277,6 +1288,18
1277 x[0] for x in self.permissions['user_groups'].items()
1288 x[0] for x in self.permissions['user_groups'].items()
1278 if x[1] == 'usergroup.admin']
1289 if x[1] == 'usergroup.admin']
1279
1290
1291 def repo_acl_ids_from_stack(self, perms=None, prefix_filter=None, cache=False):
1292 if not perms:
1293 perms = ['repository.read', 'repository.write', 'repository.admin']
1294 allowed_ids = []
1295 for k, stack_data in self.permissions['repositories'].perm_origin_stack.items():
1296 perm, origin, obj_id = stack_data[-1] # last item is the current permission
1297 if prefix_filter and not k.startswith(prefix_filter):
1298 continue
1299 if perm in perms:
1300 allowed_ids.append(obj_id)
1301 return allowed_ids
1302
1280 def repo_acl_ids(self, perms=None, name_filter=None, cache=False):
1303 def repo_acl_ids(self, perms=None, name_filter=None, cache=False):
1281 """
1304 """
1282 Returns list of repository ids that user have access to based on given
1305 Returns list of repository ids that user have access to based on given
@@ -1285,8 +1308,7
1285 """
1308 """
1286 from rhodecode.model.scm import RepoList
1309 from rhodecode.model.scm import RepoList
1287 if not perms:
1310 if not perms:
1288 perms = [
1311 perms = ['repository.read', 'repository.write', 'repository.admin']
1289 'repository.read', 'repository.write', 'repository.admin']
1290
1312
1291 def _cached_repo_acl(user_id, perm_def, _name_filter):
1313 def _cached_repo_acl(user_id, perm_def, _name_filter):
1292 qry = Repository.query()
1314 qry = Repository.query()
@@ -1296,10 +1318,22
1296 Repository.repo_name.ilike(ilike_expression))
1318 Repository.repo_name.ilike(ilike_expression))
1297
1319
1298 return [x.repo_id for x in
1320 return [x.repo_id for x in
1299 RepoList(qry, perm_set=perm_def)]
1321 RepoList(qry, perm_set=perm_def, extra_kwargs={'user': self})]
1300
1322
1301 return _cached_repo_acl(self.user_id, perms, name_filter)
1323 return _cached_repo_acl(self.user_id, perms, name_filter)
1302
1324
1325 def repo_group_acl_ids_from_stack(self, perms=None, prefix_filter=None, cache=False):
1326 if not perms:
1327 perms = ['group.read', 'group.write', 'group.admin']
1328 allowed_ids = []
1329 for k, stack_data in self.permissions['repositories_groups'].perm_origin_stack.items():
1330 perm, origin, obj_id = stack_data[-1] # last item is the current permission
1331 if prefix_filter and not k.startswith(prefix_filter):
1332 continue
1333 if perm in perms:
1334 allowed_ids.append(obj_id)
1335 return allowed_ids
1336
1303 def repo_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1337 def repo_group_acl_ids(self, perms=None, name_filter=None, cache=False):
1304 """
1338 """
1305 Returns list of repository group ids that user have access to based on given
1339 Returns list of repository group ids that user have access to based on given
@@ -1308,8 +1342,7
1308 """
1342 """
1309 from rhodecode.model.scm import RepoGroupList
1343 from rhodecode.model.scm import RepoGroupList
1310