##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
repo-group-model: add flag to return proper object along the exported names.
marcink -
r1151:8ddcff9d default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,705 +1,710 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 """
23 23 repo group model for RhodeCode
24 24 """
25 25
26 26 import os
27 27 import datetime
28 28 import itertools
29 29 import logging
30 30 import shutil
31 31 import traceback
32 32 import string
33 33
34 34 from zope.cachedescriptors.property import Lazy as LazyProperty
35 35
36 36 from rhodecode import events
37 37 from rhodecode.model import BaseModel
38 38 from rhodecode.model.db import (
39 39 RepoGroup, UserRepoGroupToPerm, User, Permission, UserGroupRepoGroupToPerm,
40 40 UserGroup, Repository)
41 41 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
42 42 from rhodecode.lib.caching_query import FromCache
43 43 from rhodecode.lib.utils2 import action_logger_generic
44 44
45 45 log = logging.getLogger(__name__)
46 46
47 47
48 48 class RepoGroupModel(BaseModel):
49 49
50 50 cls = RepoGroup
51 51 PERSONAL_GROUP_DESC = 'personal repo group of user `%(username)s`'
52 52 PERSONAL_GROUP_PATTERN = '${username}' # default
53 53
54 54 def _get_user_group(self, users_group):
55 55 return self._get_instance(UserGroup, users_group,
56 56 callback=UserGroup.get_by_group_name)
57 57
58 58 def _get_repo_group(self, repo_group):
59 59 return self._get_instance(RepoGroup, repo_group,
60 60 callback=RepoGroup.get_by_group_name)
61 61
62 62 @LazyProperty
63 63 def repos_path(self):
64 64 """
65 65 Gets the repositories root path from database
66 66 """
67 67
68 68 settings_model = VcsSettingsModel(sa=self.sa)
69 69 return settings_model.get_repos_location()
70 70
71 71 def get_by_group_name(self, repo_group_name, cache=None):
72 72 repo = self.sa.query(RepoGroup) \
73 73 .filter(RepoGroup.group_name == repo_group_name)
74 74
75 75 if cache:
76 76 repo = repo.options(FromCache(
77 77 "sql_cache_short", "get_repo_group_%s" % repo_group_name))
78 78 return repo.scalar()
79 79
80 80 def get_default_create_personal_repo_group(self):
81 81 value = SettingsModel().get_setting_by_name(
82 82 'create_personal_repo_group')
83 83 return value.app_settings_value if value else None or False
84 84
85 85 def get_personal_group_name_pattern(self):
86 86 value = SettingsModel().get_setting_by_name(
87 87 'personal_repo_group_pattern')
88 88 val = value.app_settings_value if value else None
89 89 group_template = val or self.PERSONAL_GROUP_PATTERN
90 90
91 91 group_template = group_template.lstrip('/')
92 92 return group_template
93 93
94 94 def get_personal_group_name(self, user):
95 95 template = self.get_personal_group_name_pattern()
96 96 return string.Template(template).safe_substitute(
97 97 username=user.username,
98 98 user_id=user.user_id,
99 99 )
100 100
101 101 def create_personal_repo_group(self, user, commit_early=True):
102 102 desc = self.PERSONAL_GROUP_DESC % {'username': user.username}
103 103 personal_repo_group_name = self.get_personal_group_name(user)
104 104
105 105 # create a new one
106 106 RepoGroupModel().create(
107 107 group_name=personal_repo_group_name,
108 108 group_description=desc,
109 109 owner=user.username,
110 110 personal=True,
111 111 commit_early=commit_early)
112 112
113 113 def _create_default_perms(self, new_group):
114 114 # create default permission
115 115 default_perm = 'group.read'
116 116 def_user = User.get_default_user()
117 117 for p in def_user.user_perms:
118 118 if p.permission.permission_name.startswith('group.'):
119 119 default_perm = p.permission.permission_name
120 120 break
121 121
122 122 repo_group_to_perm = UserRepoGroupToPerm()
123 123 repo_group_to_perm.permission = Permission.get_by_key(default_perm)
124 124
125 125 repo_group_to_perm.group = new_group
126 126 repo_group_to_perm.user_id = def_user.user_id
127 127 return repo_group_to_perm
128 128
129 def _get_group_name_and_parent(self, group_name_full, repo_in_path=False):
129 def _get_group_name_and_parent(self, group_name_full, repo_in_path=False,
130 get_object=False):
130 131 """
131 132 Get's the group name and a parent group name from given group name.
132 133 If repo_in_path is set to truth, we asume the full path also includes
133 134 repo name, in such case we clean the last element.
134 135
135 136 :param group_name_full:
136 137 """
137 138 split_paths = 1
138 139 if repo_in_path:
139 140 split_paths = 2
140 141 _parts = group_name_full.rsplit(RepoGroup.url_sep(), split_paths)
141 142
142 143 if repo_in_path and len(_parts) > 1:
143 144 # such case last element is the repo_name
144 145 _parts.pop(-1)
145 146 group_name_cleaned = _parts[-1] # just the group name
146 147 parent_repo_group_name = None
147 148
148 149 if len(_parts) > 1:
149 150 parent_repo_group_name = _parts[0]
150 151
152 parent_group = None
151 153 if parent_repo_group_name:
152 154 parent_group = RepoGroup.get_by_group_name(parent_repo_group_name)
153 155
156 if get_object:
157 return group_name_cleaned, parent_repo_group_name, parent_group
158
154 159 return group_name_cleaned, parent_repo_group_name
155 160
156 161 def check_exist_filesystem(self, group_name, exc_on_failure=True):
157 162 create_path = os.path.join(self.repos_path, group_name)
158 163 log.debug('creating new group in %s', create_path)
159 164
160 165 if os.path.isdir(create_path):
161 166 if exc_on_failure:
162 167 raise Exception('That directory already exists !')
163 168 return False
164 169 return True
165 170
166 171 def _create_group(self, group_name):
167 172 """
168 173 makes repository group on filesystem
169 174
170 175 :param repo_name:
171 176 :param parent_id:
172 177 """
173 178
174 179 self.check_exist_filesystem(group_name)
175 180 create_path = os.path.join(self.repos_path, group_name)
176 181 log.debug('creating new group in %s', create_path)
177 182 os.makedirs(create_path, mode=0755)
178 183 log.debug('created group in %s', create_path)
179 184
180 185 def _rename_group(self, old, new):
181 186 """
182 187 Renames a group on filesystem
183 188
184 189 :param group_name:
185 190 """
186 191
187 192 if old == new:
188 193 log.debug('skipping group rename')
189 194 return
190 195
191 196 log.debug('renaming repository group from %s to %s', old, new)
192 197
193 198 old_path = os.path.join(self.repos_path, old)
194 199 new_path = os.path.join(self.repos_path, new)
195 200
196 201 log.debug('renaming repos paths from %s to %s', old_path, new_path)
197 202
198 203 if os.path.isdir(new_path):
199 204 raise Exception('Was trying to rename to already '
200 205 'existing dir %s' % new_path)
201 206 shutil.move(old_path, new_path)
202 207
203 208 def _delete_filesystem_group(self, group, force_delete=False):
204 209 """
205 210 Deletes a group from a filesystem
206 211
207 212 :param group: instance of group from database
208 213 :param force_delete: use shutil rmtree to remove all objects
209 214 """
210 215 paths = group.full_path.split(RepoGroup.url_sep())
211 216 paths = os.sep.join(paths)
212 217
213 218 rm_path = os.path.join(self.repos_path, paths)
214 219 log.info("Removing group %s", rm_path)
215 220 # delete only if that path really exists
216 221 if os.path.isdir(rm_path):
217 222 if force_delete:
218 223 shutil.rmtree(rm_path)
219 224 else:
220 225 # archive that group`
221 226 _now = datetime.datetime.now()
222 227 _ms = str(_now.microsecond).rjust(6, '0')
223 228 _d = 'rm__%s_GROUP_%s' % (
224 229 _now.strftime('%Y%m%d_%H%M%S_' + _ms), group.name)
225 230 shutil.move(rm_path, os.path.join(self.repos_path, _d))
226 231
227 232 def create(self, group_name, group_description, owner, just_db=False,
228 233 copy_permissions=False, personal=None, commit_early=True):
229 234
230 235 (group_name_cleaned,
231 236 parent_group_name) = RepoGroupModel()._get_group_name_and_parent(group_name)
232 237
233 238 parent_group = None
234 239 if parent_group_name:
235 240 parent_group = self._get_repo_group(parent_group_name)
236 241 if not parent_group:
237 242 # we tried to create a nested group, but the parent is not
238 243 # existing
239 244 raise ValueError(
240 245 'Parent group `%s` given in `%s` group name '
241 246 'is not yet existing.' % (parent_group_name, group_name))
242 247
243 248 # because we are doing a cleanup, we need to check if such directory
244 249 # already exists. If we don't do that we can accidentally delete
245 250 # existing directory via cleanup that can cause data issues, since
246 251 # delete does a folder rename to special syntax later cleanup
247 252 # functions can delete this
248 253 cleanup_group = self.check_exist_filesystem(group_name,
249 254 exc_on_failure=False)
250 255 try:
251 256 user = self._get_user(owner)
252 257 new_repo_group = RepoGroup()
253 258 new_repo_group.user = user
254 259 new_repo_group.group_description = group_description or group_name
255 260 new_repo_group.parent_group = parent_group
256 261 new_repo_group.group_name = group_name
257 262 new_repo_group.personal = personal
258 263
259 264 self.sa.add(new_repo_group)
260 265
261 266 # create an ADMIN permission for owner except if we're super admin,
262 267 # later owner should go into the owner field of groups
263 268 if not user.is_admin:
264 269 self.grant_user_permission(repo_group=new_repo_group,
265 270 user=owner, perm='group.admin')
266 271
267 272 if parent_group and copy_permissions:
268 273 # copy permissions from parent
269 274 user_perms = UserRepoGroupToPerm.query() \
270 275 .filter(UserRepoGroupToPerm.group == parent_group).all()
271 276
272 277 group_perms = UserGroupRepoGroupToPerm.query() \
273 278 .filter(UserGroupRepoGroupToPerm.group == parent_group).all()
274 279
275 280 for perm in user_perms:
276 281 # don't copy over the permission for user who is creating
277 282 # this group, if he is not super admin he get's admin
278 283 # permission set above
279 284 if perm.user != user or user.is_admin:
280 285 UserRepoGroupToPerm.create(
281 286 perm.user, new_repo_group, perm.permission)
282 287
283 288 for perm in group_perms:
284 289 UserGroupRepoGroupToPerm.create(
285 290 perm.users_group, new_repo_group, perm.permission)
286 291 else:
287 292 perm_obj = self._create_default_perms(new_repo_group)
288 293 self.sa.add(perm_obj)
289 294
290 295 # now commit the changes, earlier so we are sure everything is in
291 296 # the database.
292 297 if commit_early:
293 298 self.sa.commit()
294 299 if not just_db:
295 300 self._create_group(new_repo_group.group_name)
296 301
297 302 # trigger the post hook
298 303 from rhodecode.lib.hooks_base import log_create_repository_group
299 304 repo_group = RepoGroup.get_by_group_name(group_name)
300 305 log_create_repository_group(
301 306 created_by=user.username, **repo_group.get_dict())
302 307
303 308 # Trigger create event.
304 309 events.trigger(events.RepoGroupCreateEvent(repo_group))
305 310
306 311 return new_repo_group
307 312 except Exception:
308 313 self.sa.rollback()
309 314 log.exception('Exception occurred when creating repository group, '
310 315 'doing cleanup...')
311 316 # rollback things manually !
312 317 repo_group = RepoGroup.get_by_group_name(group_name)
313 318 if repo_group:
314 319 RepoGroup.delete(repo_group.group_id)
315 320 self.sa.commit()
316 321 if cleanup_group:
317 322 RepoGroupModel()._delete_filesystem_group(repo_group)
318 323 raise
319 324
320 325 def update_permissions(
321 326 self, repo_group, perm_additions=None, perm_updates=None,
322 327 perm_deletions=None, recursive=None, check_perms=True,
323 328 cur_user=None):
324 329 from rhodecode.model.repo import RepoModel
325 330 from rhodecode.lib.auth import HasUserGroupPermissionAny
326 331
327 332 if not perm_additions:
328 333 perm_additions = []
329 334 if not perm_updates:
330 335 perm_updates = []
331 336 if not perm_deletions:
332 337 perm_deletions = []
333 338
334 339 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
335 340
336 341 def _set_perm_user(obj, user, perm):
337 342 if isinstance(obj, RepoGroup):
338 343 self.grant_user_permission(
339 344 repo_group=obj, user=user, perm=perm)
340 345 elif isinstance(obj, Repository):
341 346 # private repos will not allow to change the default
342 347 # permissions using recursive mode
343 348 if obj.private and user == User.DEFAULT_USER:
344 349 return
345 350
346 351 # we set group permission but we have to switch to repo
347 352 # permission
348 353 perm = perm.replace('group.', 'repository.')
349 354 RepoModel().grant_user_permission(
350 355 repo=obj, user=user, perm=perm)
351 356
352 357 def _set_perm_group(obj, users_group, perm):
353 358 if isinstance(obj, RepoGroup):
354 359 self.grant_user_group_permission(
355 360 repo_group=obj, group_name=users_group, perm=perm)
356 361 elif isinstance(obj, Repository):
357 362 # we set group permission but we have to switch to repo
358 363 # permission
359 364 perm = perm.replace('group.', 'repository.')
360 365 RepoModel().grant_user_group_permission(
361 366 repo=obj, group_name=users_group, perm=perm)
362 367
363 368 def _revoke_perm_user(obj, user):
364 369 if isinstance(obj, RepoGroup):
365 370 self.revoke_user_permission(repo_group=obj, user=user)
366 371 elif isinstance(obj, Repository):
367 372 RepoModel().revoke_user_permission(repo=obj, user=user)
368 373
369 374 def _revoke_perm_group(obj, user_group):
370 375 if isinstance(obj, RepoGroup):
371 376 self.revoke_user_group_permission(
372 377 repo_group=obj, group_name=user_group)
373 378 elif isinstance(obj, Repository):
374 379 RepoModel().revoke_user_group_permission(
375 380 repo=obj, group_name=user_group)
376 381
377 382 # start updates
378 383 updates = []
379 384 log.debug('Now updating permissions for %s in recursive mode:%s',
380 385 repo_group, recursive)
381 386
382 387 # initialize check function, we'll call that multiple times
383 388 has_group_perm = HasUserGroupPermissionAny(*req_perms)
384 389
385 390 for obj in repo_group.recursive_groups_and_repos():
386 391 # iterated obj is an instance of a repos group or repository in
387 392 # that group, recursive option can be: none, repos, groups, all
388 393 if recursive == 'all':
389 394 obj = obj
390 395 elif recursive == 'repos':
391 396 # skip groups, other than this one
392 397 if isinstance(obj, RepoGroup) and not obj == repo_group:
393 398 continue
394 399 elif recursive == 'groups':
395 400 # skip repos
396 401 if isinstance(obj, Repository):
397 402 continue
398 403 else: # recursive == 'none':
399 404 # DEFAULT option - don't apply to iterated objects
400 405 # also we do a break at the end of this loop. if we are not
401 406 # in recursive mode
402 407 obj = repo_group
403 408
404 409 # update permissions
405 410 for member_id, perm, member_type in perm_updates:
406 411 member_id = int(member_id)
407 412 if member_type == 'user':
408 413 # this updates also current one if found
409 414 _set_perm_user(obj, user=member_id, perm=perm)
410 415 else: # set for user group
411 416 member_name = UserGroup.get(member_id).users_group_name
412 417 if not check_perms or has_group_perm(member_name,
413 418 user=cur_user):
414 419 _set_perm_group(obj, users_group=member_id, perm=perm)
415 420
416 421 # set new permissions
417 422 for member_id, perm, member_type in perm_additions:
418 423 member_id = int(member_id)
419 424 if member_type == 'user':
420 425 _set_perm_user(obj, user=member_id, perm=perm)
421 426 else: # set for user group
422 427 # check if we have permissions to alter this usergroup
423 428 member_name = UserGroup.get(member_id).users_group_name
424 429 if not check_perms or has_group_perm(member_name,
425 430 user=cur_user):
426 431 _set_perm_group(obj, users_group=member_id, perm=perm)
427 432
428 433 # delete permissions
429 434 for member_id, perm, member_type in perm_deletions:
430 435 member_id = int(member_id)
431 436 if member_type == 'user':
432 437 _revoke_perm_user(obj, user=member_id)
433 438 else: # set for user group
434 439 # check if we have permissions to alter this usergroup
435 440 member_name = UserGroup.get(member_id).users_group_name
436 441 if not check_perms or has_group_perm(member_name,
437 442 user=cur_user):
438 443 _revoke_perm_group(obj, user_group=member_id)
439 444
440 445 updates.append(obj)
441 446 # if it's not recursive call for all,repos,groups
442 447 # break the loop and don't proceed with other changes
443 448 if recursive not in ['all', 'repos', 'groups']:
444 449 break
445 450
446 451 return updates
447 452
448 453 def update(self, repo_group, form_data):
449 454 try:
450 455 repo_group = self._get_repo_group(repo_group)
451 456 old_path = repo_group.full_path
452 457
453 458 # change properties
454 459 if 'group_description' in form_data:
455 460 repo_group.group_description = form_data['group_description']
456 461
457 462 if 'enable_locking' in form_data:
458 463 repo_group.enable_locking = form_data['enable_locking']
459 464
460 465 if 'group_parent_id' in form_data:
461 466 parent_group = (
462 467 self._get_repo_group(form_data['group_parent_id']))
463 468 repo_group.group_parent_id = (
464 469 parent_group.group_id if parent_group else None)
465 470 repo_group.parent_group = parent_group
466 471
467 472 # mikhail: to update the full_path, we have to explicitly
468 473 # update group_name
469 474 group_name = form_data.get('group_name', repo_group.name)
470 475 repo_group.group_name = repo_group.get_new_name(group_name)
471 476
472 477 new_path = repo_group.full_path
473 478
474 479 if 'user' in form_data:
475 480 repo_group.user = User.get_by_username(form_data['user'])
476 481
477 482 self.sa.add(repo_group)
478 483
479 484 # iterate over all members of this groups and do fixes
480 485 # set locking if given
481 486 # if obj is a repoGroup also fix the name of the group according
482 487 # to the parent
483 488 # if obj is a Repo fix it's name
484 489 # this can be potentially heavy operation
485 490 for obj in repo_group.recursive_groups_and_repos():
486 491 # set the value from it's parent
487 492 obj.enable_locking = repo_group.enable_locking
488 493 if isinstance(obj, RepoGroup):
489 494 new_name = obj.get_new_name(obj.name)
490 495 log.debug('Fixing group %s to new name %s',
491 496 obj.group_name, new_name)
492 497 obj.group_name = new_name
493 498 elif isinstance(obj, Repository):
494 499 # we need to get all repositories from this new group and
495 500 # rename them accordingly to new group path
496 501 new_name = obj.get_new_name(obj.just_name)
497 502 log.debug('Fixing repo %s to new name %s',
498 503 obj.repo_name, new_name)
499 504 obj.repo_name = new_name
500 505 self.sa.add(obj)
501 506
502 507 self._rename_group(old_path, new_path)
503 508
504 509 # Trigger update event.
505 510 events.trigger(events.RepoGroupUpdateEvent(repo_group))
506 511
507 512 return repo_group
508 513 except Exception:
509 514 log.error(traceback.format_exc())
510 515 raise
511 516
512 517 def delete(self, repo_group, force_delete=False, fs_remove=True):
513 518 repo_group = self._get_repo_group(repo_group)
514 519 if not repo_group:
515 520 return False
516 521 try:
517 522 self.sa.delete(repo_group)
518 523 if fs_remove:
519 524 self._delete_filesystem_group(repo_group, force_delete)
520 525 else:
521 526 log.debug('skipping removal from filesystem')
522 527
523 528 # Trigger delete event.
524 529 events.trigger(events.RepoGroupDeleteEvent(repo_group))
525 530 return True
526 531
527 532 except Exception:
528 533 log.error('Error removing repo_group %s', repo_group)
529 534 raise
530 535
531 536 def grant_user_permission(self, repo_group, user, perm):
532 537 """
533 538 Grant permission for user on given repository group, or update
534 539 existing one if found
535 540
536 541 :param repo_group: Instance of RepoGroup, repositories_group_id,
537 542 or repositories_group name
538 543 :param user: Instance of User, user_id or username
539 544 :param perm: Instance of Permission, or permission_name
540 545 """
541 546
542 547 repo_group = self._get_repo_group(repo_group)
543 548 user = self._get_user(user)
544 549 permission = self._get_perm(perm)
545 550
546 551 # check if we have that permission already
547 552 obj = self.sa.query(UserRepoGroupToPerm)\
548 553 .filter(UserRepoGroupToPerm.user == user)\
549 554 .filter(UserRepoGroupToPerm.group == repo_group)\
550 555 .scalar()
551 556 if obj is None:
552 557 # create new !
553 558 obj = UserRepoGroupToPerm()
554 559 obj.group = repo_group
555 560 obj.user = user
556 561 obj.permission = permission
557 562 self.sa.add(obj)
558 563 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
559 564 action_logger_generic(
560 565 'granted permission: {} to user: {} on repogroup: {}'.format(
561 566 perm, user, repo_group), namespace='security.repogroup')
562 567 return obj
563 568
564 569 def revoke_user_permission(self, repo_group, user):
565 570 """
566 571 Revoke permission for user on given repository group
567 572
568 573 :param repo_group: Instance of RepoGroup, repositories_group_id,
569 574 or repositories_group name
570 575 :param user: Instance of User, user_id or username
571 576 """
572 577
573 578 repo_group = self._get_repo_group(repo_group)
574 579 user = self._get_user(user)
575 580
576 581 obj = self.sa.query(UserRepoGroupToPerm)\
577 582 .filter(UserRepoGroupToPerm.user == user)\
578 583 .filter(UserRepoGroupToPerm.group == repo_group)\
579 584 .scalar()
580 585 if obj:
581 586 self.sa.delete(obj)
582 587 log.debug('Revoked perm on %s on %s', repo_group, user)
583 588 action_logger_generic(
584 589 'revoked permission from user: {} on repogroup: {}'.format(
585 590 user, repo_group), namespace='security.repogroup')
586 591
587 592 def grant_user_group_permission(self, repo_group, group_name, perm):
588 593 """
589 594 Grant permission for user group on given repository group, or update
590 595 existing one if found
591 596
592 597 :param repo_group: Instance of RepoGroup, repositories_group_id,
593 598 or repositories_group name
594 599 :param group_name: Instance of UserGroup, users_group_id,
595 600 or user group name
596 601 :param perm: Instance of Permission, or permission_name
597 602 """
598 603 repo_group = self._get_repo_group(repo_group)
599 604 group_name = self._get_user_group(group_name)
600 605 permission = self._get_perm(perm)
601 606
602 607 # check if we have that permission already
603 608 obj = self.sa.query(UserGroupRepoGroupToPerm)\
604 609 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
605 610 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
606 611 .scalar()
607 612
608 613 if obj is None:
609 614 # create new
610 615 obj = UserGroupRepoGroupToPerm()
611 616
612 617 obj.group = repo_group
613 618 obj.users_group = group_name
614 619 obj.permission = permission
615 620 self.sa.add(obj)
616 621 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
617 622 action_logger_generic(
618 623 'granted permission: {} to usergroup: {} on repogroup: {}'.format(
619 624 perm, group_name, repo_group), namespace='security.repogroup')
620 625 return obj
621 626
622 627 def revoke_user_group_permission(self, repo_group, group_name):
623 628 """
624 629 Revoke permission for user group on given repository group
625 630
626 631 :param repo_group: Instance of RepoGroup, repositories_group_id,
627 632 or repositories_group name
628 633 :param group_name: Instance of UserGroup, users_group_id,
629 634 or user group name
630 635 """
631 636 repo_group = self._get_repo_group(repo_group)
632 637 group_name = self._get_user_group(group_name)
633 638
634 639 obj = self.sa.query(UserGroupRepoGroupToPerm)\
635 640 .filter(UserGroupRepoGroupToPerm.group == repo_group)\
636 641 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
637 642 .scalar()
638 643 if obj:
639 644 self.sa.delete(obj)
640 645 log.debug('Revoked perm to %s on %s', repo_group, group_name)
641 646 action_logger_generic(
642 647 'revoked permission from usergroup: {} on repogroup: {}'.format(
643 648 group_name, repo_group), namespace='security.repogroup')
644 649
645 650 def get_repo_groups_as_dict(self, repo_group_list=None, admin=False,
646 651 super_user_actions=False):
647 652
648 653 from rhodecode.lib.utils import PartialRenderer
649 654 _render = PartialRenderer('data_table/_dt_elements.html')
650 655 c = _render.c
651 656 h = _render.h
652 657
653 658 def quick_menu(repo_group_name):
654 659 return _render('quick_repo_group_menu', repo_group_name)
655 660
656 661 def repo_group_lnk(repo_group_name):
657 662 return _render('repo_group_name', repo_group_name)
658 663
659 664 def desc(desc, personal):
660 665 prefix = h.escaped_stylize(u'[personal] ') if personal else ''
661 666
662 667 if c.visual.stylify_metatags:
663 668 desc = h.urlify_text(prefix + h.escaped_stylize(desc))
664 669 else:
665 670 desc = h.urlify_text(prefix + h.html_escape(desc))
666 671
667 672 return _render('repo_group_desc', desc)
668 673
669 674 def repo_group_actions(repo_group_id, repo_group_name, gr_count):
670 675 return _render(
671 676 'repo_group_actions', repo_group_id, repo_group_name, gr_count)
672 677
673 678 def repo_group_name(repo_group_name, children_groups):
674 679 return _render("repo_group_name", repo_group_name, children_groups)
675 680
676 681 def user_profile(username):
677 682 return _render('user_profile', username)
678 683
679 684 repo_group_data = []
680 685 for group in repo_group_list:
681 686
682 687 row = {
683 688 "menu": quick_menu(group.group_name),
684 689 "name": repo_group_lnk(group.group_name),
685 690 "name_raw": group.group_name,
686 691 "desc": desc(group.group_description, group.personal),
687 692 "top_level_repos": 0,
688 693 "owner": user_profile(group.user.username)
689 694 }
690 695 if admin:
691 696 repo_count = group.repositories.count()
692 697 children_groups = map(
693 698 h.safe_unicode,
694 699 itertools.chain((g.name for g in group.parents),
695 700 (x.name for x in [group])))
696 701 row.update({
697 702 "action": repo_group_actions(
698 703 group.group_id, group.group_name, repo_count),
699 704 "top_level_repos": repo_count,
700 705 "name": repo_group_name(group.group_name, children_groups),
701 706
702 707 })
703 708 repo_group_data.append(row)
704 709
705 710 return repo_group_data
General Comments 0
You need to be logged in to leave comments. Login now