Show More
| @@ -120,11 +120,25 b' class SshWrapper(object):' | |||||
| 120 |
|
120 | |||
| 121 | return vcs_type, repo_name, mode |
|
121 | return vcs_type, repo_name, mode | |
| 122 |
|
122 | |||
| 123 | def serve(self, vcs, repo, mode, user, permissions): |
|
123 | def serve(self, vcs, repo, mode, user, permissions, branch_permissions): | |
| 124 | store = ScmModel().repos_path |
|
124 | store = ScmModel().repos_path | |
| 125 |
|
125 | |||
|
|
126 | check_branch_perms = False | |||
|
|
127 | detect_force_push = False | |||
|
|
128 | ||||
|
|
129 | if branch_permissions: | |||
|
|
130 | check_branch_perms = True | |||
|
|
131 | detect_force_push = True | |||
|
|
132 | ||||
| 126 | log.debug( |
|
133 | log.debug( | |
| 127 |
'VCS detected:`%s` mode: `%s` repo_name: %s', |
|
134 | 'VCS detected:`%s` mode: `%s` repo_name: %s, branch_permission_checks:%s', | |
|
|
135 | vcs, mode, repo, check_branch_perms) | |||
|
|
136 | ||||
|
|
137 | # detect if we have to check branch permissions | |||
|
|
138 | extras = { | |||
|
|
139 | 'detect_force_push': detect_force_push, | |||
|
|
140 | 'check_branch_perms': check_branch_perms, | |||
|
|
141 | } | |||
| 128 |
|
142 | |||
| 129 | if vcs == 'hg': |
|
143 | if vcs == 'hg': | |
| 130 | server = MercurialServer( |
|
144 | server = MercurialServer( | |
| @@ -132,7 +146,7 b' class SshWrapper(object):' | |||||
| 132 | repo_name=repo, user=user, |
|
146 | repo_name=repo, user=user, | |
| 133 | user_permissions=permissions, config=self.config, env=self.env) |
|
147 | user_permissions=permissions, config=self.config, env=self.env) | |
| 134 | self.server_impl = server |
|
148 | self.server_impl = server | |
| 135 | return server.run() |
|
149 | return server.run(tunnel_extras=extras) | |
| 136 |
|
150 | |||
| 137 | elif vcs == 'git': |
|
151 | elif vcs == 'git': | |
| 138 | server = GitServer( |
|
152 | server = GitServer( | |
| @@ -140,7 +154,7 b' class SshWrapper(object):' | |||||
| 140 | repo_name=repo, repo_mode=mode, user=user, |
|
154 | repo_name=repo, repo_mode=mode, user=user, | |
| 141 | user_permissions=permissions, config=self.config, env=self.env) |
|
155 | user_permissions=permissions, config=self.config, env=self.env) | |
| 142 | self.server_impl = server |
|
156 | self.server_impl = server | |
| 143 | return server.run() |
|
157 | return server.run(tunnel_extras=extras) | |
| 144 |
|
158 | |||
| 145 | elif vcs == 'svn': |
|
159 | elif vcs == 'svn': | |
| 146 | server = SubversionServer( |
|
160 | server = SubversionServer( | |
| @@ -148,7 +162,7 b' class SshWrapper(object):' | |||||
| 148 | repo_name=None, user=user, |
|
162 | repo_name=None, user=user, | |
| 149 | user_permissions=permissions, config=self.config, env=self.env) |
|
163 | user_permissions=permissions, config=self.config, env=self.env) | |
| 150 | self.server_impl = server |
|
164 | self.server_impl = server | |
| 151 | return server.run() |
|
165 | return server.run(tunnel_extras=extras) | |
| 152 |
|
166 | |||
| 153 | else: |
|
167 | else: | |
| 154 | raise Exception('Unrecognised VCS: {}'.format(vcs)) |
|
168 | raise Exception('Unrecognised VCS: {}'.format(vcs)) | |
| @@ -188,10 +202,11 b' class SshWrapper(object):' | |||||
| 188 |
|
202 | |||
| 189 | auth_user = user.AuthUser() |
|
203 | auth_user = user.AuthUser() | |
| 190 | permissions = auth_user.permissions['repositories'] |
|
204 | permissions = auth_user.permissions['repositories'] | |
| 191 |
|
205 | repo_branch_permissions = auth_user.get_branch_permissions(scm_repo) | ||
| 192 | try: |
|
206 | try: | |
| 193 | exit_code, is_updated = self.serve( |
|
207 | exit_code, is_updated = self.serve( | |
| 194 |
scm_detected, scm_repo, scm_mode, user, permissions |
|
208 | scm_detected, scm_repo, scm_mode, user, permissions, | |
|
|
209 | repo_branch_permissions) | |||
| 195 | except Exception: |
|
210 | except Exception: | |
| 196 | log.exception('Error occurred during execution of SshWrapper') |
|
211 | log.exception('Error occurred during execution of SshWrapper') | |
| 197 | exit_code = -1 |
|
212 | exit_code = -1 | |
| @@ -106,11 +106,15 b' class VcsServer(object):' | |||||
| 106 | 'make_lock': None, |
|
106 | 'make_lock': None, | |
| 107 | 'locked_by': [None, None], |
|
107 | 'locked_by': [None, None], | |
| 108 | 'server_url': None, |
|
108 | 'server_url': None, | |
| 109 | 'is_shadow_repo': False, |
|
109 | 'user_agent': 'ssh-user-agent', | |
| 110 | 'hooks_module': 'rhodecode.lib.hooks_daemon', |
|
|||
| 111 | 'hooks': ['push', 'pull'], |
|
110 | 'hooks': ['push', 'pull'], | |
|
|
111 | 'hooks_module': 'rhodecode.lib.hooks_daemon', | |||
|
|
112 | 'is_shadow_repo': False, | |||
|
|
113 | 'detect_force_push': False, | |||
|
|
114 | 'check_branch_perms': False, | |||
|
|
115 | ||||
| 112 | 'SSH': True, |
|
116 | 'SSH': True, | |
| 113 | 'SSH_PERMISSIONS': self.user_permissions.get(self.repo_name) |
|
117 | 'SSH_PERMISSIONS': self.user_permissions.get(self.repo_name), | |
| 114 | } |
|
118 | } | |
| 115 | if extras: |
|
119 | if extras: | |
| 116 | scm_data.update(extras) |
|
120 | scm_data.update(extras) | |
| @@ -139,8 +143,10 b' class VcsServer(object):' | |||||
| 139 |
|
143 | |||
| 140 | return exit_code, action == "push" |
|
144 | return exit_code, action == "push" | |
| 141 |
|
145 | |||
| 142 | def run(self): |
|
146 | def run(self, tunnel_extras=None): | |
|
|
147 | tunnel_extras = tunnel_extras or {} | |||
| 143 | extras = {} |
|
148 | extras = {} | |
|
|
149 | extras.update(tunnel_extras) | |||
| 144 |
|
150 | |||
| 145 | callback_daemon, extras = prepare_callback_daemon( |
|
151 | callback_daemon, extras = prepare_callback_daemon( | |
| 146 | extras, protocol=vcs_settings.HOOKS_PROTOCOL, |
|
152 | extras, protocol=vcs_settings.HOOKS_PROTOCOL, | |
| @@ -139,6 +139,9 b' class TestGitServer(object):' | |||||
| 139 | 'hooks': ['push', 'pull'], |
|
139 | 'hooks': ['push', 'pull'], | |
| 140 | 'is_shadow_repo': False, |
|
140 | 'is_shadow_repo': False, | |
| 141 | 'hooks_module': 'rhodecode.lib.hooks_daemon', |
|
141 | 'hooks_module': 'rhodecode.lib.hooks_daemon', | |
|
|
142 | 'check_branch_perms': False, | |||
|
|
143 | 'detect_force_push': False, | |||
|
|
144 | 'user_agent': u'ssh-user-agent', | |||
| 142 | 'SSH': True, |
|
145 | 'SSH': True, | |
| 143 | 'SSH_PERMISSIONS': 'repository.admin', |
|
146 | 'SSH_PERMISSIONS': 'repository.admin', | |
| 144 | } |
|
147 | } | |
| @@ -27,7 +27,7 b' class TestSSHWrapper(object):' | |||||
| 27 | with pytest.raises(Exception) as exc_info: |
|
27 | with pytest.raises(Exception) as exc_info: | |
| 28 | ssh_wrapper.serve( |
|
28 | ssh_wrapper.serve( | |
| 29 | vcs='microsoft-tfs', repo='test-repo', mode=None, user='test', |
|
29 | vcs='microsoft-tfs', repo='test-repo', mode=None, user='test', | |
| 30 | permissions={}) |
|
30 | permissions={}, branch_permissions={}) | |
| 31 | assert exc_info.value.message == 'Unrecognised VCS: microsoft-tfs' |
|
31 | assert exc_info.value.message == 'Unrecognised VCS: microsoft-tfs' | |
| 32 |
|
32 | |||
| 33 | def test_parse_config(self, ssh_wrapper): |
|
33 | def test_parse_config(self, ssh_wrapper): | |
| @@ -1362,8 +1362,11 b' class AuthUser(object):' | |||||
| 1362 |
|
1362 | |||
| 1363 | def get_branch_permissions(self, repo_name, perms=None): |
|
1363 | def get_branch_permissions(self, repo_name, perms=None): | |
| 1364 | perms = perms or self.permissions_with_scope({'repo_name': repo_name}) |
|
1364 | perms = perms or self.permissions_with_scope({'repo_name': repo_name}) | |
| 1365 | branch_perms = perms.get('repository_branches') |
|
1365 | branch_perms = perms.get('repository_branches', {}) | |
| 1366 |
|
|
1366 | if not branch_perms: | |
|
|
1367 | return {} | |||
|
|
1368 | repo_branch_perms = branch_perms.get(repo_name) | |||
|
|
1369 | return repo_branch_perms or {} | |||
| 1367 |
|
1370 | |||
| 1368 | def get_rule_and_branch_permission(self, repo_name, branch_name): |
|
1371 | def get_rule_and_branch_permission(self, repo_name, branch_name): | |
| 1369 | """ |
|
1372 | """ | |
| @@ -1373,11 +1376,7 b' class AuthUser(object):' | |||||
| 1373 |
|
1376 | |||
| 1374 | rule = default_perm = '' |
|
1377 | rule = default_perm = '' | |
| 1375 |
|
1378 | |||
| 1376 | branch_perms = self.get_branch_permissions(repo_name=repo_name) |
|
1379 | repo_branch_perms = self.get_branch_permissions(repo_name=repo_name) | |
| 1377 | if not branch_perms: |
|
|||
| 1378 | return rule, default_perm |
|
|||
| 1379 |
|
||||
| 1380 | repo_branch_perms = branch_perms.get(repo_name) |
|
|||
| 1381 | if not repo_branch_perms: |
|
1380 | if not repo_branch_perms: | |
| 1382 | return rule, default_perm |
|
1381 | return rule, default_perm | |
| 1383 |
|
1382 | |||
| @@ -179,7 +179,9 b' def vcs_operation_context(' | |||||
| 179 | settings_model = VcsSettingsModel(repo=repo_name) |
|
179 | settings_model = VcsSettingsModel(repo=repo_name) | |
| 180 | ui_settings = settings_model.get_ui_settings() |
|
180 | ui_settings = settings_model.get_ui_settings() | |
| 181 |
|
181 | |||
| 182 | extras = { |
|
182 | # NOTE(marcink): This should be also in sync with | |
|
|
183 | # rhodecode/apps/ssh_support/lib/backends/base.py:update_enviroment scm_data | |||
|
|
184 | scm_data = { | |||
| 183 | 'ip': get_ip_addr(environ), |
|
185 | 'ip': get_ip_addr(environ), | |
| 184 | 'username': username, |
|
186 | 'username': username, | |
| 185 | 'user_id': user_id, |
|
187 | 'user_id': user_id, | |
| @@ -196,7 +198,7 b' def vcs_operation_context(' | |||||
| 196 | 'detect_force_push': detect_force_push, |
|
198 | 'detect_force_push': detect_force_push, | |
| 197 | 'check_branch_perms': check_branch_perms, |
|
199 | 'check_branch_perms': check_branch_perms, | |
| 198 | } |
|
200 | } | |
| 199 |
return |
|
201 | return scm_data | |
| 200 |
|
202 | |||
| 201 |
|
203 | |||
| 202 | class BasicAuth(AuthBasicAuthenticator): |
|
204 | class BasicAuth(AuthBasicAuthenticator): | |
General Comments 0
You need to be logged in to leave comments.
Login now