Show More
@@ -31,15 +31,17 b' from pylons.controllers.util import redi' | |||
|
31 | 31 | from pylons.i18n.translation import _ |
|
32 | 32 | |
|
33 | 33 | from rhodecode.authentication.plugins import auth_rhodecode |
|
34 | ||
|
35 | from rhodecode.lib import helpers as h | |
|
36 | from rhodecode.lib import auth | |
|
37 | from rhodecode.lib import audit_logger | |
|
38 | from rhodecode.lib.auth import ( | |
|
39 | LoginRequired, HasPermissionAllDecorator, AuthUser) | |
|
40 | from rhodecode.lib.base import BaseController, render | |
|
34 | 41 | from rhodecode.lib.exceptions import ( |
|
35 | 42 | DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException, |
|
36 | 43 | UserOwnsUserGroupsException, UserCreationError) |
|
37 | from rhodecode.lib import helpers as h | |
|
38 | from rhodecode.lib import auth | |
|
39 | from rhodecode.lib.auth import ( | |
|
40 | LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token) | |
|
41 | from rhodecode.lib.base import BaseController, render | |
|
42 | from rhodecode.model.auth_token import AuthTokenModel | |
|
44 | from rhodecode.lib.utils2 import safe_int, AttributeDict | |
|
43 | 45 | |
|
44 | 46 | from rhodecode.model.db import ( |
|
45 | 47 | PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup) |
@@ -49,8 +51,6 b' from rhodecode.model.repo_group import R' | |||
|
49 | 51 | from rhodecode.model.user import UserModel |
|
50 | 52 | from rhodecode.model.meta import Session |
|
51 | 53 | from rhodecode.model.permission import PermissionModel |
|
52 | from rhodecode.lib.utils import action_logger | |
|
53 | from rhodecode.lib.utils2 import datetime_to_time, safe_int, AttributeDict | |
|
54 | 54 | |
|
55 | 55 | log = logging.getLogger(__name__) |
|
56 | 56 | |
@@ -88,7 +88,6 b' class UsersController(BaseController):' | |||
|
88 | 88 | @HasPermissionAllDecorator('hg.admin') |
|
89 | 89 | @auth.CSRFRequired() |
|
90 | 90 | def create(self): |
|
91 | """POST /users: Create a new item""" | |
|
92 | 91 | c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name |
|
93 | 92 | user_model = UserModel() |
|
94 | 93 | user_form = UserForm()() |
@@ -96,9 +95,12 b' class UsersController(BaseController):' | |||
|
96 | 95 | form_result = user_form.to_python(dict(request.POST)) |
|
97 | 96 | user = user_model.create(form_result) |
|
98 | 97 | Session().flush() |
|
98 | creation_data = user.get_api_data() | |
|
99 | 99 | username = form_result['username'] |
|
100 | action_logger(c.rhodecode_user, 'admin_created_user:%s' % username, | |
|
101 | None, self.ip_addr, self.sa) | |
|
100 | ||
|
101 | audit_logger.store_web( | |
|
102 | 'user.create', action_data={'data': creation_data}, | |
|
103 | user=c.rhodecode_user) | |
|
102 | 104 | |
|
103 | 105 | user_link = h.link_to(h.escape(username), |
|
104 | 106 | url('edit_user', |
@@ -125,8 +127,6 b' class UsersController(BaseController):' | |||
|
125 | 127 | |
|
126 | 128 | @HasPermissionAllDecorator('hg.admin') |
|
127 | 129 | def new(self): |
|
128 | """GET /users/new: Form to create a new item""" | |
|
129 | # url('new_user') | |
|
130 | 130 | c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name |
|
131 | 131 | self._get_personal_repo_group_template_vars() |
|
132 | 132 | return render('admin/users/user_add.mako') |
@@ -134,13 +134,7 b' class UsersController(BaseController):' | |||
|
134 | 134 | @HasPermissionAllDecorator('hg.admin') |
|
135 | 135 | @auth.CSRFRequired() |
|
136 | 136 | def update(self, user_id): |
|
137 | """PUT /users/user_id: Update an existing item""" | |
|
138 | # Forms posted to this method should contain a hidden field: | |
|
139 | # <input type="hidden" name="_method" value="PUT" /> | |
|
140 | # Or using helpers: | |
|
141 | # h.form(url('update_user', user_id=ID), | |
|
142 | # method='put') | |
|
143 | # url('user', user_id=ID) | |
|
137 | ||
|
144 | 138 | user_id = safe_int(user_id) |
|
145 | 139 | c.user = User.get_or_404(user_id) |
|
146 | 140 | c.active = 'profile' |
@@ -152,6 +146,7 b' class UsersController(BaseController):' | |||
|
152 | 146 | old_data={'user_id': user_id, |
|
153 | 147 | 'email': c.user.email})() |
|
154 | 148 | form_result = {} |
|
149 | old_values = c.user.get_api_data() | |
|
155 | 150 | try: |
|
156 | 151 | form_result = _form.to_python(dict(request.POST)) |
|
157 | 152 | skip_attrs = ['extern_type', 'extern_name'] |
@@ -160,12 +155,15 b' class UsersController(BaseController):' | |||
|
160 | 155 | # forbid updating username for external accounts |
|
161 | 156 | skip_attrs.append('username') |
|
162 | 157 | |
|
163 |
UserModel().update_user( |
|
|
164 | usr = form_result['username'] | |
|
165 | action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr, | |
|
166 | None, self.ip_addr, self.sa) | |
|
158 | UserModel().update_user( | |
|
159 | user_id, skip_attrs=skip_attrs, **form_result) | |
|
160 | ||
|
161 | audit_logger.store_web( | |
|
162 | 'user.edit', action_data={'old_data': old_values}, | |
|
163 | user=c.rhodecode_user) | |
|
164 | ||
|
165 | Session().commit() | |
|
167 | 166 | h.flash(_('User updated successfully'), category='success') |
|
168 | Session().commit() | |
|
169 | 167 | except formencode.Invalid as errors: |
|
170 | 168 | defaults = errors.value |
|
171 | 169 | e = errors.error_dict or {} |
@@ -188,13 +186,6 b' class UsersController(BaseController):' | |||
|
188 | 186 | @HasPermissionAllDecorator('hg.admin') |
|
189 | 187 | @auth.CSRFRequired() |
|
190 | 188 | def delete(self, user_id): |
|
191 | """DELETE /users/user_id: Delete an existing item""" | |
|
192 | # Forms posted to this method should contain a hidden field: | |
|
193 | # <input type="hidden" name="_method" value="DELETE" /> | |
|
194 | # Or using helpers: | |
|
195 | # h.form(url('delete_user', user_id=ID), | |
|
196 | # method='delete') | |
|
197 | # url('user', user_id=ID) | |
|
198 | 189 | user_id = safe_int(user_id) |
|
199 | 190 | c.user = User.get_or_404(user_id) |
|
200 | 191 | |
@@ -249,10 +240,16 b' class UsersController(BaseController):' | |||
|
249 | 240 | _('Deleted %s user groups') % len(_user_groups), |
|
250 | 241 | category='success') |
|
251 | 242 | |
|
243 | old_values = c.user.get_api_data() | |
|
252 | 244 | try: |
|
253 | 245 | UserModel().delete(c.user, handle_repos=handle_repos, |
|
254 | 246 | handle_repo_groups=handle_repo_groups, |
|
255 | 247 | handle_user_groups=handle_user_groups) |
|
248 | ||
|
249 | audit_logger.store_web( | |
|
250 | 'user.delete', action_data={'old_data': old_values}, | |
|
251 | user=c.rhodecode_user) | |
|
252 | ||
|
256 | 253 | Session().commit() |
|
257 | 254 | set_handle_flash_repos() |
|
258 | 255 | set_handle_flash_repo_groups() |
@@ -272,19 +269,25 b' class UsersController(BaseController):' | |||
|
272 | 269 | def reset_password(self, user_id): |
|
273 | 270 | """ |
|
274 | 271 | toggle reset password flag for this user |
|
275 | ||
|
276 | :param user_id: | |
|
277 | 272 | """ |
|
278 | 273 | user_id = safe_int(user_id) |
|
279 | 274 | c.user = User.get_or_404(user_id) |
|
280 | 275 | try: |
|
281 | 276 | old_value = c.user.user_data.get('force_password_change') |
|
282 | 277 | c.user.update_userdata(force_password_change=not old_value) |
|
283 | Session().commit() | |
|
278 | ||
|
284 | 279 | if old_value: |
|
285 | 280 | msg = _('Force password change disabled for user') |
|
281 | audit_logger.store_web( | |
|
282 | 'user.edit.password_reset.disabled', | |
|
283 | user=c.rhodecode_user) | |
|
286 | 284 | else: |
|
287 | 285 | msg = _('Force password change enabled for user') |
|
286 | audit_logger.store_web( | |
|
287 | 'user.edit.password_reset.enabled', | |
|
288 | user=c.rhodecode_user) | |
|
289 | ||
|
290 | Session().commit() | |
|
288 | 291 | h.flash(msg, category='success') |
|
289 | 292 | except Exception: |
|
290 | 293 | log.exception("Exception during password reset for user") |
@@ -298,8 +301,6 b' class UsersController(BaseController):' | |||
|
298 | 301 | def create_personal_repo_group(self, user_id): |
|
299 | 302 | """ |
|
300 | 303 | Create personal repository group for this user |
|
301 | ||
|
302 | :param user_id: | |
|
303 | 304 | """ |
|
304 | 305 | from rhodecode.model.repo_group import RepoGroupModel |
|
305 | 306 | |
@@ -428,8 +429,6 b' class UsersController(BaseController):' | |||
|
428 | 429 | @HasPermissionAllDecorator('hg.admin') |
|
429 | 430 | @auth.CSRFRequired() |
|
430 | 431 | def update_global_perms(self, user_id): |
|
431 | """PUT /users_perm/user_id: Update an existing item""" | |
|
432 | # url('user_perm', user_id=ID, method='put') | |
|
433 | 432 | user_id = safe_int(user_id) |
|
434 | 433 | user = User.get_or_404(user_id) |
|
435 | 434 | c.active = 'global_perms' |
@@ -456,11 +455,13 b' class UsersController(BaseController):' | |||
|
456 | 455 | |
|
457 | 456 | PermissionModel().update_user_permissions(form_result) |
|
458 | 457 | |
|
458 | # TODO(marcink): implement global permissions | |
|
459 | # audit_log.store_web('user.edit.permissions') | |
|
460 | ||
|
459 | 461 | Session().commit() |
|
460 | 462 | h.flash(_('User global permissions updated successfully'), |
|
461 | 463 | category='success') |
|
462 | 464 | |
|
463 | Session().commit() | |
|
464 | 465 | except formencode.Invalid as errors: |
|
465 | 466 | defaults = errors.value |
|
466 | 467 | c.user = user |
@@ -512,16 +513,18 b' class UsersController(BaseController):' | |||
|
512 | 513 | @HasPermissionAllDecorator('hg.admin') |
|
513 | 514 | @auth.CSRFRequired() |
|
514 | 515 | def add_email(self, user_id): |
|
515 | """POST /user_emails:Add an existing item""" | |
|
516 | # url('user_emails', user_id=ID, method='put') | |
|
517 | 516 | user_id = safe_int(user_id) |
|
518 | 517 | c.user = User.get_or_404(user_id) |
|
519 | 518 | |
|
520 | 519 | email = request.POST.get('new_email') |
|
521 | 520 | user_model = UserModel() |
|
522 | ||
|
521 | user_data = c.user.get_api_data() | |
|
523 | 522 | try: |
|
524 | 523 | user_model.add_extra_email(user_id, email) |
|
524 | audit_logger.store_web( | |
|
525 | 'user.edit.email.add', | |
|
526 | action_data={'email': email, 'user': user_data}, | |
|
527 | user=c.rhodecode_user) | |
|
525 | 528 | Session().commit() |
|
526 | 529 | h.flash(_("Added new email address `%s` for user account") % email, |
|
527 | 530 | category='success') |
@@ -537,13 +540,18 b' class UsersController(BaseController):' | |||
|
537 | 540 | @HasPermissionAllDecorator('hg.admin') |
|
538 | 541 | @auth.CSRFRequired() |
|
539 | 542 | def delete_email(self, user_id): |
|
540 | """DELETE /user_emails_delete/user_id: Delete an existing item""" | |
|
541 | # url('user_emails_delete', user_id=ID, method='delete') | |
|
542 | 543 | user_id = safe_int(user_id) |
|
543 | 544 | c.user = User.get_or_404(user_id) |
|
544 | 545 | email_id = request.POST.get('del_email_id') |
|
545 | 546 | user_model = UserModel() |
|
547 | ||
|
548 | email = UserEmailMap.query().get(email_id).email | |
|
549 | user_data = c.user.get_api_data() | |
|
546 | 550 | user_model.delete_extra_email(user_id, email_id) |
|
551 | audit_logger.store_web( | |
|
552 | 'user.edit.email.delete', | |
|
553 | action_data={'email': email, 'user': user_data}, | |
|
554 | user=c.rhodecode_user) | |
|
547 | 555 | Session().commit() |
|
548 | 556 | h.flash(_("Removed email address from user account"), category='success') |
|
549 | 557 | return redirect(url('edit_user_emails', user_id=user_id)) |
@@ -574,9 +582,6 b' class UsersController(BaseController):' | |||
|
574 | 582 | @HasPermissionAllDecorator('hg.admin') |
|
575 | 583 | @auth.CSRFRequired() |
|
576 | 584 | def add_ip(self, user_id): |
|
577 | """POST /user_ips:Add an existing item""" | |
|
578 | # url('user_ips', user_id=ID, method='put') | |
|
579 | ||
|
580 | 585 | user_id = safe_int(user_id) |
|
581 | 586 | c.user = User.get_or_404(user_id) |
|
582 | 587 | user_model = UserModel() |
@@ -590,9 +595,14 b' class UsersController(BaseController):' | |||
|
590 | 595 | |
|
591 | 596 | desc = request.POST.get('description') |
|
592 | 597 | added = [] |
|
598 | user_data = c.user.get_api_data() | |
|
593 | 599 | for ip in ip_list: |
|
594 | 600 | try: |
|
595 | 601 | user_model.add_extra_ip(user_id, ip, desc) |
|
602 | audit_logger.store_web( | |
|
603 | 'user.edit.ip.add', | |
|
604 | action_data={'ip': ip, 'user': user_data}, | |
|
605 | user=c.rhodecode_user) | |
|
596 | 606 | Session().commit() |
|
597 | 607 | added.append(ip) |
|
598 | 608 | except formencode.Invalid as error: |
@@ -613,14 +623,18 b' class UsersController(BaseController):' | |||
|
613 | 623 | @HasPermissionAllDecorator('hg.admin') |
|
614 | 624 | @auth.CSRFRequired() |
|
615 | 625 | def delete_ip(self, user_id): |
|
616 | """DELETE /user_ips_delete/user_id: Delete an existing item""" | |
|
617 | # url('user_ips_delete', user_id=ID, method='delete') | |
|
618 | 626 | user_id = safe_int(user_id) |
|
619 | 627 | c.user = User.get_or_404(user_id) |
|
620 | 628 | |
|
621 | 629 | ip_id = request.POST.get('del_ip_id') |
|
622 | 630 | user_model = UserModel() |
|
631 | ip = UserIpMap.query().get(ip_id).ip_addr | |
|
632 | user_data = c.user.get_api_data() | |
|
623 | 633 | user_model.delete_extra_ip(user_id, ip_id) |
|
634 | audit_logger.store_web( | |
|
635 | 'user.edit.ip.delete', | |
|
636 | action_data={'ip': ip, 'user': user_data}, | |
|
637 | user=c.rhodecode_user) | |
|
624 | 638 | Session().commit() |
|
625 | 639 | h.flash(_("Removed ip address from user whitelist"), category='success') |
|
626 | 640 |
@@ -27,7 +27,7 b' from rhodecode.model.db import User, Use' | |||
|
27 | 27 | |
|
28 | 28 | log = logging.getLogger(__name__) |
|
29 | 29 | |
|
30 | ||
|
30 | # action as key, and expected action_data as value | |
|
31 | 31 | ACTIONS = { |
|
32 | 32 | 'user.login.success': {}, |
|
33 | 33 | 'user.login.failure': {}, |
@@ -38,6 +38,19 b' ACTIONS = {' | |||
|
38 | 38 | |
|
39 | 39 | 'repo.create': {}, |
|
40 | 40 | 'repo.edit': {}, |
|
41 | 'user.create': {'data': {}}, | |
|
42 | 'user.delete': {'old_data': {}}, | |
|
43 | 'user.edit': {'old_data': {}}, | |
|
44 | 'user.edit.permissions': {}, | |
|
45 | 'user.edit.ip.add': {}, | |
|
46 | 'user.edit.ip.delete': {}, | |
|
47 | 'user.edit.token.add': {}, | |
|
48 | 'user.edit.token.delete': {}, | |
|
49 | 'user.edit.email.add': {}, | |
|
50 | 'user.edit.email.delete': {}, | |
|
51 | 'user.edit.password_reset.enabled': {}, | |
|
52 | 'user.edit.password_reset.disabled': {}, | |
|
53 | ||
|
41 | 54 | 'repo.edit.permissions': {}, |
|
42 | 55 | 'repo.delete': {}, |
|
43 | 56 | 'repo.commit.strip': {}, |
@@ -117,8 +130,7 b' def store_api(*args, **kwargs):' | |||
|
117 | 130 | return store(*args, **kwargs) |
|
118 | 131 | |
|
119 | 132 | |
|
120 | def store( | |
|
121 | action, user, action_data=None, user_data=None, ip_addr=None, | |
|
133 | def store(action, user, action_data=None, user_data=None, ip_addr=None, | |
|
122 | 134 | repo=None, sa_session=None, commit=False): |
|
123 | 135 | """ |
|
124 | 136 | Audit logger for various actions made by users, typically this |
@@ -767,7 +767,7 b' class UserModel(BaseModel):' | |||
|
767 | 767 | """ |
|
768 | 768 | user = self._get_user(user) |
|
769 | 769 | obj = UserEmailMap.query().get(email_id) |
|
770 | if obj: | |
|
770 | if obj and obj.user_id == user.user_id: | |
|
771 | 771 | self.sa.delete(obj) |
|
772 | 772 | |
|
773 | 773 | def parse_ip_range(self, ip_range): |
@@ -824,7 +824,7 b' class UserModel(BaseModel):' | |||
|
824 | 824 | """ |
|
825 | 825 | user = self._get_user(user) |
|
826 | 826 | obj = UserIpMap.query().get(ip_id) |
|
827 | if obj: | |
|
827 | if obj and obj.user_id == user.user_id: | |
|
828 | 828 | self.sa.delete(obj) |
|
829 | 829 | |
|
830 | 830 | def get_accounts_in_creation_order(self, current_user=None): |
General Comments 0
You need to be logged in to leave comments.
Login now