Show More
| @@ -22,24 +22,22 b'' | |||||
| 22 | authentication and permission libraries |
|
22 | authentication and permission libraries | |
| 23 | """ |
|
23 | """ | |
| 24 |
|
24 | |||
|
|
25 | import os | |||
| 25 | import inspect |
|
26 | import inspect | |
| 26 | import collections |
|
27 | import collections | |
| 27 | import fnmatch |
|
28 | import fnmatch | |
| 28 | import hashlib |
|
29 | import hashlib | |
| 29 | import itertools |
|
30 | import itertools | |
| 30 | import logging |
|
31 | import logging | |
| 31 | import os |
|
|||
| 32 | import random |
|
32 | import random | |
| 33 | import time |
|
|||
| 34 | import traceback |
|
33 | import traceback | |
| 35 | from functools import wraps |
|
34 | from functools import wraps | |
| 36 |
|
35 | |||
| 37 | import ipaddress |
|
36 | import ipaddress | |
| 38 | from pyramid.httpexceptions import HTTPForbidden |
|
37 | from pyramid.httpexceptions import HTTPForbidden, HTTPFound | |
| 39 | from pylons import url, request |
|
38 | from pylons import url, request | |
| 40 | from pylons.controllers.util import abort, redirect |
|
39 | from pylons.controllers.util import abort, redirect | |
| 41 | from pylons.i18n.translation import _ |
|
40 | from pylons.i18n.translation import _ | |
| 42 | from sqlalchemy import or_ |
|
|||
| 43 | from sqlalchemy.orm.exc import ObjectDeletedError |
|
41 | from sqlalchemy.orm.exc import ObjectDeletedError | |
| 44 | from sqlalchemy.orm import joinedload |
|
42 | from sqlalchemy.orm import joinedload | |
| 45 | from zope.cachedescriptors.property import Lazy as LazyProperty |
|
43 | from zope.cachedescriptors.property import Lazy as LazyProperty | |
| @@ -1256,7 +1254,6 b' class LoginRequired(object):' | |||||
| 1256 | auth_token_access_valid)) |
|
1254 | auth_token_access_valid)) | |
| 1257 | # we preserve the get PARAM |
|
1255 | # we preserve the get PARAM | |
| 1258 | came_from = request.path_qs |
|
1256 | came_from = request.path_qs | |
| 1259 |
|
||||
| 1260 | log.debug('redirecting to login page with %s' % (came_from,)) |
|
1257 | log.debug('redirecting to login page with %s' % (came_from,)) | |
| 1261 | return redirect( |
|
1258 | return redirect( | |
| 1262 | h.route_path('login', _query={'came_from': came_from})) |
|
1259 | h.route_path('login', _query={'came_from': came_from})) | |
| @@ -1348,6 +1345,20 b' class PermsDecorator(object):' | |||||
| 1348 | def __call__(self, func): |
|
1345 | def __call__(self, func): | |
| 1349 | return get_cython_compat_decorator(self.__wrapper, func) |
|
1346 | return get_cython_compat_decorator(self.__wrapper, func) | |
| 1350 |
|
1347 | |||
|
|
1348 | def _get_request(self): | |||
|
|
1349 | from pyramid.threadlocal import get_current_request | |||
|
|
1350 | pyramid_request = get_current_request() | |||
|
|
1351 | if not pyramid_request: | |||
|
|
1352 | # return global request of pylons incase pyramid one isn't available | |||
|
|
1353 | return request | |||
|
|
1354 | return pyramid_request | |||
|
|
1355 | ||||
|
|
1356 | def _get_came_from(self): | |||
|
|
1357 | _request = self._get_request() | |||
|
|
1358 | ||||
|
|
1359 | # both pylons/pyramid has this attribute | |||
|
|
1360 | return _request.path_qs | |||
|
|
1361 | ||||
| 1351 | def __wrapper(self, func, *fargs, **fkwargs): |
|
1362 | def __wrapper(self, func, *fargs, **fkwargs): | |
| 1352 | cls = fargs[0] |
|
1363 | cls = fargs[0] | |
| 1353 | _user = cls._rhodecode_user |
|
1364 | _user = cls._rhodecode_user | |
| @@ -1364,17 +1375,16 b' class PermsDecorator(object):' | |||||
| 1364 | anonymous = _user.username == User.DEFAULT_USER |
|
1375 | anonymous = _user.username == User.DEFAULT_USER | |
| 1365 |
|
1376 | |||
| 1366 | if anonymous: |
|
1377 | if anonymous: | |
| 1367 | came_from = request.path_qs |
|
|||
| 1368 |
|
||||
| 1369 | import rhodecode.lib.helpers as h |
|
1378 | import rhodecode.lib.helpers as h | |
|
|
1379 | came_from = self._get_came_from() | |||
| 1370 | h.flash(_('You need to be signed in to view this page'), |
|
1380 | h.flash(_('You need to be signed in to view this page'), | |
| 1371 | category='warning') |
|
1381 | category='warning') | |
| 1372 |
re |
|
1382 | raise HTTPFound( | |
| 1373 | h.route_path('login', _query={'came_from': came_from})) |
|
1383 | h.route_path('login', _query={'came_from': came_from})) | |
| 1374 |
|
1384 | |||
| 1375 | else: |
|
1385 | else: | |
| 1376 | # redirect with forbidden ret code |
|
1386 | # redirect with forbidden ret code | |
| 1377 |
re |
|
1387 | raise HTTPForbidden() | |
| 1378 |
|
1388 | |||
| 1379 | def check_permissions(self, user): |
|
1389 | def check_permissions(self, user): | |
| 1380 | """Dummy function for overriding""" |
|
1390 | """Dummy function for overriding""" | |
| @@ -1413,10 +1423,13 b' class HasRepoPermissionAllDecorator(Perm' | |||||
| 1413 | Checks for access permission for all given predicates for specific |
|
1423 | Checks for access permission for all given predicates for specific | |
| 1414 | repository. All of them have to be meet in order to fulfill the request |
|
1424 | repository. All of them have to be meet in order to fulfill the request | |
| 1415 | """ |
|
1425 | """ | |
|
|
1426 | def _get_repo_name(self): | |||
|
|
1427 | _request = self._get_request() | |||
|
|
1428 | return get_repo_slug(_request) | |||
| 1416 |
|
1429 | |||
| 1417 | def check_permissions(self, user): |
|
1430 | def check_permissions(self, user): | |
| 1418 | perms = user.permissions |
|
1431 | perms = user.permissions | |
| 1419 |
repo_name = get_repo_ |
|
1432 | repo_name = self._get_repo_name() | |
| 1420 | try: |
|
1433 | try: | |
| 1421 | user_perms = set([perms['repositories'][repo_name]]) |
|
1434 | user_perms = set([perms['repositories'][repo_name]]) | |
| 1422 | except KeyError: |
|
1435 | except KeyError: | |
| @@ -1431,10 +1444,13 b' class HasRepoPermissionAnyDecorator(Perm' | |||||
| 1431 | Checks for access permission for any of given predicates for specific |
|
1444 | Checks for access permission for any of given predicates for specific | |
| 1432 | repository. In order to fulfill the request any of predicates must be meet |
|
1445 | repository. In order to fulfill the request any of predicates must be meet | |
| 1433 | """ |
|
1446 | """ | |
|
|
1447 | def _get_repo_name(self): | |||
|
|
1448 | _request = self._get_request() | |||
|
|
1449 | return get_repo_slug(_request) | |||
| 1434 |
|
1450 | |||
| 1435 | def check_permissions(self, user): |
|
1451 | def check_permissions(self, user): | |
| 1436 | perms = user.permissions |
|
1452 | perms = user.permissions | |
| 1437 |
repo_name = get_repo_ |
|
1453 | repo_name = self._get_repo_name() | |
| 1438 | try: |
|
1454 | try: | |
| 1439 | user_perms = set([perms['repositories'][repo_name]]) |
|
1455 | user_perms = set([perms['repositories'][repo_name]]) | |
| 1440 | except KeyError: |
|
1456 | except KeyError: | |
| @@ -1451,10 +1467,13 b' class HasRepoGroupPermissionAllDecorator' | |||||
| 1451 | repository group. All of them have to be meet in order to |
|
1467 | repository group. All of them have to be meet in order to | |
| 1452 | fulfill the request |
|
1468 | fulfill the request | |
| 1453 | """ |
|
1469 | """ | |
|
|
1470 | def _get_repo_group_name(self): | |||
|
|
1471 | _request = self._get_request() | |||
|
|
1472 | return get_repo_group_slug(_request) | |||
| 1454 |
|
1473 | |||
| 1455 | def check_permissions(self, user): |
|
1474 | def check_permissions(self, user): | |
| 1456 | perms = user.permissions |
|
1475 | perms = user.permissions | |
| 1457 |
group_name = get_repo_group_ |
|
1476 | group_name = self._get_repo_group_name() | |
| 1458 | try: |
|
1477 | try: | |
| 1459 | user_perms = set([perms['repositories_groups'][group_name]]) |
|
1478 | user_perms = set([perms['repositories_groups'][group_name]]) | |
| 1460 | except KeyError: |
|
1479 | except KeyError: | |
| @@ -1471,10 +1490,13 b' class HasRepoGroupPermissionAnyDecorator' | |||||
| 1471 | repository group. In order to fulfill the request any |
|
1490 | repository group. In order to fulfill the request any | |
| 1472 | of predicates must be met |
|
1491 | of predicates must be met | |
| 1473 | """ |
|
1492 | """ | |
|
|
1493 | def _get_repo_group_name(self): | |||
|
|
1494 | _request = self._get_request() | |||
|
|
1495 | return get_repo_group_slug(_request) | |||
| 1474 |
|
1496 | |||
| 1475 | def check_permissions(self, user): |
|
1497 | def check_permissions(self, user): | |
| 1476 | perms = user.permissions |
|
1498 | perms = user.permissions | |
| 1477 |
group_name = get_repo_group_ |
|
1499 | group_name = self._get_repo_group_name() | |
| 1478 | try: |
|
1500 | try: | |
| 1479 | user_perms = set([perms['repositories_groups'][group_name]]) |
|
1501 | user_perms = set([perms['repositories_groups'][group_name]]) | |
| 1480 | except KeyError: |
|
1502 | except KeyError: | |
| @@ -1490,10 +1512,13 b' class HasUserGroupPermissionAllDecorator' | |||||
| 1490 | Checks for access permission for all given predicates for specific |
|
1512 | Checks for access permission for all given predicates for specific | |
| 1491 | user group. All of them have to be meet in order to fulfill the request |
|
1513 | user group. All of them have to be meet in order to fulfill the request | |
| 1492 | """ |
|
1514 | """ | |
|
|
1515 | def _get_user_group_name(self): | |||
|
|
1516 | _request = self._get_request() | |||
|
|
1517 | return get_user_group_slug(_request) | |||
| 1493 |
|
1518 | |||
| 1494 | def check_permissions(self, user): |
|
1519 | def check_permissions(self, user): | |
| 1495 | perms = user.permissions |
|
1520 | perms = user.permissions | |
| 1496 |
group_name = get_user_group_ |
|
1521 | group_name = self._get_user_group_name() | |
| 1497 | try: |
|
1522 | try: | |
| 1498 | user_perms = set([perms['user_groups'][group_name]]) |
|
1523 | user_perms = set([perms['user_groups'][group_name]]) | |
| 1499 | except KeyError: |
|
1524 | except KeyError: | |
| @@ -1509,10 +1534,13 b' class HasUserGroupPermissionAnyDecorator' | |||||
| 1509 | Checks for access permission for any of given predicates for specific |
|
1534 | Checks for access permission for any of given predicates for specific | |
| 1510 | user group. In order to fulfill the request any of predicates must be meet |
|
1535 | user group. In order to fulfill the request any of predicates must be meet | |
| 1511 | """ |
|
1536 | """ | |
|
|
1537 | def _get_user_group_name(self): | |||
|
|
1538 | _request = self._get_request() | |||
|
|
1539 | return get_user_group_slug(_request) | |||
| 1512 |
|
1540 | |||
| 1513 | def check_permissions(self, user): |
|
1541 | def check_permissions(self, user): | |
| 1514 | perms = user.permissions |
|
1542 | perms = user.permissions | |
| 1515 |
group_name = get_user_group_ |
|
1543 | group_name = self._get_user_group_name() | |
| 1516 | try: |
|
1544 | try: | |
| 1517 | user_perms = set([perms['user_groups'][group_name]]) |
|
1545 | user_perms = set([perms['user_groups'][group_name]]) | |
| 1518 | except KeyError: |
|
1546 | except KeyError: | |
| @@ -1575,6 +1603,14 b' class PermsFunction(object):' | |||||
| 1575 | check_scope, user, check_location) |
|
1603 | check_scope, user, check_location) | |
| 1576 | return False |
|
1604 | return False | |
| 1577 |
|
1605 | |||
|
|
1606 | def _get_request(self): | |||
|
|
1607 | from pyramid.threadlocal import get_current_request | |||
|
|
1608 | pyramid_request = get_current_request() | |||
|
|
1609 | if not pyramid_request: | |||
|
|
1610 | # return global request of pylons incase pyramid one isn't available | |||
|
|
1611 | return request | |||
|
|
1612 | return pyramid_request | |||
|
|
1613 | ||||
| 1578 | def _get_check_scope(self, cls_name): |
|
1614 | def _get_check_scope(self, cls_name): | |
| 1579 | return { |
|
1615 | return { | |
| 1580 | 'HasPermissionAll': 'GLOBAL', |
|
1616 | 'HasPermissionAll': 'GLOBAL', | |
| @@ -1613,10 +1649,14 b' class HasRepoPermissionAll(PermsFunction' | |||||
| 1613 | self.repo_name = repo_name |
|
1649 | self.repo_name = repo_name | |
| 1614 | return super(HasRepoPermissionAll, self).__call__(check_location, user) |
|
1650 | return super(HasRepoPermissionAll, self).__call__(check_location, user) | |
| 1615 |
|
1651 | |||
| 1616 | def check_permissions(self, user): |
|
1652 | def _get_repo_name(self): | |
| 1617 | if not self.repo_name: |
|
1653 | if not self.repo_name: | |
| 1618 | self.repo_name = get_repo_slug(request) |
|
1654 | _request = self._get_request() | |
|
|
1655 | self.repo_name = get_repo_slug(_request) | |||
|
|
1656 | return self.repo_name | |||
| 1619 |
|
1657 | |||
|
|
1658 | def check_permissions(self, user): | |||
|
|
1659 | self.repo_name = self._get_repo_name() | |||
| 1620 | perms = user.permissions |
|
1660 | perms = user.permissions | |
| 1621 | try: |
|
1661 | try: | |
| 1622 | user_perms = set([perms['repositories'][self.repo_name]]) |
|
1662 | user_perms = set([perms['repositories'][self.repo_name]]) | |
| @@ -1632,10 +1672,13 b' class HasRepoPermissionAny(PermsFunction' | |||||
| 1632 | self.repo_name = repo_name |
|
1672 | self.repo_name = repo_name | |
| 1633 | return super(HasRepoPermissionAny, self).__call__(check_location, user) |
|
1673 | return super(HasRepoPermissionAny, self).__call__(check_location, user) | |
| 1634 |
|
1674 | |||
| 1635 | def check_permissions(self, user): |
|
1675 | def _get_repo_name(self): | |
| 1636 | if not self.repo_name: |
|
1676 | if not self.repo_name: | |
| 1637 | self.repo_name = get_repo_slug(request) |
|
1677 | self.repo_name = get_repo_slug(request) | |
|
|
1678 | return self.repo_name | |||
| 1638 |
|
1679 | |||
|
|
1680 | def check_permissions(self, user): | |||
|
|
1681 | self.repo_name = self._get_repo_name() | |||
| 1639 | perms = user.permissions |
|
1682 | perms = user.permissions | |
| 1640 | try: |
|
1683 | try: | |
| 1641 | user_perms = set([perms['repositories'][self.repo_name]]) |
|
1684 | user_perms = set([perms['repositories'][self.repo_name]]) | |
| @@ -42,6 +42,7 b' from paste.script.command import Command' | |||||
| 42 | from webhelpers.text import collapse, remove_formatting, strip_tags |
|
42 | from webhelpers.text import collapse, remove_formatting, strip_tags | |
| 43 | from mako import exceptions |
|
43 | from mako import exceptions | |
| 44 | from pyramid.threadlocal import get_current_registry |
|
44 | from pyramid.threadlocal import get_current_registry | |
|
|
45 | from pyramid.request import Request | |||
| 45 |
|
46 | |||
| 46 | from rhodecode.lib.fakemod import create_module |
|
47 | from rhodecode.lib.fakemod import create_module | |
| 47 | from rhodecode.lib.vcs.backends.base import Config |
|
48 | from rhodecode.lib.vcs.backends.base import Config | |
| @@ -95,28 +96,43 b' def repo_name_slug(value):' | |||||
| 95 | # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS |
|
96 | # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS | |
| 96 | #============================================================================== |
|
97 | #============================================================================== | |
| 97 | def get_repo_slug(request): |
|
98 | def get_repo_slug(request): | |
| 98 | _repo = request.environ['pylons.routes_dict'].get('repo_name') |
|
99 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |
|
|
100 | # pyramid | |||
|
|
101 | _repo = request.matchdict.get('repo_name') | |||
|
|
102 | else: | |||
|
|
103 | _repo = request.environ['pylons.routes_dict'].get('repo_name') | |||
|
|
104 | ||||
| 99 | if _repo: |
|
105 | if _repo: | |
| 100 | _repo = _repo.rstrip('/') |
|
106 | _repo = _repo.rstrip('/') | |
| 101 | return _repo |
|
107 | return _repo | |
| 102 |
|
108 | |||
| 103 |
|
109 | |||
| 104 | def get_repo_group_slug(request): |
|
110 | def get_repo_group_slug(request): | |
| 105 | _group = request.environ['pylons.routes_dict'].get('group_name') |
|
111 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |
|
|
112 | # pyramid | |||
|
|
113 | _group = request.matchdict.get('group_name') | |||
|
|
114 | else: | |||
|
|
115 | _group = request.environ['pylons.routes_dict'].get('group_name') | |||
|
|
116 | ||||
| 106 | if _group: |
|
117 | if _group: | |
| 107 | _group = _group.rstrip('/') |
|
118 | _group = _group.rstrip('/') | |
| 108 | return _group |
|
119 | return _group | |
| 109 |
|
120 | |||
| 110 |
|
121 | |||
| 111 | def get_user_group_slug(request): |
|
122 | def get_user_group_slug(request): | |
| 112 | _group = request.environ['pylons.routes_dict'].get('user_group_id') |
|
123 | if isinstance(request, Request) and getattr(request, 'matchdict', None): | |
|
|
124 | # pyramid | |||
|
|
125 | _group = request.matchdict.get('user_group_id') | |||
|
|
126 | else: | |||
|
|
127 | _group = request.environ['pylons.routes_dict'].get('user_group_id') | |||
|
|
128 | ||||
| 113 | try: |
|
129 | try: | |
| 114 | _group = UserGroup.get(_group) |
|
130 | _group = UserGroup.get(_group) | |
| 115 | if _group: |
|
131 | if _group: | |
| 116 | _group = _group.users_group_name |
|
132 | _group = _group.users_group_name | |
| 117 | except Exception: |
|
133 | except Exception: | |
| 118 | log.debug(traceback.format_exc()) |
|
134 | log.debug(traceback.format_exc()) | |
| 119 | #catch all failures here |
|
135 | # catch all failures here | |
| 120 | pass |
|
136 | pass | |
| 121 |
|
137 | |||
| 122 | return _group |
|
138 | return _group | |
| @@ -418,9 +418,6 b' class TestAdminUsersController(TestContr' | |||||
| 418 | msg = 'Deleted 1 user groups' |
|
418 | msg = 'Deleted 1 user groups' | |
| 419 | assert_session_flash(response, msg) |
|
419 | assert_session_flash(response, msg) | |
| 420 |
|
420 | |||
| 421 | def test_show(self): |
|
|||
| 422 | self.app.get(url('user', user_id=1)) |
|
|||
| 423 |
|
||||
| 424 | def test_edit(self): |
|
421 | def test_edit(self): | |
| 425 | self.log_user() |
|
422 | self.log_user() | |
| 426 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) |
|
423 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) | |
General Comments 0
You need to be logged in to leave comments.
Login now