##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
audit-logs: add audit logs for API permission calls....
marcink -
r3342:bb780a23 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,2065 +1,2099 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import logging
22 22 import time
23 23
24 24 import rhodecode
25 25 from rhodecode.api import (
26 26 jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError)
27 27 from rhodecode.api.utils import (
28 28 has_superadmin_permission, Optional, OAttr, get_repo_or_error,
29 29 get_user_group_or_error, get_user_or_error, validate_repo_permissions,
30 30 get_perm_or_error, parse_args, get_origin, build_commit_data,
31 31 validate_set_owner_permissions)
32 32 from rhodecode.lib import audit_logger
33 33 from rhodecode.lib import repo_maintenance
34 34 from rhodecode.lib.auth import HasPermissionAnyApi, HasUserGroupPermissionAnyApi
35 35 from rhodecode.lib.celerylib.utils import get_task_id
36 36 from rhodecode.lib.utils2 import str2bool, time_to_datetime, safe_str
37 37 from rhodecode.lib.ext_json import json
38 38 from rhodecode.lib.exceptions import StatusChangeOnClosedPullRequestError
39 39 from rhodecode.model.changeset_status import ChangesetStatusModel
40 40 from rhodecode.model.comment import CommentsModel
41 41 from rhodecode.model.db import (
42 42 Session, ChangesetStatus, RepositoryField, Repository, RepoGroup,
43 43 ChangesetComment)
44 44 from rhodecode.model.repo import RepoModel
45 45 from rhodecode.model.scm import ScmModel, RepoList
46 46 from rhodecode.model.settings import SettingsModel, VcsSettingsModel
47 47 from rhodecode.model import validation_schema
48 48 from rhodecode.model.validation_schema.schemas import repo_schema
49 49
50 50 log = logging.getLogger(__name__)
51 51
52 52
53 53 @jsonrpc_method()
54 54 def get_repo(request, apiuser, repoid, cache=Optional(True)):
55 55 """
56 56 Gets an existing repository by its name or repository_id.
57 57
58 58 The members section so the output returns users groups or users
59 59 associated with that repository.
60 60
61 61 This command can only be run using an |authtoken| with admin rights,
62 62 or users with at least read rights to the |repo|.
63 63
64 64 :param apiuser: This is filled automatically from the |authtoken|.
65 65 :type apiuser: AuthUser
66 66 :param repoid: The repository name or repository id.
67 67 :type repoid: str or int
68 68 :param cache: use the cached value for last changeset
69 69 :type: cache: Optional(bool)
70 70
71 71 Example output:
72 72
73 73 .. code-block:: bash
74 74
75 75 {
76 76 "error": null,
77 77 "id": <repo_id>,
78 78 "result": {
79 79 "clone_uri": null,
80 80 "created_on": "timestamp",
81 81 "description": "repo description",
82 82 "enable_downloads": false,
83 83 "enable_locking": false,
84 84 "enable_statistics": false,
85 85 "followers": [
86 86 {
87 87 "active": true,
88 88 "admin": false,
89 89 "api_key": "****************************************",
90 90 "api_keys": [
91 91 "****************************************"
92 92 ],
93 93 "email": "user@example.com",
94 94 "emails": [
95 95 "user@example.com"
96 96 ],
97 97 "extern_name": "rhodecode",
98 98 "extern_type": "rhodecode",
99 99 "firstname": "username",
100 100 "ip_addresses": [],
101 101 "language": null,
102 102 "last_login": "2015-09-16T17:16:35.854",
103 103 "lastname": "surname",
104 104 "user_id": <user_id>,
105 105 "username": "name"
106 106 }
107 107 ],
108 108 "fork_of": "parent-repo",
109 109 "landing_rev": [
110 110 "rev",
111 111 "tip"
112 112 ],
113 113 "last_changeset": {
114 114 "author": "User <user@example.com>",
115 115 "branch": "default",
116 116 "date": "timestamp",
117 117 "message": "last commit message",
118 118 "parents": [
119 119 {
120 120 "raw_id": "commit-id"
121 121 }
122 122 ],
123 123 "raw_id": "commit-id",
124 124 "revision": <revision number>,
125 125 "short_id": "short id"
126 126 },
127 127 "lock_reason": null,
128 128 "locked_by": null,
129 129 "locked_date": null,
130 130 "owner": "owner-name",
131 131 "permissions": [
132 132 {
133 133 "name": "super-admin-name",
134 134 "origin": "super-admin",
135 135 "permission": "repository.admin",
136 136 "type": "user"
137 137 },
138 138 {
139 139 "name": "owner-name",
140 140 "origin": "owner",
141 141 "permission": "repository.admin",
142 142 "type": "user"
143 143 },
144 144 {
145 145 "name": "user-group-name",
146 146 "origin": "permission",
147 147 "permission": "repository.write",
148 148 "type": "user_group"
149 149 }
150 150 ],
151 151 "private": true,
152 152 "repo_id": 676,
153 153 "repo_name": "user-group/repo-name",
154 154 "repo_type": "hg"
155 155 }
156 156 }
157 157 """
158 158
159 159 repo = get_repo_or_error(repoid)
160 160 cache = Optional.extract(cache)
161 161
162 162 include_secrets = False
163 163 if has_superadmin_permission(apiuser):
164 164 include_secrets = True
165 165 else:
166 166 # check if we have at least read permission for this repo !
167 167 _perms = (
168 168 'repository.admin', 'repository.write', 'repository.read',)
169 169 validate_repo_permissions(apiuser, repoid, repo, _perms)
170 170
171 171 permissions = []
172 172 for _user in repo.permissions():
173 173 user_data = {
174 174 'name': _user.username,
175 175 'permission': _user.permission,
176 176 'origin': get_origin(_user),
177 177 'type': "user",
178 178 }
179 179 permissions.append(user_data)
180 180
181 181 for _user_group in repo.permission_user_groups():
182 182 user_group_data = {
183 183 'name': _user_group.users_group_name,
184 184 'permission': _user_group.permission,
185 185 'origin': get_origin(_user_group),
186 186 'type': "user_group",
187 187 }
188 188 permissions.append(user_group_data)
189 189
190 190 following_users = [
191 191 user.user.get_api_data(include_secrets=include_secrets)
192 192 for user in repo.followers]
193 193
194 194 if not cache:
195 195 repo.update_commit_cache()
196 196 data = repo.get_api_data(include_secrets=include_secrets)
197 197 data['permissions'] = permissions
198 198 data['followers'] = following_users
199 199 return data
200 200
201 201
202 202 @jsonrpc_method()
203 203 def get_repos(request, apiuser, root=Optional(None), traverse=Optional(True)):
204 204 """
205 205 Lists all existing repositories.
206 206
207 207 This command can only be run using an |authtoken| with admin rights,
208 208 or users with at least read rights to |repos|.
209 209
210 210 :param apiuser: This is filled automatically from the |authtoken|.
211 211 :type apiuser: AuthUser
212 212 :param root: specify root repository group to fetch repositories.
213 213 filters the returned repositories to be members of given root group.
214 214 :type root: Optional(None)
215 215 :param traverse: traverse given root into subrepositories. With this flag
216 216 set to False, it will only return top-level repositories from `root`.
217 217 if root is empty it will return just top-level repositories.
218 218 :type traverse: Optional(True)
219 219
220 220
221 221 Example output:
222 222
223 223 .. code-block:: bash
224 224
225 225 id : <id_given_in_input>
226 226 result: [
227 227 {
228 228 "repo_id" : "<repo_id>",
229 229 "repo_name" : "<reponame>"
230 230 "repo_type" : "<repo_type>",
231 231 "clone_uri" : "<clone_uri>",
232 232 "private": : "<bool>",
233 233 "created_on" : "<datetimecreated>",
234 234 "description" : "<description>",
235 235 "landing_rev": "<landing_rev>",
236 236 "owner": "<repo_owner>",
237 237 "fork_of": "<name_of_fork_parent>",
238 238 "enable_downloads": "<bool>",
239 239 "enable_locking": "<bool>",
240 240 "enable_statistics": "<bool>",
241 241 },
242 242 ...
243 243 ]
244 244 error: null
245 245 """
246 246
247 247 include_secrets = has_superadmin_permission(apiuser)
248 248 _perms = ('repository.read', 'repository.write', 'repository.admin',)
249 249 extras = {'user': apiuser}
250 250
251 251 root = Optional.extract(root)
252 252 traverse = Optional.extract(traverse, binary=True)
253 253
254 254 if root:
255 255 # verify parent existance, if it's empty return an error
256 256 parent = RepoGroup.get_by_group_name(root)
257 257 if not parent:
258 258 raise JSONRPCError(
259 259 'Root repository group `{}` does not exist'.format(root))
260 260
261 261 if traverse:
262 262 repos = RepoModel().get_repos_for_root(root=root, traverse=traverse)
263 263 else:
264 264 repos = RepoModel().get_repos_for_root(root=parent)
265 265 else:
266 266 if traverse:
267 267 repos = RepoModel().get_all()
268 268 else:
269 269 # return just top-level
270 270 repos = RepoModel().get_repos_for_root(root=None)
271 271
272 272 repo_list = RepoList(repos, perm_set=_perms, extra_kwargs=extras)
273 273 return [repo.get_api_data(include_secrets=include_secrets)
274 274 for repo in repo_list]
275 275
276 276
277 277 @jsonrpc_method()
278 278 def get_repo_changeset(request, apiuser, repoid, revision,
279 279 details=Optional('basic')):
280 280 """
281 281 Returns information about a changeset.
282 282
283 283 Additionally parameters define the amount of details returned by
284 284 this function.
285 285
286 286 This command can only be run using an |authtoken| with admin rights,
287 287 or users with at least read rights to the |repo|.
288 288
289 289 :param apiuser: This is filled automatically from the |authtoken|.
290 290 :type apiuser: AuthUser
291 291 :param repoid: The repository name or repository id
292 292 :type repoid: str or int
293 293 :param revision: revision for which listing should be done
294 294 :type revision: str
295 295 :param details: details can be 'basic|extended|full' full gives diff
296 296 info details like the diff itself, and number of changed files etc.
297 297 :type details: Optional(str)
298 298
299 299 """
300 300 repo = get_repo_or_error(repoid)
301 301 if not has_superadmin_permission(apiuser):
302 302 _perms = (
303 303 'repository.admin', 'repository.write', 'repository.read',)
304 304 validate_repo_permissions(apiuser, repoid, repo, _perms)
305 305
306 306 changes_details = Optional.extract(details)
307 307 _changes_details_types = ['basic', 'extended', 'full']
308 308 if changes_details not in _changes_details_types:
309 309 raise JSONRPCError(
310 310 'ret_type must be one of %s' % (
311 311 ','.join(_changes_details_types)))
312 312
313 313 pre_load = ['author', 'branch', 'date', 'message', 'parents',
314 314 'status', '_commit', '_file_paths']
315 315
316 316 try:
317 317 cs = repo.get_commit(commit_id=revision, pre_load=pre_load)
318 318 except TypeError as e:
319 319 raise JSONRPCError(safe_str(e))
320 320 _cs_json = cs.__json__()
321 321 _cs_json['diff'] = build_commit_data(cs, changes_details)
322 322 if changes_details == 'full':
323 323 _cs_json['refs'] = cs._get_refs()
324 324 return _cs_json
325 325
326 326
327 327 @jsonrpc_method()
328 328 def get_repo_changesets(request, apiuser, repoid, start_rev, limit,
329 329 details=Optional('basic')):
330 330 """
331 331 Returns a set of commits limited by the number starting
332 332 from the `start_rev` option.
333 333
334 334 Additional parameters define the amount of details returned by this
335 335 function.
336 336
337 337 This command can only be run using an |authtoken| with admin rights,
338 338 or users with at least read rights to |repos|.
339 339
340 340 :param apiuser: This is filled automatically from the |authtoken|.
341 341 :type apiuser: AuthUser
342 342 :param repoid: The repository name or repository ID.
343 343 :type repoid: str or int
344 344 :param start_rev: The starting revision from where to get changesets.
345 345 :type start_rev: str
346 346 :param limit: Limit the number of commits to this amount
347 347 :type limit: str or int
348 348 :param details: Set the level of detail returned. Valid option are:
349 349 ``basic``, ``extended`` and ``full``.
350 350 :type details: Optional(str)
351 351
352 352 .. note::
353 353
354 354 Setting the parameter `details` to the value ``full`` is extensive
355 355 and returns details like the diff itself, and the number
356 356 of changed files.
357 357
358 358 """
359 359 repo = get_repo_or_error(repoid)
360 360 if not has_superadmin_permission(apiuser):
361 361 _perms = (
362 362 'repository.admin', 'repository.write', 'repository.read',)
363 363 validate_repo_permissions(apiuser, repoid, repo, _perms)
364 364
365 365 changes_details = Optional.extract(details)
366 366 _changes_details_types = ['basic', 'extended', 'full']
367 367 if changes_details not in _changes_details_types:
368 368 raise JSONRPCError(
369 369 'ret_type must be one of %s' % (
370 370 ','.join(_changes_details_types)))
371 371
372 372 limit = int(limit)
373 373 pre_load = ['author', 'branch', 'date', 'message', 'parents',
374 374 'status', '_commit', '_file_paths']
375 375
376 376 vcs_repo = repo.scm_instance()
377 377 # SVN needs a special case to distinguish its index and commit id
378 378 if vcs_repo and vcs_repo.alias == 'svn' and (start_rev == '0'):
379 379 start_rev = vcs_repo.commit_ids[0]
380 380
381 381 try:
382 382 commits = vcs_repo.get_commits(
383 383 start_id=start_rev, pre_load=pre_load)
384 384 except TypeError as e:
385 385 raise JSONRPCError(safe_str(e))
386 386 except Exception:
387 387 log.exception('Fetching of commits failed')
388 388 raise JSONRPCError('Error occurred during commit fetching')
389 389
390 390 ret = []
391 391 for cnt, commit in enumerate(commits):
392 392 if cnt >= limit != -1:
393 393 break
394 394 _cs_json = commit.__json__()
395 395 _cs_json['diff'] = build_commit_data(commit, changes_details)
396 396 if changes_details == 'full':
397 397 _cs_json['refs'] = {
398 398 'branches': [commit.branch],
399 399 'bookmarks': getattr(commit, 'bookmarks', []),
400 400 'tags': commit.tags
401 401 }
402 402 ret.append(_cs_json)
403 403 return ret
404 404
405 405
406 406 @jsonrpc_method()
407 407 def get_repo_nodes(request, apiuser, repoid, revision, root_path,
408 408 ret_type=Optional('all'), details=Optional('basic'),
409 409 max_file_bytes=Optional(None)):
410 410 """
411 411 Returns a list of nodes and children in a flat list for a given
412 412 path at given revision.
413 413
414 414 It's possible to specify ret_type to show only `files` or `dirs`.
415 415
416 416 This command can only be run using an |authtoken| with admin rights,
417 417 or users with at least read rights to |repos|.
418 418
419 419 :param apiuser: This is filled automatically from the |authtoken|.
420 420 :type apiuser: AuthUser
421 421 :param repoid: The repository name or repository ID.
422 422 :type repoid: str or int
423 423 :param revision: The revision for which listing should be done.
424 424 :type revision: str
425 425 :param root_path: The path from which to start displaying.
426 426 :type root_path: str
427 427 :param ret_type: Set the return type. Valid options are
428 428 ``all`` (default), ``files`` and ``dirs``.
429 429 :type ret_type: Optional(str)
430 430 :param details: Returns extended information about nodes, such as
431 431 md5, binary, and or content. The valid options are ``basic`` and
432 432 ``full``.
433 433 :type details: Optional(str)
434 434 :param max_file_bytes: Only return file content under this file size bytes
435 435 :type details: Optional(int)
436 436
437 437 Example output:
438 438
439 439 .. code-block:: bash
440 440
441 441 id : <id_given_in_input>
442 442 result: [
443 443 {
444 444 "name" : "<name>"
445 445 "type" : "<type>",
446 446 "binary": "<true|false>" (only in extended mode)
447 447 "md5" : "<md5 of file content>" (only in extended mode)
448 448 },
449 449 ...
450 450 ]
451 451 error: null
452 452 """
453 453
454 454 repo = get_repo_or_error(repoid)
455 455 if not has_superadmin_permission(apiuser):
456 456 _perms = (
457 457 'repository.admin', 'repository.write', 'repository.read',)
458 458 validate_repo_permissions(apiuser, repoid, repo, _perms)
459 459
460 460 ret_type = Optional.extract(ret_type)
461 461 details = Optional.extract(details)
462 462 _extended_types = ['basic', 'full']
463 463 if details not in _extended_types:
464 464 raise JSONRPCError(
465 465 'ret_type must be one of %s' % (','.join(_extended_types)))
466 466 extended_info = False
467 467 content = False
468 468 if details == 'basic':
469 469 extended_info = True
470 470
471 471 if details == 'full':
472 472 extended_info = content = True
473 473
474 474 _map = {}
475 475 try:
476 476 # check if repo is not empty by any chance, skip quicker if it is.
477 477 _scm = repo.scm_instance()
478 478 if _scm.is_empty():
479 479 return []
480 480
481 481 _d, _f = ScmModel().get_nodes(
482 482 repo, revision, root_path, flat=False,
483 483 extended_info=extended_info, content=content,
484 484 max_file_bytes=max_file_bytes)
485 485 _map = {
486 486 'all': _d + _f,
487 487 'files': _f,
488 488 'dirs': _d,
489 489 }
490 490 return _map[ret_type]
491 491 except KeyError:
492 492 raise JSONRPCError(
493 493 'ret_type must be one of %s' % (','.join(sorted(_map.keys()))))
494 494 except Exception:
495 495 log.exception("Exception occurred while trying to get repo nodes")
496 496 raise JSONRPCError(
497 497 'failed to get repo: `%s` nodes' % repo.repo_name
498 498 )
499 499
500 500
501 501 @jsonrpc_method()
502 502 def get_repo_refs(request, apiuser, repoid):
503 503 """
504 504 Returns a dictionary of current references. It returns
505 505 bookmarks, branches, closed_branches, and tags for given repository
506 506
507 507 It's possible to specify ret_type to show only `files` or `dirs`.
508 508
509 509 This command can only be run using an |authtoken| with admin rights,
510 510 or users with at least read rights to |repos|.
511 511
512 512 :param apiuser: This is filled automatically from the |authtoken|.
513 513 :type apiuser: AuthUser
514 514 :param repoid: The repository name or repository ID.
515 515 :type repoid: str or int
516 516
517 517 Example output:
518 518
519 519 .. code-block:: bash
520 520
521 521 id : <id_given_in_input>
522 522 "result": {
523 523 "bookmarks": {
524 524 "dev": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
525 525 "master": "367f590445081d8ec8c2ea0456e73ae1f1c3d6cf"
526 526 },
527 527 "branches": {
528 528 "default": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
529 529 "stable": "367f590445081d8ec8c2ea0456e73ae1f1c3d6cf"
530 530 },
531 531 "branches_closed": {},
532 532 "tags": {
533 533 "tip": "5611d30200f4040ba2ab4f3d64e5b06408a02188",
534 534 "v4.4.0": "1232313f9e6adac5ce5399c2a891dc1e72b79022",
535 535 "v4.4.1": "cbb9f1d329ae5768379cdec55a62ebdd546c4e27",
536 536 "v4.4.2": "24ffe44a27fcd1c5b6936144e176b9f6dd2f3a17",
537 537 }
538 538 }
539 539 error: null
540 540 """
541 541
542 542 repo = get_repo_or_error(repoid)
543 543 if not has_superadmin_permission(apiuser):
544 544 _perms = ('repository.admin', 'repository.write', 'repository.read',)
545 545 validate_repo_permissions(apiuser, repoid, repo, _perms)
546 546
547 547 try:
548 548 # check if repo is not empty by any chance, skip quicker if it is.
549 549 vcs_instance = repo.scm_instance()
550 550 refs = vcs_instance.refs()
551 551 return refs
552 552 except Exception:
553 553 log.exception("Exception occurred while trying to get repo refs")
554 554 raise JSONRPCError(
555 555 'failed to get repo: `%s` references' % repo.repo_name
556 556 )
557 557
558 558
559 559 @jsonrpc_method()
560 560 def create_repo(
561 561 request, apiuser, repo_name, repo_type,
562 562 owner=Optional(OAttr('apiuser')),
563 563 description=Optional(''),
564 564 private=Optional(False),
565 565 clone_uri=Optional(None),
566 566 push_uri=Optional(None),
567 567 landing_rev=Optional('rev:tip'),
568 568 enable_statistics=Optional(False),
569 569 enable_locking=Optional(False),
570 570 enable_downloads=Optional(False),
571 571 copy_permissions=Optional(False)):
572 572 """
573 573 Creates a repository.
574 574
575 575 * If the repository name contains "/", repository will be created inside
576 576 a repository group or nested repository groups
577 577
578 578 For example "foo/bar/repo1" will create |repo| called "repo1" inside
579 579 group "foo/bar". You have to have permissions to access and write to
580 580 the last repository group ("bar" in this example)
581 581
582 582 This command can only be run using an |authtoken| with at least
583 583 permissions to create repositories, or write permissions to
584 584 parent repository groups.
585 585
586 586 :param apiuser: This is filled automatically from the |authtoken|.
587 587 :type apiuser: AuthUser
588 588 :param repo_name: Set the repository name.
589 589 :type repo_name: str
590 590 :param repo_type: Set the repository type; 'hg','git', or 'svn'.
591 591 :type repo_type: str
592 592 :param owner: user_id or username
593 593 :type owner: Optional(str)
594 594 :param description: Set the repository description.
595 595 :type description: Optional(str)
596 596 :param private: set repository as private
597 597 :type private: bool
598 598 :param clone_uri: set clone_uri
599 599 :type clone_uri: str
600 600 :param push_uri: set push_uri
601 601 :type push_uri: str
602 602 :param landing_rev: <rev_type>:<rev>
603 603 :type landing_rev: str
604 604 :param enable_locking:
605 605 :type enable_locking: bool
606 606 :param enable_downloads:
607 607 :type enable_downloads: bool
608 608 :param enable_statistics:
609 609 :type enable_statistics: bool
610 610 :param copy_permissions: Copy permission from group in which the
611 611 repository is being created.
612 612 :type copy_permissions: bool
613 613
614 614
615 615 Example output:
616 616
617 617 .. code-block:: bash
618 618
619 619 id : <id_given_in_input>
620 620 result: {
621 621 "msg": "Created new repository `<reponame>`",
622 622 "success": true,
623 623 "task": "<celery task id or None if done sync>"
624 624 }
625 625 error: null
626 626
627 627
628 628 Example error output:
629 629
630 630 .. code-block:: bash
631 631
632 632 id : <id_given_in_input>
633 633 result : null
634 634 error : {
635 635 'failed to create repository `<repo_name>`'
636 636 }
637 637
638 638 """
639 639
640 640 owner = validate_set_owner_permissions(apiuser, owner)
641 641
642 642 description = Optional.extract(description)
643 643 copy_permissions = Optional.extract(copy_permissions)
644 644 clone_uri = Optional.extract(clone_uri)
645 645 push_uri = Optional.extract(push_uri)
646 646 landing_commit_ref = Optional.extract(landing_rev)
647 647
648 648 defs = SettingsModel().get_default_repo_settings(strip_prefix=True)
649 649 if isinstance(private, Optional):
650 650 private = defs.get('repo_private') or Optional.extract(private)
651 651 if isinstance(repo_type, Optional):
652 652 repo_type = defs.get('repo_type')
653 653 if isinstance(enable_statistics, Optional):
654 654 enable_statistics = defs.get('repo_enable_statistics')
655 655 if isinstance(enable_locking, Optional):
656 656 enable_locking = defs.get('repo_enable_locking')
657 657 if isinstance(enable_downloads, Optional):
658 658 enable_downloads = defs.get('repo_enable_downloads')
659 659
660 660 schema = repo_schema.RepoSchema().bind(
661 661 repo_type_options=rhodecode.BACKENDS.keys(),
662 662 repo_type=repo_type,
663 663 # user caller
664 664 user=apiuser)
665 665
666 666 try:
667 667 schema_data = schema.deserialize(dict(
668 668 repo_name=repo_name,
669 669 repo_type=repo_type,
670 670 repo_owner=owner.username,
671 671 repo_description=description,
672 672 repo_landing_commit_ref=landing_commit_ref,
673 673 repo_clone_uri=clone_uri,
674 674 repo_push_uri=push_uri,
675 675 repo_private=private,
676 676 repo_copy_permissions=copy_permissions,
677 677 repo_enable_statistics=enable_statistics,
678 678 repo_enable_downloads=enable_downloads,
679 679 repo_enable_locking=enable_locking))
680 680 except validation_schema.Invalid as err:
681 681 raise JSONRPCValidationError(colander_exc=err)
682 682
683 683 try:
684 684 data = {
685 685 'owner': owner,
686 686 'repo_name': schema_data['repo_group']['repo_name_without_group'],
687 687 'repo_name_full': schema_data['repo_name'],
688 688 'repo_group': schema_data['repo_group']['repo_group_id'],
689 689 'repo_type': schema_data['repo_type'],
690 690 'repo_description': schema_data['repo_description'],
691 691 'repo_private': schema_data['repo_private'],
692 692 'clone_uri': schema_data['repo_clone_uri'],
693 693 'push_uri': schema_data['repo_push_uri'],
694 694 'repo_landing_rev': schema_data['repo_landing_commit_ref'],
695 695 'enable_statistics': schema_data['repo_enable_statistics'],
696 696 'enable_locking': schema_data['repo_enable_locking'],
697 697 'enable_downloads': schema_data['repo_enable_downloads'],
698 698 'repo_copy_permissions': schema_data['repo_copy_permissions'],
699 699 }
700 700
701 701 task = RepoModel().create(form_data=data, cur_user=owner.user_id)
702 702 task_id = get_task_id(task)
703 703 # no commit, it's done in RepoModel, or async via celery
704 704 return {
705 705 'msg': "Created new repository `%s`" % (schema_data['repo_name'],),
706 706 'success': True, # cannot return the repo data here since fork
707 707 # can be done async
708 708 'task': task_id
709 709 }
710 710 except Exception:
711 711 log.exception(
712 712 u"Exception while trying to create the repository %s",
713 713 schema_data['repo_name'])
714 714 raise JSONRPCError(
715 715 'failed to create repository `%s`' % (schema_data['repo_name'],))
716 716
717 717
718 718 @jsonrpc_method()
719 719 def add_field_to_repo(request, apiuser, repoid, key, label=Optional(''),
720 720 description=Optional('')):
721 721 """
722 722 Adds an extra field to a repository.
723 723
724 724 This command can only be run using an |authtoken| with at least
725 725 write permissions to the |repo|.
726 726
727 727 :param apiuser: This is filled automatically from the |authtoken|.
728 728 :type apiuser: AuthUser
729 729 :param repoid: Set the repository name or repository id.
730 730 :type repoid: str or int
731 731 :param key: Create a unique field key for this repository.
732 732 :type key: str
733 733 :param label:
734 734 :type label: Optional(str)
735 735 :param description:
736 736 :type description: Optional(str)
737 737 """
738 738 repo = get_repo_or_error(repoid)
739 739 if not has_superadmin_permission(apiuser):
740 740 _perms = ('repository.admin',)
741 741 validate_repo_permissions(apiuser, repoid, repo, _perms)
742 742
743 743 label = Optional.extract(label) or key
744 744 description = Optional.extract(description)
745 745
746 746 field = RepositoryField.get_by_key_name(key, repo)
747 747 if field:
748 748 raise JSONRPCError('Field with key '
749 749 '`%s` exists for repo `%s`' % (key, repoid))
750 750
751 751 try:
752 752 RepoModel().add_repo_field(repo, key, field_label=label,
753 753 field_desc=description)
754 754 Session().commit()
755 755 return {
756 756 'msg': "Added new repository field `%s`" % (key,),
757 757 'success': True,
758 758 }
759 759 except Exception:
760 760 log.exception("Exception occurred while trying to add field to repo")
761 761 raise JSONRPCError(
762 762 'failed to create new field for repository `%s`' % (repoid,))
763 763
764 764
765 765 @jsonrpc_method()
766 766 def remove_field_from_repo(request, apiuser, repoid, key):
767 767 """
768 768 Removes an extra field from a repository.
769 769
770 770 This command can only be run using an |authtoken| with at least
771 771 write permissions to the |repo|.
772 772
773 773 :param apiuser: This is filled automatically from the |authtoken|.
774 774 :type apiuser: AuthUser
775 775 :param repoid: Set the repository name or repository ID.
776 776 :type repoid: str or int
777 777 :param key: Set the unique field key for this repository.
778 778 :type key: str
779 779 """
780 780
781 781 repo = get_repo_or_error(repoid)
782 782 if not has_superadmin_permission(apiuser):
783 783 _perms = ('repository.admin',)
784 784 validate_repo_permissions(apiuser, repoid, repo, _perms)
785 785
786 786 field = RepositoryField.get_by_key_name(key, repo)
787 787 if not field:
788 788 raise JSONRPCError('Field with key `%s` does not '
789 789 'exists for repo `%s`' % (key, repoid))
790 790
791 791 try:
792 792 RepoModel().delete_repo_field(repo, field_key=key)
793 793 Session().commit()
794 794 return {
795 795 'msg': "Deleted repository field `%s`" % (key,),
796 796 'success': True,
797 797 }
798 798 except Exception:
799 799 log.exception(
800 800 "Exception occurred while trying to delete field from repo")
801 801 raise JSONRPCError(
802 802 'failed to delete field for repository `%s`' % (repoid,))
803 803
804 804
805 805 @jsonrpc_method()
806 806 def update_repo(
807 807 request, apiuser, repoid, repo_name=Optional(None),
808 808 owner=Optional(OAttr('apiuser')), description=Optional(''),
809 809 private=Optional(False),
810 810 clone_uri=Optional(None), push_uri=Optional(None),
811 811 landing_rev=Optional('rev:tip'), fork_of=Optional(None),
812 812 enable_statistics=Optional(False),
813 813 enable_locking=Optional(False),
814 814 enable_downloads=Optional(False), fields=Optional('')):
815 815 """
816 816 Updates a repository with the given information.
817 817
818 818 This command can only be run using an |authtoken| with at least
819 819 admin permissions to the |repo|.
820 820
821 821 * If the repository name contains "/", repository will be updated
822 822 accordingly with a repository group or nested repository groups
823 823
824 824 For example repoid=repo-test name="foo/bar/repo-test" will update |repo|
825 825 called "repo-test" and place it inside group "foo/bar".
826 826 You have to have permissions to access and write to the last repository
827 827 group ("bar" in this example)
828 828
829 829 :param apiuser: This is filled automatically from the |authtoken|.
830 830 :type apiuser: AuthUser
831 831 :param repoid: repository name or repository ID.
832 832 :type repoid: str or int
833 833 :param repo_name: Update the |repo| name, including the
834 834 repository group it's in.
835 835 :type repo_name: str
836 836 :param owner: Set the |repo| owner.
837 837 :type owner: str
838 838 :param fork_of: Set the |repo| as fork of another |repo|.
839 839 :type fork_of: str
840 840 :param description: Update the |repo| description.
841 841 :type description: str
842 842 :param private: Set the |repo| as private. (True | False)
843 843 :type private: bool
844 844 :param clone_uri: Update the |repo| clone URI.
845 845 :type clone_uri: str
846 846 :param landing_rev: Set the |repo| landing revision. Default is ``rev:tip``.
847 847 :type landing_rev: str
848 848 :param enable_statistics: Enable statistics on the |repo|, (True | False).
849 849 :type enable_statistics: bool
850 850 :param enable_locking: Enable |repo| locking.
851 851 :type enable_locking: bool
852 852 :param enable_downloads: Enable downloads from the |repo|, (True | False).
853 853 :type enable_downloads: bool
854 854 :param fields: Add extra fields to the |repo|. Use the following
855 855 example format: ``field_key=field_val,field_key2=fieldval2``.
856 856 Escape ', ' with \,
857 857 :type fields: str
858 858 """
859 859
860 860 repo = get_repo_or_error(repoid)
861 861
862 862 include_secrets = False
863 863 if not has_superadmin_permission(apiuser):
864 864 validate_repo_permissions(apiuser, repoid, repo, ('repository.admin',))
865 865 else:
866 866 include_secrets = True
867 867
868 868 updates = dict(
869 869 repo_name=repo_name
870 870 if not isinstance(repo_name, Optional) else repo.repo_name,
871 871
872 872 fork_id=fork_of
873 873 if not isinstance(fork_of, Optional) else repo.fork.repo_name if repo.fork else None,
874 874
875 875 user=owner
876 876 if not isinstance(owner, Optional) else repo.user.username,
877 877
878 878 repo_description=description
879 879 if not isinstance(description, Optional) else repo.description,
880 880
881 881 repo_private=private
882 882 if not isinstance(private, Optional) else repo.private,
883 883
884 884 clone_uri=clone_uri
885 885 if not isinstance(clone_uri, Optional) else repo.clone_uri,
886 886
887 887 push_uri=push_uri
888 888 if not isinstance(push_uri, Optional) else repo.push_uri,
889 889
890 890 repo_landing_rev=landing_rev
891 891 if not isinstance(landing_rev, Optional) else repo._landing_revision,
892 892
893 893 repo_enable_statistics=enable_statistics
894 894 if not isinstance(enable_statistics, Optional) else repo.enable_statistics,
895 895
896 896 repo_enable_locking=enable_locking
897 897 if not isinstance(enable_locking, Optional) else repo.enable_locking,
898 898
899 899 repo_enable_downloads=enable_downloads
900 900 if not isinstance(enable_downloads, Optional) else repo.enable_downloads)
901 901
902 902 ref_choices, _labels = ScmModel().get_repo_landing_revs(
903 903 request.translate, repo=repo)
904 904
905 905 old_values = repo.get_api_data()
906 906 repo_type = repo.repo_type
907 907 schema = repo_schema.RepoSchema().bind(
908 908 repo_type_options=rhodecode.BACKENDS.keys(),
909 909 repo_ref_options=ref_choices,
910 910 repo_type=repo_type,
911 911 # user caller
912 912 user=apiuser,
913 913 old_values=old_values)
914 914 try:
915 915 schema_data = schema.deserialize(dict(
916 916 # we save old value, users cannot change type
917 917 repo_type=repo_type,
918 918
919 919 repo_name=updates['repo_name'],
920 920 repo_owner=updates['user'],
921 921 repo_description=updates['repo_description'],
922 922 repo_clone_uri=updates['clone_uri'],
923 923 repo_push_uri=updates['push_uri'],
924 924 repo_fork_of=updates['fork_id'],
925 925 repo_private=updates['repo_private'],
926 926 repo_landing_commit_ref=updates['repo_landing_rev'],
927 927 repo_enable_statistics=updates['repo_enable_statistics'],
928 928 repo_enable_downloads=updates['repo_enable_downloads'],
929 929 repo_enable_locking=updates['repo_enable_locking']))
930 930 except validation_schema.Invalid as err:
931 931 raise JSONRPCValidationError(colander_exc=err)
932 932
933 933 # save validated data back into the updates dict
934 934 validated_updates = dict(
935 935 repo_name=schema_data['repo_group']['repo_name_without_group'],
936 936 repo_group=schema_data['repo_group']['repo_group_id'],
937 937
938 938 user=schema_data['repo_owner'],
939 939 repo_description=schema_data['repo_description'],
940 940 repo_private=schema_data['repo_private'],
941 941 clone_uri=schema_data['repo_clone_uri'],
942 942 push_uri=schema_data['repo_push_uri'],
943 943 repo_landing_rev=schema_data['repo_landing_commit_ref'],
944 944 repo_enable_statistics=schema_data['repo_enable_statistics'],
945 945 repo_enable_locking=schema_data['repo_enable_locking'],
946 946 repo_enable_downloads=schema_data['repo_enable_downloads'],
947 947 )
948 948
949 949 if schema_data['repo_fork_of']:
950 950 fork_repo = get_repo_or_error(schema_data['repo_fork_of'])
951 951 validated_updates['fork_id'] = fork_repo.repo_id
952 952
953 953 # extra fields
954 954 fields = parse_args(Optional.extract(fields), key_prefix='ex_')
955 955 if fields:
956 956 validated_updates.update(fields)
957 957
958 958 try:
959 959 RepoModel().update(repo, **validated_updates)
960 960 audit_logger.store_api(
961 961 'repo.edit', action_data={'old_data': old_values},
962 962 user=apiuser, repo=repo)
963 963 Session().commit()
964 964 return {
965 965 'msg': 'updated repo ID:%s %s' % (repo.repo_id, repo.repo_name),
966 966 'repository': repo.get_api_data(include_secrets=include_secrets)
967 967 }
968 968 except Exception:
969 969 log.exception(
970 970 u"Exception while trying to update the repository %s",
971 971 repoid)
972 972 raise JSONRPCError('failed to update repo `%s`' % repoid)
973 973
974 974
975 975 @jsonrpc_method()
976 976 def fork_repo(request, apiuser, repoid, fork_name,
977 977 owner=Optional(OAttr('apiuser')),
978 978 description=Optional(''),
979 979 private=Optional(False),
980 980 clone_uri=Optional(None),
981 981 landing_rev=Optional('rev:tip'),
982 982 copy_permissions=Optional(False)):
983 983 """
984 984 Creates a fork of the specified |repo|.
985 985
986 986 * If the fork_name contains "/", fork will be created inside
987 987 a repository group or nested repository groups
988 988
989 989 For example "foo/bar/fork-repo" will create fork called "fork-repo"
990 990 inside group "foo/bar". You have to have permissions to access and
991 991 write to the last repository group ("bar" in this example)
992 992
993 993 This command can only be run using an |authtoken| with minimum
994 994 read permissions of the forked repo, create fork permissions for an user.
995 995
996 996 :param apiuser: This is filled automatically from the |authtoken|.
997 997 :type apiuser: AuthUser
998 998 :param repoid: Set repository name or repository ID.
999 999 :type repoid: str or int
1000 1000 :param fork_name: Set the fork name, including it's repository group membership.
1001 1001 :type fork_name: str
1002 1002 :param owner: Set the fork owner.
1003 1003 :type owner: str
1004 1004 :param description: Set the fork description.
1005 1005 :type description: str
1006 1006 :param copy_permissions: Copy permissions from parent |repo|. The
1007 1007 default is False.
1008 1008 :type copy_permissions: bool
1009 1009 :param private: Make the fork private. The default is False.
1010 1010 :type private: bool
1011 1011 :param landing_rev: Set the landing revision. The default is tip.
1012 1012
1013 1013 Example output:
1014 1014
1015 1015 .. code-block:: bash
1016 1016
1017 1017 id : <id_for_response>
1018 1018 api_key : "<api_key>"
1019 1019 args: {
1020 1020 "repoid" : "<reponame or repo_id>",
1021 1021 "fork_name": "<forkname>",
1022 1022 "owner": "<username or user_id = Optional(=apiuser)>",
1023 1023 "description": "<description>",
1024 1024 "copy_permissions": "<bool>",
1025 1025 "private": "<bool>",
1026 1026 "landing_rev": "<landing_rev>"
1027 1027 }
1028 1028
1029 1029 Example error output:
1030 1030
1031 1031 .. code-block:: bash
1032 1032
1033 1033 id : <id_given_in_input>
1034 1034 result: {
1035 1035 "msg": "Created fork of `<reponame>` as `<forkname>`",
1036 1036 "success": true,
1037 1037 "task": "<celery task id or None if done sync>"
1038 1038 }
1039 1039 error: null
1040 1040
1041 1041 """
1042 1042
1043 1043 repo = get_repo_or_error(repoid)
1044 1044 repo_name = repo.repo_name
1045 1045
1046 1046 if not has_superadmin_permission(apiuser):
1047 1047 # check if we have at least read permission for
1048 1048 # this repo that we fork !
1049 1049 _perms = (
1050 1050 'repository.admin', 'repository.write', 'repository.read')
1051 1051 validate_repo_permissions(apiuser, repoid, repo, _perms)
1052 1052
1053 1053 # check if the regular user has at least fork permissions as well
1054 1054 if not HasPermissionAnyApi('hg.fork.repository')(user=apiuser):
1055 1055 raise JSONRPCForbidden()
1056 1056
1057 1057 # check if user can set owner parameter
1058 1058 owner = validate_set_owner_permissions(apiuser, owner)
1059 1059
1060 1060 description = Optional.extract(description)
1061 1061 copy_permissions = Optional.extract(copy_permissions)
1062 1062 clone_uri = Optional.extract(clone_uri)
1063 1063 landing_commit_ref = Optional.extract(landing_rev)
1064 1064 private = Optional.extract(private)
1065 1065
1066 1066 schema = repo_schema.RepoSchema().bind(
1067 1067 repo_type_options=rhodecode.BACKENDS.keys(),
1068 1068 repo_type=repo.repo_type,
1069 1069 # user caller
1070 1070 user=apiuser)
1071 1071
1072 1072 try:
1073 1073 schema_data = schema.deserialize(dict(
1074 1074 repo_name=fork_name,
1075 1075 repo_type=repo.repo_type,
1076 1076 repo_owner=owner.username,
1077 1077 repo_description=description,
1078 1078 repo_landing_commit_ref=landing_commit_ref,
1079 1079 repo_clone_uri=clone_uri,
1080 1080 repo_private=private,
1081 1081 repo_copy_permissions=copy_permissions))
1082 1082 except validation_schema.Invalid as err:
1083 1083 raise JSONRPCValidationError(colander_exc=err)
1084 1084
1085 1085 try:
1086 1086 data = {
1087 1087 'fork_parent_id': repo.repo_id,
1088 1088
1089 1089 'repo_name': schema_data['repo_group']['repo_name_without_group'],
1090 1090 'repo_name_full': schema_data['repo_name'],
1091 1091 'repo_group': schema_data['repo_group']['repo_group_id'],
1092 1092 'repo_type': schema_data['repo_type'],
1093 1093 'description': schema_data['repo_description'],
1094 1094 'private': schema_data['repo_private'],
1095 1095 'copy_permissions': schema_data['repo_copy_permissions'],
1096 1096 'landing_rev': schema_data['repo_landing_commit_ref'],
1097 1097 }
1098 1098
1099 1099 task = RepoModel().create_fork(data, cur_user=owner.user_id)
1100 1100 # no commit, it's done in RepoModel, or async via celery
1101 1101 task_id = get_task_id(task)
1102 1102
1103 1103 return {
1104 1104 'msg': 'Created fork of `%s` as `%s`' % (
1105 1105 repo.repo_name, schema_data['repo_name']),
1106 1106 'success': True, # cannot return the repo data here since fork
1107 1107 # can be done async
1108 1108 'task': task_id
1109 1109 }
1110 1110 except Exception:
1111 1111 log.exception(
1112 1112 u"Exception while trying to create fork %s",
1113 1113 schema_data['repo_name'])
1114 1114 raise JSONRPCError(
1115 1115 'failed to fork repository `%s` as `%s`' % (
1116 1116 repo_name, schema_data['repo_name']))
1117 1117
1118 1118
1119 1119 @jsonrpc_method()
1120 1120 def delete_repo(request, apiuser, repoid, forks=Optional('')):
1121 1121 """
1122 1122 Deletes a repository.
1123 1123
1124 1124 * When the `forks` parameter is set it's possible to detach or delete
1125 1125 forks of deleted repository.
1126 1126
1127 1127 This command can only be run using an |authtoken| with admin
1128 1128 permissions on the |repo|.
1129 1129
1130 1130 :param apiuser: This is filled automatically from the |authtoken|.
1131 1131 :type apiuser: AuthUser
1132 1132 :param repoid: Set the repository name or repository ID.
1133 1133 :type repoid: str or int
1134 1134 :param forks: Set to `detach` or `delete` forks from the |repo|.
1135 1135 :type forks: Optional(str)
1136 1136
1137 1137 Example error output:
1138 1138
1139 1139 .. code-block:: bash
1140 1140
1141 1141 id : <id_given_in_input>
1142 1142 result: {
1143 1143 "msg": "Deleted repository `<reponame>`",
1144 1144 "success": true
1145 1145 }
1146 1146 error: null
1147 1147 """
1148 1148
1149 1149 repo = get_repo_or_error(repoid)
1150 1150 repo_name = repo.repo_name
1151 1151 if not has_superadmin_permission(apiuser):
1152 1152 _perms = ('repository.admin',)
1153 1153 validate_repo_permissions(apiuser, repoid, repo, _perms)
1154 1154
1155 1155 try:
1156 1156 handle_forks = Optional.extract(forks)
1157 1157 _forks_msg = ''
1158 1158 _forks = [f for f in repo.forks]
1159 1159 if handle_forks == 'detach':
1160 1160 _forks_msg = ' ' + 'Detached %s forks' % len(_forks)
1161 1161 elif handle_forks == 'delete':
1162 1162 _forks_msg = ' ' + 'Deleted %s forks' % len(_forks)
1163 1163 elif _forks:
1164 1164 raise JSONRPCError(
1165 1165 'Cannot delete `%s` it still contains attached forks' %
1166 1166 (repo.repo_name,)
1167 1167 )
1168 1168 old_data = repo.get_api_data()
1169 1169 RepoModel().delete(repo, forks=forks)
1170 1170
1171 1171 repo = audit_logger.RepoWrap(repo_id=None,
1172 1172 repo_name=repo.repo_name)
1173 1173
1174 1174 audit_logger.store_api(
1175 1175 'repo.delete', action_data={'old_data': old_data},
1176 1176 user=apiuser, repo=repo)
1177 1177
1178 1178 ScmModel().mark_for_invalidation(repo_name, delete=True)
1179 1179 Session().commit()
1180 1180 return {
1181 1181 'msg': 'Deleted repository `%s`%s' % (repo_name, _forks_msg),
1182 1182 'success': True
1183 1183 }
1184 1184 except Exception:
1185 1185 log.exception("Exception occurred while trying to delete repo")
1186 1186 raise JSONRPCError(
1187 1187 'failed to delete repository `%s`' % (repo_name,)
1188 1188 )
1189 1189
1190 1190
1191 1191 #TODO: marcink, change name ?
1192 1192 @jsonrpc_method()
1193 1193 def invalidate_cache(request, apiuser, repoid, delete_keys=Optional(False)):
1194 1194 """
1195 1195 Invalidates the cache for the specified repository.
1196 1196
1197 1197 This command can only be run using an |authtoken| with admin rights to
1198 1198 the specified repository.
1199 1199
1200 1200 This command takes the following options:
1201 1201
1202 1202 :param apiuser: This is filled automatically from |authtoken|.
1203 1203 :type apiuser: AuthUser
1204 1204 :param repoid: Sets the repository name or repository ID.
1205 1205 :type repoid: str or int
1206 1206 :param delete_keys: This deletes the invalidated keys instead of
1207 1207 just flagging them.
1208 1208 :type delete_keys: Optional(``True`` | ``False``)
1209 1209
1210 1210 Example output:
1211 1211
1212 1212 .. code-block:: bash
1213 1213
1214 1214 id : <id_given_in_input>
1215 1215 result : {
1216 1216 'msg': Cache for repository `<repository name>` was invalidated,
1217 1217 'repository': <repository name>
1218 1218 }
1219 1219 error : null
1220 1220
1221 1221 Example error output:
1222 1222
1223 1223 .. code-block:: bash
1224 1224
1225 1225 id : <id_given_in_input>
1226 1226 result : null
1227 1227 error : {
1228 1228 'Error occurred during cache invalidation action'
1229 1229 }
1230 1230
1231 1231 """
1232 1232
1233 1233 repo = get_repo_or_error(repoid)
1234 1234 if not has_superadmin_permission(apiuser):
1235 1235 _perms = ('repository.admin', 'repository.write',)
1236 1236 validate_repo_permissions(apiuser, repoid, repo, _perms)
1237 1237
1238 1238 delete = Optional.extract(delete_keys)
1239 1239 try:
1240 1240 ScmModel().mark_for_invalidation(repo.repo_name, delete=delete)
1241 1241 return {
1242 1242 'msg': 'Cache for repository `%s` was invalidated' % (repoid,),
1243 1243 'repository': repo.repo_name
1244 1244 }
1245 1245 except Exception:
1246 1246 log.exception(
1247 1247 "Exception occurred while trying to invalidate repo cache")
1248 1248 raise JSONRPCError(
1249 1249 'Error occurred during cache invalidation action'
1250 1250 )
1251 1251
1252 1252
1253 1253 #TODO: marcink, change name ?
1254 1254 @jsonrpc_method()
1255 1255 def lock(request, apiuser, repoid, locked=Optional(None),
1256 1256 userid=Optional(OAttr('apiuser'))):
1257 1257 """
1258 1258 Sets the lock state of the specified |repo| by the given user.
1259 1259 From more information, see :ref:`repo-locking`.
1260 1260
1261 1261 * If the ``userid`` option is not set, the repository is locked to the
1262 1262 user who called the method.
1263 1263 * If the ``locked`` parameter is not set, the current lock state of the
1264 1264 repository is displayed.
1265 1265
1266 1266 This command can only be run using an |authtoken| with admin rights to
1267 1267 the specified repository.
1268 1268
1269 1269 This command takes the following options:
1270 1270
1271 1271 :param apiuser: This is filled automatically from the |authtoken|.
1272 1272 :type apiuser: AuthUser
1273 1273 :param repoid: Sets the repository name or repository ID.
1274 1274 :type repoid: str or int
1275 1275 :param locked: Sets the lock state.
1276 1276 :type locked: Optional(``True`` | ``False``)
1277 1277 :param userid: Set the repository lock to this user.
1278 1278 :type userid: Optional(str or int)
1279 1279
1280 1280 Example error output:
1281 1281
1282 1282 .. code-block:: bash
1283 1283
1284 1284 id : <id_given_in_input>
1285 1285 result : {
1286 1286 'repo': '<reponame>',
1287 1287 'locked': <bool: lock state>,
1288 1288 'locked_since': <int: lock timestamp>,
1289 1289 'locked_by': <username of person who made the lock>,
1290 1290 'lock_reason': <str: reason for locking>,
1291 1291 'lock_state_changed': <bool: True if lock state has been changed in this request>,
1292 1292 'msg': 'Repo `<reponame>` locked by `<username>` on <timestamp>.'
1293 1293 or
1294 1294 'msg': 'Repo `<repository name>` not locked.'
1295 1295 or
1296 1296 'msg': 'User `<user name>` set lock state for repo `<repository name>` to `<new lock state>`'
1297 1297 }
1298 1298 error : null
1299 1299
1300 1300 Example error output:
1301 1301
1302 1302 .. code-block:: bash
1303 1303
1304 1304 id : <id_given_in_input>
1305 1305 result : null
1306 1306 error : {
1307 1307 'Error occurred locking repository `<reponame>`'
1308 1308 }
1309 1309 """
1310 1310
1311 1311 repo = get_repo_or_error(repoid)
1312 1312 if not has_superadmin_permission(apiuser):
1313 1313 # check if we have at least write permission for this repo !
1314 1314 _perms = ('repository.admin', 'repository.write',)
1315 1315 validate_repo_permissions(apiuser, repoid, repo, _perms)
1316 1316
1317 1317 # make sure normal user does not pass someone else userid,
1318 1318 # he is not allowed to do that
1319 1319 if not isinstance(userid, Optional) and userid != apiuser.user_id:
1320 1320 raise JSONRPCError('userid is not the same as your user')
1321 1321
1322 1322 if isinstance(userid, Optional):
1323 1323 userid = apiuser.user_id
1324 1324
1325 1325 user = get_user_or_error(userid)
1326 1326
1327 1327 if isinstance(locked, Optional):
1328 1328 lockobj = repo.locked
1329 1329
1330 1330 if lockobj[0] is None:
1331 1331 _d = {
1332 1332 'repo': repo.repo_name,
1333 1333 'locked': False,
1334 1334 'locked_since': None,
1335 1335 'locked_by': None,
1336 1336 'lock_reason': None,
1337 1337 'lock_state_changed': False,
1338 1338 'msg': 'Repo `%s` not locked.' % repo.repo_name
1339 1339 }
1340 1340 return _d
1341 1341 else:
1342 1342 _user_id, _time, _reason = lockobj
1343 1343 lock_user = get_user_or_error(userid)
1344 1344 _d = {
1345 1345 'repo': repo.repo_name,
1346 1346 'locked': True,
1347 1347 'locked_since': _time,
1348 1348 'locked_by': lock_user.username,
1349 1349 'lock_reason': _reason,
1350 1350 'lock_state_changed': False,
1351 1351 'msg': ('Repo `%s` locked by `%s` on `%s`.'
1352 1352 % (repo.repo_name, lock_user.username,
1353 1353 json.dumps(time_to_datetime(_time))))
1354 1354 }
1355 1355 return _d
1356 1356
1357 1357 # force locked state through a flag
1358 1358 else:
1359 1359 locked = str2bool(locked)
1360 1360 lock_reason = Repository.LOCK_API
1361 1361 try:
1362 1362 if locked:
1363 1363 lock_time = time.time()
1364 1364 Repository.lock(repo, user.user_id, lock_time, lock_reason)
1365 1365 else:
1366 1366 lock_time = None
1367 1367 Repository.unlock(repo)
1368 1368 _d = {
1369 1369 'repo': repo.repo_name,
1370 1370 'locked': locked,
1371 1371 'locked_since': lock_time,
1372 1372 'locked_by': user.username,
1373 1373 'lock_reason': lock_reason,
1374 1374 'lock_state_changed': True,
1375 1375 'msg': ('User `%s` set lock state for repo `%s` to `%s`'
1376 1376 % (user.username, repo.repo_name, locked))
1377 1377 }
1378 1378 return _d
1379 1379 except Exception:
1380 1380 log.exception(
1381 1381 "Exception occurred while trying to lock repository")
1382 1382 raise JSONRPCError(
1383 1383 'Error occurred locking repository `%s`' % repo.repo_name
1384 1384 )
1385 1385
1386 1386
1387 1387 @jsonrpc_method()
1388 1388 def comment_commit(
1389 1389 request, apiuser, repoid, commit_id, message, status=Optional(None),
1390 1390 comment_type=Optional(ChangesetComment.COMMENT_TYPE_NOTE),
1391 1391 resolves_comment_id=Optional(None),
1392 1392 userid=Optional(OAttr('apiuser'))):
1393 1393 """
1394 1394 Set a commit comment, and optionally change the status of the commit.
1395 1395
1396 1396 :param apiuser: This is filled automatically from the |authtoken|.
1397 1397 :type apiuser: AuthUser
1398 1398 :param repoid: Set the repository name or repository ID.
1399 1399 :type repoid: str or int
1400 1400 :param commit_id: Specify the commit_id for which to set a comment.
1401 1401 :type commit_id: str
1402 1402 :param message: The comment text.
1403 1403 :type message: str
1404 1404 :param status: (**Optional**) status of commit, one of: 'not_reviewed',
1405 1405 'approved', 'rejected', 'under_review'
1406 1406 :type status: str
1407 1407 :param comment_type: Comment type, one of: 'note', 'todo'
1408 1408 :type comment_type: Optional(str), default: 'note'
1409 1409 :param userid: Set the user name of the comment creator.
1410 1410 :type userid: Optional(str or int)
1411 1411
1412 1412 Example error output:
1413 1413
1414 1414 .. code-block:: bash
1415 1415
1416 1416 {
1417 1417 "id" : <id_given_in_input>,
1418 1418 "result" : {
1419 1419 "msg": "Commented on commit `<commit_id>` for repository `<repoid>`",
1420 1420 "status_change": null or <status>,
1421 1421 "success": true
1422 1422 },
1423 1423 "error" : null
1424 1424 }
1425 1425
1426 1426 """
1427 1427 repo = get_repo_or_error(repoid)
1428 1428 if not has_superadmin_permission(apiuser):
1429 1429 _perms = ('repository.read', 'repository.write', 'repository.admin')
1430 1430 validate_repo_permissions(apiuser, repoid, repo, _perms)
1431 1431
1432 1432 try:
1433 1433 commit_id = repo.scm_instance().get_commit(commit_id=commit_id).raw_id
1434 1434 except Exception as e:
1435 1435 log.exception('Failed to fetch commit')
1436 1436 raise JSONRPCError(safe_str(e))
1437 1437
1438 1438 if isinstance(userid, Optional):
1439 1439 userid = apiuser.user_id
1440 1440
1441 1441 user = get_user_or_error(userid)
1442 1442 status = Optional.extract(status)
1443 1443 comment_type = Optional.extract(comment_type)
1444 1444 resolves_comment_id = Optional.extract(resolves_comment_id)
1445 1445
1446 1446 allowed_statuses = [x[0] for x in ChangesetStatus.STATUSES]
1447 1447 if status and status not in allowed_statuses:
1448 1448 raise JSONRPCError('Bad status, must be on '
1449 1449 'of %s got %s' % (allowed_statuses, status,))
1450 1450
1451 1451 if resolves_comment_id:
1452 1452 comment = ChangesetComment.get(resolves_comment_id)
1453 1453 if not comment:
1454 1454 raise JSONRPCError(
1455 1455 'Invalid resolves_comment_id `%s` for this commit.'
1456 1456 % resolves_comment_id)
1457 1457 if comment.comment_type != ChangesetComment.COMMENT_TYPE_TODO:
1458 1458 raise JSONRPCError(
1459 1459 'Comment `%s` is wrong type for setting status to resolved.'
1460 1460 % resolves_comment_id)
1461 1461
1462 1462 try:
1463 1463 rc_config = SettingsModel().get_all_settings()
1464 1464 renderer = rc_config.get('rhodecode_markup_renderer', 'rst')
1465 1465 status_change_label = ChangesetStatus.get_status_lbl(status)
1466 1466 comment = CommentsModel().create(
1467 1467 message, repo, user, commit_id=commit_id,
1468 1468 status_change=status_change_label,
1469 1469 status_change_type=status,
1470 1470 renderer=renderer,
1471 1471 comment_type=comment_type,
1472 1472 resolves_comment_id=resolves_comment_id,
1473 1473 auth_user=apiuser
1474 1474 )
1475 1475 if status:
1476 1476 # also do a status change
1477 1477 try:
1478 1478 ChangesetStatusModel().set_status(
1479 1479 repo, status, user, comment, revision=commit_id,
1480 1480 dont_allow_on_closed_pull_request=True
1481 1481 )
1482 1482 except StatusChangeOnClosedPullRequestError:
1483 1483 log.exception(
1484 1484 "Exception occurred while trying to change repo commit status")
1485 1485 msg = ('Changing status on a changeset associated with '
1486 1486 'a closed pull request is not allowed')
1487 1487 raise JSONRPCError(msg)
1488 1488
1489 1489 Session().commit()
1490 1490 return {
1491 1491 'msg': (
1492 1492 'Commented on commit `%s` for repository `%s`' % (
1493 1493 comment.revision, repo.repo_name)),
1494 1494 'status_change': status,
1495 1495 'success': True,
1496 1496 }
1497 1497 except JSONRPCError:
1498 1498 # catch any inside errors, and re-raise them to prevent from
1499 1499 # below global catch to silence them
1500 1500 raise
1501 1501 except Exception:
1502 1502 log.exception("Exception occurred while trying to comment on commit")
1503 1503 raise JSONRPCError(
1504 1504 'failed to set comment on repository `%s`' % (repo.repo_name,)
1505 1505 )
1506 1506
1507 1507
1508 1508 @jsonrpc_method()
1509 1509 def grant_user_permission(request, apiuser, repoid, userid, perm):
1510 1510 """
1511 1511 Grant permissions for the specified user on the given repository,
1512 1512 or update existing permissions if found.
1513 1513
1514 1514 This command can only be run using an |authtoken| with admin
1515 1515 permissions on the |repo|.
1516 1516
1517 1517 :param apiuser: This is filled automatically from the |authtoken|.
1518 1518 :type apiuser: AuthUser
1519 1519 :param repoid: Set the repository name or repository ID.
1520 1520 :type repoid: str or int
1521 1521 :param userid: Set the user name.
1522 1522 :type userid: str
1523 1523 :param perm: Set the user permissions, using the following format
1524 1524 ``(repository.(none|read|write|admin))``
1525 1525 :type perm: str
1526 1526
1527 1527 Example output:
1528 1528
1529 1529 .. code-block:: bash
1530 1530
1531 1531 id : <id_given_in_input>
1532 1532 result: {
1533 1533 "msg" : "Granted perm: `<perm>` for user: `<username>` in repo: `<reponame>`",
1534 1534 "success": true
1535 1535 }
1536 1536 error: null
1537 1537 """
1538 1538
1539 1539 repo = get_repo_or_error(repoid)
1540 1540 user = get_user_or_error(userid)
1541 1541 perm = get_perm_or_error(perm)
1542 1542 if not has_superadmin_permission(apiuser):
1543 1543 _perms = ('repository.admin',)
1544 1544 validate_repo_permissions(apiuser, repoid, repo, _perms)
1545 1545
1546 perm_additions = [[user.user_id, perm.permission_name, "user"]]
1546 1547 try:
1548 changes = RepoModel().update_permissions(
1549 repo=repo, perm_additions=perm_additions, cur_user=apiuser)
1547 1550
1548 RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
1551 action_data = {
1552 'added': changes['added'],
1553 'updated': changes['updated'],
1554 'deleted': changes['deleted'],
1555 }
1556 audit_logger.store_api(
1557 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1549 1558
1550 1559 Session().commit()
1551 1560 return {
1552 1561 'msg': 'Granted perm: `%s` for user: `%s` in repo: `%s`' % (
1553 1562 perm.permission_name, user.username, repo.repo_name
1554 1563 ),
1555 1564 'success': True
1556 1565 }
1557 1566 except Exception:
1558 log.exception(
1559 "Exception occurred while trying edit permissions for repo")
1567 log.exception("Exception occurred while trying edit permissions for repo")
1560 1568 raise JSONRPCError(
1561 1569 'failed to edit permission for user: `%s` in repo: `%s`' % (
1562 1570 userid, repoid
1563 1571 )
1564 1572 )
1565 1573
1566 1574
1567 1575 @jsonrpc_method()
1568 1576 def revoke_user_permission(request, apiuser, repoid, userid):
1569 1577 """
1570 1578 Revoke permission for a user on the specified repository.
1571 1579
1572 1580 This command can only be run using an |authtoken| with admin
1573 1581 permissions on the |repo|.
1574 1582
1575 1583 :param apiuser: This is filled automatically from the |authtoken|.
1576 1584 :type apiuser: AuthUser
1577 1585 :param repoid: Set the repository name or repository ID.
1578 1586 :type repoid: str or int
1579 1587 :param userid: Set the user name of revoked user.
1580 1588 :type userid: str or int
1581 1589
1582 1590 Example error output:
1583 1591
1584 1592 .. code-block:: bash
1585 1593
1586 1594 id : <id_given_in_input>
1587 1595 result: {
1588 1596 "msg" : "Revoked perm for user: `<username>` in repo: `<reponame>`",
1589 1597 "success": true
1590 1598 }
1591 1599 error: null
1592 1600 """
1593 1601
1594 1602 repo = get_repo_or_error(repoid)
1595 1603 user = get_user_or_error(userid)
1596 1604 if not has_superadmin_permission(apiuser):
1597 1605 _perms = ('repository.admin',)
1598 1606 validate_repo_permissions(apiuser, repoid, repo, _perms)
1599 1607
1608 perm_deletions = [[user.user_id, None, "user"]]
1600 1609 try:
1601 RepoModel().revoke_user_permission(repo=repo, user=user)
1610 changes = RepoModel().update_permissions(
1611 repo=repo, perm_deletions=perm_deletions, cur_user=user)
1612
1613 action_data = {
1614 'added': changes['added'],
1615 'updated': changes['updated'],
1616 'deleted': changes['deleted'],
1617 }
1618 audit_logger.store_api(
1619 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1620
1602 1621 Session().commit()
1603 1622 return {
1604 1623 'msg': 'Revoked perm for user: `%s` in repo: `%s`' % (
1605 1624 user.username, repo.repo_name
1606 1625 ),
1607 1626 'success': True
1608 1627 }
1609 1628 except Exception:
1610 log.exception(
1611 "Exception occurred while trying revoke permissions to repo")
1629 log.exception("Exception occurred while trying revoke permissions to repo")
1612 1630 raise JSONRPCError(
1613 1631 'failed to edit permission for user: `%s` in repo: `%s`' % (
1614 1632 userid, repoid
1615 1633 )
1616 1634 )
1617 1635
1618 1636
1619 1637 @jsonrpc_method()
1620 1638 def grant_user_group_permission(request, apiuser, repoid, usergroupid, perm):
1621 1639 """
1622 1640 Grant permission for a user group on the specified repository,
1623 1641 or update existing permissions.
1624 1642
1625 1643 This command can only be run using an |authtoken| with admin
1626 1644 permissions on the |repo|.
1627 1645
1628 1646 :param apiuser: This is filled automatically from the |authtoken|.
1629 1647 :type apiuser: AuthUser
1630 1648 :param repoid: Set the repository name or repository ID.
1631 1649 :type repoid: str or int
1632 1650 :param usergroupid: Specify the ID of the user group.
1633 1651 :type usergroupid: str or int
1634 1652 :param perm: Set the user group permissions using the following
1635 1653 format: (repository.(none|read|write|admin))
1636 1654 :type perm: str
1637 1655
1638 1656 Example output:
1639 1657
1640 1658 .. code-block:: bash
1641 1659
1642 1660 id : <id_given_in_input>
1643 1661 result : {
1644 1662 "msg" : "Granted perm: `<perm>` for group: `<usersgroupname>` in repo: `<reponame>`",
1645 1663 "success": true
1646 1664
1647 1665 }
1648 1666 error : null
1649 1667
1650 1668 Example error output:
1651 1669
1652 1670 .. code-block:: bash
1653 1671
1654 1672 id : <id_given_in_input>
1655 1673 result : null
1656 1674 error : {
1657 1675 "failed to edit permission for user group: `<usergroup>` in repo `<repo>`'
1658 1676 }
1659 1677
1660 1678 """
1661 1679
1662 1680 repo = get_repo_or_error(repoid)
1663 1681 perm = get_perm_or_error(perm)
1664 1682 if not has_superadmin_permission(apiuser):
1665 1683 _perms = ('repository.admin',)
1666 1684 validate_repo_permissions(apiuser, repoid, repo, _perms)
1667 1685
1668 1686 user_group = get_user_group_or_error(usergroupid)
1669 1687 if not has_superadmin_permission(apiuser):
1670 1688 # check if we have at least read permission for this user group !
1671 1689 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
1672 1690 if not HasUserGroupPermissionAnyApi(*_perms)(
1673 1691 user=apiuser, user_group_name=user_group.users_group_name):
1674 1692 raise JSONRPCError(
1675 1693 'user group `%s` does not exist' % (usergroupid,))
1676 1694
1695 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
1677 1696 try:
1678 RepoModel().grant_user_group_permission(
1679 repo=repo, group_name=user_group, perm=perm)
1697 changes = RepoModel().update_permissions(
1698 repo=repo, perm_additions=perm_additions, cur_user=apiuser)
1699 action_data = {
1700 'added': changes['added'],
1701 'updated': changes['updated'],
1702 'deleted': changes['deleted'],
1703 }
1704 audit_logger.store_api(
1705 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1680 1706
1681 1707 Session().commit()
1682 1708 return {
1683 1709 'msg': 'Granted perm: `%s` for user group: `%s` in '
1684 1710 'repo: `%s`' % (
1685 1711 perm.permission_name, user_group.users_group_name,
1686 1712 repo.repo_name
1687 1713 ),
1688 1714 'success': True
1689 1715 }
1690 1716 except Exception:
1691 1717 log.exception(
1692 1718 "Exception occurred while trying change permission on repo")
1693 1719 raise JSONRPCError(
1694 1720 'failed to edit permission for user group: `%s` in '
1695 1721 'repo: `%s`' % (
1696 1722 usergroupid, repo.repo_name
1697 1723 )
1698 1724 )
1699 1725
1700 1726
1701 1727 @jsonrpc_method()
1702 1728 def revoke_user_group_permission(request, apiuser, repoid, usergroupid):
1703 1729 """
1704 1730 Revoke the permissions of a user group on a given repository.
1705 1731
1706 1732 This command can only be run using an |authtoken| with admin
1707 1733 permissions on the |repo|.
1708 1734
1709 1735 :param apiuser: This is filled automatically from the |authtoken|.
1710 1736 :type apiuser: AuthUser
1711 1737 :param repoid: Set the repository name or repository ID.
1712 1738 :type repoid: str or int
1713 1739 :param usergroupid: Specify the user group ID.
1714 1740 :type usergroupid: str or int
1715 1741
1716 1742 Example output:
1717 1743
1718 1744 .. code-block:: bash
1719 1745
1720 1746 id : <id_given_in_input>
1721 1747 result: {
1722 1748 "msg" : "Revoked perm for group: `<usersgroupname>` in repo: `<reponame>`",
1723 1749 "success": true
1724 1750 }
1725 1751 error: null
1726 1752 """
1727 1753
1728 1754 repo = get_repo_or_error(repoid)
1729 1755 if not has_superadmin_permission(apiuser):
1730 1756 _perms = ('repository.admin',)
1731 1757 validate_repo_permissions(apiuser, repoid, repo, _perms)
1732 1758
1733 1759 user_group = get_user_group_or_error(usergroupid)
1734 1760 if not has_superadmin_permission(apiuser):
1735 1761 # check if we have at least read permission for this user group !
1736 1762 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
1737 1763 if not HasUserGroupPermissionAnyApi(*_perms)(
1738 1764 user=apiuser, user_group_name=user_group.users_group_name):
1739 1765 raise JSONRPCError(
1740 1766 'user group `%s` does not exist' % (usergroupid,))
1741 1767
1768 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
1742 1769 try:
1743 RepoModel().revoke_user_group_permission(
1744 repo=repo, group_name=user_group)
1770 changes = RepoModel().update_permissions(
1771 repo=repo, perm_deletions=perm_deletions, cur_user=apiuser)
1772 action_data = {
1773 'added': changes['added'],
1774 'updated': changes['updated'],
1775 'deleted': changes['deleted'],
1776 }
1777 audit_logger.store_api(
1778 'repo.edit.permissions', action_data=action_data, user=apiuser, repo=repo)
1745 1779
1746 1780 Session().commit()
1747 1781 return {
1748 1782 'msg': 'Revoked perm for user group: `%s` in repo: `%s`' % (
1749 1783 user_group.users_group_name, repo.repo_name
1750 1784 ),
1751 1785 'success': True
1752 1786 }
1753 1787 except Exception:
1754 1788 log.exception("Exception occurred while trying revoke "
1755 1789 "user group permission on repo")
1756 1790 raise JSONRPCError(
1757 1791 'failed to edit permission for user group: `%s` in '
1758 1792 'repo: `%s`' % (
1759 1793 user_group.users_group_name, repo.repo_name
1760 1794 )
1761 1795 )
1762 1796
1763 1797
1764 1798 @jsonrpc_method()
1765 1799 def pull(request, apiuser, repoid, remote_uri=Optional(None)):
1766 1800 """
1767 1801 Triggers a pull on the given repository from a remote location. You
1768 1802 can use this to keep remote repositories up-to-date.
1769 1803
1770 1804 This command can only be run using an |authtoken| with admin
1771 1805 rights to the specified repository. For more information,
1772 1806 see :ref:`config-token-ref`.
1773 1807
1774 1808 This command takes the following options:
1775 1809
1776 1810 :param apiuser: This is filled automatically from the |authtoken|.
1777 1811 :type apiuser: AuthUser
1778 1812 :param repoid: The repository name or repository ID.
1779 1813 :type repoid: str or int
1780 1814 :param remote_uri: Optional remote URI to pass in for pull
1781 1815 :type remote_uri: str
1782 1816
1783 1817 Example output:
1784 1818
1785 1819 .. code-block:: bash
1786 1820
1787 1821 id : <id_given_in_input>
1788 1822 result : {
1789 1823 "msg": "Pulled from url `<remote_url>` on repo `<repository name>`"
1790 1824 "repository": "<repository name>"
1791 1825 }
1792 1826 error : null
1793 1827
1794 1828 Example error output:
1795 1829
1796 1830 .. code-block:: bash
1797 1831
1798 1832 id : <id_given_in_input>
1799 1833 result : null
1800 1834 error : {
1801 1835 "Unable to push changes from `<remote_url>`"
1802 1836 }
1803 1837
1804 1838 """
1805 1839
1806 1840 repo = get_repo_or_error(repoid)
1807 1841 remote_uri = Optional.extract(remote_uri)
1808 1842 remote_uri_display = remote_uri or repo.clone_uri_hidden
1809 1843 if not has_superadmin_permission(apiuser):
1810 1844 _perms = ('repository.admin',)
1811 1845 validate_repo_permissions(apiuser, repoid, repo, _perms)
1812 1846
1813 1847 try:
1814 1848 ScmModel().pull_changes(
1815 1849 repo.repo_name, apiuser.username, remote_uri=remote_uri)
1816 1850 return {
1817 1851 'msg': 'Pulled from url `%s` on repo `%s`' % (
1818 1852 remote_uri_display, repo.repo_name),
1819 1853 'repository': repo.repo_name
1820 1854 }
1821 1855 except Exception:
1822 1856 log.exception("Exception occurred while trying to "
1823 1857 "pull changes from remote location")
1824 1858 raise JSONRPCError(
1825 1859 'Unable to pull changes from `%s`' % remote_uri_display
1826 1860 )
1827 1861
1828 1862
1829 1863 @jsonrpc_method()
1830 1864 def strip(request, apiuser, repoid, revision, branch):
1831 1865 """
1832 1866 Strips the given revision from the specified repository.
1833 1867
1834 1868 * This will remove the revision and all of its decendants.
1835 1869
1836 1870 This command can only be run using an |authtoken| with admin rights to
1837 1871 the specified repository.
1838 1872
1839 1873 This command takes the following options:
1840 1874
1841 1875 :param apiuser: This is filled automatically from the |authtoken|.
1842 1876 :type apiuser: AuthUser
1843 1877 :param repoid: The repository name or repository ID.
1844 1878 :type repoid: str or int
1845 1879 :param revision: The revision you wish to strip.
1846 1880 :type revision: str
1847 1881 :param branch: The branch from which to strip the revision.
1848 1882 :type branch: str
1849 1883
1850 1884 Example output:
1851 1885
1852 1886 .. code-block:: bash
1853 1887
1854 1888 id : <id_given_in_input>
1855 1889 result : {
1856 1890 "msg": "'Stripped commit <commit_hash> from repo `<repository name>`'"
1857 1891 "repository": "<repository name>"
1858 1892 }
1859 1893 error : null
1860 1894
1861 1895 Example error output:
1862 1896
1863 1897 .. code-block:: bash
1864 1898
1865 1899 id : <id_given_in_input>
1866 1900 result : null
1867 1901 error : {
1868 1902 "Unable to strip commit <commit_hash> from repo `<repository name>`"
1869 1903 }
1870 1904
1871 1905 """
1872 1906
1873 1907 repo = get_repo_or_error(repoid)
1874 1908 if not has_superadmin_permission(apiuser):
1875 1909 _perms = ('repository.admin',)
1876 1910 validate_repo_permissions(apiuser, repoid, repo, _perms)
1877 1911
1878 1912 try:
1879 1913 ScmModel().strip(repo, revision, branch)
1880 1914 audit_logger.store_api(
1881 1915 'repo.commit.strip', action_data={'commit_id': revision},
1882 1916 repo=repo,
1883 1917 user=apiuser, commit=True)
1884 1918
1885 1919 return {
1886 1920 'msg': 'Stripped commit %s from repo `%s`' % (
1887 1921 revision, repo.repo_name),
1888 1922 'repository': repo.repo_name
1889 1923 }
1890 1924 except Exception:
1891 1925 log.exception("Exception while trying to strip")
1892 1926 raise JSONRPCError(
1893 1927 'Unable to strip commit %s from repo `%s`' % (
1894 1928 revision, repo.repo_name)
1895 1929 )
1896 1930
1897 1931
1898 1932 @jsonrpc_method()
1899 1933 def get_repo_settings(request, apiuser, repoid, key=Optional(None)):
1900 1934 """
1901 1935 Returns all settings for a repository. If key is given it only returns the
1902 1936 setting identified by the key or null.
1903 1937
1904 1938 :param apiuser: This is filled automatically from the |authtoken|.
1905 1939 :type apiuser: AuthUser
1906 1940 :param repoid: The repository name or repository id.
1907 1941 :type repoid: str or int
1908 1942 :param key: Key of the setting to return.
1909 1943 :type: key: Optional(str)
1910 1944
1911 1945 Example output:
1912 1946
1913 1947 .. code-block:: bash
1914 1948
1915 1949 {
1916 1950 "error": null,
1917 1951 "id": 237,
1918 1952 "result": {
1919 1953 "extensions_largefiles": true,
1920 1954 "extensions_evolve": true,
1921 1955 "hooks_changegroup_push_logger": true,
1922 1956 "hooks_changegroup_repo_size": false,
1923 1957 "hooks_outgoing_pull_logger": true,
1924 1958 "phases_publish": "True",
1925 1959 "rhodecode_hg_use_rebase_for_merging": true,
1926 1960 "rhodecode_pr_merge_enabled": true,
1927 1961 "rhodecode_use_outdated_comments": true
1928 1962 }
1929 1963 }
1930 1964 """
1931 1965
1932 1966 # Restrict access to this api method to admins only.
1933 1967 if not has_superadmin_permission(apiuser):
1934 1968 raise JSONRPCForbidden()
1935 1969
1936 1970 try:
1937 1971 repo = get_repo_or_error(repoid)
1938 1972 settings_model = VcsSettingsModel(repo=repo)
1939 1973 settings = settings_model.get_global_settings()
1940 1974 settings.update(settings_model.get_repo_settings())
1941 1975
1942 1976 # If only a single setting is requested fetch it from all settings.
1943 1977 key = Optional.extract(key)
1944 1978 if key is not None:
1945 1979 settings = settings.get(key, None)
1946 1980 except Exception:
1947 1981 msg = 'Failed to fetch settings for repository `{}`'.format(repoid)
1948 1982 log.exception(msg)
1949 1983 raise JSONRPCError(msg)
1950 1984
1951 1985 return settings
1952 1986
1953 1987
1954 1988 @jsonrpc_method()
1955 1989 def set_repo_settings(request, apiuser, repoid, settings):
1956 1990 """
1957 1991 Update repository settings. Returns true on success.
1958 1992
1959 1993 :param apiuser: This is filled automatically from the |authtoken|.
1960 1994 :type apiuser: AuthUser
1961 1995 :param repoid: The repository name or repository id.
1962 1996 :type repoid: str or int
1963 1997 :param settings: The new settings for the repository.
1964 1998 :type: settings: dict
1965 1999
1966 2000 Example output:
1967 2001
1968 2002 .. code-block:: bash
1969 2003
1970 2004 {
1971 2005 "error": null,
1972 2006 "id": 237,
1973 2007 "result": true
1974 2008 }
1975 2009 """
1976 2010 # Restrict access to this api method to admins only.
1977 2011 if not has_superadmin_permission(apiuser):
1978 2012 raise JSONRPCForbidden()
1979 2013
1980 2014 if type(settings) is not dict:
1981 2015 raise JSONRPCError('Settings have to be a JSON Object.')
1982 2016
1983 2017 try:
1984 2018 settings_model = VcsSettingsModel(repo=repoid)
1985 2019
1986 2020 # Merge global, repo and incoming settings.
1987 2021 new_settings = settings_model.get_global_settings()
1988 2022 new_settings.update(settings_model.get_repo_settings())
1989 2023 new_settings.update(settings)
1990 2024
1991 2025 # Update the settings.
1992 2026 inherit_global_settings = new_settings.get(
1993 2027 'inherit_global_settings', False)
1994 2028 settings_model.create_or_update_repo_settings(
1995 2029 new_settings, inherit_global_settings=inherit_global_settings)
1996 2030 Session().commit()
1997 2031 except Exception:
1998 2032 msg = 'Failed to update settings for repository `{}`'.format(repoid)
1999 2033 log.exception(msg)
2000 2034 raise JSONRPCError(msg)
2001 2035
2002 2036 # Indicate success.
2003 2037 return True
2004 2038
2005 2039
2006 2040 @jsonrpc_method()
2007 2041 def maintenance(request, apiuser, repoid):
2008 2042 """
2009 2043 Triggers a maintenance on the given repository.
2010 2044
2011 2045 This command can only be run using an |authtoken| with admin
2012 2046 rights to the specified repository. For more information,
2013 2047 see :ref:`config-token-ref`.
2014 2048
2015 2049 This command takes the following options:
2016 2050
2017 2051 :param apiuser: This is filled automatically from the |authtoken|.
2018 2052 :type apiuser: AuthUser
2019 2053 :param repoid: The repository name or repository ID.
2020 2054 :type repoid: str or int
2021 2055
2022 2056 Example output:
2023 2057
2024 2058 .. code-block:: bash
2025 2059
2026 2060 id : <id_given_in_input>
2027 2061 result : {
2028 2062 "msg": "executed maintenance command",
2029 2063 "executed_actions": [
2030 2064 <action_message>, <action_message2>...
2031 2065 ],
2032 2066 "repository": "<repository name>"
2033 2067 }
2034 2068 error : null
2035 2069
2036 2070 Example error output:
2037 2071
2038 2072 .. code-block:: bash
2039 2073
2040 2074 id : <id_given_in_input>
2041 2075 result : null
2042 2076 error : {
2043 2077 "Unable to execute maintenance on `<reponame>`"
2044 2078 }
2045 2079
2046 2080 """
2047 2081
2048 2082 repo = get_repo_or_error(repoid)
2049 2083 if not has_superadmin_permission(apiuser):
2050 2084 _perms = ('repository.admin',)
2051 2085 validate_repo_permissions(apiuser, repoid, repo, _perms)
2052 2086
2053 2087 try:
2054 2088 maintenance = repo_maintenance.RepoMaintenance()
2055 2089 executed_actions = maintenance.execute(repo)
2056 2090
2057 2091 return {
2058 2092 'msg': 'executed maintenance command',
2059 2093 'executed_actions': executed_actions,
2060 2094 'repository': repo.repo_name
2061 2095 }
2062 2096 except Exception:
2063 2097 log.exception("Exception occurred while trying to run maintenance")
2064 2098 raise JSONRPCError(
2065 2099 'Unable to execute maintenance on `%s`' % repo.repo_name)
Show file before | Show file after | Hide comments
@@ -1,719 +1,754 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2011-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21
22 22 import logging
23 23
24 24 from rhodecode.api import JSONRPCValidationError
25 25 from rhodecode.api import jsonrpc_method, JSONRPCError
26 26 from rhodecode.api.utils import (
27 27 has_superadmin_permission, Optional, OAttr, get_user_or_error,
28 28 get_repo_group_or_error, get_perm_or_error, get_user_group_or_error,
29 29 get_origin, validate_repo_group_permissions, validate_set_owner_permissions)
30 30 from rhodecode.lib import audit_logger
31 31 from rhodecode.lib.auth import (
32 32 HasRepoGroupPermissionAnyApi, HasUserGroupPermissionAnyApi)
33 33 from rhodecode.model.db import Session
34 34 from rhodecode.model.repo_group import RepoGroupModel
35 35 from rhodecode.model.scm import RepoGroupList
36 36 from rhodecode.model import validation_schema
37 37 from rhodecode.model.validation_schema.schemas import repo_group_schema
38 38
39 39
40 40 log = logging.getLogger(__name__)
41 41
42 42
43 43 @jsonrpc_method()
44 44 def get_repo_group(request, apiuser, repogroupid):
45 45 """
46 46 Return the specified |repo| group, along with permissions,
47 47 and repositories inside the group
48 48
49 49 :param apiuser: This is filled automatically from the |authtoken|.
50 50 :type apiuser: AuthUser
51 51 :param repogroupid: Specify the name of ID of the repository group.
52 52 :type repogroupid: str or int
53 53
54 54
55 55 Example output:
56 56
57 57 .. code-block:: bash
58 58
59 59 {
60 60 "error": null,
61 61 "id": repo-group-id,
62 62 "result": {
63 63 "group_description": "repo group description",
64 64 "group_id": 14,
65 65 "group_name": "group name",
66 66 "permissions": [
67 67 {
68 68 "name": "super-admin-username",
69 69 "origin": "super-admin",
70 70 "permission": "group.admin",
71 71 "type": "user"
72 72 },
73 73 {
74 74 "name": "owner-name",
75 75 "origin": "owner",
76 76 "permission": "group.admin",
77 77 "type": "user"
78 78 },
79 79 {
80 80 "name": "user-group-name",
81 81 "origin": "permission",
82 82 "permission": "group.write",
83 83 "type": "user_group"
84 84 }
85 85 ],
86 86 "owner": "owner-name",
87 87 "parent_group": null,
88 88 "repositories": [ repo-list ]
89 89 }
90 90 }
91 91 """
92 92
93 93 repo_group = get_repo_group_or_error(repogroupid)
94 94 if not has_superadmin_permission(apiuser):
95 95 # check if we have at least read permission for this repo group !
96 96 _perms = ('group.admin', 'group.write', 'group.read',)
97 97 if not HasRepoGroupPermissionAnyApi(*_perms)(
98 98 user=apiuser, group_name=repo_group.group_name):
99 99 raise JSONRPCError(
100 100 'repository group `%s` does not exist' % (repogroupid,))
101 101
102 102 permissions = []
103 103 for _user in repo_group.permissions():
104 104 user_data = {
105 105 'name': _user.username,
106 106 'permission': _user.permission,
107 107 'origin': get_origin(_user),
108 108 'type': "user",
109 109 }
110 110 permissions.append(user_data)
111 111
112 112 for _user_group in repo_group.permission_user_groups():
113 113 user_group_data = {
114 114 'name': _user_group.users_group_name,
115 115 'permission': _user_group.permission,
116 116 'origin': get_origin(_user_group),
117 117 'type': "user_group",
118 118 }
119 119 permissions.append(user_group_data)
120 120
121 121 data = repo_group.get_api_data()
122 122 data["permissions"] = permissions
123 123 return data
124 124
125 125
126 126 @jsonrpc_method()
127 127 def get_repo_groups(request, apiuser):
128 128 """
129 129 Returns all repository groups.
130 130
131 131 :param apiuser: This is filled automatically from the |authtoken|.
132 132 :type apiuser: AuthUser
133 133 """
134 134
135 135 result = []
136 136 _perms = ('group.read', 'group.write', 'group.admin',)
137 137 extras = {'user': apiuser}
138 138 for repo_group in RepoGroupList(RepoGroupModel().get_all(),
139 139 perm_set=_perms, extra_kwargs=extras):
140 140 result.append(repo_group.get_api_data())
141 141 return result
142 142
143 143
144 144 @jsonrpc_method()
145 145 def create_repo_group(
146 146 request, apiuser, group_name,
147 147 owner=Optional(OAttr('apiuser')),
148 148 description=Optional(''),
149 149 copy_permissions=Optional(False)):
150 150 """
151 151 Creates a repository group.
152 152
153 153 * If the repository group name contains "/", repository group will be
154 154 created inside a repository group or nested repository groups
155 155
156 156 For example "foo/bar/group1" will create repository group called "group1"
157 157 inside group "foo/bar". You have to have permissions to access and
158 158 write to the last repository group ("bar" in this example)
159 159
160 160 This command can only be run using an |authtoken| with at least
161 161 permissions to create repository groups, or admin permissions to
162 162 parent repository groups.
163 163
164 164 :param apiuser: This is filled automatically from the |authtoken|.
165 165 :type apiuser: AuthUser
166 166 :param group_name: Set the repository group name.
167 167 :type group_name: str
168 168 :param description: Set the |repo| group description.
169 169 :type description: str
170 170 :param owner: Set the |repo| group owner.
171 171 :type owner: str
172 172 :param copy_permissions:
173 173 :type copy_permissions:
174 174
175 175 Example output:
176 176
177 177 .. code-block:: bash
178 178
179 179 id : <id_given_in_input>
180 180 result : {
181 181 "msg": "Created new repo group `<repo_group_name>`"
182 182 "repo_group": <repogroup_object>
183 183 }
184 184 error : null
185 185
186 186
187 187 Example error output:
188 188
189 189 .. code-block:: bash
190 190
191 191 id : <id_given_in_input>
192 192 result : null
193 193 error : {
194 194 failed to create repo group `<repogroupid>`
195 195 }
196 196
197 197 """
198 198
199 199 owner = validate_set_owner_permissions(apiuser, owner)
200 200
201 201 description = Optional.extract(description)
202 202 copy_permissions = Optional.extract(copy_permissions)
203 203
204 204 schema = repo_group_schema.RepoGroupSchema().bind(
205 205 # user caller
206 206 user=apiuser)
207 207
208 208 try:
209 209 schema_data = schema.deserialize(dict(
210 210 repo_group_name=group_name,
211 211 repo_group_owner=owner.username,
212 212 repo_group_description=description,
213 213 repo_group_copy_permissions=copy_permissions,
214 214 ))
215 215 except validation_schema.Invalid as err:
216 216 raise JSONRPCValidationError(colander_exc=err)
217 217
218 218 validated_group_name = schema_data['repo_group_name']
219 219
220 220 try:
221 221 repo_group = RepoGroupModel().create(
222 222 owner=owner,
223 223 group_name=validated_group_name,
224 224 group_description=schema_data['repo_group_description'],
225 225 copy_permissions=schema_data['repo_group_copy_permissions'])
226 226 Session().flush()
227 227
228 228 repo_group_data = repo_group.get_api_data()
229 229 audit_logger.store_api(
230 230 'repo_group.create', action_data={'data': repo_group_data},
231 231 user=apiuser)
232 232
233 233 Session().commit()
234 234 return {
235 235 'msg': 'Created new repo group `%s`' % validated_group_name,
236 236 'repo_group': repo_group.get_api_data()
237 237 }
238 238 except Exception:
239 239 log.exception("Exception occurred while trying create repo group")
240 240 raise JSONRPCError(
241 241 'failed to create repo group `%s`' % (validated_group_name,))
242 242
243 243
244 244 @jsonrpc_method()
245 245 def update_repo_group(
246 246 request, apiuser, repogroupid, group_name=Optional(''),
247 247 description=Optional(''), owner=Optional(OAttr('apiuser')),
248 248 enable_locking=Optional(False)):
249 249 """
250 250 Updates repository group with the details given.
251 251
252 252 This command can only be run using an |authtoken| with admin
253 253 permissions.
254 254
255 255 * If the group_name name contains "/", repository group will be updated
256 256 accordingly with a repository group or nested repository groups
257 257
258 258 For example repogroupid=group-test group_name="foo/bar/group-test"
259 259 will update repository group called "group-test" and place it
260 260 inside group "foo/bar".
261 261 You have to have permissions to access and write to the last repository
262 262 group ("bar" in this example)
263 263
264 264 :param apiuser: This is filled automatically from the |authtoken|.
265 265 :type apiuser: AuthUser
266 266 :param repogroupid: Set the ID of repository group.
267 267 :type repogroupid: str or int
268 268 :param group_name: Set the name of the |repo| group.
269 269 :type group_name: str
270 270 :param description: Set a description for the group.
271 271 :type description: str
272 272 :param owner: Set the |repo| group owner.
273 273 :type owner: str
274 274 :param enable_locking: Enable |repo| locking. The default is false.
275 275 :type enable_locking: bool
276 276 """
277 277
278 278 repo_group = get_repo_group_or_error(repogroupid)
279 279
280 280 if not has_superadmin_permission(apiuser):
281 281 validate_repo_group_permissions(
282 282 apiuser, repogroupid, repo_group, ('group.admin',))
283 283
284 284 updates = dict(
285 285 group_name=group_name
286 286 if not isinstance(group_name, Optional) else repo_group.group_name,
287 287
288 288 group_description=description
289 289 if not isinstance(description, Optional) else repo_group.group_description,
290 290
291 291 user=owner
292 292 if not isinstance(owner, Optional) else repo_group.user.username,
293 293
294 294 enable_locking=enable_locking
295 295 if not isinstance(enable_locking, Optional) else repo_group.enable_locking
296 296 )
297 297
298 298 schema = repo_group_schema.RepoGroupSchema().bind(
299 299 # user caller
300 300 user=apiuser,
301 301 old_values=repo_group.get_api_data())
302 302
303 303 try:
304 304 schema_data = schema.deserialize(dict(
305 305 repo_group_name=updates['group_name'],
306 306 repo_group_owner=updates['user'],
307 307 repo_group_description=updates['group_description'],
308 308 repo_group_enable_locking=updates['enable_locking'],
309 309 ))
310 310 except validation_schema.Invalid as err:
311 311 raise JSONRPCValidationError(colander_exc=err)
312 312
313 313 validated_updates = dict(
314 314 group_name=schema_data['repo_group']['repo_group_name_without_group'],
315 315 group_parent_id=schema_data['repo_group']['repo_group_id'],
316 316 user=schema_data['repo_group_owner'],
317 317 group_description=schema_data['repo_group_description'],
318 318 enable_locking=schema_data['repo_group_enable_locking'],
319 319 )
320 320
321 321 old_data = repo_group.get_api_data()
322 322 try:
323 323 RepoGroupModel().update(repo_group, validated_updates)
324 324 audit_logger.store_api(
325 325 'repo_group.edit', action_data={'old_data': old_data},
326 326 user=apiuser)
327 327
328 328 Session().commit()
329 329 return {
330 330 'msg': 'updated repository group ID:%s %s' % (
331 331 repo_group.group_id, repo_group.group_name),
332 332 'repo_group': repo_group.get_api_data()
333 333 }
334 334 except Exception:
335 335 log.exception(
336 336 u"Exception occurred while trying update repo group %s",
337 337 repogroupid)
338 338 raise JSONRPCError('failed to update repository group `%s`'
339 339 % (repogroupid,))
340 340
341 341
342 342 @jsonrpc_method()
343 343 def delete_repo_group(request, apiuser, repogroupid):
344 344 """
345 345 Deletes a |repo| group.
346 346
347 347 :param apiuser: This is filled automatically from the |authtoken|.
348 348 :type apiuser: AuthUser
349 349 :param repogroupid: Set the name or ID of repository group to be
350 350 deleted.
351 351 :type repogroupid: str or int
352 352
353 353 Example output:
354 354
355 355 .. code-block:: bash
356 356
357 357 id : <id_given_in_input>
358 358 result : {
359 359 'msg': 'deleted repo group ID:<repogroupid> <repogroupname>'
360 360 'repo_group': null
361 361 }
362 362 error : null
363 363
364 364 Example error output:
365 365
366 366 .. code-block:: bash
367 367
368 368 id : <id_given_in_input>
369 369 result : null
370 370 error : {
371 371 "failed to delete repo group ID:<repogroupid> <repogroupname>"
372 372 }
373 373
374 374 """
375 375
376 376 repo_group = get_repo_group_or_error(repogroupid)
377 377 if not has_superadmin_permission(apiuser):
378 378 validate_repo_group_permissions(
379 379 apiuser, repogroupid, repo_group, ('group.admin',))
380 380
381 381 old_data = repo_group.get_api_data()
382 382 try:
383 383 RepoGroupModel().delete(repo_group)
384 384 audit_logger.store_api(
385 385 'repo_group.delete', action_data={'old_data': old_data},
386 386 user=apiuser)
387 387 Session().commit()
388 388 return {
389 389 'msg': 'deleted repo group ID:%s %s' %
390 390 (repo_group.group_id, repo_group.group_name),
391 391 'repo_group': None
392 392 }
393 393 except Exception:
394 394 log.exception("Exception occurred while trying to delete repo group")
395 395 raise JSONRPCError('failed to delete repo group ID:%s %s' %
396 396 (repo_group.group_id, repo_group.group_name))
397 397
398 398
399 399 @jsonrpc_method()
400 400 def grant_user_permission_to_repo_group(
401 401 request, apiuser, repogroupid, userid, perm,
402 402 apply_to_children=Optional('none')):
403 403 """
404 404 Grant permission for a user on the given repository group, or update
405 405 existing permissions if found.
406 406
407 407 This command can only be run using an |authtoken| with admin
408 408 permissions.
409 409
410 410 :param apiuser: This is filled automatically from the |authtoken|.
411 411 :type apiuser: AuthUser
412 412 :param repogroupid: Set the name or ID of repository group.
413 413 :type repogroupid: str or int
414 414 :param userid: Set the user name.
415 415 :type userid: str
416 416 :param perm: (group.(none|read|write|admin))
417 417 :type perm: str
418 418 :param apply_to_children: 'none', 'repos', 'groups', 'all'
419 419 :type apply_to_children: str
420 420
421 421 Example output:
422 422
423 423 .. code-block:: bash
424 424
425 425 id : <id_given_in_input>
426 426 result: {
427 427 "msg" : "Granted perm: `<perm>` (recursive:<apply_to_children>) for user: `<username>` in repo group: `<repo_group_name>`",
428 428 "success": true
429 429 }
430 430 error: null
431 431
432 432 Example error output:
433 433
434 434 .. code-block:: bash
435 435
436 436 id : <id_given_in_input>
437 437 result : null
438 438 error : {
439 439 "failed to edit permission for user: `<userid>` in repo group: `<repo_group_name>`"
440 440 }
441 441
442 442 """
443 443
444 444 repo_group = get_repo_group_or_error(repogroupid)
445 445
446 446 if not has_superadmin_permission(apiuser):
447 447 validate_repo_group_permissions(
448 448 apiuser, repogroupid, repo_group, ('group.admin',))
449 449
450 450 user = get_user_or_error(userid)
451 451 perm = get_perm_or_error(perm, prefix='group.')
452 452 apply_to_children = Optional.extract(apply_to_children)
453 453
454 454 perm_additions = [[user.user_id, perm.permission_name, "user"]]
455 455 try:
456 RepoGroupModel().update_permissions(repo_group=repo_group,
457 perm_additions=perm_additions,
458 recursive=apply_to_children,
459 cur_user=apiuser)
456 changes = RepoGroupModel().update_permissions(
457 repo_group=repo_group, perm_additions=perm_additions,
458 recursive=apply_to_children, cur_user=apiuser)
459
460 action_data = {
461 'added': changes['added'],
462 'updated': changes['updated'],
463 'deleted': changes['deleted'],
464 }
465 audit_logger.store_api(
466 'repo_group.edit.permissions', action_data=action_data,
467 user=apiuser)
468
460 469 Session().commit()
461 470 return {
462 471 'msg': 'Granted perm: `%s` (recursive:%s) for user: '
463 472 '`%s` in repo group: `%s`' % (
464 473 perm.permission_name, apply_to_children, user.username,
465 474 repo_group.name
466 475 ),
467 476 'success': True
468 477 }
469 478 except Exception:
470 479 log.exception("Exception occurred while trying to grant "
471 480 "user permissions to repo group")
472 481 raise JSONRPCError(
473 482 'failed to edit permission for user: '
474 483 '`%s` in repo group: `%s`' % (userid, repo_group.name))
475 484
476 485
477 486 @jsonrpc_method()
478 487 def revoke_user_permission_from_repo_group(
479 488 request, apiuser, repogroupid, userid,
480 489 apply_to_children=Optional('none')):
481 490 """
482 491 Revoke permission for a user in a given repository group.
483 492
484 493 This command can only be run using an |authtoken| with admin
485 494 permissions on the |repo| group.
486 495
487 496 :param apiuser: This is filled automatically from the |authtoken|.
488 497 :type apiuser: AuthUser
489 498 :param repogroupid: Set the name or ID of the repository group.
490 499 :type repogroupid: str or int
491 500 :param userid: Set the user name to revoke.
492 501 :type userid: str
493 502 :param apply_to_children: 'none', 'repos', 'groups', 'all'
494 503 :type apply_to_children: str
495 504
496 505 Example output:
497 506
498 507 .. code-block:: bash
499 508
500 509 id : <id_given_in_input>
501 510 result: {
502 511 "msg" : "Revoked perm (recursive:<apply_to_children>) for user: `<username>` in repo group: `<repo_group_name>`",
503 512 "success": true
504 513 }
505 514 error: null
506 515
507 516 Example error output:
508 517
509 518 .. code-block:: bash
510 519
511 520 id : <id_given_in_input>
512 521 result : null
513 522 error : {
514 523 "failed to edit permission for user: `<userid>` in repo group: `<repo_group_name>`"
515 524 }
516 525
517 526 """
518 527
519 528 repo_group = get_repo_group_or_error(repogroupid)
520 529
521 530 if not has_superadmin_permission(apiuser):
522 531 validate_repo_group_permissions(
523 532 apiuser, repogroupid, repo_group, ('group.admin',))
524 533
525 534 user = get_user_or_error(userid)
526 535 apply_to_children = Optional.extract(apply_to_children)
527 536
528 537 perm_deletions = [[user.user_id, None, "user"]]
529 538 try:
530 RepoGroupModel().update_permissions(repo_group=repo_group,
531 perm_deletions=perm_deletions,
532 recursive=apply_to_children,
533 cur_user=apiuser)
539 changes = RepoGroupModel().update_permissions(
540 repo_group=repo_group, perm_deletions=perm_deletions,
541 recursive=apply_to_children, cur_user=apiuser)
542
543 action_data = {
544 'added': changes['added'],
545 'updated': changes['updated'],
546 'deleted': changes['deleted'],
547 }
548 audit_logger.store_api(
549 'repo_group.edit.permissions', action_data=action_data,
550 user=apiuser)
551
534 552 Session().commit()
535 553 return {
536 554 'msg': 'Revoked perm (recursive:%s) for user: '
537 555 '`%s` in repo group: `%s`' % (
538 556 apply_to_children, user.username, repo_group.name
539 557 ),
540 558 'success': True
541 559 }
542 560 except Exception:
543 561 log.exception("Exception occurred while trying revoke user "
544 562 "permission from repo group")
545 563 raise JSONRPCError(
546 564 'failed to edit permission for user: '
547 565 '`%s` in repo group: `%s`' % (userid, repo_group.name))
548 566
549 567
550 568 @jsonrpc_method()
551 569 def grant_user_group_permission_to_repo_group(
552 570 request, apiuser, repogroupid, usergroupid, perm,
553 571 apply_to_children=Optional('none'), ):
554 572 """
555 573 Grant permission for a user group on given repository group, or update
556 574 existing permissions if found.
557 575
558 576 This command can only be run using an |authtoken| with admin
559 577 permissions on the |repo| group.
560 578
561 579 :param apiuser: This is filled automatically from the |authtoken|.
562 580 :type apiuser: AuthUser
563 581 :param repogroupid: Set the name or id of repository group
564 582 :type repogroupid: str or int
565 583 :param usergroupid: id of usergroup
566 584 :type usergroupid: str or int
567 585 :param perm: (group.(none|read|write|admin))
568 586 :type perm: str
569 587 :param apply_to_children: 'none', 'repos', 'groups', 'all'
570 588 :type apply_to_children: str
571 589
572 590 Example output:
573 591
574 592 .. code-block:: bash
575 593
576 594 id : <id_given_in_input>
577 595 result : {
578 596 "msg" : "Granted perm: `<perm>` (recursive:<apply_to_children>) for user group: `<usersgroupname>` in repo group: `<repo_group_name>`",
579 597 "success": true
580 598
581 599 }
582 600 error : null
583 601
584 602 Example error output:
585 603
586 604 .. code-block:: bash
587 605
588 606 id : <id_given_in_input>
589 607 result : null
590 608 error : {
591 609 "failed to edit permission for user group: `<usergroup>` in repo group: `<repo_group_name>`"
592 610 }
593 611
594 612 """
595 613
596 614 repo_group = get_repo_group_or_error(repogroupid)
597 615 perm = get_perm_or_error(perm, prefix='group.')
598 616 user_group = get_user_group_or_error(usergroupid)
599 617 if not has_superadmin_permission(apiuser):
600 618 validate_repo_group_permissions(
601 619 apiuser, repogroupid, repo_group, ('group.admin',))
602 620
603 621 # check if we have at least read permission for this user group !
604 622 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
605 623 if not HasUserGroupPermissionAnyApi(*_perms)(
606 624 user=apiuser, user_group_name=user_group.users_group_name):
607 625 raise JSONRPCError(
608 626 'user group `%s` does not exist' % (usergroupid,))
609 627
610 628 apply_to_children = Optional.extract(apply_to_children)
611 629
612 630 perm_additions = [[user_group.users_group_id, perm.permission_name, "user_group"]]
613 631 try:
614 RepoGroupModel().update_permissions(repo_group=repo_group,
615 perm_additions=perm_additions,
616 recursive=apply_to_children,
617 cur_user=apiuser)
632 changes = RepoGroupModel().update_permissions(
633 repo_group=repo_group, perm_additions=perm_additions,
634 recursive=apply_to_children, cur_user=apiuser)
635
636 action_data = {
637 'added': changes['added'],
638 'updated': changes['updated'],
639 'deleted': changes['deleted'],
640 }
641 audit_logger.store_api(
642 'repo_group.edit.permissions', action_data=action_data,
643 user=apiuser)
644
618 645 Session().commit()
619 646 return {
620 647 'msg': 'Granted perm: `%s` (recursive:%s) '
621 648 'for user group: `%s` in repo group: `%s`' % (
622 649 perm.permission_name, apply_to_children,
623 650 user_group.users_group_name, repo_group.name
624 651 ),
625 652 'success': True
626 653 }
627 654 except Exception:
628 655 log.exception("Exception occurred while trying to grant user "
629 656 "group permissions to repo group")
630 657 raise JSONRPCError(
631 658 'failed to edit permission for user group: `%s` in '
632 659 'repo group: `%s`' % (
633 660 usergroupid, repo_group.name
634 661 )
635 662 )
636 663
637 664
638 665 @jsonrpc_method()
639 666 def revoke_user_group_permission_from_repo_group(
640 667 request, apiuser, repogroupid, usergroupid,
641 668 apply_to_children=Optional('none')):
642 669 """
643 670 Revoke permission for user group on given repository.
644 671
645 672 This command can only be run using an |authtoken| with admin
646 673 permissions on the |repo| group.
647 674
648 675 :param apiuser: This is filled automatically from the |authtoken|.
649 676 :type apiuser: AuthUser
650 677 :param repogroupid: name or id of repository group
651 678 :type repogroupid: str or int
652 679 :param usergroupid:
653 680 :param apply_to_children: 'none', 'repos', 'groups', 'all'
654 681 :type apply_to_children: str
655 682
656 683 Example output:
657 684
658 685 .. code-block:: bash
659 686
660 687 id : <id_given_in_input>
661 688 result: {
662 689 "msg" : "Revoked perm (recursive:<apply_to_children>) for user group: `<usersgroupname>` in repo group: `<repo_group_name>`",
663 690 "success": true
664 691 }
665 692 error: null
666 693
667 694 Example error output:
668 695
669 696 .. code-block:: bash
670 697
671 698 id : <id_given_in_input>
672 699 result : null
673 700 error : {
674 701 "failed to edit permission for user group: `<usergroup>` in repo group: `<repo_group_name>`"
675 702 }
676 703
677 704
678 705 """
679 706
680 707 repo_group = get_repo_group_or_error(repogroupid)
681 708 user_group = get_user_group_or_error(usergroupid)
682 709 if not has_superadmin_permission(apiuser):
683 710 validate_repo_group_permissions(
684 711 apiuser, repogroupid, repo_group, ('group.admin',))
685 712
686 713 # check if we have at least read permission for this user group !
687 714 _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',)
688 715 if not HasUserGroupPermissionAnyApi(*_perms)(
689 716 user=apiuser, user_group_name=user_group.users_group_name):
690 717 raise JSONRPCError(
691 718 'user group `%s` does not exist' % (usergroupid,))
692 719
693 720 apply_to_children = Optional.extract(apply_to_children)
694 721
695 722 perm_deletions = [[user_group.users_group_id, None, "user_group"]]
696 723 try:
697 RepoGroupModel().update_permissions(repo_group=repo_group,
698 perm_deletions=perm_deletions,
699 recursive=apply_to_children,
700 cur_user=apiuser)
724 changes = RepoGroupModel().update_permissions(
725 repo_group=repo_group, perm_deletions=perm_deletions,
726 recursive=apply_to_children, cur_user=apiuser)
727
728 action_data = {
729 'added': changes['added'],
730 'updated': changes['updated'],
731 'deleted': changes['deleted'],
732 }
733 audit_logger.store_api(
734 'repo_group.edit.permissions', action_data=action_data,
735 user=apiuser)
736
701 737 Session().commit()
702 738 return {
703 739 'msg': 'Revoked perm (recursive:%s) for user group: '
704 740 '`%s` in repo group: `%s`' % (
705 741 apply_to_children, user_group.users_group_name,
706 742 repo_group.name
707 743 ),
708 744 'success': True
709 745 }
710 746 except Exception:
711 747 log.exception("Exception occurred while trying revoke user group "
712 748 "permissions from repo group")
713 749 raise JSONRPCError(
714 750 'failed to edit permission for user group: '
715 751 '`%s` in repo group: `%s`' % (
716 752 user_group.users_group_name, repo_group.name
717 753 )
718 754 )
719
General Comments 0
You need to be logged in to leave comments. Login now