##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
permissions: properly flush user cache permissions in more cases of permission changes....
marcink -
r3887:85d5bce0 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -43,6 +43,7 b' from rhodecode.model.comment import Comm'
43 43 from rhodecode.model.db import (
44 44 Session, ChangesetStatus, RepositoryField, Repository, RepoGroup,
45 45 ChangesetComment)
46 from rhodecode.model.permission import PermissionModel
46 47 from rhodecode.model.repo import RepoModel
47 48 from rhodecode.model.scm import ScmModel, RepoList
48 49 from rhodecode.model.settings import SettingsModel, VcsSettingsModel
@@ -1783,8 +1784,9 b' def grant_user_permission(request, apius'
1783 1784 }
1784 1785 audit_logger.store_api(
1785 1786 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1787 Session().commit()
1788 PermissionModel().flush_user_permission_caches(changes)
1786 1789
1787 Session().commit()
1788 1790 return {
1789 1791 'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
1790 1792 perm.permission_name, user.username, repo.repo_name
@@ -1845,8 +1847,9 b' def revoke_user_permission(request, apiu'
1845 1847 }
1846 1848 audit_logger.store_api(
1847 1849 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1850 Session().commit()
1851 PermissionModel().flush_user_permission_caches(changes)
1848 1852
1849 Session().commit()
1850 1853 return {
1851 1854 'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
1852 1855 user.username, repo.repo_name
@@ -1931,8 +1934,9 b' def grant_user_group_permission(request,'
1931 1934 }
1932 1935 audit_logger.store_api(
1933 1936 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1937 Session().commit()
1938 PermissionModel().flush_user_permission_caches(changes)
1934 1939
1935 Session().commit()
1936 1940 return {
1937 1941 'msg': 'Granted perm: `%s` for user group: `%s` in '
1938 1942 'repo: `%s`' % (
@@ -2004,8 +2008,9 b' def revoke_user_group_permission(request'
2004 2008 }
2005 2009 audit_logger.store_api(
2006 2010 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
2011 Session().commit()
2012 PermissionModel().flush_user_permission_caches(changes)
2007 2013
2008 Session().commit()
2009 2014 return {
2010 2015 'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (
2011 2016 user_group.users_group_name, repo.repo_name
Show file before | Show file after | Hide comments
@@ -31,6 +31,7 b' from rhodecode.lib import audit_logger'
31 31 from rhodecode.lib.auth import (
32 32 HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAnyApi)
33 33 from rhodecode.model.db import Session
34 from rhodecode.model.permission import PermissionModel
34 35 from rhodecode.model.repo_group import RepoGroupModel
35 36 from rhodecode.model.scm import RepoGroupList
36 37 from rhodecode.model import validation_schema
@@ -465,8 +466,9 b' def grant_user_permission_to_repo_group('
465 466 audit_logger.store_api(
466 467 'repo_group.edit.permissions', action_data=action_data,
467 468 user=apiuser)
469 Session().commit()
470 PermissionModel().flush_user_permission_caches(changes)
468 471
469 Session().commit()
470 472 return {
471 473 'msg': 'Granted perm: `%s` (recursive:%s) for user: '
472 474 '`%s` in repo group: `%s`' % (
@@ -548,8 +550,9 b' def revoke_user_permission_from_repo_gro'
548 550 audit_logger.store_api(
549 551 'repo_group.edit.permissions', action_data=action_data,
550 552 user=apiuser)
553 Session().commit()
554 PermissionModel().flush_user_permission_caches(changes)
551 555
552 Session().commit()
553 556 return {
554 557 'msg': 'Revoked perm (recursive:%s) for user: '
555 558 '`%s` in repo group: `%s`' % (
@@ -641,8 +644,9 b' def grant_user_group_permission_to_repo_'
641 644 audit_logger.store_api(
642 645 'repo_group.edit.permissions', action_data=action_data,
643 646 user=apiuser)
647 Session().commit()
648 PermissionModel().flush_user_permission_caches(changes)
644 649
645 Session().commit()
646 650 return {
647 651 'msg': 'Granted perm: `%s` (recursive:%s) '
648 652 'for user group: `%s` in repo group: `%s`' % (
@@ -733,8 +737,9 b' def revoke_user_group_permission_from_re'
733 737 audit_logger.store_api(
734 738 'repo_group.edit.permissions', action_data=action_data,
735 739 user=apiuser)
740 Session().commit()
741 PermissionModel().flush_user_permission_caches(changes)
736 742
737 Session().commit()
738 743 return {
739 744 'msg': 'Revoked perm (recursive:%s) for user group: '
740 745 '`%s` in repo group: `%s`' % (
Show file before | Show file after | Hide comments
@@ -29,6 +29,7 b' from rhodecode.lib import audit_logger'
29 29 from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi
30 30 from rhodecode.lib.exceptions import UserGroupAssignedException
31 31 from rhodecode.model.db import Session
32 from rhodecode.model.permission import PermissionModel
32 33 from rhodecode.model.scm import UserGroupList
33 34 from rhodecode.model.user_group import UserGroupModel
34 35 from rhodecode.model import validation_schema
@@ -268,6 +269,10 b' def create_user_group('
268 269 'user_group.create', action_data={'data': creation_data},
269 270 user=apiuser)
270 271 Session().commit()
272
273 affected_user_ids = [apiuser.user_id, owner.user_id]
274 PermissionModel().trigger_permission_flush(affected_user_ids)
275
271 276 return {
272 277 'msg': 'created new user group `%s`' % group_name,
273 278 'user_group': creation_data
@@ -653,8 +658,9 b' def grant_user_permission_to_user_group('
653 658 audit_logger.store_api(
654 659 'user_group.edit.permissions', action_data=action_data,
655 660 user=apiuser)
661 Session().commit()
662 PermissionModel().flush_user_permission_caches(changes)
656 663
657 Session().commit()
658 664 return {
659 665 'msg':
660 666 'Granted perm: `%s` for user: `%s` in user group: `%s`' % (
@@ -722,8 +728,9 b' def revoke_user_permission_from_user_gro'
722 728 audit_logger.store_api(
723 729 'user_group.edit.permissions', action_data=action_data,
724 730 user=apiuser)
731 Session().commit()
732 PermissionModel().flush_user_permission_caches(changes)
725 733
726 Session().commit()
727 734 return {
728 735 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % (
729 736 user.username, user_group.users_group_name
@@ -799,8 +806,9 b' def grant_user_group_permission_to_user_'
799 806 audit_logger.store_api(
800 807 'user_group.edit.permissions', action_data=action_data,
801 808 user=apiuser)
809 Session().commit()
810 PermissionModel().flush_user_permission_caches(changes)
802 811
803 Session().commit()
804 812 return {
805 813 'msg': 'Granted perm: `%s` for user group: `%s` '
806 814 'in user group: `%s`' % (
@@ -877,8 +885,8 b' def revoke_user_group_permission_from_us'
877 885 audit_logger.store_api(
878 886 'user_group.edit.permissions', action_data=action_data,
879 887 user=apiuser)
880
881 888 Session().commit()
889 PermissionModel().flush_user_permission_caches(changes)
882 890
883 891 return {
884 892 'msg': 'Revoked perm for user group: '
Show file before | Show file after | Hide comments
@@ -143,7 +143,7 b' class AdminPermissionsView(BaseAppView, '
143 143 category='error')
144 144
145 145 affected_user_ids = [User.get_default_user().user_id]
146 events.trigger(events.UserPermissionsChange(affected_user_ids))
146 PermissionModel().trigger_permission_flush(affected_user_ids)
147 147
148 148 raise HTTPFound(h.route_path('admin_permissions_application'))
149 149
@@ -219,7 +219,7 b' class AdminPermissionsView(BaseAppView, '
219 219 category='error')
220 220
221 221 affected_user_ids = [User.get_default_user().user_id]
222 events.trigger(events.UserPermissionsChange(affected_user_ids))
222 PermissionModel().trigger_permission_flush(affected_user_ids)
223 223
224 224 raise HTTPFound(h.route_path('admin_permissions_object'))
225 225
@@ -321,7 +321,7 b' class AdminPermissionsView(BaseAppView, '
321 321 category='error')
322 322
323 323 affected_user_ids = [User.get_default_user().user_id]
324 events.trigger(events.UserPermissionsChange(affected_user_ids))
324 PermissionModel().trigger_permission_flush(affected_user_ids)
325 325
326 326 raise HTTPFound(h.route_path('admin_permissions_global'))
327 327
Show file before | Show file after | Hide comments
@@ -36,6 +36,7 b' from rhodecode.lib.auth import ('
36 36 from rhodecode.lib import helpers as h, audit_logger
37 37 from rhodecode.lib.utils2 import safe_int, safe_unicode, datetime_to_time
38 38 from rhodecode.model.forms import RepoGroupForm
39 from rhodecode.model.permission import PermissionModel
39 40 from rhodecode.model.repo_group import RepoGroupModel
40 41 from rhodecode.model.scm import RepoGroupList
41 42 from rhodecode.model.db import (
@@ -354,7 +355,7 b' class AdminRepoGroupsView(BaseAppView, D'
354 355 copy_perms = [perm['user_id'] for perm in user_group_perms]
355 356 # also include those newly created by copy
356 357 affected_user_ids.extend(copy_perms)
357 events.trigger(events.UserPermissionsChange(affected_user_ids))
358 PermissionModel().trigger_permission_flush(affected_user_ids)
358 359
359 360 raise HTTPFound(
360 361 h.route_path('repo_group_home',
Show file before | Show file after | Hide comments
@@ -39,6 +39,7 b' from rhodecode.lib import helpers as h'
39 39 from rhodecode.lib.utils import repo_name_slug
40 40 from rhodecode.lib.utils2 import safe_int, safe_unicode
41 41 from rhodecode.model.forms import RepoForm
42 from rhodecode.model.permission import PermissionModel
42 43 from rhodecode.model.repo import RepoModel
43 44 from rhodecode.model.scm import RepoList, RepoGroupList, ScmModel
44 45 from rhodecode.model.settings import SettingsModel
@@ -179,7 +180,7 b' class AdminReposView(BaseAppView, DataGr'
179 180 if copy_permissions:
180 181 # permission flush is done in repo creating
181 182 pass
182 events.trigger(events.UserPermissionsChange(affected_user_ids))
183 PermissionModel().trigger_permission_flush(affected_user_ids)
183 184
184 185 raise HTTPFound(
185 186 h.route_path('repo_creating', repo_name=repo_name,
Show file before | Show file after | Hide comments
@@ -266,6 +266,8 b' class AdminUserGroupsView(BaseAppView, D'
266 266 % user_group_name, category='error')
267 267 raise HTTPFound(h.route_path('user_groups_new'))
268 268
269 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
269 affected_user_ids = [self._rhodecode_user.user_id]
270 PermissionModel().trigger_permission_flush(affected_user_ids)
271
270 272 raise HTTPFound(
271 273 h.route_path('edit_user_group', user_group_id=user_group_id))
Show file before | Show file after | Hide comments
@@ -597,7 +597,7 b' class UsersView(UserAppView):'
597 597 category='error')
598 598
599 599 affected_user_ids = [user_id]
600 events.trigger(events.UserPermissionsChange(affected_user_ids))
600 PermissionModel().trigger_permission_flush(affected_user_ids)
601 601 raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
602 602
603 603 @LoginRequired()
Show file before | Show file after | Hide comments
@@ -23,14 +23,12 b' import logging'
23 23 from pyramid.view import view_config
24 24 from pyramid.httpexceptions import HTTPFound
25 25
26 from rhodecode import events
27 26 from rhodecode.apps._base import RepoGroupAppView
28 27 from rhodecode.lib import helpers as h
29 28 from rhodecode.lib import audit_logger
30 29 from rhodecode.lib.auth import (
31 30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
32 from rhodecode.lib.utils2 import safe_int
33 from rhodecode.model.db import UserGroup
31 from rhodecode.model.permission import PermissionModel
34 32 from rhodecode.model.repo_group import RepoGroupModel
35 33 from rhodecode.model.forms import RepoGroupPermsForm
36 34 from rhodecode.model.meta import Session
@@ -98,18 +96,7 b' class RepoGroupPermissionsView(RepoGroup'
98 96
99 97 Session().commit()
100 98 h.flash(_('Repository Group permissions updated'), category='success')
101
102 affected_user_ids = []
103 for change in changes['added'] + changes['updated'] + changes['deleted']:
104 if change['type'] == 'user':
105 affected_user_ids.append(change['id'])
106 if change['type'] == 'user_group':
107 user_group = UserGroup.get(safe_int(change['id']))
108 if user_group:
109 group_members_ids = [x.user_id for x in user_group.members]
110 affected_user_ids.extend(group_members_ids)
111
112 events.trigger(events.UserPermissionsChange(affected_user_ids))
99 PermissionModel().flush_user_permission_caches(changes)
113 100
114 101 raise HTTPFound(
115 102 h.route_path('edit_repo_group_perms',
Show file before | Show file after | Hide comments
@@ -33,6 +33,7 b' from rhodecode.lib.auth import ('
33 33 LoginRequired, HasPermissionAll,
34 34 HasRepoGroupPermissionAny, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
35 35 from rhodecode.model.db import Session, RepoGroup, User
36 from rhodecode.model.permission import PermissionModel
36 37 from rhodecode.model.scm import RepoGroupList
37 38 from rhodecode.model.repo_group import RepoGroupModel
38 39 from rhodecode.model.validation_schema.schemas import repo_group_schema
@@ -187,7 +188,7 b' class RepoGroupSettingsView(RepoGroupApp'
187 188 owner = User.get_by_username(schema_data['repo_group_owner'])
188 189 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
189 190 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
191 PermissionModel().trigger_permission_flush(affected_user_ids)
191 192
192 193 raise HTTPFound(
193 194 h.route_path('edit_repo_group', repo_group_name=new_repo_group_name))
Show file before | Show file after | Hide comments
@@ -28,6 +28,7 b' from rhodecode.apps._base import BaseApp'
28 28 from rhodecode.lib import helpers as h
29 29 from rhodecode.lib.auth import (NotAnonymous, HasRepoPermissionAny)
30 30 from rhodecode.model.db import Repository
31 from rhodecode.model.permission import PermissionModel
31 32 from rhodecode.model.validation_schema.types import RepoNameType
32 33
33 34 log = logging.getLogger(__name__)
@@ -122,4 +123,4 b' class RepoChecksView(BaseAppView):'
122 123 # repo is finished and created, we flush the permissions now
123 124 user_group_perms = db_repo.permissions(expand_from_user_groups=True)
124 125 affected_user_ids = [perm['user_id'] for perm in user_group_perms]
125 events.trigger(events.UserPermissionsChange(affected_user_ids))
126 PermissionModel().trigger_permission_flush(affected_user_ids)
Show file before | Show file after | Hide comments
@@ -36,6 +36,7 b' from rhodecode.lib.auth import ('
36 36 import rhodecode.lib.helpers as h
37 37 from rhodecode.lib.celerylib.utils import get_task_id
38 38 from rhodecode.model.db import coalesce, or_, Repository, RepoGroup
39 from rhodecode.model.permission import PermissionModel
39 40 from rhodecode.model.repo import RepoModel
40 41 from rhodecode.model.forms import RepoForkForm
41 42 from rhodecode.model.scm import ScmModel, RepoGroupList
@@ -257,7 +258,7 b' class RepoForksView(RepoAppView, DataGri'
257 258 # permission flush is done in repo creating
258 259 pass
259 260
260 events.trigger(events.UserPermissionsChange(affected_user_ids))
261 PermissionModel().trigger_permission_flush(affected_user_ids)
261 262
262 263 raise HTTPFound(
263 264 h.route_path('repo_creating', repo_name=repo_name,
Show file before | Show file after | Hide comments
@@ -23,16 +23,14 b' import logging'
23 23 from pyramid.httpexceptions import HTTPFound
24 24 from pyramid.view import view_config
25 25
26 from rhodecode import events
27 26 from rhodecode.apps._base import RepoAppView
28 27 from rhodecode.lib import helpers as h
29 28 from rhodecode.lib import audit_logger
30 29 from rhodecode.lib.auth import (
31 30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
32 from rhodecode.lib.utils2 import safe_int
33 from rhodecode.model.db import UserGroup
34 31 from rhodecode.model.forms import RepoPermsForm
35 32 from rhodecode.model.meta import Session
33 from rhodecode.model.permission import PermissionModel
36 34 from rhodecode.model.repo import RepoModel
37 35
38 36 log = logging.getLogger(__name__)
@@ -91,17 +89,7 b' class RepoSettingsPermissionsView(RepoAp'
91 89 Session().commit()
92 90 h.flash(_('Repository permissions updated'), category='success')
93 91
94 affected_user_ids = []
95 for change in changes['added'] + changes['updated'] + changes['deleted']:
96 if change['type'] == 'user':
97 affected_user_ids.append(change['id'])
98 if change['type'] == 'user_group':
99 user_group = UserGroup.get(safe_int(change['id']))
100 if user_group:
101 group_members_ids = [x.user_id for x in user_group.members]
102 affected_user_ids.extend(group_members_ids)
103
104 events.trigger(events.UserPermissionsChange(affected_user_ids))
92 PermissionModel().flush_user_permission_caches(changes)
105 93
106 94 raise HTTPFound(
107 95 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
Show file before | Show file after | Hide comments
@@ -33,6 +33,7 b' from rhodecode.lib.auth import ('
33 33 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
34 34 from rhodecode.model.db import RepositoryField, RepoGroup, Repository, User
35 35 from rhodecode.model.meta import Session
36 from rhodecode.model.permission import PermissionModel
36 37 from rhodecode.model.repo import RepoModel
37 38 from rhodecode.model.scm import RepoGroupList, ScmModel
38 39 from rhodecode.model.validation_schema.schemas import repo_schema
@@ -184,7 +185,7 b' class RepoSettingsView(RepoAppView):'
184 185 owner = User.get_by_username(schema_data['repo_owner'])
185 186 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
186 187 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
187 events.trigger(events.UserPermissionsChange(affected_user_ids))
188 PermissionModel().trigger_permission_flush(affected_user_ids)
188 189
189 190 raise HTTPFound(
190 191 h.route_path('edit_repo', repo_name=new_repo_name))
Show file before | Show file after | Hide comments
@@ -34,6 +34,7 b' from rhodecode.lib.exceptions import Att'
34 34 from rhodecode.lib.utils2 import safe_int
35 35 from rhodecode.lib.vcs import RepositoryError
36 36 from rhodecode.model.db import Session, UserFollowing, User, Repository
37 from rhodecode.model.permission import PermissionModel
37 38 from rhodecode.model.repo import RepoModel
38 39 from rhodecode.model.scm import ScmModel
39 40
@@ -110,7 +111,7 b' class RepoSettingsView(RepoAppView):'
110 111
111 112 # flush permissions for all users defined in permissions
112 113 affected_user_ids = self._get_users_with_permissions().keys()
113 events.trigger(events.UserPermissionsChange(affected_user_ids))
114 PermissionModel().trigger_permission_flush(affected_user_ids)
114 115
115 116 raise HTTPFound(h.route_path('home'))
116 117
Show file before | Show file after | Hide comments
@@ -199,7 +199,7 b' class UserGroupsView(UserGroupAppView):'
199 199 affected_user_ids.append(self._rhodecode_user.user_id)
200 200 affected_user_ids.append(owner_id)
201 201
202 events.trigger(events.UserPermissionsChange(affected_user_ids))
202 PermissionModel().trigger_permission_flush(affected_user_ids)
203 203
204 204 Session().commit()
205 205 except formencode.Invalid as errors:
@@ -383,7 +383,7 b' class UserGroupsView(UserGroupAppView):'
383 383 group_members_ids = [x.user_id for x in user_group.members]
384 384 affected_user_ids.extend(group_members_ids)
385 385
386 events.trigger(events.UserPermissionsChange(affected_user_ids))
386 PermissionModel().trigger_permission_flush(affected_user_ids)
387 387
388 388 raise HTTPFound(
389 389 h.route_path('edit_user_group_perms', user_group_id=user_group_id))
Show file before | Show file after | Hide comments
@@ -28,6 +28,7 b' import traceback'
28 28
29 29 from sqlalchemy.exc import DatabaseError
30 30
31 from rhodecode import events
31 32 from rhodecode.model import BaseModel
32 33 from rhodecode.model.db import (
33 34 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
@@ -556,3 +557,21 b' class PermissionModel(BaseModel):'
556 557 self.sa.rollback()
557 558 raise
558 559
560 def trigger_permission_flush(self, affected_user_ids):
561 events.trigger(events.UserPermissionsChange(affected_user_ids))
562
563 def flush_user_permission_caches(self, changes, affected_user_ids=None):
564 affected_user_ids = affected_user_ids or []
565
566 for change in changes['added'] + changes['updated'] + changes['deleted']:
567 if change['type'] == 'user':
568 affected_user_ids.append(change['id'])
569 if change['type'] == 'user_group':
570 user_group = UserGroup.get(safe_int(change['id']))
571 if user_group:
572 group_members_ids = [x.user_id for x in user_group.members]
573 affected_user_ids.extend(group_members_ids)
574
575 self.trigger_permission_flush(affected_user_ids)
576
577 return affected_user_ids
General Comments 0
You need to be logged in to leave comments. Login now