rhodecode-enterprise-ce
RSS
artifacts: added DB store models.
marcink -
r3456:a0562f8e default
Not Reviewed
Show More
Add another comment
Collapse all files
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
Show file before | Show file after | Show commentsHide comments
This diff has been collapsed as it changes many lines, (4933 lines changed) Show them Hide them
@@ -0,0 +1,4933
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 """
22 Database Models for RhodeCode Enterprise
23 """
24
25 import re
26 import os
27 import time
28 import hashlib
29 import logging
30 import datetime
31 import warnings
32 import ipaddress
33 import functools
34 import traceback
35 import collections
36
37 from sqlalchemy import (
38 or_, and_, not_, func, TypeDecorator, event,
39 Index, Sequence, UniqueConstraint, ForeignKey, CheckConstraint, Column,
40 Boolean, String, Unicode, UnicodeText, DateTime, Integer, LargeBinary,
41 Text, Float, PickleType)
42 from sqlalchemy.sql.expression import true, false
43 from sqlalchemy.sql.functions import coalesce, count # pragma: no cover
44 from sqlalchemy.orm import (
45 relationship, joinedload, class_mapper, validates, aliased)
46 from sqlalchemy.ext.declarative import declared_attr
47 from sqlalchemy.ext.hybrid import hybrid_property
48 from sqlalchemy.exc import IntegrityError # pragma: no cover
49 from sqlalchemy.dialects.mysql import LONGTEXT
50 from zope.cachedescriptors.property import Lazy as LazyProperty
51 from pyramid import compat
52 from pyramid.threadlocal import get_current_request
53
54 from rhodecode.translation import _
55 from rhodecode.lib.vcs import get_vcs_instance
56 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
57 from rhodecode.lib.utils2 import (
58 str2bool, safe_str, get_commit_safe, safe_unicode, sha1_safe,
59 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
60 glob2re, StrictAttributeDict, cleaned_uri)
61 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType, \
62 JsonRaw
63 from rhodecode.lib.ext_json import json
64 from rhodecode.lib.caching_query import FromCache
65 from rhodecode.lib.encrypt import AESCipher
66
67 from rhodecode.model.meta import Base, Session
68
69 URL_SEP = '/'
70 log = logging.getLogger(__name__)
71
72 # =============================================================================
73 # BASE CLASSES
74 # =============================================================================
75
76 # this is propagated from .ini file rhodecode.encrypted_values.secret or
77 # beaker.session.secret if first is not set.
78 # and initialized at environment.py
79 ENCRYPTION_KEY = None
80
81 # used to sort permissions by types, '#' used here is not allowed to be in
82 # usernames, and it's very early in sorted string.printable table.
83 PERMISSION_TYPE_SORT = {
84 'admin': '####',
85 'write': '###',
86 'read': '##',
87 'none': '#',
88 }
89
90
91 def display_user_sort(obj):
92 """
93 Sort function used to sort permissions in .permissions() function of
94 Repository, RepoGroup, UserGroup. Also it put the default user in front
95 of all other resources
96 """
97
98 if obj.username == User.DEFAULT_USER:
99 return '#####'
100 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
101 return prefix + obj.username
102
103
104 def display_user_group_sort(obj):
105 """
106 Sort function used to sort permissions in .permissions() function of
107 Repository, RepoGroup, UserGroup. Also it put the default user in front
108 of all other resources
109 """
110
111 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
112 return prefix + obj.users_group_name
113
114
115 def _hash_key(k):
116 return sha1_safe(k)
117
118
119 def in_filter_generator(qry, items, limit=500):
120 """
121 Splits IN() into multiple with OR
122 e.g.::
123 cnt = Repository.query().filter(
124 or_(
125 *in_filter_generator(Repository.repo_id, range(100000))
126 )).count()
127 """
128 if not items:
129 # empty list will cause empty query which might cause security issues
130 # this can lead to hidden unpleasant results
131 items = [-1]
132
133 parts = []
134 for chunk in xrange(0, len(items), limit):
135 parts.append(
136 qry.in_(items[chunk: chunk + limit])
137 )
138
139 return parts
140
141
142 base_table_args = {
143 'extend_existing': True,
144 'mysql_engine': 'InnoDB',
145 'mysql_charset': 'utf8',
146 'sqlite_autoincrement': True
147 }
148
149
150 class EncryptedTextValue(TypeDecorator):
151 """
152 Special column for encrypted long text data, use like::
153
154 value = Column("encrypted_value", EncryptedValue(), nullable=False)
155
156 This column is intelligent so if value is in unencrypted form it return
157 unencrypted form, but on save it always encrypts
158 """
159 impl = Text
160
161 def process_bind_param(self, value, dialect):
162 if not value:
163 return value
164 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
165 # protect against double encrypting if someone manually starts
166 # doing
167 raise ValueError('value needs to be in unencrypted format, ie. '
168 'not starting with enc$aes')
169 return 'enc$aes_hmac$%s' % AESCipher(
170 ENCRYPTION_KEY, hmac=True).encrypt(value)
171
172 def process_result_value(self, value, dialect):
173 import rhodecode
174
175 if not value:
176 return value
177
178 parts = value.split('$', 3)
179 if not len(parts) == 3:
180 # probably not encrypted values
181 return value
182 else:
183 if parts[0] != 'enc':
184 # parts ok but without our header ?
185 return value
186 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
187 'rhodecode.encrypted_values.strict') or True)
188 # at that stage we know it's our encryption
189 if parts[1] == 'aes':
190 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
191 elif parts[1] == 'aes_hmac':
192 decrypted_data = AESCipher(
193 ENCRYPTION_KEY, hmac=True,
194 strict_verification=enc_strict_mode).decrypt(parts[2])
195 else:
196 raise ValueError(
197 'Encryption type part is wrong, must be `aes` '
198 'or `aes_hmac`, got `%s` instead' % (parts[1]))
199 return decrypted_data
200
201
202 class BaseModel(object):
203 """
204 Base Model for all classes
205 """
206
207 @classmethod
208 def _get_keys(cls):
209 """return column names for this model """
210 return class_mapper(cls).c.keys()
211
212 def get_dict(self):
213 """
214 return dict with keys and values corresponding
215 to this model data """
216
217 d = {}
218 for k in self._get_keys():
219 d[k] = getattr(self, k)
220
221 # also use __json__() if present to get additional fields
222 _json_attr = getattr(self, '__json__', None)
223 if _json_attr:
224 # update with attributes from __json__
225 if callable(_json_attr):
226 _json_attr = _json_attr()
227 for k, val in _json_attr.iteritems():
228 d[k] = val
229 return d
230
231 def get_appstruct(self):
232 """return list with keys and values tuples corresponding
233 to this model data """
234
235 lst = []
236 for k in self._get_keys():
237 lst.append((k, getattr(self, k),))
238 return lst
239
240 def populate_obj(self, populate_dict):
241 """populate model with data from given populate_dict"""
242
243 for k in self._get_keys():
244 if k in populate_dict:
245 setattr(self, k, populate_dict[k])
246
247 @classmethod
248 def query(cls):
249 return Session().query(cls)
250
251 @classmethod
252 def get(cls, id_):
253 if id_:
254 return cls.query().get(id_)
255
256 @classmethod
257 def get_or_404(cls, id_):
258 from pyramid.httpexceptions import HTTPNotFound
259
260 try:
261 id_ = int(id_)
262 except (TypeError, ValueError):
263 raise HTTPNotFound()
264
265 res = cls.query().get(id_)
266 if not res:
267 raise HTTPNotFound()
268 return res
269
270 @classmethod
271 def getAll(cls):
272 # deprecated and left for backward compatibility
273 return cls.get_all()
274
275 @classmethod
276 def get_all(cls):
277 return cls.query().all()
278
279 @classmethod
280 def delete(cls, id_):
281 obj = cls.query().get(id_)
282 Session().delete(obj)
283
284 @classmethod
285 def identity_cache(cls, session, attr_name, value):
286 exist_in_session = []
287 for (item_cls, pkey), instance in session.identity_map.items():
288 if cls == item_cls and getattr(instance, attr_name) == value:
289 exist_in_session.append(instance)
290 if exist_in_session:
291 if len(exist_in_session) == 1:
292 return exist_in_session[0]
293 log.exception(
294 'multiple objects with attr %s and '
295 'value %s found with same name: %r',
296 attr_name, value, exist_in_session)
297
298 def __repr__(self):
299 if hasattr(self, '__unicode__'):
300 # python repr needs to return str
301 try:
302 return safe_str(self.__unicode__())
303 except UnicodeDecodeError:
304 pass
305 return '<DB:%s>' % (self.__class__.__name__)
306
307
308 class RhodeCodeSetting(Base, BaseModel):
309 __tablename__ = 'rhodecode_settings'
310 __table_args__ = (
311 UniqueConstraint('app_settings_name'),
312 base_table_args
313 )
314
315 SETTINGS_TYPES = {
316 'str': safe_str,
317 'int': safe_int,
318 'unicode': safe_unicode,
319 'bool': str2bool,
320 'list': functools.partial(aslist, sep=',')
321 }
322 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
323 GLOBAL_CONF_KEY = 'app_settings'
324
325 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
326 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
327 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
328 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
329
330 def __init__(self, key='', val='', type='unicode'):
331 self.app_settings_name = key
332 self.app_settings_type = type
333 self.app_settings_value = val
334
335 @validates('_app_settings_value')
336 def validate_settings_value(self, key, val):
337 assert type(val) == unicode
338 return val
339
340 @hybrid_property
341 def app_settings_value(self):
342 v = self._app_settings_value
343 _type = self.app_settings_type
344 if _type:
345 _type = self.app_settings_type.split('.')[0]
346 # decode the encrypted value
347 if 'encrypted' in self.app_settings_type:
348 cipher = EncryptedTextValue()
349 v = safe_unicode(cipher.process_result_value(v, None))
350
351 converter = self.SETTINGS_TYPES.get(_type) or \
352 self.SETTINGS_TYPES['unicode']
353 return converter(v)
354
355 @app_settings_value.setter
356 def app_settings_value(self, val):
357 """
358 Setter that will always make sure we use unicode in app_settings_value
359
360 :param val:
361 """
362 val = safe_unicode(val)
363 # encode the encrypted value
364 if 'encrypted' in self.app_settings_type:
365 cipher = EncryptedTextValue()
366 val = safe_unicode(cipher.process_bind_param(val, None))
367 self._app_settings_value = val
368
369 @hybrid_property
370 def app_settings_type(self):
371 return self._app_settings_type
372
373 @app_settings_type.setter
374 def app_settings_type(self, val):
375 if val.split('.')[0] not in self.SETTINGS_TYPES:
376 raise Exception('type must be one of %s got %s'
377 % (self.SETTINGS_TYPES.keys(), val))
378 self._app_settings_type = val
379
380 @classmethod
381 def get_by_prefix(cls, prefix):
382 return RhodeCodeSetting.query()\
383 .filter(RhodeCodeSetting.app_settings_name.startswith(prefix))\
384 .all()
385
386 def __unicode__(self):
387 return u"<%s('%s:%s[%s]')>" % (
388 self.__class__.__name__,
389 self.app_settings_name, self.app_settings_value,
390 self.app_settings_type
391 )
392
393
394 class RhodeCodeUi(Base, BaseModel):
395 __tablename__ = 'rhodecode_ui'
396 __table_args__ = (
397 UniqueConstraint('ui_key'),
398 base_table_args
399 )
400
401 HOOK_REPO_SIZE = 'changegroup.repo_size'
402 # HG
403 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
404 HOOK_PULL = 'outgoing.pull_logger'
405 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
406 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
407 HOOK_PUSH = 'changegroup.push_logger'
408 HOOK_PUSH_KEY = 'pushkey.key_push'
409
410 # TODO: johbo: Unify way how hooks are configured for git and hg,
411 # git part is currently hardcoded.
412
413 # SVN PATTERNS
414 SVN_BRANCH_ID = 'vcs_svn_branch'
415 SVN_TAG_ID = 'vcs_svn_tag'
416
417 ui_id = Column(
418 "ui_id", Integer(), nullable=False, unique=True, default=None,
419 primary_key=True)
420 ui_section = Column(
421 "ui_section", String(255), nullable=True, unique=None, default=None)
422 ui_key = Column(
423 "ui_key", String(255), nullable=True, unique=None, default=None)
424 ui_value = Column(
425 "ui_value", String(255), nullable=True, unique=None, default=None)
426 ui_active = Column(
427 "ui_active", Boolean(), nullable=True, unique=None, default=True)
428
429 def __repr__(self):
430 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
431 self.ui_key, self.ui_value)
432
433
434 class RepoRhodeCodeSetting(Base, BaseModel):
435 __tablename__ = 'repo_rhodecode_settings'
436 __table_args__ = (
437 UniqueConstraint(
438 'app_settings_name', 'repository_id',
439 name='uq_repo_rhodecode_setting_name_repo_id'),
440 base_table_args
441 )
442
443 repository_id = Column(
444 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
445 nullable=False)
446 app_settings_id = Column(
447 "app_settings_id", Integer(), nullable=False, unique=True,
448 default=None, primary_key=True)
449 app_settings_name = Column(
450 "app_settings_name", String(255), nullable=True, unique=None,
451 default=None)
452 _app_settings_value = Column(
453 "app_settings_value", String(4096), nullable=True, unique=None,
454 default=None)
455 _app_settings_type = Column(
456 "app_settings_type", String(255), nullable=True, unique=None,
457 default=None)
458
459 repository = relationship('Repository')
460
461 def __init__(self, repository_id, key='', val='', type='unicode'):
462 self.repository_id = repository_id
463 self.app_settings_name = key
464 self.app_settings_type = type
465 self.app_settings_value = val
466
467 @validates('_app_settings_value')
468 def validate_settings_value(self, key, val):
469 assert type(val) == unicode
470 return val
471
472 @hybrid_property
473 def app_settings_value(self):
474 v = self._app_settings_value
475 type_ = self.app_settings_type
476 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
477 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
478 return converter(v)
479
480 @app_settings_value.setter
481 def app_settings_value(self, val):
482 """
483 Setter that will always make sure we use unicode in app_settings_value
484
485 :param val:
486 """
487 self._app_settings_value = safe_unicode(val)
488
489 @hybrid_property
490 def app_settings_type(self):
491 return self._app_settings_type
492
493 @app_settings_type.setter
494 def app_settings_type(self, val):
495 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
496 if val not in SETTINGS_TYPES:
497 raise Exception('type must be one of %s got %s'
498 % (SETTINGS_TYPES.keys(), val))
499 self._app_settings_type = val
500
501 def __unicode__(self):
502 return u"<%s('%s:%s:%s[%s]')>" % (
503 self.__class__.__name__, self.repository.repo_name,
504 self.app_settings_name, self.app_settings_value,
505 self.app_settings_type
506 )
507
508
509 class RepoRhodeCodeUi(Base, BaseModel):
510 __tablename__ = 'repo_rhodecode_ui'
511 __table_args__ = (
512 UniqueConstraint(
513 'repository_id', 'ui_section', 'ui_key',
514 name='uq_repo_rhodecode_ui_repository_id_section_key'),
515 base_table_args
516 )
517
518 repository_id = Column(
519 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
520 nullable=False)
521 ui_id = Column(
522 "ui_id", Integer(), nullable=False, unique=True, default=None,
523 primary_key=True)
524 ui_section = Column(
525 "ui_section", String(255), nullable=True, unique=None, default=None)
526 ui_key = Column(
527 "ui_key", String(255), nullable=True, unique=None, default=None)
528 ui_value = Column(
529 "ui_value", String(255), nullable=True, unique=None, default=None)
530 ui_active = Column(
531 "ui_active", Boolean(), nullable=True, unique=None, default=True)
532
533 repository = relationship('Repository')
534
535 def __repr__(self):
536 return '<%s[%s:%s]%s=>%s]>' % (
537 self.__class__.__name__, self.repository.repo_name,
538 self.ui_section, self.ui_key, self.ui_value)
539
540
541 class User(Base, BaseModel):
542 __tablename__ = 'users'
543 __table_args__ = (
544 UniqueConstraint('username'), UniqueConstraint('email'),
545 Index('u_username_idx', 'username'),
546 Index('u_email_idx', 'email'),
547 base_table_args
548 )
549
550 DEFAULT_USER = 'default'
551 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
552 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
553
554 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
555 username = Column("username", String(255), nullable=True, unique=None, default=None)
556 password = Column("password", String(255), nullable=True, unique=None, default=None)
557 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
558 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
559 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
560 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
561 _email = Column("email", String(255), nullable=True, unique=None, default=None)
562 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
563 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
564
565 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
566 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
567 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
568 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
569 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
570 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
571
572 user_log = relationship('UserLog')
573 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
574
575 repositories = relationship('Repository')
576 repository_groups = relationship('RepoGroup')
577 user_groups = relationship('UserGroup')
578
579 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
580 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
581
582 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
583 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
584 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
585
586 group_member = relationship('UserGroupMember', cascade='all')
587
588 notifications = relationship('UserNotification', cascade='all')
589 # notifications assigned to this user
590 user_created_notifications = relationship('Notification', cascade='all')
591 # comments created by this user
592 user_comments = relationship('ChangesetComment', cascade='all')
593 # user profile extra info
594 user_emails = relationship('UserEmailMap', cascade='all')
595 user_ip_map = relationship('UserIpMap', cascade='all')
596 user_auth_tokens = relationship('UserApiKeys', cascade='all')
597 user_ssh_keys = relationship('UserSshKeys', cascade='all')
598
599 # gists
600 user_gists = relationship('Gist', cascade='all')
601 # user pull requests
602 user_pull_requests = relationship('PullRequest', cascade='all')
603 # external identities
604 extenal_identities = relationship(
605 'ExternalIdentity',
606 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
607 cascade='all')
608 # review rules
609 user_review_rules = relationship('RepoReviewRuleUser', cascade='all')
610
611 def __unicode__(self):
612 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
613 self.user_id, self.username)
614
615 @hybrid_property
616 def email(self):
617 return self._email
618
619 @email.setter
620 def email(self, val):
621 self._email = val.lower() if val else None
622
623 @hybrid_property
624 def first_name(self):
625 from rhodecode.lib import helpers as h
626 if self.name:
627 return h.escape(self.name)
628 return self.name
629
630 @hybrid_property
631 def last_name(self):
632 from rhodecode.lib import helpers as h
633 if self.lastname:
634 return h.escape(self.lastname)
635 return self.lastname
636
637 @hybrid_property
638 def api_key(self):
639 """
640 Fetch if exist an auth-token with role ALL connected to this user
641 """
642 user_auth_token = UserApiKeys.query()\
643 .filter(UserApiKeys.user_id == self.user_id)\
644 .filter(or_(UserApiKeys.expires == -1,
645 UserApiKeys.expires >= time.time()))\
646 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
647 if user_auth_token:
648 user_auth_token = user_auth_token.api_key
649
650 return user_auth_token
651
652 @api_key.setter
653 def api_key(self, val):
654 # don't allow to set API key this is deprecated for now
655 self._api_key = None
656
657 @property
658 def reviewer_pull_requests(self):
659 return PullRequestReviewers.query() \
660 .options(joinedload(PullRequestReviewers.pull_request)) \
661 .filter(PullRequestReviewers.user_id == self.user_id) \
662 .all()
663
664 @property
665 def firstname(self):
666 # alias for future
667 return self.name
668
669 @property
670 def emails(self):
671 other = UserEmailMap.query()\
672 .filter(UserEmailMap.user == self) \
673 .order_by(UserEmailMap.email_id.asc()) \
674 .all()
675 return [self.email] + [x.email for x in other]
676
677 @property
678 def auth_tokens(self):
679