##// END OF EJS Templates
auth: make the perms decorators and function pyramid compatible.
marcink -
r1494:b18f6dcf default
parent child Browse files
Show More
@@ -22,24 +22,22 b''
22 authentication and permission libraries
22 authentication and permission libraries
23 """
23 """
24
24
25 import os
25 import inspect
26 import inspect
26 import collections
27 import collections
27 import fnmatch
28 import fnmatch
28 import hashlib
29 import hashlib
29 import itertools
30 import itertools
30 import logging
31 import logging
31 import os
32 import random
32 import random
33 import time
34 import traceback
33 import traceback
35 from functools import wraps
34 from functools import wraps
36
35
37 import ipaddress
36 import ipaddress
38 from pyramid.httpexceptions import HTTPForbidden
37 from pyramid.httpexceptions import HTTPForbidden, HTTPFound
39 from pylons import url, request
38 from pylons import url, request
40 from pylons.controllers.util import abort, redirect
39 from pylons.controllers.util import abort, redirect
41 from pylons.i18n.translation import _
40 from pylons.i18n.translation import _
42 from sqlalchemy import or_
43 from sqlalchemy.orm.exc import ObjectDeletedError
41 from sqlalchemy.orm.exc import ObjectDeletedError
44 from sqlalchemy.orm import joinedload
42 from sqlalchemy.orm import joinedload
45 from zope.cachedescriptors.property import Lazy as LazyProperty
43 from zope.cachedescriptors.property import Lazy as LazyProperty
@@ -1256,7 +1254,6 b' class LoginRequired(object):'
1256 auth_token_access_valid))
1254 auth_token_access_valid))
1257 # we preserve the get PARAM
1255 # we preserve the get PARAM
1258 came_from = request.path_qs
1256 came_from = request.path_qs
1259
1260 log.debug('redirecting to login page with %s' % (came_from,))
1257 log.debug('redirecting to login page with %s' % (came_from,))
1261 return redirect(
1258 return redirect(
1262 h.route_path('login', _query={'came_from': came_from}))
1259 h.route_path('login', _query={'came_from': came_from}))
@@ -1348,6 +1345,20 b' class PermsDecorator(object):'
1348 def __call__(self, func):
1345 def __call__(self, func):
1349 return get_cython_compat_decorator(self.__wrapper, func)
1346 return get_cython_compat_decorator(self.__wrapper, func)
1350
1347
1348 def _get_request(self):
1349 from pyramid.threadlocal import get_current_request
1350 pyramid_request = get_current_request()
1351 if not pyramid_request:
1352 # return global request of pylons incase pyramid one isn't available
1353 return request
1354 return pyramid_request
1355
1356 def _get_came_from(self):
1357 _request = self._get_request()
1358
1359 # both pylons/pyramid has this attribute
1360 return _request.path_qs
1361
1351 def __wrapper(self, func, *fargs, **fkwargs):
1362 def __wrapper(self, func, *fargs, **fkwargs):
1352 cls = fargs[0]
1363 cls = fargs[0]
1353 _user = cls._rhodecode_user
1364 _user = cls._rhodecode_user
@@ -1364,17 +1375,16 b' class PermsDecorator(object):'
1364 anonymous = _user.username == User.DEFAULT_USER
1375 anonymous = _user.username == User.DEFAULT_USER
1365
1376
1366 if anonymous:
1377 if anonymous:
1367 came_from = request.path_qs
1368
1369 import rhodecode.lib.helpers as h
1378 import rhodecode.lib.helpers as h
1379 came_from = self._get_came_from()
1370 h.flash(_('You need to be signed in to view this page'),
1380 h.flash(_('You need to be signed in to view this page'),
1371 category='warning')
1381 category='warning')
1372 return redirect(
1382 raise HTTPFound(
1373 h.route_path('login', _query={'came_from': came_from}))
1383 h.route_path('login', _query={'came_from': came_from}))
1374
1384
1375 else:
1385 else:
1376 # redirect with forbidden ret code
1386 # redirect with forbidden ret code
1377 return abort(403)
1387 raise HTTPForbidden()
1378
1388
1379 def check_permissions(self, user):
1389 def check_permissions(self, user):
1380 """Dummy function for overriding"""
1390 """Dummy function for overriding"""
@@ -1413,10 +1423,13 b' class HasRepoPermissionAllDecorator(Perm'
1413 Checks for access permission for all given predicates for specific
1423 Checks for access permission for all given predicates for specific
1414 repository. All of them have to be meet in order to fulfill the request
1424 repository. All of them have to be meet in order to fulfill the request
1415 """
1425 """
1426 def _get_repo_name(self):
1427 _request = self._get_request()
1428 return get_repo_slug(_request)
1416
1429
1417 def check_permissions(self, user):
1430 def check_permissions(self, user):
1418 perms = user.permissions
1431 perms = user.permissions
1419 repo_name = get_repo_slug(request)
1432 repo_name = self._get_repo_name()
1420 try:
1433 try:
1421 user_perms = set([perms['repositories'][repo_name]])
1434 user_perms = set([perms['repositories'][repo_name]])
1422 except KeyError:
1435 except KeyError:
@@ -1431,10 +1444,13 b' class HasRepoPermissionAnyDecorator(Perm'
1431 Checks for access permission for any of given predicates for specific
1444 Checks for access permission for any of given predicates for specific
1432 repository. In order to fulfill the request any of predicates must be meet
1445 repository. In order to fulfill the request any of predicates must be meet
1433 """
1446 """
1447 def _get_repo_name(self):
1448 _request = self._get_request()
1449 return get_repo_slug(_request)
1434
1450
1435 def check_permissions(self, user):
1451 def check_permissions(self, user):
1436 perms = user.permissions
1452 perms = user.permissions
1437 repo_name = get_repo_slug(request)
1453 repo_name = self._get_repo_name()
1438 try:
1454 try:
1439 user_perms = set([perms['repositories'][repo_name]])
1455 user_perms = set([perms['repositories'][repo_name]])
1440 except KeyError:
1456 except KeyError:
@@ -1451,10 +1467,13 b' class HasRepoGroupPermissionAllDecorator'
1451 repository group. All of them have to be meet in order to
1467 repository group. All of them have to be meet in order to
1452 fulfill the request
1468 fulfill the request
1453 """
1469 """
1470 def _get_repo_group_name(self):
1471 _request = self._get_request()
1472 return get_repo_group_slug(_request)
1454
1473
1455 def check_permissions(self, user):
1474 def check_permissions(self, user):
1456 perms = user.permissions
1475 perms = user.permissions
1457 group_name = get_repo_group_slug(request)
1476 group_name = self._get_repo_group_name()
1458 try:
1477 try:
1459 user_perms = set([perms['repositories_groups'][group_name]])
1478 user_perms = set([perms['repositories_groups'][group_name]])
1460 except KeyError:
1479 except KeyError:
@@ -1471,10 +1490,13 b' class HasRepoGroupPermissionAnyDecorator'
1471 repository group. In order to fulfill the request any
1490 repository group. In order to fulfill the request any
1472 of predicates must be met
1491 of predicates must be met
1473 """
1492 """
1493 def _get_repo_group_name(self):
1494 _request = self._get_request()
1495 return get_repo_group_slug(_request)
1474
1496
1475 def check_permissions(self, user):
1497 def check_permissions(self, user):
1476 perms = user.permissions
1498 perms = user.permissions
1477 group_name = get_repo_group_slug(request)
1499 group_name = self._get_repo_group_name()
1478 try:
1500 try:
1479 user_perms = set([perms['repositories_groups'][group_name]])
1501 user_perms = set([perms['repositories_groups'][group_name]])
1480 except KeyError:
1502 except KeyError:
@@ -1490,10 +1512,13 b' class HasUserGroupPermissionAllDecorator'
1490 Checks for access permission for all given predicates for specific
1512 Checks for access permission for all given predicates for specific
1491 user group. All of them have to be meet in order to fulfill the request
1513 user group. All of them have to be meet in order to fulfill the request
1492 """
1514 """
1515 def _get_user_group_name(self):
1516 _request = self._get_request()
1517 return get_user_group_slug(_request)
1493
1518
1494 def check_permissions(self, user):
1519 def check_permissions(self, user):
1495 perms = user.permissions
1520 perms = user.permissions
1496 group_name = get_user_group_slug(request)
1521 group_name = self._get_user_group_name()
1497 try:
1522 try:
1498 user_perms = set([perms['user_groups'][group_name]])
1523 user_perms = set([perms['user_groups'][group_name]])
1499 except KeyError:
1524 except KeyError:
@@ -1509,10 +1534,13 b' class HasUserGroupPermissionAnyDecorator'
1509 Checks for access permission for any of given predicates for specific
1534 Checks for access permission for any of given predicates for specific
1510 user group. In order to fulfill the request any of predicates must be meet
1535 user group. In order to fulfill the request any of predicates must be meet
1511 """
1536 """
1537 def _get_user_group_name(self):
1538 _request = self._get_request()
1539 return get_user_group_slug(_request)
1512
1540
1513 def check_permissions(self, user):
1541 def check_permissions(self, user):
1514 perms = user.permissions
1542 perms = user.permissions
1515 group_name = get_user_group_slug(request)
1543 group_name = self._get_user_group_name()
1516 try:
1544 try:
1517 user_perms = set([perms['user_groups'][group_name]])
1545 user_perms = set([perms['user_groups'][group_name]])
1518 except KeyError:
1546 except KeyError:
@@ -1575,6 +1603,14 b' class PermsFunction(object):'
1575 check_scope, user, check_location)
1603 check_scope, user, check_location)
1576 return False
1604 return False
1577
1605
1606 def _get_request(self):
1607 from pyramid.threadlocal import get_current_request
1608 pyramid_request = get_current_request()
1609 if not pyramid_request:
1610 # return global request of pylons incase pyramid one isn't available
1611 return request
1612 return pyramid_request
1613
1578 def _get_check_scope(self, cls_name):
1614 def _get_check_scope(self, cls_name):
1579 return {
1615 return {
1580 'HasPermissionAll': 'GLOBAL',
1616 'HasPermissionAll': 'GLOBAL',
@@ -1613,10 +1649,14 b' class HasRepoPermissionAll(PermsFunction'
1613 self.repo_name = repo_name
1649 self.repo_name = repo_name
1614 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1650 return super(HasRepoPermissionAll, self).__call__(check_location, user)
1615
1651
1616 def check_permissions(self, user):
1652 def _get_repo_name(self):
1617 if not self.repo_name:
1653 if not self.repo_name:
1618 self.repo_name = get_repo_slug(request)
1654 _request = self._get_request()
1655 self.repo_name = get_repo_slug(_request)
1656 return self.repo_name
1619
1657
1658 def check_permissions(self, user):
1659 self.repo_name = self._get_repo_name()
1620 perms = user.permissions
1660 perms = user.permissions
1621 try:
1661 try:
1622 user_perms = set([perms['repositories'][self.repo_name]])
1662 user_perms = set([perms['repositories'][self.repo_name]])
@@ -1632,10 +1672,13 b' class HasRepoPermissionAny(PermsFunction'
1632 self.repo_name = repo_name
1672 self.repo_name = repo_name
1633 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1673 return super(HasRepoPermissionAny, self).__call__(check_location, user)
1634
1674
1635 def check_permissions(self, user):
1675 def _get_repo_name(self):
1636 if not self.repo_name:
1676 if not self.repo_name:
1637 self.repo_name = get_repo_slug(request)
1677 self.repo_name = get_repo_slug(request)
1678 return self.repo_name
1638
1679
1680 def check_permissions(self, user):
1681 self.repo_name = self._get_repo_name()
1639 perms = user.permissions
1682 perms = user.permissions
1640 try:
1683 try:
1641 user_perms = set([perms['repositories'][self.repo_name]])
1684 user_perms = set([perms['repositories'][self.repo_name]])
@@ -42,6 +42,7 b' from paste.script.command import Command'
42 from webhelpers.text import collapse, remove_formatting, strip_tags
42 from webhelpers.text import collapse, remove_formatting, strip_tags
43 from mako import exceptions
43 from mako import exceptions
44 from pyramid.threadlocal import get_current_registry
44 from pyramid.threadlocal import get_current_registry
45 from pyramid.request import Request
45
46
46 from rhodecode.lib.fakemod import create_module
47 from rhodecode.lib.fakemod import create_module
47 from rhodecode.lib.vcs.backends.base import Config
48 from rhodecode.lib.vcs.backends.base import Config
@@ -95,28 +96,43 b' def repo_name_slug(value):'
95 # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS
96 # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS
96 #==============================================================================
97 #==============================================================================
97 def get_repo_slug(request):
98 def get_repo_slug(request):
98 _repo = request.environ['pylons.routes_dict'].get('repo_name')
99 if isinstance(request, Request) and getattr(request, 'matchdict', None):
100 # pyramid
101 _repo = request.matchdict.get('repo_name')
102 else:
103 _repo = request.environ['pylons.routes_dict'].get('repo_name')
104
99 if _repo:
105 if _repo:
100 _repo = _repo.rstrip('/')
106 _repo = _repo.rstrip('/')
101 return _repo
107 return _repo
102
108
103
109
104 def get_repo_group_slug(request):
110 def get_repo_group_slug(request):
105 _group = request.environ['pylons.routes_dict'].get('group_name')
111 if isinstance(request, Request) and getattr(request, 'matchdict', None):
112 # pyramid
113 _group = request.matchdict.get('group_name')
114 else:
115 _group = request.environ['pylons.routes_dict'].get('group_name')
116
106 if _group:
117 if _group:
107 _group = _group.rstrip('/')
118 _group = _group.rstrip('/')
108 return _group
119 return _group
109
120
110
121
111 def get_user_group_slug(request):
122 def get_user_group_slug(request):
112 _group = request.environ['pylons.routes_dict'].get('user_group_id')
123 if isinstance(request, Request) and getattr(request, 'matchdict', None):
124 # pyramid
125 _group = request.matchdict.get('user_group_id')
126 else:
127 _group = request.environ['pylons.routes_dict'].get('user_group_id')
128
113 try:
129 try:
114 _group = UserGroup.get(_group)
130 _group = UserGroup.get(_group)
115 if _group:
131 if _group:
116 _group = _group.users_group_name
132 _group = _group.users_group_name
117 except Exception:
133 except Exception:
118 log.debug(traceback.format_exc())
134 log.debug(traceback.format_exc())
119 #catch all failures here
135 # catch all failures here
120 pass
136 pass
121
137
122 return _group
138 return _group
@@ -418,9 +418,6 b' class TestAdminUsersController(TestContr'
418 msg = 'Deleted 1 user groups'
418 msg = 'Deleted 1 user groups'
419 assert_session_flash(response, msg)
419 assert_session_flash(response, msg)
420
420
421 def test_show(self):
422 self.app.get(url('user', user_id=1))
423
424 def test_edit(self):
421 def test_edit(self):
425 self.log_user()
422 self.log_user()
426 user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
423 user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
General Comments 0
You need to be logged in to leave comments. Login now