rhodecode-enterprise-ce Commit - r1556:9ac012a6

admin-users: add view for user groups managment...

Bartłomiej Wołyńczyk -

r1556:9ac012a6 default

parent child

Collapse all files

The requested changes are too big and content was truncated. Show full diff

rhodecode/api/tests/test_update_user_group.py

0 +5 -3

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import mock
             import pytest
             from rhodecode.model.user import UserModel
             from rhodecode.model.user_group import UserGroupModel
-            from rhodecode.tests import TEST_USER_REGULAR_LOGIN
+            from rhodecode.tests import TEST_USER_ADMIN_EMAIL
             from rhodecode.api.tests.utils import (
                 build_data, api_call, assert_error, assert_ok, crash, jsonify)
             @pytest.mark.usefixtures("testuser_api", "app")
             class TestUpdateUserGroup(object):
                 @pytest.mark.parametrize("changing_attr, updates", [
                     ('group_name', {'group_name': 'new_group_name'}),
                     ('group_name', {'group_name': 'test_group_for_update'}),
-                    ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),
+                    # ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),
+                    ('owner_email', {'owner_email': TEST_USER_ADMIN_EMAIL}),
                     ('active', {'active': False}),
                     ('active', {'active': True})
                 ])
                 def test_api_update_user_group(self, changing_attr, updates, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
                     expected_api_data = user_group.get_api_data()
                     expected_api_data.update(updates)
                     id_, params = build_data(
                         self.apikey, 'update_user_group', usergroupid=group_name,
                         **updates)
                     response = api_call(self.app, params)
                     expected = {
                         'msg': 'updated user group ID:%s %s' % (
                             user_group.users_group_id, user_group.users_group_name),
                         'user_group': jsonify(expected_api_data)
                     }
                     assert_ok(id_, expected, given=response.body)
                 @pytest.mark.parametrize("changing_attr, updates", [
                     # TODO: mikhail: decide if we need to test against the commented params
                     # ('group_name', {'group_name': 'new_group_name'}),
                     # ('group_name', {'group_name': 'test_group_for_update'}),
-                    ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),
+                    # ('owner', {'owner': TEST_USER_REGULAR_LOGIN}),
+                    ('owner_email', {'owner_email': TEST_USER_ADMIN_EMAIL}),
                     ('active', {'active': False}),
                     ('active', {'active': True})
                 ])
                 def test_api_update_user_group_regular_user(
                         self, changing_attr, updates, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
                     expected_api_data = user_group.get_api_data()
                     expected_api_data.update(updates)
                     # grant permission to this user
                     user = UserModel().get_by_username(self.TEST_USER_LOGIN)
                     user_util.grant_user_permission_to_user_group(
                         user_group, user, 'usergroup.admin')
                     id_, params = build_data(
                         self.apikey_regular, 'update_user_group',
                         usergroupid=group_name, **updates)
                     response = api_call(self.app, params)
                     expected = {
                         'msg': 'updated user group ID:%s %s' % (
                             user_group.users_group_id, user_group.users_group_name),
                         'user_group': jsonify(expected_api_data)
                     }
                     assert_ok(id_, expected, given=response.body)
                 def test_api_update_user_group_regular_user_no_permission(self, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
                     id_, params = build_data(
                         self.apikey_regular, 'update_user_group', usergroupid=group_name)
                     response = api_call(self.app, params)
                     expected = 'user group `%s` does not exist' % (group_name)
                     assert_error(id_, expected, given=response.body)
                 @mock.patch.object(UserGroupModel, 'update', crash)
                 def test_api_update_user_group_exception_occurred(self, user_util):
                     user_group = user_util.create_user_group()
                     group_name = user_group.users_group_name
                     id_, params = build_data(
                         self.apikey, 'update_user_group', usergroupid=group_name)
                     response = api_call(self.app, params)
                     expected = 'failed to update user group `%s`' % (group_name,)
                     assert_error(id_, expected, given=response.body)

rhodecode/apps/admin/__init__.py

0 +9 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017  RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             from rhodecode.apps.admin.navigation import NavigationRegistry
             from rhodecode.config.routing import ADMIN_PREFIX
             from rhodecode.lib.utils2 import str2bool
             def admin_routes(config):
                 """
                 Admin prefixed routes
                 """
                 config.add_route(
                     name='admin_settings_open_source',
                     pattern='/settings/open_source')
                 config.add_route(
                     name='admin_settings_vcs_svn_generate_cfg',
                     pattern='/settings/vcs/svn_generate_cfg')
                 config.add_route(
                     name='admin_settings_system',
                     pattern='/settings/system')
                 config.add_route(
                     name='admin_settings_system_update',
                     pattern='/settings/system/updates')
                 config.add_route(
                     name='admin_settings_sessions',
                     pattern='/settings/sessions')
                 config.add_route(
                     name='admin_settings_sessions_cleanup',
                     pattern='/settings/sessions/cleanup')
                 # users admin
                 config.add_route(
                     name='users',
                     pattern='/users')
                 config.add_route(
                     name='users_data',
                     pattern='/users_data')
                 # user auth tokens
                 config.add_route(
                     name='edit_user_auth_tokens',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens')
                 config.add_route(
                     name='edit_user_auth_tokens_add',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/new')
                 config.add_route(
                     name='edit_user_auth_tokens_delete',
                     pattern='/users/{user_id:\d+}/edit/auth_tokens/delete')
+                # user groups management
+                config.add_route(
+                    name='edit_user_groups_management',
+                    pattern='/users/{user_id:\d+}/edit/groups_management')
+                config.add_route(
+                    name='edit_user_groups_management_updates',
+                    pattern='/users/{user_id:\d+}/edit/edit_user_groups_management/updates')
             def includeme(config):
                 settings = config.get_settings()
                 # Create admin navigation registry and add it to the pyramid registry.
                 labs_active = str2bool(settings.get('labs_settings_active', False))
                 navigation_registry = NavigationRegistry(labs_active=labs_active)
                 config.registry.registerUtility(navigation_registry)
                 config.include(admin_routes, route_prefix=ADMIN_PREFIX)
                 # Scan module for configuration decorators.
                 config.scan()

rhodecode/apps/admin/views/users.py

0 +48 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
+            from rhodecode_tools.lib.ext_json import json
             from rhodecode.apps._base import BaseAppView
             from rhodecode.lib.auth import (
                 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils import PartialRenderer
             from rhodecode.lib.utils2 import safe_int, safe_unicode
             from rhodecode.model.auth_token import AuthTokenModel
+            from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import User, or_
             from rhodecode.model.meta import Session
             log = logging.getLogger(__name__)
             class AdminUsersView(BaseAppView):
                 ALLOW_SCOPED_TOKENS = False
                 """
                 This view has alternative version inside EE, if modified please take a look
                 in there as well.
                 """
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     c.allow_scoped_tokens = self.ALLOW_SCOPED_TOKENS
                     self._register_global_c(c)
                     return c
                 def _redirect_for_default_user(self, username):
                     _ = self.request.translate
                     if username == User.DEFAULT_USER:
                         h.flash(_("You can't edit this user"), category='warning')
                         # TODO(marcink): redirect to 'users' admin panel once this
                         # is a pyramid view
                         raise HTTPFound('/')
                 def _extract_ordering(self, request):
                     column_index = safe_int(request.GET.get('order[0][column]'))
                     order_dir = request.GET.get(
                         'order[0][dir]', 'desc')
                     order_by = request.GET.get(
                         'columns[%s][data][sort]' % column_index, 'name_raw')
                     # translate datatable to DB columns
                     order_by = {
                         'first_name': 'name',
                         'last_name': 'lastname',
                     }.get(order_by) or order_by
                     search_q = request.GET.get('search[value]')
                     return search_q, order_by, order_dir
                 def _extract_chunk(self, request):
                     start = safe_int(request.GET.get('start'), 0)
                     length = safe_int(request.GET.get('length'), 25)
                     draw = safe_int(request.GET.get('draw'))
                     return draw, start, length
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='users', request_method='GET',
                     renderer='rhodecode:templates/admin/users/users.mako')
                 def users_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     # renderer defined below
                     route_name='users_data', request_method='GET', renderer='json',
                     xhr=True)
                 def users_list_data(self):
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(self.request)
                     _render = PartialRenderer('data_table/_dt_elements.mako')
                     def user_actions(user_id, username):
                         return _render("user_actions", user_id, username)
                     users_data_total_count = User.query()\
                         .filter(User.username != User.DEFAULT_USER) \
                         .count()
                     # json generate
                     base_q = User.query().filter(User.username != User.DEFAULT_USER)
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             User.username.ilike(like_expression),
                             User._email.ilike(like_expression),
                             User.name.ilike(like_expression),
                             User.lastname.ilike(like_expression),
                         ))
                     users_data_total_filtered_count = base_q.count()
                     sort_col = getattr(User, order_by, None)
                     if sort_col and order_dir == 'asc':
                         base_q = base_q.order_by(sort_col.asc().nullslast())
                     elif sort_col:
                         base_q = base_q.order_by(sort_col.desc().nullslast())
                     base_q = base_q.offset(start).limit(limit)
                     users_list = base_q.all()
                     users_data = []
                     for user in users_list:
                         users_data.append({
                             "username": h.gravatar_with_user(user.username),
                             "email": user.email,
                             "first_name": h.escape(user.name),
                             "last_name": h.escape(user.lastname),
                             "last_login": h.format_date(user.last_login),
                             "last_activity": h.format_date(user.last_activity),
                             "active": h.bool2icon(user.active),
                             "active_raw": user.active,
                             "admin": h.bool2icon(user.admin),
                             "extern_type": user.extern_type,
                             "extern_name": user.extern_name,
                             "action": user_actions(user.user_id, user.username),
                         })
                     data = ({
                         'draw': draw,
                         'data': users_data,
                         'recordsTotal': users_data_total_count,
                         'recordsFiltered': users_data_total_filtered_count,
                     })
                     return data
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @view_config(
                     route_name='edit_user_auth_tokens', request_method='GET',
                     renderer='rhodecode:templates/admin/users/user_edit.mako')
                 def auth_tokens(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     self._redirect_for_default_user(c.user.username)
                     c.active = 'auth_tokens'
                     c.lifetime_values = [
                         (str(-1), _('forever')),
                         (str(5), _('5 minutes')),
                         (str(60), _('1 hour')),
                         (str(60 * 24), _('1 day')),
                         (str(60 * 24 * 30), _('1 month')),
                     ]
                     c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
                     c.role_values = [
                         (x, AuthTokenModel.cls._get_role_name(x))
                         for x in AuthTokenModel.cls.ROLES]
                     c.role_options = [(c.role_values, _("Role"))]
                     c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
                         c.user.user_id, show_expired=True)
                     return self._get_template_context(c)
                 def maybe_attach_token_scope(self, token):
                     # implemented in EE edition
                     pass
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_add', request_method='POST')
                 def auth_tokens_add(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     self._redirect_for_default_user(c.user.username)
                     lifetime = safe_int(self.request.POST.get('lifetime'), -1)
                     description = self.request.POST.get('description')
                     role = self.request.POST.get('role')
                     token = AuthTokenModel().create(
                         c.user.user_id, description, lifetime, role)
                     self.maybe_attach_token_scope(token)
                     Session().commit()
                     h.flash(_("Auth token successfully created"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_user_auth_tokens_delete', request_method='POST')
                 def auth_tokens_delete(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     user_id = self.request.matchdict.get('user_id')
                     c.user = User.get_or_404(user_id, pyramid_exc=True)
                     self._redirect_for_default_user(c.user.username)
                     del_auth_token = self.request.POST.get('del_auth_token')
                     if del_auth_token:
                         AuthTokenModel().delete(del_auth_token, c.user.user_id)
                         Session().commit()
                         h.flash(_("Auth token successfully deleted"), category='success')
                     return HTTPFound(h.route_path('edit_user_auth_tokens', user_id=user_id))
+                @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
+                @view_config(
+                    route_name='edit_user_groups_management', request_method='GET',
+                    renderer='rhodecode:templates/admin/users/user_edit.mako')
+                def groups_management(self):
+                    c = self.load_default_context()
+                    user_id = self.request.matchdict.get('user_id')
+                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    c.data = c.user.group_member
+                    self._redirect_for_default_user(c.user.username)
+                    groups = [UserGroupModel.get_user_groups_as_dict(group.users_group) for group in c.user.group_member]
+                    c.groups = json.dumps(groups)
+                    c.active = 'groups'
+                    return self._get_template_context(c)
+                @LoginRequired()
+                @HasPermissionAllDecorator('hg.admin')
+                @view_config(
+                    route_name='edit_user_groups_management_updates', request_method='POST')
+                def groups_management_updates(self):
+                    _ = self.request.translate
+                    c = self.load_default_context()
+                    user_id = self.request.matchdict.get('user_id')
+                    c.user = User.get_or_404(user_id, pyramid_exc=True)
+                    self._redirect_for_default_user(c.user.username)
+                    users_groups = set(self.request.POST.getall('users_group_id'))
+                    users_groups_model = []
+                    for ugid in users_groups:
+                        users_groups_model.append(UserGroupModel().get_group(safe_int(ugid)))
+                    user_group_model = UserGroupModel()
+                    user_group_model.change_groups(c.user, users_groups_model)
+                    Session().commit()
+                    c.active = 'user_groups_management'
+                    h.flash(_("Groups successfully changed"), category='success')
+                    return HTTPFound(h.route_path('edit_user_groups_management', user_id=user_id))

rhodecode/model/db.py

0 0 0

	1	NO CONTENT: modified file			NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff

rhodecode/model/repo.py

0 +7 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             Repository model for rhodecode
             """
             import logging
             import os
             import re
             import shutil
             import time
             import traceback
             from datetime import datetime, timedelta
             from sqlalchemy.sql import func
             from sqlalchemy.sql.expression import true, or_
             from zope.cachedescriptors.property import Lazy as LazyProperty
             from rhodecode import events
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import HasUserGroupPermissionAny
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.lib.exceptions import AttachedForksError
             from rhodecode.lib.hooks_base import log_delete_repository
             from rhodecode.lib.markup_renderer import MarkupRenderer
             from rhodecode.lib.utils import make_db_config
             from rhodecode.lib.utils2 import (
                 safe_str, safe_unicode, remove_prefix, obfuscate_url_pw,
                 get_current_rhodecode_user, safe_int, datetime_to_time, action_logger_generic)
             from rhodecode.lib.vcs.backends import get_backend
             from rhodecode.lib.vcs.exceptions import NodeDoesNotExistError
             from rhodecode.model import BaseModel
             from rhodecode.model.db import (
                 Repository, UserRepoToPerm, UserGroupRepoToPerm, UserRepoGroupToPerm,
                 UserGroupRepoGroupToPerm, User, Permission, Statistics, UserGroup,
                 RepoGroup, RepositoryField)
             from rhodecode.model.scm import UserGroupList
             from rhodecode.model.settings import VcsSettingsModel
             log = logging.getLogger(__name__)
             class RepoModel(BaseModel):
                 cls = Repository
                 def _get_user_group(self, users_group):
                     return self._get_instance(UserGroup, users_group,
                                               callback=UserGroup.get_by_group_name)
                 def _get_repo_group(self, repo_group):
                     return self._get_instance(RepoGroup, repo_group,
                                               callback=RepoGroup.get_by_group_name)
                 def _create_default_perms(self, repository, private):
                     # create default permission
                     default = 'repository.read'
                     def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('repository.'):
                             default = p.permission.permission_name
                             break
                     default_perm = 'repository.none' if private else default
                     repo_to_perm = UserRepoToPerm()
                     repo_to_perm.permission = Permission.get_by_key(default_perm)
                     repo_to_perm.repository = repository
                     repo_to_perm.user_id = def_user.user_id
                     return repo_to_perm
                 @LazyProperty
                 def repos_path(self):
                     """
                     Gets the repositories root path from database
                     """
                     settings_model = VcsSettingsModel(sa=self.sa)
                     return settings_model.get_repos_location()
                 def get(self, repo_id, cache=False):
                     repo = self.sa.query(Repository) \
                         .filter(Repository.repo_id == repo_id)
                     if cache:
                         repo = repo.options(FromCache("sql_cache_short",
                                                       "get_repo_%s" % repo_id))
                     return repo.scalar()
                 def get_repo(self, repository):
                     return self._get_repo(repository)
                 def get_by_repo_name(self, repo_name, cache=False):
                     repo = self.sa.query(Repository) \
                         .filter(Repository.repo_name == repo_name)
                     if cache:
                         repo = repo.options(FromCache("sql_cache_short",
                                                       "get_repo_%s" % repo_name))
                     return repo.scalar()
                 def _extract_id_from_repo_name(self, repo_name):
                     if repo_name.startswith('/'):
                         repo_name = repo_name.lstrip('/')
                     by_id_match = re.match(r'^_(\d{1,})', repo_name)
                     if by_id_match:
                         return by_id_match.groups()[0]
                 def get_repo_by_id(self, repo_name):
                     """
                     Extracts repo_name by id from special urls.
                     Example url is _11/repo_name
                     :param repo_name:
                     :return: repo object if matched else None
                     """
                     try:
                         _repo_id = self._extract_id_from_repo_name(repo_name)
                         if _repo_id:
                             return self.get(_repo_id)
                     except Exception:
                         log.exception('Failed to extract repo_name from URL')
                     return None
                 def get_repos_for_root(self, root, traverse=False):
                     if traverse:
                         like_expression = u'{}%'.format(safe_unicode(root))
                         repos = Repository.query().filter(
                             Repository.repo_name.like(like_expression)).all()
                     else:
                         if root and not isinstance(root, RepoGroup):
                             raise ValueError(
                                 'Root must be an instance '
                                 'of RepoGroup, got:{} instead'.format(type(root)))
                         repos = Repository.query().filter(Repository.group == root).all()
                     return repos
                 def get_url(self, repo):
                     return h.url('summary_home', repo_name=safe_str(repo.repo_name),
                         qualified=True)
                 def get_users(self, name_contains=None, limit=20, only_active=True):
                     # TODO: mikhail: move this method to the UserModel.
                     query = self.sa.query(User)
                     if only_active:
                         query = query.filter(User.active == true())
                     if name_contains:
                         ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
                         query = query.filter(
                             or_(
                                 User.name.ilike(ilike_expression),
                                 User.lastname.ilike(ilike_expression),
                                 User.username.ilike(ilike_expression)
                             )
                         )
                         query = query.limit(limit)
                     users = query.all()
                     _users = [
                         {
                             'id': user.user_id,
                             'first_name': user.name,
                             'last_name': user.lastname,
                             'username': user.username,
                             'email': user.email,
                             'icon_link': h.gravatar_url(user.email, 30),
                             'value_display': h.person(user),
                             'value': user.username,
                             'value_type': 'user',
                             'active': user.active,
                         }
                         for user in users
                     ]
                     return _users
                 def get_user_groups(self, name_contains=None, limit=20, only_active=True):
                     # TODO: mikhail: move this method to the UserGroupModel.
                     query = self.sa.query(UserGroup)
                     if only_active:
                         query = query.filter(UserGroup.users_group_active == true())
                     if name_contains:
                         ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
                         query = query.filter(
                             UserGroup.users_group_name.ilike(ilike_expression))\
                             .order_by(func.length(UserGroup.users_group_name))\
                             .order_by(UserGroup.users_group_name)
                         query = query.limit(limit)
                     user_groups = query.all()
                     perm_set = ['usergroup.read', 'usergroup.write', 'usergroup.admin']
                     user_groups = UserGroupList(user_groups, perm_set=perm_set)
                     _groups = [
                         {
                             'id': group.users_group_id,
                             # TODO: marcink figure out a way to generate the url for the
                             # icon
                             'icon_link': '',
                             'value_display': 'Group: %s (%d members)' % (
                                 group.users_group_name, len(group.members),),
                             'value': group.users_group_name,
+                            'description': group.user_group_description,
+                            'owner': group.user.username,
+                            'owner_icon': h.gravatar_url(group.user.email, 30),
+                            'value_display_owner': h.person(group.user.email),
                             'value_type': 'user_group',
                             'active': group.users_group_active,
                         }
                         for group in user_groups
                     ]
                     return _groups
                 @classmethod
                 def update_repoinfo(cls, repositories=None):
                     if not repositories:
                         repositories = Repository.getAll()
                     for repo in repositories:
                         repo.update_commit_cache()
                 def get_repos_as_dict(self, repo_list=None, admin=False,
                                       super_user_actions=False):
                     from rhodecode.lib.utils import PartialRenderer
                     _render = PartialRenderer('data_table/_dt_elements.mako')
                     c = _render.c
                     def quick_menu(repo_name):
                         return _render('quick_menu', repo_name)
                     def repo_lnk(name, rtype, rstate, private, fork_of):
                         return _render('repo_name', name, rtype, rstate, private, fork_of,
                                        short_name=not admin, admin=False)
                     def last_change(last_change):
                         if admin and isinstance(last_change, datetime) and not last_change.tzinfo:
                             last_change = last_change + timedelta(seconds=
                                 (datetime.now() - datetime.utcnow()).seconds)
                         return _render("last_change", last_change)
                     def rss_lnk(repo_name):
                         return _render("rss", repo_name)
                     def atom_lnk(repo_name):
                         return _render("atom", repo_name)
                     def last_rev(repo_name, cs_cache):
                         return _render('revision', repo_name, cs_cache.get('revision'),
                                        cs_cache.get('raw_id'), cs_cache.get('author'),
                                        cs_cache.get('message'))
                     def desc(desc):
                         if c.visual.stylify_metatags:
                             desc = h.urlify_text(h.escaped_stylize(desc))
                         else:
                             desc = h.urlify_text(h.html_escape(desc))
                         return _render('repo_desc', desc)
                     def state(repo_state):
                         return _render("repo_state", repo_state)
                     def repo_actions(repo_name):
                         return _render('repo_actions', repo_name, super_user_actions)
                     def user_profile(username):
                         return _render('user_profile', username)
                     repos_data = []
                     for repo in repo_list:
                         cs_cache = repo.changeset_cache
                         row = {
                             "menu": quick_menu(repo.repo_name),
                             "name": repo_lnk(repo.repo_name, repo.repo_type,
                                              repo.repo_state, repo.private, repo.fork),
                             "name_raw": repo.repo_name.lower(),
                             "last_change": last_change(repo.last_db_change),
                             "last_change_raw": datetime_to_time(repo.last_db_change),
                             "last_changeset": last_rev(repo.repo_name, cs_cache),
                             "last_changeset_raw": cs_cache.get('revision'),
                             "desc": desc(repo.description),
                             "owner": user_profile(repo.user.username),
                             "state": state(repo.repo_state),
                             "rss": rss_lnk(repo.repo_name),
                             "atom": atom_lnk(repo.repo_name),
                         }
                         if admin:
                             row.update({
                                 "action": repo_actions(repo.repo_name),
                             })
                         repos_data.append(row)
                     return repos_data
                 def _get_defaults(self, repo_name):
                     """
                     Gets information about repository, and returns a dict for
                     usage in forms
                     :param repo_name:
                     """
                     repo_info = Repository.get_by_repo_name(repo_name)
                     if repo_info is None:
                         return None
                     defaults = repo_info.get_dict()
                     defaults['repo_name'] = repo_info.just_name
                     groups  = repo_info.groups_with_parents
                     parent_group = groups[-1] if groups else None
                     # we use -1 as this is how in HTML, we mark an empty group
                     defaults['repo_group'] = getattr(parent_group, 'group_id', -1)
                     keys_to_process = (
                         {'k': 'repo_type', 'strip': False},
                         {'k': 'repo_enable_downloads', 'strip': True},
                         {'k': 'repo_description', 'strip': True},
                         {'k': 'repo_enable_locking', 'strip': True},
                         {'k': 'repo_landing_rev', 'strip': True},
                         {'k': 'clone_uri', 'strip': False},
                         {'k': 'repo_private', 'strip': True},
                         {'k': 'repo_enable_statistics', 'strip': True}
                     )
                     for item in keys_to_process:
                         attr = item['k']
                         if item['strip']:
                             attr = remove_prefix(item['k'], 'repo_')
                         val = defaults[attr]
                         if item['k'] == 'repo_landing_rev':
                             val = ':'.join(defaults[attr])
                         defaults[item['k']] = val
                         if item['k'] == 'clone_uri':
                             defaults['clone_uri_hidden'] = repo_info.clone_uri_hidden
                     # fill owner
                     if repo_info.user:
                         defaults.update({'user': repo_info.user.username})
                     else:
                         replacement_user = User.get_first_super_admin().username
                         defaults.update({'user': replacement_user})
                     # fill repository users
                     for p in repo_info.repo_to_perm:
                         defaults.update({'u_perm_%s' % p.user.user_id:
                                         p.permission.permission_name})
                     # fill repository groups
                     for p in repo_info.users_group_to_perm:
                         defaults.update({'g_perm_%s' % p.users_group.users_group_id:
                                         p.permission.permission_name})
                     return defaults
                 def update(self, repo, **kwargs):
                     try:
                         cur_repo = self._get_repo(repo)
                         source_repo_name = cur_repo.repo_name
                         if 'user' in kwargs:
                             cur_repo.user = User.get_by_username(kwargs['user'])
                         if 'repo_group' in kwargs:
                             cur_repo.group = RepoGroup.get(kwargs['repo_group'])
                         log.debug('Updating repo %s with params:%s', cur_repo, kwargs)
                         update_keys = [
                             (1, 'repo_description'),
                             (1, 'repo_landing_rev'),
                             (1, 'repo_private'),
                             (1, 'repo_enable_downloads'),
                             (1, 'repo_enable_locking'),
                             (1, 'repo_enable_statistics'),
                             (0, 'clone_uri'),
                             (0, 'fork_id')
                         ]
                         for strip, k in update_keys:
                             if k in kwargs:
                                 val = kwargs[k]
                                 if strip:
                                     k = remove_prefix(k, 'repo_')
                                 if k == 'clone_uri':
                                     from rhodecode.model.validators import Missing
                                     _change = kwargs.get('clone_uri_change')
                                     if _change in [Missing, 'OLD']:
                                         # we don't change the value, so use original one
                                         val = cur_repo.clone_uri
                                 setattr(cur_repo, k, val)
                         new_name = cur_repo.get_new_name(kwargs['repo_name'])
                         cur_repo.repo_name = new_name
                         # if private flag is set, reset default permission to NONE
                         if kwargs.get('repo_private'):
                             EMPTY_PERM = 'repository.none'
                             RepoModel().grant_user_permission(
                                 repo=cur_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM
                             )
                         # handle extra fields
                         for field in filter(lambda k: k.startswith(RepositoryField.PREFIX),
                                             kwargs):
                             k = RepositoryField.un_prefix_key(field)
                             ex_field = RepositoryField.get_by_key_name(
                                 key=k, repo=cur_repo)
                             if ex_field:
                                 ex_field.field_value = kwargs[field]
                                 self.sa.add(ex_field)
                         self.sa.add(cur_repo)
                         if source_repo_name != new_name:
                             # rename repository
                             self._rename_filesystem_repo(
                                 old=source_repo_name, new=new_name)
                         return cur_repo
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _create_repo(self, repo_name, repo_type, description, owner,
                                  private=False, clone_uri=None, repo_group=None,
                                  landing_rev='rev:tip', fork_of=None,
                                  copy_fork_permissions=False, enable_statistics=False,
                                  enable_locking=False, enable_downloads=False,
                                  copy_group_permissions=False,
                                  state=Repository.STATE_PENDING):
                     """
                     Create repository inside database with PENDING state, this should be
                     only executed by create() repo. With exception of importing existing
                     repos
                     """
                     from rhodecode.model.scm import ScmModel
                     owner = self._get_user(owner)
                     fork_of = self._get_repo(fork_of)
                     repo_group = self._get_repo_group(safe_int(repo_group))
                     try:
                         repo_name = safe_unicode(repo_name)
                         description = safe_unicode(description)
                         # repo name is just a name of repository
                         # while repo_name_full is a full qualified name that is combined
                         # with name and path of group
                         repo_name_full = repo_name
                         repo_name = repo_name.split(Repository.NAME_SEP)[-1]
                         new_repo = Repository()
                         new_repo.repo_state = state
                         new_repo.enable_statistics = False
                         new_repo.repo_name = repo_name_full
                         new_repo.repo_type = repo_type
                         new_repo.user = owner
                         new_repo.group = repo_group
                         new_repo.description = description or repo_name
                         new_repo.private = private
                         new_repo.clone_uri = clone_uri
                         new_repo.landing_rev = landing_rev
                         new_repo.enable_statistics = enable_statistics
                         new_repo.enable_locking = enable_locking
                         new_repo.enable_downloads = enable_downloads
                         if repo_group:
                             new_repo.enable_locking = repo_group.enable_locking
                         if fork_of:
                             parent_repo = fork_of
                             new_repo.fork = parent_repo
                         events.trigger(events.RepoPreCreateEvent(new_repo))
                         self.sa.add(new_repo)
                         EMPTY_PERM = 'repository.none'
                         if fork_of and copy_fork_permissions:
                             repo = fork_of
                             user_perms = UserRepoToPerm.query() \
                                 .filter(UserRepoToPerm.repository == repo).all()
                             group_perms = UserGroupRepoToPerm.query() \
                                 .filter(UserGroupRepoToPerm.repository == repo).all()
                             for perm in user_perms:
                                 UserRepoToPerm.create(
                                     perm.user, new_repo, perm.permission)
                             for perm in group_perms:
                                 UserGroupRepoToPerm.create(
                                     perm.users_group, new_repo, perm.permission)
                             # in case we copy permissions and also set this repo to private
                             # override the default user permission to make it a private
                             # repo
                             if private:
                                 RepoModel(self.sa).grant_user_permission(
                                     repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM)
                         elif repo_group and copy_group_permissions:
                             user_perms = UserRepoGroupToPerm.query() \
                                 .filter(UserRepoGroupToPerm.group == repo_group).all()
                             group_perms = UserGroupRepoGroupToPerm.query() \
                                 .filter(UserGroupRepoGroupToPerm.group == repo_group).all()
                             for perm in user_perms:
                                 perm_name = perm.permission.permission_name.replace(
                                     'group.', 'repository.')
                                 perm_obj = Permission.get_by_key(perm_name)
                                 UserRepoToPerm.create(perm.user, new_repo, perm_obj)
                             for perm in group_perms:
                                 perm_name = perm.permission.permission_name.replace(
                                     'group.', 'repository.')
                                 perm_obj = Permission.get_by_key(perm_name)
                                 UserGroupRepoToPerm.create(
                                     perm.users_group, new_repo, perm_obj)
                             if private:
                                 RepoModel(self.sa).grant_user_permission(
                                     repo=new_repo, user=User.DEFAULT_USER, perm=EMPTY_PERM)
                         else:
                             perm_obj = self._create_default_perms(new_repo, private)
                             self.sa.add(perm_obj)
                         # now automatically start following this repository as owner
                         ScmModel(self.sa).toggle_following_repo(new_repo.repo_id,
                                                                 owner.user_id)
                         # we need to flush here, in order to check if database won't
                         # throw any exceptions, create filesystem dirs at the very end
                         self.sa.flush()
                         events.trigger(events.RepoCreateEvent(new_repo))
                         return new_repo
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def create(self, form_data, cur_user):
                     """
                     Create repository using celery tasks
                     :param form_data:
                     :param cur_user:
                     """
                     from rhodecode.lib.celerylib import tasks, run_task
                     return run_task(tasks.create_repo, form_data, cur_user)
                 def update_permissions(self, repo, perm_additions=None, perm_updates=None,
                                        perm_deletions=None, check_perms=True,
                                        cur_user=None):
                     if not perm_additions:
                         perm_additions = []
                     if not perm_updates:
                         perm_updates = []
                     if not perm_deletions:
                         perm_deletions = []
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     # update permissions
                     for member_id, perm, member_type in perm_updates:
                         member_id = int(member_id)
                         if member_type == 'user':
                             # this updates also current one if found
                             self.grant_user_permission(
                                 repo=repo, user=member_id, perm=perm)
                         else:  # set for user group
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     repo=repo, group_name=member_id, perm=perm)
                     # set new permissions
                     for member_id, perm, member_type in perm_additions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             self.grant_user_permission(
                                 repo=repo, user=member_id, perm=perm)
                         else:  # set for user group
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     repo=repo, group_name=member_id, perm=perm)
                     # delete permissions
                     for member_id, perm, member_type in perm_deletions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             self.revoke_user_permission(repo=repo, user=member_id)
                         else:  # set for user group
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(
                                     *req_perms)(member_name, user=cur_user):
                                 self.revoke_user_group_permission(
                                     repo=repo, group_name=member_id)
                 def create_fork(self, form_data, cur_user):
                     """
                     Simple wrapper into executing celery task for fork creation
                     :param form_data:
                     :param cur_user:
                     """
                     from rhodecode.lib.celerylib import tasks, run_task
                     return run_task(tasks.create_repo_fork, form_data, cur_user)
                 def delete(self, repo, forks=None, fs_remove=True, cur_user=None):
                     """
                     Delete given repository, forks parameter defines what do do with
                     attached forks. Throws AttachedForksError if deleted repo has attached
                     forks
                     :param repo:
                     :param forks: str 'delete' or 'detach'
                     :param fs_remove: remove(archive) repo from filesystem
                     """
                     if not cur_user:
                         cur_user = getattr(get_current_rhodecode_user(), 'username', None)
                     repo = self._get_repo(repo)
                     if repo:
                         if forks == 'detach':
                             for r in repo.forks:
                                 r.fork = None
                                 self.sa.add(r)
                         elif forks == 'delete':
                             for r in repo.forks:
                                 self.delete(r, forks='delete')
                         elif [f for f in repo.forks]:
                             raise AttachedForksError()
                         old_repo_dict = repo.get_dict()
                         events.trigger(events.RepoPreDeleteEvent(repo))
                         try:
                             self.sa.delete(repo)
                             if fs_remove:
                                 self._delete_filesystem_repo(repo)
                             else:
                                 log.debug('skipping removal from filesystem')
                             old_repo_dict.update({
                                 'deleted_by': cur_user,
                                 'deleted_on': time.time(),
                             })
                             log_delete_repository(**old_repo_dict)
                             events.trigger(events.RepoDeleteEvent(repo))
                         except Exception:
                             log.error(traceback.format_exc())
                             raise
                 def grant_user_permission(self, repo, user, perm):
                     """
                     Grant permission for user on given repository, or update existing one
                     if found
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param user: Instance of User, user_id or username
                     :param perm: Instance of Permission, or permission_name
                     """
                     user = self._get_user(user)
                     repo = self._get_repo(repo)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserRepoToPerm) \
                         .filter(UserRepoToPerm.user == user) \
                         .filter(UserRepoToPerm.repository == repo) \
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserRepoToPerm()
                     obj.repository = repo
                     obj.user = user
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, user, repo)
                     action_logger_generic(
                         'granted permission: {} to user: {} on repo: {}'.format(
                             perm, user, repo), namespace='security.repo')
                     return obj
                 def revoke_user_permission(self, repo, user):
                     """
                     Revoke permission for user on given repository
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param user: Instance of User, user_id or username
                     """
                     user = self._get_user(user)
                     repo = self._get_repo(repo)
                     obj = self.sa.query(UserRepoToPerm) \
                         .filter(UserRepoToPerm.repository == repo) \
                         .filter(UserRepoToPerm.user == user) \
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm on %s on %s', repo, user)
                         action_logger_generic(
                             'revoked permission from user: {} on repo: {}'.format(
                                 user, repo), namespace='security.repo')
                 def grant_user_group_permission(self, repo, group_name, perm):
                     """
                     Grant permission for user group on given repository, or update
                     existing one if found
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param group_name: Instance of UserGroup, users_group_id,
                         or user group name
                     :param perm: Instance of Permission, or permission_name
                     """
                     repo = self._get_repo(repo)
                     group_name = self._get_user_group(group_name)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserGroupRepoToPerm) \
                         .filter(UserGroupRepoToPerm.users_group == group_name) \
                         .filter(UserGroupRepoToPerm.repository == repo) \
                         .scalar()
                     if obj is None:
                         # create new
                         obj = UserGroupRepoToPerm()
                     obj.repository = repo
                     obj.users_group = group_name
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, group_name, repo)
                     action_logger_generic(
                         'granted permission: {} to usergroup: {} on repo: {}'.format(
                             perm, group_name, repo), namespace='security.repo')
                     return obj
                 def revoke_user_group_permission(self, repo, group_name):
                     """
                     Revoke permission for user group on given repository
                     :param repo: Instance of Repository, repository_id, or repository name
                     :param group_name: Instance of UserGroup, users_group_id,
                         or user group name
                     """
                     repo = self._get_repo(repo)
                     group_name = self._get_user_group(group_name)
                     obj = self.sa.query(UserGroupRepoToPerm) \
                         .filter(UserGroupRepoToPerm.repository == repo) \
                         .filter(UserGroupRepoToPerm.users_group == group_name) \
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm to %s on %s', repo, group_name)
                         action_logger_generic(
                             'revoked permission from usergroup: {} on repo: {}'.format(
                                 group_name, repo), namespace='security.repo')
                 def delete_stats(self, repo_name):
                     """
                     removes stats for given repo
                     :param repo_name:
                     """
                     repo = self._get_repo(repo_name)
                     try:
                         obj = self.sa.query(Statistics) \
                             .filter(Statistics.repository == repo).scalar()
                         if obj:
                             self.sa.delete(obj)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def add_repo_field(self, repo_name, field_key, field_label, field_value='',
                                    field_type='str', field_desc=''):
                     repo = self._get_repo(repo_name)
                     new_field = RepositoryField()
                     new_field.repository = repo
                     new_field.field_key = field_key
                     new_field.field_type = field_type  # python type
                     new_field.field_value = field_value
                     new_field.field_desc = field_desc
                     new_field.field_label = field_label
                     self.sa.add(new_field)
                     return new_field
                 def delete_repo_field(self, repo_name, field_key):
                     repo = self._get_repo(repo_name)
                     field = RepositoryField.get_by_key_name(field_key, repo)
                     if field:
                         self.sa.delete(field)
                 def _create_filesystem_repo(self, repo_name, repo_type, repo_group,
                                             clone_uri=None, repo_store_location=None,
                                             use_global_config=False):
                     """
                     makes repository on filesystem. It's group aware means it'll create
                     a repository within a group, and alter the paths accordingly of
                     group location
                     :param repo_name:
                     :param alias:
                     :param parent:
                     :param clone_uri:
                     :param repo_store_location:
                     """
                     from rhodecode.lib.utils import is_valid_repo, is_valid_repo_group
                     from rhodecode.model.scm import ScmModel
                     if Repository.NAME_SEP in repo_name:
                         raise ValueError(
                             'repo_name must not contain groups got `%s`' % repo_name)
                     if isinstance(repo_group, RepoGroup):
                         new_parent_path = os.sep.join(repo_group.full_path_splitted)
                     else:
                         new_parent_path = repo_group or ''
                     if repo_store_location:
                         _paths = [repo_store_location]
                     else:
                         _paths = [self.repos_path, new_parent_path, repo_name]
                         # we need to make it str for mercurial
                     repo_path = os.path.join(*map(lambda x: safe_str(x), _paths))
                     # check if this path is not a repository
                     if is_valid_repo(repo_path, self.repos_path):
                         raise Exception('This path %s is a valid repository' % repo_path)
                     # check if this path is a group
                     if is_valid_repo_group(repo_path, self.repos_path):
                         raise Exception('This path %s is a valid group' % repo_path)
                     log.info('creating repo %s in %s from url: `%s`',
                              repo_name, safe_unicode(repo_path),
                              obfuscate_url_pw(clone_uri))
                     backend = get_backend(repo_type)
                     config_repo = None if use_global_config else repo_name
                     if config_repo and new_parent_path:
                         config_repo = Repository.NAME_SEP.join(
                             (new_parent_path, config_repo))
                     config = make_db_config(clear_session=False, repo=config_repo)
                     config.set('extensions', 'largefiles', '')
                     # patch and reset hooks section of UI config to not run any
                     # hooks on creating remote repo
                     config.clear_section('hooks')
                     # TODO: johbo: Unify this, hardcoded "bare=True" does not look nice
                     if repo_type == 'git':
                         repo = backend(
                             repo_path, config=config, create=True, src_url=clone_uri,
                             bare=True)
                     else:
                         repo = backend(
                             repo_path, config=config, create=True, src_url=clone_uri)
                     ScmModel().install_hooks(repo, repo_type=repo_type)
                     log.debug('Created repo %s with %s backend',
                               safe_unicode(repo_name), safe_unicode(repo_type))
                     return repo
                 def _rename_filesystem_repo(self, old, new):
                     """
                     renames repository on filesystem
                     :param old: old name
                     :param new: new name
                     """
                     log.info('renaming repo from %s to %s', old, new)
                     old_path = os.path.join(self.repos_path, old)
                     new_path = os.path.join(self.repos_path, new)
                     if os.path.isdir(new_path):
                         raise Exception(
                             'Was trying to rename to already existing dir %s' % new_path
                         )
                     shutil.move(old_path, new_path)
                 def _delete_filesystem_repo(self, repo):
                     """
                     removes repo from filesystem, the removal is acctually made by
                     added rm__ prefix into dir, and rename internat .hg/.git dirs so this
                     repository is no longer valid for rhodecode, can be undeleted later on
                     by reverting the renames on this repository
                     :param repo: repo object
                     """
                     rm_path = os.path.join(self.repos_path, repo.repo_name)
                     repo_group = repo.group
                     log.info("Removing repository %s", rm_path)
                     # disable hg/git internal that it doesn't get detected as repo
                     alias = repo.repo_type
                     config = make_db_config(clear_session=False)
                     config.set('extensions', 'largefiles', '')
                     bare = getattr(repo.scm_instance(config=config), 'bare', False)
                     # skip this for bare git repos
                     if not bare:
                         # disable VCS repo
                         vcs_path = os.path.join(rm_path, '.%s' % alias)
                         if os.path.exists(vcs_path):
                             shutil.move(vcs_path, os.path.join(rm_path, 'rm__.%s' % alias))
                     _now = datetime.now()
                     _ms = str(_now.microsecond).rjust(6, '0')
                     _d = 'rm__%s__%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
                                          repo.just_name)
                     if repo_group:
                         # if repository is in group, prefix the removal path with the group
                         args = repo_group.full_path_splitted + [_d]
                         _d = os.path.join(*args)
                     if os.path.isdir(rm_path):
                         shutil.move(rm_path, os.path.join(self.repos_path, _d))
             class ReadmeFinder:
                 """
                 Utility which knows how to find a readme for a specific commit.
                 The main idea is that this is a configurable algorithm. When creating an
                 instance you can define parameters, currently only the `default_renderer`.
                 Based on this configuration the method :meth:`search` behaves slightly
                 different.
                 """
                 readme_re = re.compile(r'^readme(\.[^\.]+)?$', re.IGNORECASE)
                 path_re = re.compile(r'^docs?', re.IGNORECASE)
                 default_priorities = {
                     None: 0,
                     '.text': 2,
                     '.txt': 3,
                     '.rst': 1,
                     '.rest': 2,
                     '.md': 1,
                     '.mkdn': 2,
                     '.mdown': 3,
                     '.markdown': 4,
                 }
                 path_priority = {
                     'doc': 0,
                     'docs': 1,
                 }
                 FALLBACK_PRIORITY = 99
                 RENDERER_TO_EXTENSION = {
                     'rst': ['.rst', '.rest'],
                     'markdown': ['.md', 'mkdn', '.mdown', '.markdown'],
                 }
                 def __init__(self, default_renderer=None):
                     self._default_renderer = default_renderer
                     self._renderer_extensions = self.RENDERER_TO_EXTENSION.get(
                         default_renderer, [])
                 def search(self, commit, path='/'):
                     """
                     Find a readme in the given `commit`.
                     """
                     nodes = commit.get_nodes(path)
                     matches = self._match_readmes(nodes)
                     matches = self._sort_according_to_priority(matches)
                     if matches:
                         return matches[0].node
                     paths = self._match_paths(nodes)
                     paths = self._sort_paths_according_to_priority(paths)
                     for path in paths:
                         match = self.search(commit, path=path)
                         if match:
                             return match
                     return None
                 def _match_readmes(self, nodes):
                     for node in nodes:
                         if not node.is_file():
                             continue
                         path = node.path.rsplit('/', 1)[-1]
                         match = self.readme_re.match(path)
                         if match:
                             extension = match.group(1)
                             yield ReadmeMatch(node, match, self._priority(extension))
                 def _match_paths(self, nodes):
                     for node in nodes:
                         if not node.is_dir():
                             continue
                         match = self.path_re.match(node.path)
                         if match:
                             yield node.path
                 def _priority(self, extension):
                     renderer_priority = (
 if extension in self._renderer_extensions else 1)
                     extension_priority = self.default_priorities.get(
                         extension, self.FALLBACK_PRIORITY)
                     return (renderer_priority, extension_priority)
                 def _sort_according_to_priority(self, matches):
                     def priority_and_path(match):
                         return (match.priority, match.path)
                     return sorted(matches, key=priority_and_path)
                 def _sort_paths_according_to_priority(self, paths):
                     def priority_and_path(path):
                         return (self.path_priority.get(path, self.FALLBACK_PRIORITY), path)
                     return sorted(paths, key=priority_and_path)
             class ReadmeMatch:
                 def __init__(self, node, match, priority):
                     self.node = node
                     self._match = match
                     self.priority = priority
                 @property
                 def path(self):
                     return self.node.path
                 def __repr__(self):
                     return '<ReadmeMatch {} priority={}'.format(self.path, self.priority)

rhodecode/model/user_group.py

0 +46 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             """
             user group model for RhodeCode
             """
             import logging
             import traceback
             from rhodecode.lib.utils2 import safe_str
             from rhodecode.model import BaseModel
             from rhodecode.model.db import UserGroupMember, UserGroup,\
                 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\
                 UserGroupUserGroupToPerm, UserGroupRepoGroupToPerm
             from rhodecode.lib.exceptions import UserGroupAssignedException,\
                 RepoGroupAssignmentError
             from rhodecode.lib.utils2 import get_current_rhodecode_user, action_logger_generic
             log = logging.getLogger(__name__)
             class UserGroupModel(BaseModel):
                 cls = UserGroup
                 def _get_user_group(self, user_group):
                     return self._get_instance(UserGroup, user_group,
                                               callback=UserGroup.get_by_group_name)
                 def _create_default_perms(self, user_group):
                     # create default permission
                     default_perm = 'usergroup.read'
                     def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('usergroup.'):
                             default_perm = p.permission.permission_name
                             break
                     user_group_to_perm = UserUserGroupToPerm()
                     user_group_to_perm.permission = Permission.get_by_key(default_perm)
                     user_group_to_perm.user_group = user_group
                     user_group_to_perm.user_id = def_user.user_id
                     return user_group_to_perm
                 def update_permissions(self, user_group, perm_additions=None, perm_updates=None,
                                        perm_deletions=None, check_perms=True, cur_user=None):
                     from rhodecode.lib.auth import HasUserGroupPermissionAny
                     if not perm_additions:
                         perm_additions = []
                     if not perm_updates:
                         perm_updates = []
                     if not perm_deletions:
                         perm_deletions = []
                     req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
                     # update permissions
                     for member_id, perm, member_type in perm_updates:
                         member_id = int(member_id)
                         if member_type == 'user':
                             # this updates existing one
                             self.grant_user_permission(
                                 user_group=user_group, user=member_id, perm=perm
                             )
                         else:
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(*req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     target_user_group=user_group, user_group=member_id, perm=perm
                                 )
                     # set new permissions
                     for member_id, perm, member_type in perm_additions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             self.grant_user_permission(
                                 user_group=user_group, user=member_id, perm=perm
                             )
                         else:
                             # check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(*req_perms)(member_name, user=cur_user):
                                 self.grant_user_group_permission(
                                     target_user_group=user_group, user_group=member_id, perm=perm
                                 )
                     # delete permissions
                     for member_id, perm, member_type in perm_deletions:
                         member_id = int(member_id)
                         if member_type == 'user':
                             self.revoke_user_permission(user_group=user_group, user=member_id)
                         else:
                             #check if we have permissions to alter this usergroup
                             member_name = UserGroup.get(member_id).users_group_name
                             if not check_perms or HasUserGroupPermissionAny(*req_perms)(member_name, user=cur_user):
                                 self.revoke_user_group_permission(
                                     target_user_group=user_group, user_group=member_id
                                 )
                 def get(self, user_group_id, cache=False):
                     return UserGroup.get(user_group_id)
                 def get_group(self, user_group):
                     return self._get_user_group(user_group)
                 def get_by_name(self, name, cache=False, case_insensitive=False):
                     return UserGroup.get_by_group_name(name, cache, case_insensitive)
                 def create(self, name, description, owner, active=True, group_data=None):
                     try:
                         new_user_group = UserGroup()
                         new_user_group.user = self._get_user(owner)
                         new_user_group.users_group_name = name
                         new_user_group.user_group_description = description
                         new_user_group.users_group_active = active
                         if group_data:
                             new_user_group.group_data = group_data
                         self.sa.add(new_user_group)
                         perm_obj = self._create_default_perms(new_user_group)
                         self.sa.add(perm_obj)
                         self.grant_user_permission(user_group=new_user_group,
                                                    user=owner, perm='usergroup.admin')
                         return new_user_group
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _get_memberships_for_user_ids(self, user_group, user_id_list):
                     members = []
                     for user_id in user_id_list:
                         member = self._get_membership(user_group.users_group_id, user_id)
                         members.append(member)
                     return members
                 def _get_added_and_removed_user_ids(self, user_group, user_id_list):
                     current_members = user_group.members or []
                     current_members_ids = [m.user.user_id for m in current_members]
                     added_members = [
                         user_id for user_id in user_id_list
                         if user_id not in current_members_ids]
                     if user_id_list == []:
                         # all members were deleted
                         deleted_members = current_members_ids
                     else:
                         deleted_members = [
                             user_id for user_id in current_members_ids
                             if user_id not in user_id_list]
                     return (added_members, deleted_members)
                 def _set_users_as_members(self, user_group, user_ids):
                     user_group.members = []
                     self.sa.flush()
                     members = self._get_memberships_for_user_ids(
                         user_group, user_ids)
                     user_group.members = members
                     self.sa.add(user_group)
                 def _update_members_from_user_ids(self, user_group, user_ids):
                     added, removed = self._get_added_and_removed_user_ids(
                         user_group, user_ids)
                     self._set_users_as_members(user_group, user_ids)
                     self._log_user_changes('added to', user_group, added)
                     self._log_user_changes('removed from', user_group, removed)
                 def _clean_members_data(self, members_data):
                     if not members_data:
                         members_data = []
                     members = []
                     for user in members_data:
                         uid = int(user['member_user_id'])
                         if uid not in members and user['type'] in ['new', 'existing']:
                             members.append(uid)
                     return members
                 def update(self, user_group, form_data):
                     user_group = self._get_user_group(user_group)
                     if 'users_group_name' in form_data:
                         user_group.users_group_name = form_data['users_group_name']
                     if 'users_group_active' in form_data:
                         user_group.users_group_active = form_data['users_group_active']
                     if 'user_group_description' in form_data:
                         user_group.user_group_description = form_data[
                             'user_group_description']
                     # handle owner change
                     if 'user' in form_data:
                         owner = form_data['user']
                         if isinstance(owner, basestring):
                             owner = User.get_by_username(form_data['user'])
                         if not isinstance(owner, User):
                             raise ValueError(
                                 'invalid owner for user group: %s' % form_data['user'])
                         user_group.user = owner
                     if 'users_group_members' in form_data:
                         members_id_list = self._clean_members_data(
                             form_data['users_group_members'])
                         self._update_members_from_user_ids(user_group, members_id_list)
                     self.sa.add(user_group)
                 def delete(self, user_group, force=False):
                     """
                     Deletes repository group, unless force flag is used
                     raises exception if there are members in that group, else deletes
                     group and users
                     :param user_group:
                     :param force:
                     """
                     user_group = self._get_user_group(user_group)
                     try:
                         # check if this group is not assigned to repo
                         assigned_to_repo = [x.repository for x in UserGroupRepoToPerm.query()\
                             .filter(UserGroupRepoToPerm.users_group == user_group).all()]
                         # check if this group is not assigned to repo
                         assigned_to_repo_group = [x.group for x in UserGroupRepoGroupToPerm.query()\
                             .filter(UserGroupRepoGroupToPerm.users_group == user_group).all()]
                         if (assigned_to_repo or assigned_to_repo_group) and not force:
                             assigned = ','.join(map(safe_str,
                                                 assigned_to_repo+assigned_to_repo_group))
                             raise UserGroupAssignedException(
                                 'UserGroup assigned to %s' % (assigned,))
                         self.sa.delete(user_group)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                 def _log_user_changes(self, action, user_group, user_or_users):
                     users = user_or_users
                     if not isinstance(users, (list, tuple)):
                         users = [users]
                     rhodecode_user = get_current_rhodecode_user()
                     ipaddr = getattr(rhodecode_user, 'ip_addr', '')
                     group_name = user_group.users_group_name
                     for user_or_user_id in users:
                         user = self._get_user(user_or_user_id)
                         log_text = 'User {user} {action} {group}'.format(
                             action=action, user=user.username, group=group_name)
                         log.info('Logging action: {0} by {1} ip:{2}'.format(
                                  log_text, rhodecode_user, ipaddr))
                 def _find_user_in_group(self, user, user_group):
                     user_group_member = None
                     for m in user_group.members:
                         if m.user_id == user.user_id:
                             # Found this user's membership row
                             user_group_member = m
                             break
                     return user_group_member
                 def _get_membership(self, user_group_id, user_id):
                     user_group_member = UserGroupMember(user_group_id, user_id)
                     return user_group_member
                 def add_user_to_group(self, user_group, user):
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     user_member = self._find_user_in_group(user, user_group)
                     if user_member:
                         # user already in the group, skip
                         return True
                     member = self._get_membership(
                         user_group.users_group_id, user.user_id)
                     user_group.members.append(member)
                     try:
                         self.sa.add(member)
                     except Exception:
                         # what could go wrong here?
                         log.error(traceback.format_exc())
                         raise
                     self._log_user_changes('added to', user_group, user)
                     return member
                 def remove_user_from_group(self, user_group, user):
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     user_group_member = self._find_user_in_group(user, user_group)
                     if not user_group_member:
                         # User isn't in that group
                         return False
                     try:
                         self.sa.delete(user_group_member)
                     except Exception:
                         log.error(traceback.format_exc())
                         raise
                     self._log_user_changes('removed from', user_group, user)
                     return True
                 def has_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     return UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserGroupToPerm()
                     new.users_group = user_group
                     new.permission = perm
                     self.sa.add(new)
                     return new
                 def revoke_perm(self, user_group, perm):
                     user_group = self._get_user_group(user_group)
                     perm = self._get_perm(perm)
                     obj = UserGroupToPerm.query()\
                         .filter(UserGroupToPerm.users_group == user_group)\
                         .filter(UserGroupToPerm.permission == perm).scalar()
                     if obj:
                         self.sa.delete(obj)
                 def grant_user_permission(self, user_group, user, perm):
                     """
                     Grant permission for user on given user group, or update
                     existing one if found
                     :param user_group: Instance of UserGroup, users_group_id,
                         or users_group_name
                     :param user: Instance of User, user_id or username
                     :param perm: Instance of Permission, or permission_name
                     """
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     permission = self._get_perm(perm)
                     # check if we have that permission already
                     obj = self.sa.query(UserUserGroupToPerm)\
                         .filter(UserUserGroupToPerm.user == user)\
                         .filter(UserUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserUserGroupToPerm()
                     obj.user_group = user_group
                     obj.user = user
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug('Granted perm %s to %s on %s', perm, user, user_group)
                     action_logger_generic(
                         'granted permission: {} to user: {} on usergroup: {}'.format(
                             perm, user, user_group), namespace='security.usergroup')
                     return obj
                 def revoke_user_permission(self, user_group, user):
                     """
                     Revoke permission for user on given user group
                     :param user_group: Instance of UserGroup, users_group_id,
                         or users_group name
                     :param user: Instance of User, user_id or username
                     """
                     user_group = self._get_user_group(user_group)
                     user = self._get_user(user)
                     obj = self.sa.query(UserUserGroupToPerm)\
                         .filter(UserUserGroupToPerm.user == user)\
                         .filter(UserUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug('Revoked perm on %s on %s', user_group, user)
                         action_logger_generic(
                             'revoked permission from user: {} on usergroup: {}'.format(
                                 user, user_group), namespace='security.usergroup')
                 def grant_user_group_permission(self, target_user_group, user_group, perm):
                     """
                     Grant user group permission for given target_user_group
                     :param target_user_group:
                     :param user_group:
                     :param perm:
                     """
                     target_user_group = self._get_user_group(target_user_group)
                     user_group = self._get_user_group(user_group)
                     permission = self._get_perm(perm)
                     # forbid assigning same user group to itself
                     if target_user_group == user_group:
                         raise RepoGroupAssignmentError('target repo:%s cannot be '
                                                        'assigned to itself' % target_user_group)
                     # check if we have that permission already
                     obj = self.sa.query(UserGroupUserGroupToPerm)\
                         .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
                         .filter(UserGroupUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj is None:
                         # create new !
                         obj = UserGroupUserGroupToPerm()
                     obj.user_group = user_group
                     obj.target_user_group = target_user_group
                     obj.permission = permission
                     self.sa.add(obj)
                     log.debug(
                         'Granted perm %s to %s on %s', perm, target_user_group, user_group)
                     action_logger_generic(
                         'granted permission: {} to usergroup: {} on usergroup: {}'.format(
                             perm, user_group, target_user_group),
                         namespace='security.usergroup')
                     return obj
                 def revoke_user_group_permission(self, target_user_group, user_group):
                     """
                     Revoke user group permission for given target_user_group
                     :param target_user_group:
                     :param user_group:
                     """
                     target_user_group = self._get_user_group(target_user_group)
                     user_group = self._get_user_group(user_group)
                     obj = self.sa.query(UserGroupUserGroupToPerm)\
                         .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
                         .filter(UserGroupUserGroupToPerm.user_group == user_group)\
                         .scalar()
                     if obj:
                         self.sa.delete(obj)
                         log.debug(
                             'Revoked perm on %s on %s', target_user_group, user_group)
                         action_logger_generic(
                             'revoked permission from usergroup: {} on usergroup: {}'.format(
                                 user_group, target_user_group),
                             namespace='security.repogroup')
                 def enforce_groups(self, user, groups, extern_type=None):
                     user = self._get_user(user)
                     log.debug('Enforcing groups %s on user %s', groups, user)
                     current_groups = user.group_member
                     # find the external created groups
                     externals = [x.users_group for x in current_groups
                                  if 'extern_type' in x.users_group.group_data]
                     # calculate from what groups user should be removed
                     # externals that are not in groups
                     for gr in externals:
                         if gr.users_group_name not in groups:
                             log.debug('Removing user %s from user group %s', user, gr)
                             self.remove_user_from_group(gr, user)
                     # now we calculate in which groups user should be == groups params
                     owner = User.get_first_super_admin().username
                     for gr in set(groups):
                         existing_group = UserGroup.get_by_group_name(gr)
                         if not existing_group:
                             desc = 'Automatically created from plugin:%s' % extern_type
                             # we use first admin account to set the owner of the group
                             existing_group = UserGroupModel().create(gr, desc, owner,
                                                     group_data={'extern_type': extern_type})
                         # we can only add users to special groups created via plugins
                         managed = 'extern_type' in existing_group.group_data
                         if managed:
                             log.debug('Adding user %s to user group %s', user, gr)
                             UserGroupModel().add_user_to_group(existing_group, user)
                         else:
                             log.debug('Skipping addition to group %s since it is '
                                       'not managed by auth plugins' % gr)
+                def change_groups(self, user, groups):
+                    """
+                    This method changes user group assignment
+                    :param user:  User
+                    :param groups: array of UserGroupModel
+                    :return:
+                    """
+                    user = self._get_user(user)
+                    log.debug('Changing user(%s) assignment to groups(%s)', user, groups)
+                    current_groups = user.group_member
+                    current_groups = [x.users_group for x in current_groups]
+                    # calculate from what groups user should be removed/add
+                    groups = set(groups)
+                    current_groups = set(current_groups)
+                    groups_to_remove = current_groups - groups
+                    groups_to_add = groups - current_groups
+                    for gr in groups_to_remove:
+                        log.debug('Removing user %s from user group %s', user.username, gr.users_group_name)
+                        self.remove_user_from_group(gr.users_group_name, user.username)
+                    for gr in groups_to_add:
+                        log.debug('Adding user %s to user group %s', user.username, gr.users_group_name)
+                        UserGroupModel().add_user_to_group(gr.users_group_name, user.username)
+                @staticmethod
+                def get_user_groups_as_dict(user_group):
+                    import rhodecode.lib.helpers as h
+                    data = {
+                        'users_group_id': user_group.users_group_id,
+                        'group_name': user_group.users_group_name,
+                        'group_description': user_group.user_group_description,
+                        'active': user_group.users_group_active,
+                        "owner": user_group.user.username,
+                        'owner_icon': h.gravatar_url(user_group.user.email, 30),
+                        "owner_data": {'owner': user_group.user.username, 'owner_icon': h.gravatar_url(user_group.user.email, 30)}
+                        }
+                    return data

rhodecode/templates/admin/users/user_edit.mako

0 +5 0

             ## -*- coding: utf-8 -*-
             <%inherit file="/base/base.mako"/>
             <%def name="title()">
                 ${_('%s user settings') % c.user.username}
                 %if c.rhodecode_name:
                     &middot; ${h.branding(c.rhodecode_name)}
                 %endif
             </%def>
             <%def name="breadcrumbs_links()">
                 ${h.link_to(_('Admin'),h.url('admin_home'))}
                 &raquo;
                 ${h.link_to(_('Users'),h.route_path('users'))}
                 &raquo;
                 ${c.user.username}
             </%def>
             <%def name="menu_bar_nav()">
                 ${self.menu_items(active='admin')}
             </%def>
             <%def name="main()">
             <div class="box user_settings">
                 <div class="title">
                     ${self.breadcrumbs()}
                 </div>
                 ##main
               <div class="sidebar-col-wrapper">
                 <div class="sidebar">
                     <ul class="nav nav-pills nav-stacked">
                       <li class="${'active' if c.active=='profile' else ''}"><a href="${h.url('edit_user', user_id=c.user.user_id)}">${_('User Profile')}</a></li>
                       <li class="${'active' if c.active=='auth_tokens' else ''}"><a href="${h.route_path('edit_user_auth_tokens', user_id=c.user.user_id)}">${_('Auth tokens')}</a></li>
                       <li class="${'active' if c.active=='advanced' else ''}"><a href="${h.url('edit_user_advanced', user_id=c.user.user_id)}">${_('Advanced')}</a></li>
                       <li class="${'active' if c.active=='global_perms' else ''}"><a href="${h.url('edit_user_global_perms', user_id=c.user.user_id)}">${_('Global permissions')}</a></li>
                       <li class="${'active' if c.active=='perms_summary' else ''}"><a href="${h.url('edit_user_perms_summary', user_id=c.user.user_id)}">${_('Permissions summary')}</a></li>
                       <li class="${'active' if c.active=='emails' else ''}"><a href="${h.url('edit_user_emails', user_id=c.user.user_id)}">${_('Emails')}</a></li>
                       <li class="${'active' if c.active=='ips' else ''}"><a href="${h.url('edit_user_ips', user_id=c.user.user_id)}">${_('Ip Whitelist')}</a></li>
+                        <li class="${'active' if c.active=='groups' else ''}">
+                            <a href="${h.route_path('edit_user_groups_management', user_id=c.user.user_id)}">${_('User Groups Management')}</a>
+                        </li>
                     </ul>
                 </div>
                 <div class="main-content-full-width">
                     <%include file="/admin/users/user_edit_${c.active}.mako"/>
                 </div>
               </div>
             </div>
             </%def>

rhodecode/templates/admin/users/user_edit_groups.mako rhodecode/templates/admin/user_groups/user_groups.mako

0 copied +90 -43

@@ -1,98 +1,145 b''
1	## -- coding: utf-8 --	1	## -- coding: utf-8 --
2	<%inherit file="/base/base.mako"/>
3		2
4	<%def name="title()">
5	${_('User groups administration')}
6	%if c.rhodecode_name:
7	· ${h.branding(c.rhodecode_name)}
8	%endif
9	</%def>
10
11	<%def name="breadcrumbs_links()">
12	<input class="q_filter_box" id="q_filter" size="15" type="text" name="filter" placeholder="${_('quick filter...')}" value=""/>
13	${h.link_to(_('Admin'),h.url('admin_home'))} » <span id="user_group_count">0</span> ${_('user groups')}
14	</%def>
15		3
16	<%def name="menu_bar_nav()">	4	<div class="panel panel-default">
17	${self.menu_items(active='admin')}	5	<div class="panel-heading">
18	</%def>	6	<h3 class="panel-title">${_('User groups administration')}</h3>
19		7	</div>
20	<%def name="main()">	8	<div class="panel-body">
21	<div class="~~box~~">	9	<div class="field">
22		10	<div class="label label-checkbox">
23	<div class="title">	11	<label for="users_group_active">${_('Add user to group')}:</label>
24	${self.breadcrumbs()}	12	</div>
25	<ul class="~~links~~">	13	<div class="input">
26	%if h.HasPermissionAny('hg.admin', 'hg.usergroup.create.true')():	14	${h.text('add_user_to_group', placeholder="user group name", class_="medium")}
27	<li>
28	<a href="${h.url('new_users_group')}" class="btn btn-small btn-success">${_(u'Add User Group')}</a>
29	</li>
30	%endif
31	</ul>
32	</div>	15	</div>
33		16
		17	</div>
		18
		19	<div class="groups_management">
		20	${h.secure_form(h.route_path('edit_user_groups_management_updates', user_id=c.user.user_id), method='post')}
34	<div id="repos_list_wrap">	21	<div id="repos_list_wrap">
35	<table id="user_group_list_table" class="display"></table>	22	<table id="user_group_list_table" class="display"></table>
36	</div>	23	</div>
37		24	<div class="buttons">
		25	${h.submit('save',_('Save'),class_="btn")}
		26	</div>
		27	${h.end_form()}
		28	</div>
		29	</div>
38	</div>	30	</div>
39	<script>	31	<script>
		32	var api;
40	$(document).ready(function() {	33	$(document).ready(function() {
41		34
42	var get_datatable_count = function(){	35	var get_datatable_count = function(){
43	var api = $('#user_group_list_table').dataTable().api();
44	$('#user_group_count').text(api.page.info().recordsDisplay);	36	$('#user_group_count').text(api.page.info().recordsDisplay);
45	};	37	};
46		38
47	// user list	39	$('#user_group_list_table').on('click', 'a.editor_remove', function (e) {
		40	e.preventDefault();
		41	var row = api.row($(this).closest('tr'));
		42	row.remove().draw();
		43	} );
		44
48	$('#user_group_list_table').DataTable({	45	$('#user_group_list_table').DataTable({
49	data: ${c.~~data~~\|n},	46	data: ${c.groups\|n},
50	dom: 'rtp',	47	dom: 'rtp',
51	pageLength: ${c.visual.admin_grid_items},	48	pageLength: ${c.visual.admin_grid_items},
52	order: [[ 0, "asc" ]],	49	order: [[ 0, "asc" ]],
53	columns: [	50	columns: [
54	{ data: {"_": "group_name",	51	{ data: {"_": "group_name",
55	"sort": "group_name~~_raw~~"}, title: "${_('Name')}", className: "td-componentname" },	52	"sort": "group_name"}, title: "${_('Name')}", className: "td-componentname," ,
56	{ data: {"_": "desc",	53	render: function (data,type,full,meta)
57	"sort": "desc"}, title: "${_('Description')}", className: "td-description" },	54	{return '<div><i class="icon-group" title="User group">'+data+'</i></div>'}},
58	{ data: {"_": "members",	55
59	"sort": "members",	56	{ data: {"_": "group_description",
60	"t~~ype~~": ~~Number~~}, title: "${_('~~Members~~')}", className: "td-~~number~~" },	57	"sort": "group_description"}, title: "${_('Description')}", className: "td-description" },
		58	{ data: {"_": "users_group_id"}, className: "td-user",
		59	render: function (data,type,full,meta)
		60	{return '<input type="hidden" name="users_group_id" value="'+data+'">'}},
61	{ data: {"_": "active",	61	{ data: {"_": "active",
62	"sort": "active"}, title: "${_('Active')}", className: "td-active", className: "td-number"},	62	"sort": "active"}, title: "${_('Active')}", className: "td-active", className: "td-number"},
63	{ data: {"_": "owner",	63	{ data: {"_": "owner_data"}, title: "${_('Owner')}", className: "td-user",
64	"sort": "owner"}, title: "${_('Owner')}", className: "td-user" },	64	render: function (data,type,full,meta)
65	{ data: {"_": "action",	65	{return '<div class="rc-user tooltip">'+
66	"sort": "action"}, title: "${_('Action')}", className: "td-action" }	66	'<img class="gravatar" src="'+ data.owner_icon +'" height="16" width="16">'+
		67	data.owner +'</div>'
		68	}
		69	},
		70	{ data: null,
		71	title: "${_('Action')}",
		72	className: "td-action",
		73	defaultContent: '<a href="" class="btn btn-link btn-danger">Delete</a>'
		74	},
67	],	75	],
68	language: {	76	language: {
69	paginate: DEFAULT_GRID_PAGINATION,	77	paginate: DEFAULT_GRID_PAGINATION,
70	emptyTable: _gettext("No user groups available yet.")	78	emptyTable: _gettext("No user groups available yet.")
71	},	79	},
72	"initComplete": function( settings, json ) {	80	"initComplete": function( settings, json ) {
		81	var data_grid = $('#user_group_list_table').dataTable();
		82	api = data_grid.api();
73	get_datatable_count();	83	get_datatable_count();
74	}	84	}
75	});	85	});
76		86
77	// update the counter when doing search	87	// update the counter when doing search
78	$('#user_group_list_table').on( 'search.dt', function (e,settings) {	88	$('#user_group_list_table').on( 'search.dt', function (e,settings) {
79	get_datatable_count();	89	get_datatable_count();
80	});	90	});
81		91
82	// filter, filter both grids	92	// filter, filter both grids
83	$('#q_filter').on( 'keyup', function () {	93	$('#q_filter').on( 'keyup', function () {
84	var user_api = $('#user_group_list_table').dataTable().api();	94	var user_api = $('#user_group_list_table').dataTable().api();
85	user_api	95	user_api
86	.columns(0)	96	.columns(0)
87	.search(this.value)	97	.search(this.value)
88	.draw();	98	.draw();
89	});	99	});
90		100
91	// refilter table if page load via back button	101	// refilter table if page load via back button
92	$("#q_filter").trigger('keyup');	102	$("#q_filter").trigger('keyup');
93		103
94	});	104	});
95		105
		106	$('#language').select2({
		107	'containerCssClass': "drop-menu",
		108	'dropdownCssClass': "drop-menu-dropdown",
		109	'dropdownAutoWidth': true
		110	});
		111
		112
		113
		114	$(document).ready(function(){
		115	$("#group_parent_id").select2({
		116	'containerCssClass': "drop-menu",
		117	'dropdownCssClass': "drop-menu-dropdown",
		118	'dropdownAutoWidth': true
		119	});
		120
		121	$('#add_user_to_group').autocomplete({
		122	serviceUrl: pyroutes.url('user_group_autocomplete_data'),
		123	minChars:2,
		124	maxHeight:400,
		125	width:300,
		126	deferRequestBy: 300, //miliseconds
		127	showNoSuggestionNotice: true,
		128	params: { user_groups:true },
		129	formatResult: autocompleteFormatResult,
		130	lookupFilter: autocompleteFilterResult,
		131	onSelect: function(element, suggestion){
		132	var owner = {owner_icon: suggestion.owner_icon, owner:suggestion.owner};
		133	api.row.add(
		134	{"active": suggestion.active,
		135	"owner_data": owner,
		136	"users_group_id": suggestion.id,
		137	"group_description": suggestion.description,
		138	"group_name": suggestion.value}).draw();
		139	}
		140	});
		141	})
		142
96	</script>	143	</script>
97		144
98	</%def>	145

rhodecode/tests/models/test_repos.py

0 +3 -2

             # -*- coding: utf-8 -*-
             # Copyright (C) 2010-2017 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import tempfile
             import mock
             import pytest
             from rhodecode.lib.exceptions import AttachedForksError
             from rhodecode.lib.utils import make_db_config
             from rhodecode.model.db import Repository
             from rhodecode.model.meta import Session
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.scm import ScmModel
             from rhodecode.lib.utils2 import safe_unicode
             class TestRepoModel:
                 def test_remove_repo(self, backend):
                     repo = backend.create_repo()
                     Session().commit()
                     RepoModel().delete(repo=repo)
                     Session().commit()
                     repos = ScmModel().repo_scan()
                     assert Repository.get_by_repo_name(repo_name=backend.repo_name) is None
                     assert repo.repo_name not in repos
                 def test_remove_repo_raises_exc_when_attached_forks(self, backend):
                     repo = backend.create_repo()
                     Session().commit()
                     backend.create_fork()
                     Session().commit()
                     with pytest.raises(AttachedForksError):
                         RepoModel().delete(repo=repo)
                 def test_remove_repo_delete_forks(self, backend):
                     repo = backend.create_repo()
                     Session().commit()
                     fork = backend.create_fork()
                     Session().commit()
                     fork_of_fork = backend.create_fork()
                     Session().commit()
                     RepoModel().delete(repo=repo, forks='delete')
                     Session().commit()
                     assert Repository.get_by_repo_name(repo_name=repo.repo_name) is None
                     assert Repository.get_by_repo_name(repo_name=fork.repo_name) is None
                     assert (
                         Repository.get_by_repo_name(repo_name=fork_of_fork.repo_name)
                         is None)
                 def test_remove_repo_detach_forks(self, backend):
                     repo = backend.create_repo()
                     Session().commit()
                     fork = backend.create_fork()
                     Session().commit()
                     fork_of_fork = backend.create_fork()
                     Session().commit()
                     RepoModel().delete(repo=repo, forks='detach')
                     Session().commit()
                     assert Repository.get_by_repo_name(repo_name=repo.repo_name) is None
                     assert (
                         Repository.get_by_repo_name(repo_name=fork.repo_name) is not None)
                     assert (
                         Repository.get_by_repo_name(repo_name=fork_of_fork.repo_name)
                         is not None)
                 @pytest.mark.parametrize("filename, expected", [
                     ("README", True),
                     ("README.rst", False),
                 ])
                 def test_filenode_is_link(self, vcsbackend, filename, expected):
                     repo = vcsbackend.repo
                     assert repo.get_commit().is_link(filename) is expected
                 def test_get_commit(self, backend):
                     backend.repo.get_commit()
                 def test_get_changeset_is_deprecated(self, backend):
                     repo = backend.repo
                     pytest.deprecated_call(repo.get_changeset)
                 def test_clone_url_encrypted_value(self, backend):
                     repo = backend.create_repo()
                     Session().commit()
                     repo.clone_url = 'https://marcink:qweqwe@code.rhodecode.com'
                     Session().add(repo)
                     Session().commit()
                     assert repo.clone_url == 'https://marcink:qweqwe@code.rhodecode.com'
                 @pytest.mark.backends("git", "svn")
                 def test_create_filesystem_repo_installs_hooks(self, tmpdir, backend):
                     hook_methods = {
                         'git': 'install_git_hook',
                         'svn': 'install_svn_hooks'
                     }
                     repo = backend.create_repo()
                     repo_name = repo.repo_name
                     model = RepoModel()
                     repo_location = tempfile.mkdtemp()
                     model.repos_path = repo_location
                     method = hook_methods[backend.alias]
                     with mock.patch.object(ScmModel, method) as hooks_mock:
                         model._create_filesystem_repo(
                             repo_name, backend.alias, repo_group='', clone_uri=None)
                     assert hooks_mock.call_count == 1
                     hook_args, hook_kwargs = hooks_mock.call_args
                     assert hook_args[0].name == repo_name
                 @pytest.mark.parametrize("use_global_config, repo_name_passed", [
                     (True, False),
                     (False, True)
                 ])
                 def test_per_repo_config_is_generated_during_filesystem_repo_creation(
                         self, tmpdir, backend, use_global_config, repo_name_passed):
                     repo_name = 'test-{}-repo-{}'.format(backend.alias, use_global_config)
                     config = make_db_config()
                     model = RepoModel()
                     with mock.patch('rhodecode.model.repo.make_db_config') as config_mock:
                         config_mock.return_value = config
                         model._create_filesystem_repo(
                             repo_name, backend.alias, repo_group='', clone_uri=None,
                             use_global_config=use_global_config)
                     expected_repo_name = repo_name if repo_name_passed else None
                     expected_call = mock.call(clear_session=False, repo=expected_repo_name)
                     assert expected_call in config_mock.call_args_list
                 def test_update_commit_cache_with_config(serf, backend):
                     repo = backend.create_repo()
                     with mock.patch('rhodecode.model.db.Repository.scm_instance') as scm:
                         scm_instance = mock.Mock()
                         scm_instance.get_commit.return_value = {
                             'raw_id': 40*'0',
                             'revision': 1
                         }
                         scm.return_value = scm_instance
                         repo.update_commit_cache()
                         scm.assert_called_with(cache=False, config=None)
                         config = {'test': 'config'}
                         repo.update_commit_cache(config=config)
                         scm.assert_called_with(
                             cache=False, config=config)
             class TestGetUsers(object):
                 def test_returns_active_users(self, backend, user_util):
                     for i in range(4):
                         is_active = i % 2 == 0
                         user_util.create_user(active=is_active, lastname='Fake user')
                     with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         users = RepoModel().get_users()
                     fake_users = [u for u in users if u['last_name'] == 'Fake user']
                     assert len(fake_users) == 2
                     expected_keys = (
                         'id', 'first_name', 'last_name', 'username', 'icon_link',
                         'value_display', 'value', 'value_type')
                     for user in users:
                         assert user['value_type'] is 'user'
                         for key in expected_keys:
                             assert key in user
                 def test_returns_user_filtered_by_last_name(self, backend, user_util):
                     keywords = ('aBc', u'ünicode')
                     for keyword in keywords:
                         for i in range(2):
                             user_util.create_user(
                                 active=True, lastname=u'Fake {} user'.format(keyword))
                     with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         keyword = keywords[1].lower()
                         users = RepoModel().get_users(name_contains=keyword)
                     fake_users = [u for u in users if u['last_name'].startswith('Fake')]
                     assert len(fake_users) == 2
                     for user in fake_users:
                         assert user['last_name'] == safe_unicode('Fake ünicode user')
                 def test_returns_user_filtered_by_first_name(self, backend, user_util):
                     created_users = []
                     keywords = ('aBc', u'ünicode')
                     for keyword in keywords:
                         for i in range(2):
                             created_users.append(user_util.create_user(
                                 active=True, lastname='Fake user',
                                 firstname=u'Fake {} user'.format(keyword)))
                     keyword = keywords[1].lower()
                     with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         users = RepoModel().get_users(name_contains=keyword)
                     fake_users = [u for u in users if u['last_name'].startswith('Fake')]
                     assert len(fake_users) == 2
                     for user in fake_users:
                         assert user['first_name'] == safe_unicode('Fake ünicode user')
                 def test_returns_user_filtered_by_username(self, backend, user_util):
                     created_users = []
                     for i in range(5):
                         created_users.append(user_util.create_user(
                             active=True, lastname='Fake user'))
                     user_filter = created_users[-1].username[-2:]
                     with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         users = RepoModel().get_users(name_contains=user_filter)
                     fake_users = [u for u in users if u['last_name'].startswith('Fake')]
                     assert len(fake_users) == 1
                     assert fake_users[0]['username'] == created_users[-1].username
                 def test_returns_limited_user_list(self, backend, user_util):
                     created_users = []
                     for i in range(5):
                         created_users.append(user_util.create_user(
                             active=True, lastname='Fake user'))
                     with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         users = RepoModel().get_users(name_contains='Fake', limit=3)
                     fake_users = [u for u in users if u['last_name'].startswith('Fake')]
                     assert len(fake_users) == 3
             class TestGetUserGroups(object):
                 def test_returns_filtered_list(self, backend, user_util):
                     created_groups = []
                     for i in range(4):
                         created_groups.append(
                             user_util.create_user_group(users_group_active=True))
                     group_filter = created_groups[-1].users_group_name[-2:]
+                    with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         with self._patch_user_group_list():
                             groups = RepoModel().get_user_groups(group_filter)
                     fake_groups = [
                         u for u in groups if u['value'].startswith('test_returns')]
                     assert len(fake_groups) == 1
                     assert fake_groups[0]['value'] == created_groups[-1].users_group_name
                     assert fake_groups[0]['value_display'].startswith(
                         'Group: test_returns')
                 def test_returns_limited_list(self, backend, user_util):
                     created_groups = []
                     for i in range(3):
                         created_groups.append(
                             user_util.create_user_group(users_group_active=True))
+                    with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         with self._patch_user_group_list():
                             groups = RepoModel().get_user_groups('test_returns')
                     fake_groups = [
                         u for u in groups if u['value'].startswith('test_returns')]
                     assert len(fake_groups) == 3
                 def test_returns_active_user_groups(self, backend, user_util):
                     for i in range(4):
                         is_active = i % 2 == 0
                         user_util.create_user_group(users_group_active=is_active)
+                    with mock.patch('rhodecode.lib.helpers.gravatar_url'):
                         with self._patch_user_group_list():
                             groups = RepoModel().get_user_groups()
                     expected = ('id', 'icon_link', 'value_display', 'value', 'value_type')
                     for group in groups:
                         assert group['value_type'] is 'user_group'
                         for key in expected:
                             assert key in group
                     fake_groups = [
                         u for u in groups if u['value'].startswith('test_returns')]
                     assert len(fake_groups) == 2
                     for user in fake_groups:
                         assert user['value_display'].startswith('Group: test_returns')
                 def _patch_user_group_list(self):
                     def side_effect(group_list, perm_set):
                         return group_list
                     return mock.patch(
                         'rhodecode.model.repo.UserGroupList', side_effect=side_effect)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages