Show More
@@ -1,717 +1,719 b'' | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 |
|
2 | |||
3 | # Copyright (C) 2010-2016 RhodeCode GmbH |
|
3 | # Copyright (C) 2010-2016 RhodeCode GmbH | |
4 | # |
|
4 | # | |
5 | # This program is free software: you can redistribute it and/or modify |
|
5 | # This program is free software: you can redistribute it and/or modify | |
6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
7 | # (only), as published by the Free Software Foundation. |
|
7 | # (only), as published by the Free Software Foundation. | |
8 | # |
|
8 | # | |
9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
13 | # |
|
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | # |
|
16 | # | |
17 | # This program is dual-licensed. If you wish to learn more about the |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
20 |
|
20 | |||
21 | """ |
|
21 | """ | |
22 | Users crud controller for pylons |
|
22 | Users crud controller for pylons | |
23 | """ |
|
23 | """ | |
24 |
|
24 | |||
25 | import logging |
|
25 | import logging | |
26 | import formencode |
|
26 | import formencode | |
27 |
|
27 | |||
28 | from formencode import htmlfill |
|
28 | from formencode import htmlfill | |
29 | from pylons import request, tmpl_context as c, url, config |
|
29 | from pylons import request, tmpl_context as c, url, config | |
30 | from pylons.controllers.util import redirect |
|
30 | from pylons.controllers.util import redirect | |
31 | from pylons.i18n.translation import _ |
|
31 | from pylons.i18n.translation import _ | |
32 |
|
32 | |||
33 | from rhodecode.authentication.plugins import auth_rhodecode |
|
33 | from rhodecode.authentication.plugins import auth_rhodecode | |
34 | from rhodecode.lib.exceptions import ( |
|
34 | from rhodecode.lib.exceptions import ( | |
35 | DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException, |
|
35 | DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException, | |
36 | UserOwnsUserGroupsException, UserCreationError) |
|
36 | UserOwnsUserGroupsException, UserCreationError) | |
37 | from rhodecode.lib import helpers as h |
|
37 | from rhodecode.lib import helpers as h | |
38 | from rhodecode.lib import auth |
|
38 | from rhodecode.lib import auth | |
39 | from rhodecode.lib.auth import ( |
|
39 | from rhodecode.lib.auth import ( | |
40 | LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token) |
|
40 | LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token) | |
41 | from rhodecode.lib.base import BaseController, render |
|
41 | from rhodecode.lib.base import BaseController, render | |
42 | from rhodecode.model.auth_token import AuthTokenModel |
|
42 | from rhodecode.model.auth_token import AuthTokenModel | |
43 |
|
43 | |||
44 | from rhodecode.model.db import ( |
|
44 | from rhodecode.model.db import ( | |
45 | PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup) |
|
45 | PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup) | |
46 | from rhodecode.model.forms import ( |
|
46 | from rhodecode.model.forms import ( | |
47 | UserForm, UserPermissionsForm, UserIndividualPermissionsForm) |
|
47 | UserForm, UserPermissionsForm, UserIndividualPermissionsForm) | |
48 | from rhodecode.model.user import UserModel |
|
48 | from rhodecode.model.user import UserModel | |
49 | from rhodecode.model.meta import Session |
|
49 | from rhodecode.model.meta import Session | |
50 | from rhodecode.model.permission import PermissionModel |
|
50 | from rhodecode.model.permission import PermissionModel | |
51 | from rhodecode.lib.utils import action_logger |
|
51 | from rhodecode.lib.utils import action_logger | |
52 | from rhodecode.lib.ext_json import json |
|
52 | from rhodecode.lib.ext_json import json | |
53 | from rhodecode.lib.utils2 import datetime_to_time, safe_int |
|
53 | from rhodecode.lib.utils2 import datetime_to_time, safe_int | |
54 |
|
54 | |||
55 | log = logging.getLogger(__name__) |
|
55 | log = logging.getLogger(__name__) | |
56 |
|
56 | |||
57 |
|
57 | |||
58 | class UsersController(BaseController): |
|
58 | class UsersController(BaseController): | |
59 | """REST Controller styled on the Atom Publishing Protocol""" |
|
59 | """REST Controller styled on the Atom Publishing Protocol""" | |
60 |
|
60 | |||
61 | @LoginRequired() |
|
61 | @LoginRequired() | |
62 | def __before__(self): |
|
62 | def __before__(self): | |
63 | super(UsersController, self).__before__() |
|
63 | super(UsersController, self).__before__() | |
64 | c.available_permissions = config['available_permissions'] |
|
64 | c.available_permissions = config['available_permissions'] | |
65 | c.allowed_languages = [ |
|
65 | c.allowed_languages = [ | |
66 | ('en', 'English (en)'), |
|
66 | ('en', 'English (en)'), | |
67 | ('de', 'German (de)'), |
|
67 | ('de', 'German (de)'), | |
68 | ('fr', 'French (fr)'), |
|
68 | ('fr', 'French (fr)'), | |
69 | ('it', 'Italian (it)'), |
|
69 | ('it', 'Italian (it)'), | |
70 | ('ja', 'Japanese (ja)'), |
|
70 | ('ja', 'Japanese (ja)'), | |
71 | ('pl', 'Polish (pl)'), |
|
71 | ('pl', 'Polish (pl)'), | |
72 | ('pt', 'Portuguese (pt)'), |
|
72 | ('pt', 'Portuguese (pt)'), | |
73 | ('ru', 'Russian (ru)'), |
|
73 | ('ru', 'Russian (ru)'), | |
74 | ('zh', 'Chinese (zh)'), |
|
74 | ('zh', 'Chinese (zh)'), | |
75 | ] |
|
75 | ] | |
76 | PermissionModel().set_global_permission_choices(c, translator=_) |
|
76 | PermissionModel().set_global_permission_choices(c, translator=_) | |
77 |
|
77 | |||
78 | @HasPermissionAllDecorator('hg.admin') |
|
78 | @HasPermissionAllDecorator('hg.admin') | |
79 | def index(self): |
|
79 | def index(self): | |
80 | """GET /users: All items in the collection""" |
|
80 | """GET /users: All items in the collection""" | |
81 | # url('users') |
|
81 | # url('users') | |
82 |
|
82 | |||
83 | from rhodecode.lib.utils import PartialRenderer |
|
83 | from rhodecode.lib.utils import PartialRenderer | |
84 | _render = PartialRenderer('data_table/_dt_elements.html') |
|
84 | _render = PartialRenderer('data_table/_dt_elements.html') | |
85 |
|
85 | |||
86 | def grav_tmpl(user_email, size): |
|
86 | def grav_tmpl(user_email, size): | |
87 | return _render("user_gravatar", user_email, size) |
|
87 | return _render("user_gravatar", user_email, size) | |
88 |
|
88 | |||
89 | def username(user_id, username): |
|
89 | def username(user_id, username): | |
90 | return _render("user_name", user_id, username) |
|
90 | return _render("user_name", user_id, username) | |
91 |
|
91 | |||
92 | def user_actions(user_id, username): |
|
92 | def user_actions(user_id, username): | |
93 | return _render("user_actions", user_id, username) |
|
93 | return _render("user_actions", user_id, username) | |
94 |
|
94 | |||
95 | # json generate |
|
95 | # json generate | |
96 | c.users_list = User.query()\ |
|
96 | c.users_list = User.query()\ | |
97 | .filter(User.username != User.DEFAULT_USER) \ |
|
97 | .filter(User.username != User.DEFAULT_USER) \ | |
98 | .all() |
|
98 | .all() | |
99 |
|
99 | |||
100 | users_data = [] |
|
100 | users_data = [] | |
101 | for user in c.users_list: |
|
101 | for user in c.users_list: | |
102 | users_data.append({ |
|
102 | users_data.append({ | |
103 | "gravatar": grav_tmpl(user.email, 20), |
|
103 | "gravatar": grav_tmpl(user.email, 20), | |
104 | "username": h.link_to( |
|
104 | "username": h.link_to( | |
105 | user.username, h.url('user_profile', username=user.username)), |
|
105 | user.username, h.url('user_profile', username=user.username)), | |
106 | "username_raw": user.username, |
|
106 | "username_raw": user.username, | |
107 | "email": user.email, |
|
107 | "email": user.email, | |
108 | "first_name": h.escape(user.name), |
|
108 | "first_name": h.escape(user.name), | |
109 | "last_name": h.escape(user.lastname), |
|
109 | "last_name": h.escape(user.lastname), | |
110 | "last_login": h.format_date(user.last_login), |
|
110 | "last_login": h.format_date(user.last_login), | |
111 | "last_login_raw": datetime_to_time(user.last_login), |
|
111 | "last_login_raw": datetime_to_time(user.last_login), | |
112 | "last_activity": h.format_date( |
|
112 | "last_activity": h.format_date( | |
113 | h.time_to_datetime(user.user_data.get('last_activity', 0))), |
|
113 | h.time_to_datetime(user.user_data.get('last_activity', 0))), | |
114 | "last_activity_raw": user.user_data.get('last_activity', 0), |
|
114 | "last_activity_raw": user.user_data.get('last_activity', 0), | |
115 | "active": h.bool2icon(user.active), |
|
115 | "active": h.bool2icon(user.active), | |
116 | "active_raw": user.active, |
|
116 | "active_raw": user.active, | |
117 | "admin": h.bool2icon(user.admin), |
|
117 | "admin": h.bool2icon(user.admin), | |
118 | "admin_raw": user.admin, |
|
118 | "admin_raw": user.admin, | |
119 | "extern_type": user.extern_type, |
|
119 | "extern_type": user.extern_type, | |
120 | "extern_name": user.extern_name, |
|
120 | "extern_name": user.extern_name, | |
121 | "action": user_actions(user.user_id, user.username), |
|
121 | "action": user_actions(user.user_id, user.username), | |
122 | }) |
|
122 | }) | |
123 |
|
123 | |||
124 |
|
124 | |||
125 | c.data = json.dumps(users_data) |
|
125 | c.data = json.dumps(users_data) | |
126 | return render('admin/users/users.html') |
|
126 | return render('admin/users/users.html') | |
127 |
|
127 | |||
128 | @HasPermissionAllDecorator('hg.admin') |
|
128 | @HasPermissionAllDecorator('hg.admin') | |
129 | @auth.CSRFRequired() |
|
129 | @auth.CSRFRequired() | |
130 | def create(self): |
|
130 | def create(self): | |
131 | """POST /users: Create a new item""" |
|
131 | """POST /users: Create a new item""" | |
132 | # url('users') |
|
132 | # url('users') | |
133 | c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name |
|
133 | c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name | |
134 | user_model = UserModel() |
|
134 | user_model = UserModel() | |
135 | user_form = UserForm()() |
|
135 | user_form = UserForm()() | |
136 | try: |
|
136 | try: | |
137 | form_result = user_form.to_python(dict(request.POST)) |
|
137 | form_result = user_form.to_python(dict(request.POST)) | |
138 | user = user_model.create(form_result) |
|
138 | user = user_model.create(form_result) | |
139 | Session().flush() |
|
139 | Session().flush() | |
140 | username = form_result['username'] |
|
140 | username = form_result['username'] | |
141 | action_logger(c.rhodecode_user, 'admin_created_user:%s' % username, |
|
141 | action_logger(c.rhodecode_user, 'admin_created_user:%s' % username, | |
142 | None, self.ip_addr, self.sa) |
|
142 | None, self.ip_addr, self.sa) | |
143 |
|
143 | |||
144 | user_link = h.link_to(h.escape(username), |
|
144 | user_link = h.link_to(h.escape(username), | |
145 | url('edit_user', |
|
145 | url('edit_user', | |
146 | user_id=user.user_id)) |
|
146 | user_id=user.user_id)) | |
147 | h.flash(h.literal(_('Created user %(user_link)s') |
|
147 | h.flash(h.literal(_('Created user %(user_link)s') | |
148 | % {'user_link': user_link}), category='success') |
|
148 | % {'user_link': user_link}), category='success') | |
149 | Session().commit() |
|
149 | Session().commit() | |
150 | except formencode.Invalid as errors: |
|
150 | except formencode.Invalid as errors: | |
151 | return htmlfill.render( |
|
151 | return htmlfill.render( | |
152 | render('admin/users/user_add.html'), |
|
152 | render('admin/users/user_add.html'), | |
153 | defaults=errors.value, |
|
153 | defaults=errors.value, | |
154 | errors=errors.error_dict or {}, |
|
154 | errors=errors.error_dict or {}, | |
155 | prefix_error=False, |
|
155 | prefix_error=False, | |
156 | encoding="UTF-8", |
|
156 | encoding="UTF-8", | |
157 | force_defaults=False) |
|
157 | force_defaults=False) | |
158 | except UserCreationError as e: |
|
158 | except UserCreationError as e: | |
159 | h.flash(e, 'error') |
|
159 | h.flash(e, 'error') | |
160 | except Exception: |
|
160 | except Exception: | |
161 | log.exception("Exception creation of user") |
|
161 | log.exception("Exception creation of user") | |
162 | h.flash(_('Error occurred during creation of user %s') |
|
162 | h.flash(_('Error occurred during creation of user %s') | |
163 | % request.POST.get('username'), category='error') |
|
163 | % request.POST.get('username'), category='error') | |
164 | return redirect(url('users')) |
|
164 | return redirect(url('users')) | |
165 |
|
165 | |||
166 | @HasPermissionAllDecorator('hg.admin') |
|
166 | @HasPermissionAllDecorator('hg.admin') | |
167 | def new(self): |
|
167 | def new(self): | |
168 | """GET /users/new: Form to create a new item""" |
|
168 | """GET /users/new: Form to create a new item""" | |
169 | # url('new_user') |
|
169 | # url('new_user') | |
170 | c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name |
|
170 | c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name | |
171 | return render('admin/users/user_add.html') |
|
171 | return render('admin/users/user_add.html') | |
172 |
|
172 | |||
173 | @HasPermissionAllDecorator('hg.admin') |
|
173 | @HasPermissionAllDecorator('hg.admin') | |
174 | @auth.CSRFRequired() |
|
174 | @auth.CSRFRequired() | |
175 | def update(self, user_id): |
|
175 | def update(self, user_id): | |
176 | """PUT /users/user_id: Update an existing item""" |
|
176 | """PUT /users/user_id: Update an existing item""" | |
177 | # Forms posted to this method should contain a hidden field: |
|
177 | # Forms posted to this method should contain a hidden field: | |
178 | # <input type="hidden" name="_method" value="PUT" /> |
|
178 | # <input type="hidden" name="_method" value="PUT" /> | |
179 | # Or using helpers: |
|
179 | # Or using helpers: | |
180 | # h.form(url('update_user', user_id=ID), |
|
180 | # h.form(url('update_user', user_id=ID), | |
181 | # method='put') |
|
181 | # method='put') | |
182 | # url('user', user_id=ID) |
|
182 | # url('user', user_id=ID) | |
183 | user_id = safe_int(user_id) |
|
183 | user_id = safe_int(user_id) | |
184 | c.user = User.get_or_404(user_id) |
|
184 | c.user = User.get_or_404(user_id) | |
185 | c.active = 'profile' |
|
185 | c.active = 'profile' | |
186 | c.extern_type = c.user.extern_type |
|
186 | c.extern_type = c.user.extern_type | |
187 | c.extern_name = c.user.extern_name |
|
187 | c.extern_name = c.user.extern_name | |
188 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) |
|
188 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) | |
189 | available_languages = [x[0] for x in c.allowed_languages] |
|
189 | available_languages = [x[0] for x in c.allowed_languages] | |
190 | _form = UserForm(edit=True, available_languages=available_languages, |
|
190 | _form = UserForm(edit=True, available_languages=available_languages, | |
191 | old_data={'user_id': user_id, |
|
191 | old_data={'user_id': user_id, | |
192 | 'email': c.user.email})() |
|
192 | 'email': c.user.email})() | |
193 | form_result = {} |
|
193 | form_result = {} | |
194 | try: |
|
194 | try: | |
195 | form_result = _form.to_python(dict(request.POST)) |
|
195 | form_result = _form.to_python(dict(request.POST)) | |
196 | skip_attrs = ['extern_type', 'extern_name'] |
|
196 | skip_attrs = ['extern_type', 'extern_name'] | |
197 | # TODO: plugin should define if username can be updated |
|
197 | # TODO: plugin should define if username can be updated | |
198 | if c.extern_type != "rhodecode": |
|
198 | if c.extern_type != "rhodecode": | |
199 | # forbid updating username for external accounts |
|
199 | # forbid updating username for external accounts | |
200 | skip_attrs.append('username') |
|
200 | skip_attrs.append('username') | |
201 |
|
201 | |||
202 | UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result) |
|
202 | UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result) | |
203 | usr = form_result['username'] |
|
203 | usr = form_result['username'] | |
204 | action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr, |
|
204 | action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr, | |
205 | None, self.ip_addr, self.sa) |
|
205 | None, self.ip_addr, self.sa) | |
206 | h.flash(_('User updated successfully'), category='success') |
|
206 | h.flash(_('User updated successfully'), category='success') | |
207 | Session().commit() |
|
207 | Session().commit() | |
208 | except formencode.Invalid as errors: |
|
208 | except formencode.Invalid as errors: | |
209 | defaults = errors.value |
|
209 | defaults = errors.value | |
210 | e = errors.error_dict or {} |
|
210 | e = errors.error_dict or {} | |
211 |
|
211 | |||
212 | return htmlfill.render( |
|
212 | return htmlfill.render( | |
213 | render('admin/users/user_edit.html'), |
|
213 | render('admin/users/user_edit.html'), | |
214 | defaults=defaults, |
|
214 | defaults=defaults, | |
215 | errors=e, |
|
215 | errors=e, | |
216 | prefix_error=False, |
|
216 | prefix_error=False, | |
217 | encoding="UTF-8", |
|
217 | encoding="UTF-8", | |
218 | force_defaults=False) |
|
218 | force_defaults=False) | |
|
219 | except UserCreationError as e: | |||
|
220 | h.flash(e, 'error') | |||
219 | except Exception: |
|
221 | except Exception: | |
220 | log.exception("Exception updating user") |
|
222 | log.exception("Exception updating user") | |
221 | h.flash(_('Error occurred during update of user %s') |
|
223 | h.flash(_('Error occurred during update of user %s') | |
222 | % form_result.get('username'), category='error') |
|
224 | % form_result.get('username'), category='error') | |
223 | return redirect(url('edit_user', user_id=user_id)) |
|
225 | return redirect(url('edit_user', user_id=user_id)) | |
224 |
|
226 | |||
225 | @HasPermissionAllDecorator('hg.admin') |
|
227 | @HasPermissionAllDecorator('hg.admin') | |
226 | @auth.CSRFRequired() |
|
228 | @auth.CSRFRequired() | |
227 | def delete(self, user_id): |
|
229 | def delete(self, user_id): | |
228 | """DELETE /users/user_id: Delete an existing item""" |
|
230 | """DELETE /users/user_id: Delete an existing item""" | |
229 | # Forms posted to this method should contain a hidden field: |
|
231 | # Forms posted to this method should contain a hidden field: | |
230 | # <input type="hidden" name="_method" value="DELETE" /> |
|
232 | # <input type="hidden" name="_method" value="DELETE" /> | |
231 | # Or using helpers: |
|
233 | # Or using helpers: | |
232 | # h.form(url('delete_user', user_id=ID), |
|
234 | # h.form(url('delete_user', user_id=ID), | |
233 | # method='delete') |
|
235 | # method='delete') | |
234 | # url('user', user_id=ID) |
|
236 | # url('user', user_id=ID) | |
235 | user_id = safe_int(user_id) |
|
237 | user_id = safe_int(user_id) | |
236 | c.user = User.get_or_404(user_id) |
|
238 | c.user = User.get_or_404(user_id) | |
237 |
|
239 | |||
238 | _repos = c.user.repositories |
|
240 | _repos = c.user.repositories | |
239 | _repo_groups = c.user.repository_groups |
|
241 | _repo_groups = c.user.repository_groups | |
240 | _user_groups = c.user.user_groups |
|
242 | _user_groups = c.user.user_groups | |
241 |
|
243 | |||
242 | handle_repos = None |
|
244 | handle_repos = None | |
243 | handle_repo_groups = None |
|
245 | handle_repo_groups = None | |
244 | handle_user_groups = None |
|
246 | handle_user_groups = None | |
245 | # dummy call for flash of handle |
|
247 | # dummy call for flash of handle | |
246 | set_handle_flash_repos = lambda: None |
|
248 | set_handle_flash_repos = lambda: None | |
247 | set_handle_flash_repo_groups = lambda: None |
|
249 | set_handle_flash_repo_groups = lambda: None | |
248 | set_handle_flash_user_groups = lambda: None |
|
250 | set_handle_flash_user_groups = lambda: None | |
249 |
|
251 | |||
250 | if _repos and request.POST.get('user_repos'): |
|
252 | if _repos and request.POST.get('user_repos'): | |
251 | do = request.POST['user_repos'] |
|
253 | do = request.POST['user_repos'] | |
252 | if do == 'detach': |
|
254 | if do == 'detach': | |
253 | handle_repos = 'detach' |
|
255 | handle_repos = 'detach' | |
254 | set_handle_flash_repos = lambda: h.flash( |
|
256 | set_handle_flash_repos = lambda: h.flash( | |
255 | _('Detached %s repositories') % len(_repos), |
|
257 | _('Detached %s repositories') % len(_repos), | |
256 | category='success') |
|
258 | category='success') | |
257 | elif do == 'delete': |
|
259 | elif do == 'delete': | |
258 | handle_repos = 'delete' |
|
260 | handle_repos = 'delete' | |
259 | set_handle_flash_repos = lambda: h.flash( |
|
261 | set_handle_flash_repos = lambda: h.flash( | |
260 | _('Deleted %s repositories') % len(_repos), |
|
262 | _('Deleted %s repositories') % len(_repos), | |
261 | category='success') |
|
263 | category='success') | |
262 |
|
264 | |||
263 | if _repo_groups and request.POST.get('user_repo_groups'): |
|
265 | if _repo_groups and request.POST.get('user_repo_groups'): | |
264 | do = request.POST['user_repo_groups'] |
|
266 | do = request.POST['user_repo_groups'] | |
265 | if do == 'detach': |
|
267 | if do == 'detach': | |
266 | handle_repo_groups = 'detach' |
|
268 | handle_repo_groups = 'detach' | |
267 | set_handle_flash_repo_groups = lambda: h.flash( |
|
269 | set_handle_flash_repo_groups = lambda: h.flash( | |
268 | _('Detached %s repository groups') % len(_repo_groups), |
|
270 | _('Detached %s repository groups') % len(_repo_groups), | |
269 | category='success') |
|
271 | category='success') | |
270 | elif do == 'delete': |
|
272 | elif do == 'delete': | |
271 | handle_repo_groups = 'delete' |
|
273 | handle_repo_groups = 'delete' | |
272 | set_handle_flash_repo_groups = lambda: h.flash( |
|
274 | set_handle_flash_repo_groups = lambda: h.flash( | |
273 | _('Deleted %s repository groups') % len(_repo_groups), |
|
275 | _('Deleted %s repository groups') % len(_repo_groups), | |
274 | category='success') |
|
276 | category='success') | |
275 |
|
277 | |||
276 | if _user_groups and request.POST.get('user_user_groups'): |
|
278 | if _user_groups and request.POST.get('user_user_groups'): | |
277 | do = request.POST['user_user_groups'] |
|
279 | do = request.POST['user_user_groups'] | |
278 | if do == 'detach': |
|
280 | if do == 'detach': | |
279 | handle_user_groups = 'detach' |
|
281 | handle_user_groups = 'detach' | |
280 | set_handle_flash_user_groups = lambda: h.flash( |
|
282 | set_handle_flash_user_groups = lambda: h.flash( | |
281 | _('Detached %s user groups') % len(_user_groups), |
|
283 | _('Detached %s user groups') % len(_user_groups), | |
282 | category='success') |
|
284 | category='success') | |
283 | elif do == 'delete': |
|
285 | elif do == 'delete': | |
284 | handle_user_groups = 'delete' |
|
286 | handle_user_groups = 'delete' | |
285 | set_handle_flash_user_groups = lambda: h.flash( |
|
287 | set_handle_flash_user_groups = lambda: h.flash( | |
286 | _('Deleted %s user groups') % len(_user_groups), |
|
288 | _('Deleted %s user groups') % len(_user_groups), | |
287 | category='success') |
|
289 | category='success') | |
288 |
|
290 | |||
289 | try: |
|
291 | try: | |
290 | UserModel().delete(c.user, handle_repos=handle_repos, |
|
292 | UserModel().delete(c.user, handle_repos=handle_repos, | |
291 | handle_repo_groups=handle_repo_groups, |
|
293 | handle_repo_groups=handle_repo_groups, | |
292 | handle_user_groups=handle_user_groups) |
|
294 | handle_user_groups=handle_user_groups) | |
293 | Session().commit() |
|
295 | Session().commit() | |
294 | set_handle_flash_repos() |
|
296 | set_handle_flash_repos() | |
295 | set_handle_flash_repo_groups() |
|
297 | set_handle_flash_repo_groups() | |
296 | set_handle_flash_user_groups() |
|
298 | set_handle_flash_user_groups() | |
297 | h.flash(_('Successfully deleted user'), category='success') |
|
299 | h.flash(_('Successfully deleted user'), category='success') | |
298 | except (UserOwnsReposException, UserOwnsRepoGroupsException, |
|
300 | except (UserOwnsReposException, UserOwnsRepoGroupsException, | |
299 | UserOwnsUserGroupsException, DefaultUserException) as e: |
|
301 | UserOwnsUserGroupsException, DefaultUserException) as e: | |
300 | h.flash(e, category='warning') |
|
302 | h.flash(e, category='warning') | |
301 | except Exception: |
|
303 | except Exception: | |
302 | log.exception("Exception during deletion of user") |
|
304 | log.exception("Exception during deletion of user") | |
303 | h.flash(_('An error occurred during deletion of user'), |
|
305 | h.flash(_('An error occurred during deletion of user'), | |
304 | category='error') |
|
306 | category='error') | |
305 | return redirect(url('users')) |
|
307 | return redirect(url('users')) | |
306 |
|
308 | |||
307 | @HasPermissionAllDecorator('hg.admin') |
|
309 | @HasPermissionAllDecorator('hg.admin') | |
308 | @auth.CSRFRequired() |
|
310 | @auth.CSRFRequired() | |
309 | def reset_password(self, user_id): |
|
311 | def reset_password(self, user_id): | |
310 | """ |
|
312 | """ | |
311 | toggle reset password flag for this user |
|
313 | toggle reset password flag for this user | |
312 |
|
314 | |||
313 | :param user_id: |
|
315 | :param user_id: | |
314 | """ |
|
316 | """ | |
315 | user_id = safe_int(user_id) |
|
317 | user_id = safe_int(user_id) | |
316 | c.user = User.get_or_404(user_id) |
|
318 | c.user = User.get_or_404(user_id) | |
317 | try: |
|
319 | try: | |
318 | old_value = c.user.user_data.get('force_password_change') |
|
320 | old_value = c.user.user_data.get('force_password_change') | |
319 | c.user.update_userdata(force_password_change=not old_value) |
|
321 | c.user.update_userdata(force_password_change=not old_value) | |
320 | Session().commit() |
|
322 | Session().commit() | |
321 | if old_value: |
|
323 | if old_value: | |
322 | msg = _('Force password change disabled for user') |
|
324 | msg = _('Force password change disabled for user') | |
323 | else: |
|
325 | else: | |
324 | msg = _('Force password change enabled for user') |
|
326 | msg = _('Force password change enabled for user') | |
325 | h.flash(msg, category='success') |
|
327 | h.flash(msg, category='success') | |
326 | except Exception: |
|
328 | except Exception: | |
327 | log.exception("Exception during password reset for user") |
|
329 | log.exception("Exception during password reset for user") | |
328 | h.flash(_('An error occurred during password reset for user'), |
|
330 | h.flash(_('An error occurred during password reset for user'), | |
329 | category='error') |
|
331 | category='error') | |
330 |
|
332 | |||
331 | return redirect(url('edit_user_advanced', user_id=user_id)) |
|
333 | return redirect(url('edit_user_advanced', user_id=user_id)) | |
332 |
|
334 | |||
333 | @HasPermissionAllDecorator('hg.admin') |
|
335 | @HasPermissionAllDecorator('hg.admin') | |
334 | @auth.CSRFRequired() |
|
336 | @auth.CSRFRequired() | |
335 | def create_personal_repo_group(self, user_id): |
|
337 | def create_personal_repo_group(self, user_id): | |
336 | """ |
|
338 | """ | |
337 | Create personal repository group for this user |
|
339 | Create personal repository group for this user | |
338 |
|
340 | |||
339 | :param user_id: |
|
341 | :param user_id: | |
340 | """ |
|
342 | """ | |
341 | from rhodecode.model.repo_group import RepoGroupModel |
|
343 | from rhodecode.model.repo_group import RepoGroupModel | |
342 |
|
344 | |||
343 | user_id = safe_int(user_id) |
|
345 | user_id = safe_int(user_id) | |
344 | c.user = User.get_or_404(user_id) |
|
346 | c.user = User.get_or_404(user_id) | |
345 |
|
347 | |||
346 | try: |
|
348 | try: | |
347 | desc = RepoGroupModel.PERSONAL_GROUP_DESC % { |
|
349 | desc = RepoGroupModel.PERSONAL_GROUP_DESC % { | |
348 | 'username': c.user.username} |
|
350 | 'username': c.user.username} | |
349 | if not RepoGroup.get_by_group_name(c.user.username): |
|
351 | if not RepoGroup.get_by_group_name(c.user.username): | |
350 | RepoGroupModel().create(group_name=c.user.username, |
|
352 | RepoGroupModel().create(group_name=c.user.username, | |
351 | group_description=desc, |
|
353 | group_description=desc, | |
352 | owner=c.user.username) |
|
354 | owner=c.user.username) | |
353 |
|
355 | |||
354 | msg = _('Created repository group `%s`' % (c.user.username,)) |
|
356 | msg = _('Created repository group `%s`' % (c.user.username,)) | |
355 | h.flash(msg, category='success') |
|
357 | h.flash(msg, category='success') | |
356 | except Exception: |
|
358 | except Exception: | |
357 | log.exception("Exception during repository group creation") |
|
359 | log.exception("Exception during repository group creation") | |
358 | msg = _( |
|
360 | msg = _( | |
359 | 'An error occurred during repository group creation for user') |
|
361 | 'An error occurred during repository group creation for user') | |
360 | h.flash(msg, category='error') |
|
362 | h.flash(msg, category='error') | |
361 |
|
363 | |||
362 | return redirect(url('edit_user_advanced', user_id=user_id)) |
|
364 | return redirect(url('edit_user_advanced', user_id=user_id)) | |
363 |
|
365 | |||
364 | @HasPermissionAllDecorator('hg.admin') |
|
366 | @HasPermissionAllDecorator('hg.admin') | |
365 | def show(self, user_id): |
|
367 | def show(self, user_id): | |
366 | """GET /users/user_id: Show a specific item""" |
|
368 | """GET /users/user_id: Show a specific item""" | |
367 | # url('user', user_id=ID) |
|
369 | # url('user', user_id=ID) | |
368 | User.get_or_404(-1) |
|
370 | User.get_or_404(-1) | |
369 |
|
371 | |||
370 | @HasPermissionAllDecorator('hg.admin') |
|
372 | @HasPermissionAllDecorator('hg.admin') | |
371 | def edit(self, user_id): |
|
373 | def edit(self, user_id): | |
372 | """GET /users/user_id/edit: Form to edit an existing item""" |
|
374 | """GET /users/user_id/edit: Form to edit an existing item""" | |
373 | # url('edit_user', user_id=ID) |
|
375 | # url('edit_user', user_id=ID) | |
374 | user_id = safe_int(user_id) |
|
376 | user_id = safe_int(user_id) | |
375 | c.user = User.get_or_404(user_id) |
|
377 | c.user = User.get_or_404(user_id) | |
376 | if c.user.username == User.DEFAULT_USER: |
|
378 | if c.user.username == User.DEFAULT_USER: | |
377 | h.flash(_("You can't edit this user"), category='warning') |
|
379 | h.flash(_("You can't edit this user"), category='warning') | |
378 | return redirect(url('users')) |
|
380 | return redirect(url('users')) | |
379 |
|
381 | |||
380 | c.active = 'profile' |
|
382 | c.active = 'profile' | |
381 | c.extern_type = c.user.extern_type |
|
383 | c.extern_type = c.user.extern_type | |
382 | c.extern_name = c.user.extern_name |
|
384 | c.extern_name = c.user.extern_name | |
383 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) |
|
385 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) | |
384 |
|
386 | |||
385 | defaults = c.user.get_dict() |
|
387 | defaults = c.user.get_dict() | |
386 | defaults.update({'language': c.user.user_data.get('language')}) |
|
388 | defaults.update({'language': c.user.user_data.get('language')}) | |
387 | return htmlfill.render( |
|
389 | return htmlfill.render( | |
388 | render('admin/users/user_edit.html'), |
|
390 | render('admin/users/user_edit.html'), | |
389 | defaults=defaults, |
|
391 | defaults=defaults, | |
390 | encoding="UTF-8", |
|
392 | encoding="UTF-8", | |
391 | force_defaults=False) |
|
393 | force_defaults=False) | |
392 |
|
394 | |||
393 | @HasPermissionAllDecorator('hg.admin') |
|
395 | @HasPermissionAllDecorator('hg.admin') | |
394 | def edit_advanced(self, user_id): |
|
396 | def edit_advanced(self, user_id): | |
395 | user_id = safe_int(user_id) |
|
397 | user_id = safe_int(user_id) | |
396 | user = c.user = User.get_or_404(user_id) |
|
398 | user = c.user = User.get_or_404(user_id) | |
397 | if user.username == User.DEFAULT_USER: |
|
399 | if user.username == User.DEFAULT_USER: | |
398 | h.flash(_("You can't edit this user"), category='warning') |
|
400 | h.flash(_("You can't edit this user"), category='warning') | |
399 | return redirect(url('users')) |
|
401 | return redirect(url('users')) | |
400 |
|
402 | |||
401 | c.active = 'advanced' |
|
403 | c.active = 'advanced' | |
402 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) |
|
404 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) | |
403 | c.personal_repo_group = RepoGroup.get_by_group_name(user.username) |
|
405 | c.personal_repo_group = RepoGroup.get_by_group_name(user.username) | |
404 | c.first_admin = User.get_first_admin() |
|
406 | c.first_admin = User.get_first_admin() | |
405 | defaults = user.get_dict() |
|
407 | defaults = user.get_dict() | |
406 |
|
408 | |||
407 | # Interim workaround if the user participated on any pull requests as a |
|
409 | # Interim workaround if the user participated on any pull requests as a | |
408 | # reviewer. |
|
410 | # reviewer. | |
409 | has_review = bool(PullRequestReviewers.query().filter( |
|
411 | has_review = bool(PullRequestReviewers.query().filter( | |
410 | PullRequestReviewers.user_id == user_id).first()) |
|
412 | PullRequestReviewers.user_id == user_id).first()) | |
411 | c.can_delete_user = not has_review |
|
413 | c.can_delete_user = not has_review | |
412 | c.can_delete_user_message = _( |
|
414 | c.can_delete_user_message = _( | |
413 | 'The user participates as reviewer in pull requests and ' |
|
415 | 'The user participates as reviewer in pull requests and ' | |
414 | 'cannot be deleted. You can set the user to ' |
|
416 | 'cannot be deleted. You can set the user to ' | |
415 | '"inactive" instead of deleting it.') if has_review else '' |
|
417 | '"inactive" instead of deleting it.') if has_review else '' | |
416 |
|
418 | |||
417 | return htmlfill.render( |
|
419 | return htmlfill.render( | |
418 | render('admin/users/user_edit.html'), |
|
420 | render('admin/users/user_edit.html'), | |
419 | defaults=defaults, |
|
421 | defaults=defaults, | |
420 | encoding="UTF-8", |
|
422 | encoding="UTF-8", | |
421 | force_defaults=False) |
|
423 | force_defaults=False) | |
422 |
|
424 | |||
423 | @HasPermissionAllDecorator('hg.admin') |
|
425 | @HasPermissionAllDecorator('hg.admin') | |
424 | def edit_auth_tokens(self, user_id): |
|
426 | def edit_auth_tokens(self, user_id): | |
425 | user_id = safe_int(user_id) |
|
427 | user_id = safe_int(user_id) | |
426 | c.user = User.get_or_404(user_id) |
|
428 | c.user = User.get_or_404(user_id) | |
427 | if c.user.username == User.DEFAULT_USER: |
|
429 | if c.user.username == User.DEFAULT_USER: | |
428 | h.flash(_("You can't edit this user"), category='warning') |
|
430 | h.flash(_("You can't edit this user"), category='warning') | |
429 | return redirect(url('users')) |
|
431 | return redirect(url('users')) | |
430 |
|
432 | |||
431 | c.active = 'auth_tokens' |
|
433 | c.active = 'auth_tokens' | |
432 | show_expired = True |
|
434 | show_expired = True | |
433 | c.lifetime_values = [ |
|
435 | c.lifetime_values = [ | |
434 | (str(-1), _('forever')), |
|
436 | (str(-1), _('forever')), | |
435 | (str(5), _('5 minutes')), |
|
437 | (str(5), _('5 minutes')), | |
436 | (str(60), _('1 hour')), |
|
438 | (str(60), _('1 hour')), | |
437 | (str(60 * 24), _('1 day')), |
|
439 | (str(60 * 24), _('1 day')), | |
438 | (str(60 * 24 * 30), _('1 month')), |
|
440 | (str(60 * 24 * 30), _('1 month')), | |
439 | ] |
|
441 | ] | |
440 | c.lifetime_options = [(c.lifetime_values, _("Lifetime"))] |
|
442 | c.lifetime_options = [(c.lifetime_values, _("Lifetime"))] | |
441 | c.role_values = [(x, AuthTokenModel.cls._get_role_name(x)) |
|
443 | c.role_values = [(x, AuthTokenModel.cls._get_role_name(x)) | |
442 | for x in AuthTokenModel.cls.ROLES] |
|
444 | for x in AuthTokenModel.cls.ROLES] | |
443 | c.role_options = [(c.role_values, _("Role"))] |
|
445 | c.role_options = [(c.role_values, _("Role"))] | |
444 | c.user_auth_tokens = AuthTokenModel().get_auth_tokens( |
|
446 | c.user_auth_tokens = AuthTokenModel().get_auth_tokens( | |
445 | c.user.user_id, show_expired=show_expired) |
|
447 | c.user.user_id, show_expired=show_expired) | |
446 | defaults = c.user.get_dict() |
|
448 | defaults = c.user.get_dict() | |
447 | return htmlfill.render( |
|
449 | return htmlfill.render( | |
448 | render('admin/users/user_edit.html'), |
|
450 | render('admin/users/user_edit.html'), | |
449 | defaults=defaults, |
|
451 | defaults=defaults, | |
450 | encoding="UTF-8", |
|
452 | encoding="UTF-8", | |
451 | force_defaults=False) |
|
453 | force_defaults=False) | |
452 |
|
454 | |||
453 | @HasPermissionAllDecorator('hg.admin') |
|
455 | @HasPermissionAllDecorator('hg.admin') | |
454 | @auth.CSRFRequired() |
|
456 | @auth.CSRFRequired() | |
455 | def add_auth_token(self, user_id): |
|
457 | def add_auth_token(self, user_id): | |
456 | user_id = safe_int(user_id) |
|
458 | user_id = safe_int(user_id) | |
457 | c.user = User.get_or_404(user_id) |
|
459 | c.user = User.get_or_404(user_id) | |
458 | if c.user.username == User.DEFAULT_USER: |
|
460 | if c.user.username == User.DEFAULT_USER: | |
459 | h.flash(_("You can't edit this user"), category='warning') |
|
461 | h.flash(_("You can't edit this user"), category='warning') | |
460 | return redirect(url('users')) |
|
462 | return redirect(url('users')) | |
461 |
|
463 | |||
462 | lifetime = safe_int(request.POST.get('lifetime'), -1) |
|
464 | lifetime = safe_int(request.POST.get('lifetime'), -1) | |
463 | description = request.POST.get('description') |
|
465 | description = request.POST.get('description') | |
464 | role = request.POST.get('role') |
|
466 | role = request.POST.get('role') | |
465 | AuthTokenModel().create(c.user.user_id, description, lifetime, role) |
|
467 | AuthTokenModel().create(c.user.user_id, description, lifetime, role) | |
466 | Session().commit() |
|
468 | Session().commit() | |
467 | h.flash(_("Auth token successfully created"), category='success') |
|
469 | h.flash(_("Auth token successfully created"), category='success') | |
468 | return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id)) |
|
470 | return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id)) | |
469 |
|
471 | |||
470 | @HasPermissionAllDecorator('hg.admin') |
|
472 | @HasPermissionAllDecorator('hg.admin') | |
471 | @auth.CSRFRequired() |
|
473 | @auth.CSRFRequired() | |
472 | def delete_auth_token(self, user_id): |
|
474 | def delete_auth_token(self, user_id): | |
473 | user_id = safe_int(user_id) |
|
475 | user_id = safe_int(user_id) | |
474 | c.user = User.get_or_404(user_id) |
|
476 | c.user = User.get_or_404(user_id) | |
475 | if c.user.username == User.DEFAULT_USER: |
|
477 | if c.user.username == User.DEFAULT_USER: | |
476 | h.flash(_("You can't edit this user"), category='warning') |
|
478 | h.flash(_("You can't edit this user"), category='warning') | |
477 | return redirect(url('users')) |
|
479 | return redirect(url('users')) | |
478 |
|
480 | |||
479 | auth_token = request.POST.get('del_auth_token') |
|
481 | auth_token = request.POST.get('del_auth_token') | |
480 | if request.POST.get('del_auth_token_builtin'): |
|
482 | if request.POST.get('del_auth_token_builtin'): | |
481 | user = User.get(c.user.user_id) |
|
483 | user = User.get(c.user.user_id) | |
482 | if user: |
|
484 | if user: | |
483 | user.api_key = generate_auth_token(user.username) |
|
485 | user.api_key = generate_auth_token(user.username) | |
484 | Session().add(user) |
|
486 | Session().add(user) | |
485 | Session().commit() |
|
487 | Session().commit() | |
486 | h.flash(_("Auth token successfully reset"), category='success') |
|
488 | h.flash(_("Auth token successfully reset"), category='success') | |
487 | elif auth_token: |
|
489 | elif auth_token: | |
488 | AuthTokenModel().delete(auth_token, c.user.user_id) |
|
490 | AuthTokenModel().delete(auth_token, c.user.user_id) | |
489 | Session().commit() |
|
491 | Session().commit() | |
490 | h.flash(_("Auth token successfully deleted"), category='success') |
|
492 | h.flash(_("Auth token successfully deleted"), category='success') | |
491 |
|
493 | |||
492 | return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id)) |
|
494 | return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id)) | |
493 |
|
495 | |||
494 | @HasPermissionAllDecorator('hg.admin') |
|
496 | @HasPermissionAllDecorator('hg.admin') | |
495 | def edit_global_perms(self, user_id): |
|
497 | def edit_global_perms(self, user_id): | |
496 | user_id = safe_int(user_id) |
|
498 | user_id = safe_int(user_id) | |
497 | c.user = User.get_or_404(user_id) |
|
499 | c.user = User.get_or_404(user_id) | |
498 | if c.user.username == User.DEFAULT_USER: |
|
500 | if c.user.username == User.DEFAULT_USER: | |
499 | h.flash(_("You can't edit this user"), category='warning') |
|
501 | h.flash(_("You can't edit this user"), category='warning') | |
500 | return redirect(url('users')) |
|
502 | return redirect(url('users')) | |
501 |
|
503 | |||
502 | c.active = 'global_perms' |
|
504 | c.active = 'global_perms' | |
503 |
|
505 | |||
504 | c.default_user = User.get_default_user() |
|
506 | c.default_user = User.get_default_user() | |
505 | defaults = c.user.get_dict() |
|
507 | defaults = c.user.get_dict() | |
506 | defaults.update(c.default_user.get_default_perms(suffix='_inherited')) |
|
508 | defaults.update(c.default_user.get_default_perms(suffix='_inherited')) | |
507 | defaults.update(c.default_user.get_default_perms()) |
|
509 | defaults.update(c.default_user.get_default_perms()) | |
508 | defaults.update(c.user.get_default_perms()) |
|
510 | defaults.update(c.user.get_default_perms()) | |
509 |
|
511 | |||
510 | return htmlfill.render( |
|
512 | return htmlfill.render( | |
511 | render('admin/users/user_edit.html'), |
|
513 | render('admin/users/user_edit.html'), | |
512 | defaults=defaults, |
|
514 | defaults=defaults, | |
513 | encoding="UTF-8", |
|
515 | encoding="UTF-8", | |
514 | force_defaults=False) |
|
516 | force_defaults=False) | |
515 |
|
517 | |||
516 | @HasPermissionAllDecorator('hg.admin') |
|
518 | @HasPermissionAllDecorator('hg.admin') | |
517 | @auth.CSRFRequired() |
|
519 | @auth.CSRFRequired() | |
518 | def update_global_perms(self, user_id): |
|
520 | def update_global_perms(self, user_id): | |
519 | """PUT /users_perm/user_id: Update an existing item""" |
|
521 | """PUT /users_perm/user_id: Update an existing item""" | |
520 | # url('user_perm', user_id=ID, method='put') |
|
522 | # url('user_perm', user_id=ID, method='put') | |
521 | user_id = safe_int(user_id) |
|
523 | user_id = safe_int(user_id) | |
522 | user = User.get_or_404(user_id) |
|
524 | user = User.get_or_404(user_id) | |
523 | c.active = 'global_perms' |
|
525 | c.active = 'global_perms' | |
524 | try: |
|
526 | try: | |
525 | # first stage that verifies the checkbox |
|
527 | # first stage that verifies the checkbox | |
526 | _form = UserIndividualPermissionsForm() |
|
528 | _form = UserIndividualPermissionsForm() | |
527 | form_result = _form.to_python(dict(request.POST)) |
|
529 | form_result = _form.to_python(dict(request.POST)) | |
528 | inherit_perms = form_result['inherit_default_permissions'] |
|
530 | inherit_perms = form_result['inherit_default_permissions'] | |
529 | user.inherit_default_permissions = inherit_perms |
|
531 | user.inherit_default_permissions = inherit_perms | |
530 | Session().add(user) |
|
532 | Session().add(user) | |
531 |
|
533 | |||
532 | if not inherit_perms: |
|
534 | if not inherit_perms: | |
533 | # only update the individual ones if we un check the flag |
|
535 | # only update the individual ones if we un check the flag | |
534 | _form = UserPermissionsForm( |
|
536 | _form = UserPermissionsForm( | |
535 | [x[0] for x in c.repo_create_choices], |
|
537 | [x[0] for x in c.repo_create_choices], | |
536 | [x[0] for x in c.repo_create_on_write_choices], |
|
538 | [x[0] for x in c.repo_create_on_write_choices], | |
537 | [x[0] for x in c.repo_group_create_choices], |
|
539 | [x[0] for x in c.repo_group_create_choices], | |
538 | [x[0] for x in c.user_group_create_choices], |
|
540 | [x[0] for x in c.user_group_create_choices], | |
539 | [x[0] for x in c.fork_choices], |
|
541 | [x[0] for x in c.fork_choices], | |
540 | [x[0] for x in c.inherit_default_permission_choices])() |
|
542 | [x[0] for x in c.inherit_default_permission_choices])() | |
541 |
|
543 | |||
542 | form_result = _form.to_python(dict(request.POST)) |
|
544 | form_result = _form.to_python(dict(request.POST)) | |
543 | form_result.update({'perm_user_id': user.user_id}) |
|
545 | form_result.update({'perm_user_id': user.user_id}) | |
544 |
|
546 | |||
545 | PermissionModel().update_user_permissions(form_result) |
|
547 | PermissionModel().update_user_permissions(form_result) | |
546 |
|
548 | |||
547 | Session().commit() |
|
549 | Session().commit() | |
548 | h.flash(_('User global permissions updated successfully'), |
|
550 | h.flash(_('User global permissions updated successfully'), | |
549 | category='success') |
|
551 | category='success') | |
550 |
|
552 | |||
551 | Session().commit() |
|
553 | Session().commit() | |
552 | except formencode.Invalid as errors: |
|
554 | except formencode.Invalid as errors: | |
553 | defaults = errors.value |
|
555 | defaults = errors.value | |
554 | c.user = user |
|
556 | c.user = user | |
555 | return htmlfill.render( |
|
557 | return htmlfill.render( | |
556 | render('admin/users/user_edit.html'), |
|
558 | render('admin/users/user_edit.html'), | |
557 | defaults=defaults, |
|
559 | defaults=defaults, | |
558 | errors=errors.error_dict or {}, |
|
560 | errors=errors.error_dict or {}, | |
559 | prefix_error=False, |
|
561 | prefix_error=False, | |
560 | encoding="UTF-8", |
|
562 | encoding="UTF-8", | |
561 | force_defaults=False) |
|
563 | force_defaults=False) | |
562 | except Exception: |
|
564 | except Exception: | |
563 | log.exception("Exception during permissions saving") |
|
565 | log.exception("Exception during permissions saving") | |
564 | h.flash(_('An error occurred during permissions saving'), |
|
566 | h.flash(_('An error occurred during permissions saving'), | |
565 | category='error') |
|
567 | category='error') | |
566 | return redirect(url('edit_user_global_perms', user_id=user_id)) |
|
568 | return redirect(url('edit_user_global_perms', user_id=user_id)) | |
567 |
|
569 | |||
568 | @HasPermissionAllDecorator('hg.admin') |
|
570 | @HasPermissionAllDecorator('hg.admin') | |
569 | def edit_perms_summary(self, user_id): |
|
571 | def edit_perms_summary(self, user_id): | |
570 | user_id = safe_int(user_id) |
|
572 | user_id = safe_int(user_id) | |
571 | c.user = User.get_or_404(user_id) |
|
573 | c.user = User.get_or_404(user_id) | |
572 | if c.user.username == User.DEFAULT_USER: |
|
574 | if c.user.username == User.DEFAULT_USER: | |
573 | h.flash(_("You can't edit this user"), category='warning') |
|
575 | h.flash(_("You can't edit this user"), category='warning') | |
574 | return redirect(url('users')) |
|
576 | return redirect(url('users')) | |
575 |
|
577 | |||
576 | c.active = 'perms_summary' |
|
578 | c.active = 'perms_summary' | |
577 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) |
|
579 | c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr) | |
578 |
|
580 | |||
579 | return render('admin/users/user_edit.html') |
|
581 | return render('admin/users/user_edit.html') | |
580 |
|
582 | |||
581 | @HasPermissionAllDecorator('hg.admin') |
|
583 | @HasPermissionAllDecorator('hg.admin') | |
582 | def edit_emails(self, user_id): |
|
584 | def edit_emails(self, user_id): | |
583 | user_id = safe_int(user_id) |
|
585 | user_id = safe_int(user_id) | |
584 | c.user = User.get_or_404(user_id) |
|
586 | c.user = User.get_or_404(user_id) | |
585 | if c.user.username == User.DEFAULT_USER: |
|
587 | if c.user.username == User.DEFAULT_USER: | |
586 | h.flash(_("You can't edit this user"), category='warning') |
|
588 | h.flash(_("You can't edit this user"), category='warning') | |
587 | return redirect(url('users')) |
|
589 | return redirect(url('users')) | |
588 |
|
590 | |||
589 | c.active = 'emails' |
|
591 | c.active = 'emails' | |
590 | c.user_email_map = UserEmailMap.query() \ |
|
592 | c.user_email_map = UserEmailMap.query() \ | |
591 | .filter(UserEmailMap.user == c.user).all() |
|
593 | .filter(UserEmailMap.user == c.user).all() | |
592 |
|
594 | |||
593 | defaults = c.user.get_dict() |
|
595 | defaults = c.user.get_dict() | |
594 | return htmlfill.render( |
|
596 | return htmlfill.render( | |
595 | render('admin/users/user_edit.html'), |
|
597 | render('admin/users/user_edit.html'), | |
596 | defaults=defaults, |
|
598 | defaults=defaults, | |
597 | encoding="UTF-8", |
|
599 | encoding="UTF-8", | |
598 | force_defaults=False) |
|
600 | force_defaults=False) | |
599 |
|
601 | |||
600 | @HasPermissionAllDecorator('hg.admin') |
|
602 | @HasPermissionAllDecorator('hg.admin') | |
601 | @auth.CSRFRequired() |
|
603 | @auth.CSRFRequired() | |
602 | def add_email(self, user_id): |
|
604 | def add_email(self, user_id): | |
603 | """POST /user_emails:Add an existing item""" |
|
605 | """POST /user_emails:Add an existing item""" | |
604 | # url('user_emails', user_id=ID, method='put') |
|
606 | # url('user_emails', user_id=ID, method='put') | |
605 | user_id = safe_int(user_id) |
|
607 | user_id = safe_int(user_id) | |
606 | c.user = User.get_or_404(user_id) |
|
608 | c.user = User.get_or_404(user_id) | |
607 |
|
609 | |||
608 | email = request.POST.get('new_email') |
|
610 | email = request.POST.get('new_email') | |
609 | user_model = UserModel() |
|
611 | user_model = UserModel() | |
610 |
|
612 | |||
611 | try: |
|
613 | try: | |
612 | user_model.add_extra_email(user_id, email) |
|
614 | user_model.add_extra_email(user_id, email) | |
613 | Session().commit() |
|
615 | Session().commit() | |
614 | h.flash(_("Added new email address `%s` for user account") % email, |
|
616 | h.flash(_("Added new email address `%s` for user account") % email, | |
615 | category='success') |
|
617 | category='success') | |
616 | except formencode.Invalid as error: |
|
618 | except formencode.Invalid as error: | |
617 | msg = error.error_dict['email'] |
|
619 | msg = error.error_dict['email'] | |
618 | h.flash(msg, category='error') |
|
620 | h.flash(msg, category='error') | |
619 | except Exception: |
|
621 | except Exception: | |
620 | log.exception("Exception during email saving") |
|
622 | log.exception("Exception during email saving") | |
621 | h.flash(_('An error occurred during email saving'), |
|
623 | h.flash(_('An error occurred during email saving'), | |
622 | category='error') |
|
624 | category='error') | |
623 | return redirect(url('edit_user_emails', user_id=user_id)) |
|
625 | return redirect(url('edit_user_emails', user_id=user_id)) | |
624 |
|
626 | |||
625 | @HasPermissionAllDecorator('hg.admin') |
|
627 | @HasPermissionAllDecorator('hg.admin') | |
626 | @auth.CSRFRequired() |
|
628 | @auth.CSRFRequired() | |
627 | def delete_email(self, user_id): |
|
629 | def delete_email(self, user_id): | |
628 | """DELETE /user_emails_delete/user_id: Delete an existing item""" |
|
630 | """DELETE /user_emails_delete/user_id: Delete an existing item""" | |
629 | # url('user_emails_delete', user_id=ID, method='delete') |
|
631 | # url('user_emails_delete', user_id=ID, method='delete') | |
630 | user_id = safe_int(user_id) |
|
632 | user_id = safe_int(user_id) | |
631 | c.user = User.get_or_404(user_id) |
|
633 | c.user = User.get_or_404(user_id) | |
632 | email_id = request.POST.get('del_email_id') |
|
634 | email_id = request.POST.get('del_email_id') | |
633 | user_model = UserModel() |
|
635 | user_model = UserModel() | |
634 | user_model.delete_extra_email(user_id, email_id) |
|
636 | user_model.delete_extra_email(user_id, email_id) | |
635 | Session().commit() |
|
637 | Session().commit() | |
636 | h.flash(_("Removed email address from user account"), category='success') |
|
638 | h.flash(_("Removed email address from user account"), category='success') | |
637 | return redirect(url('edit_user_emails', user_id=user_id)) |
|
639 | return redirect(url('edit_user_emails', user_id=user_id)) | |
638 |
|
640 | |||
639 | @HasPermissionAllDecorator('hg.admin') |
|
641 | @HasPermissionAllDecorator('hg.admin') | |
640 | def edit_ips(self, user_id): |
|
642 | def edit_ips(self, user_id): | |
641 | user_id = safe_int(user_id) |
|
643 | user_id = safe_int(user_id) | |
642 | c.user = User.get_or_404(user_id) |
|
644 | c.user = User.get_or_404(user_id) | |
643 | if c.user.username == User.DEFAULT_USER: |
|
645 | if c.user.username == User.DEFAULT_USER: | |
644 | h.flash(_("You can't edit this user"), category='warning') |
|
646 | h.flash(_("You can't edit this user"), category='warning') | |
645 | return redirect(url('users')) |
|
647 | return redirect(url('users')) | |
646 |
|
648 | |||
647 | c.active = 'ips' |
|
649 | c.active = 'ips' | |
648 | c.user_ip_map = UserIpMap.query() \ |
|
650 | c.user_ip_map = UserIpMap.query() \ | |
649 | .filter(UserIpMap.user == c.user).all() |
|
651 | .filter(UserIpMap.user == c.user).all() | |
650 |
|
652 | |||
651 | c.inherit_default_ips = c.user.inherit_default_permissions |
|
653 | c.inherit_default_ips = c.user.inherit_default_permissions | |
652 | c.default_user_ip_map = UserIpMap.query() \ |
|
654 | c.default_user_ip_map = UserIpMap.query() \ | |
653 | .filter(UserIpMap.user == User.get_default_user()).all() |
|
655 | .filter(UserIpMap.user == User.get_default_user()).all() | |
654 |
|
656 | |||
655 | defaults = c.user.get_dict() |
|
657 | defaults = c.user.get_dict() | |
656 | return htmlfill.render( |
|
658 | return htmlfill.render( | |
657 | render('admin/users/user_edit.html'), |
|
659 | render('admin/users/user_edit.html'), | |
658 | defaults=defaults, |
|
660 | defaults=defaults, | |
659 | encoding="UTF-8", |
|
661 | encoding="UTF-8", | |
660 | force_defaults=False) |
|
662 | force_defaults=False) | |
661 |
|
663 | |||
662 | @HasPermissionAllDecorator('hg.admin') |
|
664 | @HasPermissionAllDecorator('hg.admin') | |
663 | @auth.CSRFRequired() |
|
665 | @auth.CSRFRequired() | |
664 | def add_ip(self, user_id): |
|
666 | def add_ip(self, user_id): | |
665 | """POST /user_ips:Add an existing item""" |
|
667 | """POST /user_ips:Add an existing item""" | |
666 | # url('user_ips', user_id=ID, method='put') |
|
668 | # url('user_ips', user_id=ID, method='put') | |
667 |
|
669 | |||
668 | user_id = safe_int(user_id) |
|
670 | user_id = safe_int(user_id) | |
669 | c.user = User.get_or_404(user_id) |
|
671 | c.user = User.get_or_404(user_id) | |
670 | user_model = UserModel() |
|
672 | user_model = UserModel() | |
671 | try: |
|
673 | try: | |
672 | ip_list = user_model.parse_ip_range(request.POST.get('new_ip')) |
|
674 | ip_list = user_model.parse_ip_range(request.POST.get('new_ip')) | |
673 | except Exception as e: |
|
675 | except Exception as e: | |
674 | ip_list = [] |
|
676 | ip_list = [] | |
675 | log.exception("Exception during ip saving") |
|
677 | log.exception("Exception during ip saving") | |
676 | h.flash(_('An error occurred during ip saving:%s' % (e,)), |
|
678 | h.flash(_('An error occurred during ip saving:%s' % (e,)), | |
677 | category='error') |
|
679 | category='error') | |
678 |
|
680 | |||
679 | desc = request.POST.get('description') |
|
681 | desc = request.POST.get('description') | |
680 | added = [] |
|
682 | added = [] | |
681 | for ip in ip_list: |
|
683 | for ip in ip_list: | |
682 | try: |
|
684 | try: | |
683 | user_model.add_extra_ip(user_id, ip, desc) |
|
685 | user_model.add_extra_ip(user_id, ip, desc) | |
684 | Session().commit() |
|
686 | Session().commit() | |
685 | added.append(ip) |
|
687 | added.append(ip) | |
686 | except formencode.Invalid as error: |
|
688 | except formencode.Invalid as error: | |
687 | msg = error.error_dict['ip'] |
|
689 | msg = error.error_dict['ip'] | |
688 | h.flash(msg, category='error') |
|
690 | h.flash(msg, category='error') | |
689 | except Exception: |
|
691 | except Exception: | |
690 | log.exception("Exception during ip saving") |
|
692 | log.exception("Exception during ip saving") | |
691 | h.flash(_('An error occurred during ip saving'), |
|
693 | h.flash(_('An error occurred during ip saving'), | |
692 | category='error') |
|
694 | category='error') | |
693 | if added: |
|
695 | if added: | |
694 | h.flash( |
|
696 | h.flash( | |
695 | _("Added ips %s to user whitelist") % (', '.join(ip_list), ), |
|
697 | _("Added ips %s to user whitelist") % (', '.join(ip_list), ), | |
696 | category='success') |
|
698 | category='success') | |
697 | if 'default_user' in request.POST: |
|
699 | if 'default_user' in request.POST: | |
698 | return redirect(url('admin_permissions_ips')) |
|
700 | return redirect(url('admin_permissions_ips')) | |
699 | return redirect(url('edit_user_ips', user_id=user_id)) |
|
701 | return redirect(url('edit_user_ips', user_id=user_id)) | |
700 |
|
702 | |||
701 | @HasPermissionAllDecorator('hg.admin') |
|
703 | @HasPermissionAllDecorator('hg.admin') | |
702 | @auth.CSRFRequired() |
|
704 | @auth.CSRFRequired() | |
703 | def delete_ip(self, user_id): |
|
705 | def delete_ip(self, user_id): | |
704 | """DELETE /user_ips_delete/user_id: Delete an existing item""" |
|
706 | """DELETE /user_ips_delete/user_id: Delete an existing item""" | |
705 | # url('user_ips_delete', user_id=ID, method='delete') |
|
707 | # url('user_ips_delete', user_id=ID, method='delete') | |
706 | user_id = safe_int(user_id) |
|
708 | user_id = safe_int(user_id) | |
707 | c.user = User.get_or_404(user_id) |
|
709 | c.user = User.get_or_404(user_id) | |
708 |
|
710 | |||
709 | ip_id = request.POST.get('del_ip_id') |
|
711 | ip_id = request.POST.get('del_ip_id') | |
710 | user_model = UserModel() |
|
712 | user_model = UserModel() | |
711 | user_model.delete_extra_ip(user_id, ip_id) |
|
713 | user_model.delete_extra_ip(user_id, ip_id) | |
712 | Session().commit() |
|
714 | Session().commit() | |
713 | h.flash(_("Removed ip address from user whitelist"), category='success') |
|
715 | h.flash(_("Removed ip address from user whitelist"), category='success') | |
714 |
|
716 | |||
715 | if 'default_user' in request.POST: |
|
717 | if 'default_user' in request.POST: | |
716 | return redirect(url('admin_permissions_ips')) |
|
718 | return redirect(url('admin_permissions_ips')) | |
717 | return redirect(url('edit_user_ips', user_id=user_id)) |
|
719 | return redirect(url('edit_user_ips', user_id=user_id)) |
General Comments 0
You need to be logged in to leave comments.
Login now