##// END OF EJS Templates
permissions: fixed audit log data on user group permissions view.
marcink -
r2828:c4ab4c37 default
parent child Browse files
Show More
@@ -1,519 +1,519 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2016-2018 RhodeCode GmbH
3 # Copyright (C) 2016-2018 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 import peppercorn
23 import peppercorn
24 import formencode
24 import formencode
25 import formencode.htmlfill
25 import formencode.htmlfill
26 from pyramid.httpexceptions import HTTPFound
26 from pyramid.httpexceptions import HTTPFound
27 from pyramid.view import view_config
27 from pyramid.view import view_config
28 from pyramid.response import Response
28 from pyramid.response import Response
29 from pyramid.renderers import render
29 from pyramid.renderers import render
30
30
31 from rhodecode.lib.exceptions import (
31 from rhodecode.lib.exceptions import (
32 RepoGroupAssignmentError, UserGroupAssignedException)
32 RepoGroupAssignmentError, UserGroupAssignedException)
33 from rhodecode.model.forms import (
33 from rhodecode.model.forms import (
34 UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,
34 UserGroupPermsForm, UserGroupForm, UserIndividualPermissionsForm,
35 UserPermissionsForm)
35 UserPermissionsForm)
36 from rhodecode.model.permission import PermissionModel
36 from rhodecode.model.permission import PermissionModel
37
37
38 from rhodecode.apps._base import UserGroupAppView
38 from rhodecode.apps._base import UserGroupAppView
39 from rhodecode.lib.auth import (
39 from rhodecode.lib.auth import (
40 LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)
40 LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired)
41 from rhodecode.lib import helpers as h, audit_logger
41 from rhodecode.lib import helpers as h, audit_logger
42 from rhodecode.lib.utils2 import str2bool
42 from rhodecode.lib.utils2 import str2bool
43 from rhodecode.model.db import User
43 from rhodecode.model.db import User
44 from rhodecode.model.meta import Session
44 from rhodecode.model.meta import Session
45 from rhodecode.model.user_group import UserGroupModel
45 from rhodecode.model.user_group import UserGroupModel
46
46
47 log = logging.getLogger(__name__)
47 log = logging.getLogger(__name__)
48
48
49
49
50 class UserGroupsView(UserGroupAppView):
50 class UserGroupsView(UserGroupAppView):
51
51
52 def load_default_context(self):
52 def load_default_context(self):
53 c = self._get_local_tmpl_context()
53 c = self._get_local_tmpl_context()
54
54
55 PermissionModel().set_global_permission_choices(
55 PermissionModel().set_global_permission_choices(
56 c, gettext_translator=self.request.translate)
56 c, gettext_translator=self.request.translate)
57
57
58 return c
58 return c
59
59
60 @LoginRequired()
60 @LoginRequired()
61 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
61 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
62 @view_config(
62 @view_config(
63 route_name='user_group_members_data', request_method='GET',
63 route_name='user_group_members_data', request_method='GET',
64 renderer='json_ext', xhr=True)
64 renderer='json_ext', xhr=True)
65 def user_group_members(self):
65 def user_group_members(self):
66 """
66 """
67 Return members of given user group
67 Return members of given user group
68 """
68 """
69 self.load_default_context()
69 self.load_default_context()
70 user_group = self.db_user_group
70 user_group = self.db_user_group
71 group_members_obj = sorted((x.user for x in user_group.members),
71 group_members_obj = sorted((x.user for x in user_group.members),
72 key=lambda u: u.username.lower())
72 key=lambda u: u.username.lower())
73
73
74 group_members = [
74 group_members = [
75 {
75 {
76 'id': user.user_id,
76 'id': user.user_id,
77 'first_name': user.first_name,
77 'first_name': user.first_name,
78 'last_name': user.last_name,
78 'last_name': user.last_name,
79 'username': user.username,
79 'username': user.username,
80 'icon_link': h.gravatar_url(user.email, 30),
80 'icon_link': h.gravatar_url(user.email, 30),
81 'value_display': h.person(user.email),
81 'value_display': h.person(user.email),
82 'value': user.username,
82 'value': user.username,
83 'value_type': 'user',
83 'value_type': 'user',
84 'active': user.active,
84 'active': user.active,
85 }
85 }
86 for user in group_members_obj
86 for user in group_members_obj
87 ]
87 ]
88
88
89 return {
89 return {
90 'members': group_members
90 'members': group_members
91 }
91 }
92
92
93 @LoginRequired()
93 @LoginRequired()
94 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
94 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
95 @view_config(
95 @view_config(
96 route_name='edit_user_group_perms_summary', request_method='GET',
96 route_name='edit_user_group_perms_summary', request_method='GET',
97 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
97 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
98 def user_group_perms_summary(self):
98 def user_group_perms_summary(self):
99 c = self.load_default_context()
99 c = self.load_default_context()
100 c.user_group = self.db_user_group
100 c.user_group = self.db_user_group
101 c.active = 'perms_summary'
101 c.active = 'perms_summary'
102 c.permissions = UserGroupModel().get_perms_summary(
102 c.permissions = UserGroupModel().get_perms_summary(
103 c.user_group.users_group_id)
103 c.user_group.users_group_id)
104 return self._get_template_context(c)
104 return self._get_template_context(c)
105
105
106 @LoginRequired()
106 @LoginRequired()
107 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
107 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
108 @view_config(
108 @view_config(
109 route_name='edit_user_group_perms_summary_json', request_method='GET',
109 route_name='edit_user_group_perms_summary_json', request_method='GET',
110 renderer='json_ext')
110 renderer='json_ext')
111 def user_group_perms_summary_json(self):
111 def user_group_perms_summary_json(self):
112 self.load_default_context()
112 self.load_default_context()
113 user_group = self.db_user_group
113 user_group = self.db_user_group
114 return UserGroupModel().get_perms_summary(user_group.users_group_id)
114 return UserGroupModel().get_perms_summary(user_group.users_group_id)
115
115
116 def _revoke_perms_on_yourself(self, form_result):
116 def _revoke_perms_on_yourself(self, form_result):
117 _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
117 _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
118 form_result['perm_updates'])
118 form_result['perm_updates'])
119 _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
119 _additions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
120 form_result['perm_additions'])
120 form_result['perm_additions'])
121 _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
121 _deletions = filter(lambda u: self._rhodecode_user.user_id == int(u[0]),
122 form_result['perm_deletions'])
122 form_result['perm_deletions'])
123 admin_perm = 'usergroup.admin'
123 admin_perm = 'usergroup.admin'
124 if _updates and _updates[0][1] != admin_perm or \
124 if _updates and _updates[0][1] != admin_perm or \
125 _additions and _additions[0][1] != admin_perm or \
125 _additions and _additions[0][1] != admin_perm or \
126 _deletions and _deletions[0][1] != admin_perm:
126 _deletions and _deletions[0][1] != admin_perm:
127 return True
127 return True
128 return False
128 return False
129
129
130 @LoginRequired()
130 @LoginRequired()
131 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
131 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
132 @CSRFRequired()
132 @CSRFRequired()
133 @view_config(
133 @view_config(
134 route_name='user_groups_update', request_method='POST',
134 route_name='user_groups_update', request_method='POST',
135 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
135 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
136 def user_group_update(self):
136 def user_group_update(self):
137 _ = self.request.translate
137 _ = self.request.translate
138
138
139 user_group = self.db_user_group
139 user_group = self.db_user_group
140 user_group_id = user_group.users_group_id
140 user_group_id = user_group.users_group_id
141
141
142 c = self.load_default_context()
142 c = self.load_default_context()
143 c.user_group = user_group
143 c.user_group = user_group
144 c.group_members_obj = [x.user for x in c.user_group.members]
144 c.group_members_obj = [x.user for x in c.user_group.members]
145 c.group_members_obj.sort(key=lambda u: u.username.lower())
145 c.group_members_obj.sort(key=lambda u: u.username.lower())
146 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
146 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
147 c.active = 'settings'
147 c.active = 'settings'
148
148
149 users_group_form = UserGroupForm(
149 users_group_form = UserGroupForm(
150 self.request.translate, edit=True,
150 self.request.translate, edit=True,
151 old_data=c.user_group.get_dict(), allow_disabled=True)()
151 old_data=c.user_group.get_dict(), allow_disabled=True)()
152
152
153 old_values = c.user_group.get_api_data()
153 old_values = c.user_group.get_api_data()
154 user_group_name = self.request.POST.get('users_group_name')
154 user_group_name = self.request.POST.get('users_group_name')
155 try:
155 try:
156 form_result = users_group_form.to_python(self.request.POST)
156 form_result = users_group_form.to_python(self.request.POST)
157 pstruct = peppercorn.parse(self.request.POST.items())
157 pstruct = peppercorn.parse(self.request.POST.items())
158 form_result['users_group_members'] = pstruct['user_group_members']
158 form_result['users_group_members'] = pstruct['user_group_members']
159
159
160 user_group, added_members, removed_members = \
160 user_group, added_members, removed_members = \
161 UserGroupModel().update(c.user_group, form_result)
161 UserGroupModel().update(c.user_group, form_result)
162 updated_user_group = form_result['users_group_name']
162 updated_user_group = form_result['users_group_name']
163
163
164 for user_id in added_members:
164 for user_id in added_members:
165 user = User.get(user_id)
165 user = User.get(user_id)
166 user_data = user.get_api_data()
166 user_data = user.get_api_data()
167 audit_logger.store_web(
167 audit_logger.store_web(
168 'user_group.edit.member.add',
168 'user_group.edit.member.add',
169 action_data={'user': user_data, 'old_data': old_values},
169 action_data={'user': user_data, 'old_data': old_values},
170 user=self._rhodecode_user)
170 user=self._rhodecode_user)
171
171
172 for user_id in removed_members:
172 for user_id in removed_members:
173 user = User.get(user_id)
173 user = User.get(user_id)
174 user_data = user.get_api_data()
174 user_data = user.get_api_data()
175 audit_logger.store_web(
175 audit_logger.store_web(
176 'user_group.edit.member.delete',
176 'user_group.edit.member.delete',
177 action_data={'user': user_data, 'old_data': old_values},
177 action_data={'user': user_data, 'old_data': old_values},
178 user=self._rhodecode_user)
178 user=self._rhodecode_user)
179
179
180 audit_logger.store_web(
180 audit_logger.store_web(
181 'user_group.edit', action_data={'old_data': old_values},
181 'user_group.edit', action_data={'old_data': old_values},
182 user=self._rhodecode_user)
182 user=self._rhodecode_user)
183
183
184 h.flash(_('Updated user group %s') % updated_user_group,
184 h.flash(_('Updated user group %s') % updated_user_group,
185 category='success')
185 category='success')
186 Session().commit()
186 Session().commit()
187 except formencode.Invalid as errors:
187 except formencode.Invalid as errors:
188 defaults = errors.value
188 defaults = errors.value
189 e = errors.error_dict or {}
189 e = errors.error_dict or {}
190
190
191 data = render(
191 data = render(
192 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
192 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
193 self._get_template_context(c), self.request)
193 self._get_template_context(c), self.request)
194 html = formencode.htmlfill.render(
194 html = formencode.htmlfill.render(
195 data,
195 data,
196 defaults=defaults,
196 defaults=defaults,
197 errors=e,
197 errors=e,
198 prefix_error=False,
198 prefix_error=False,
199 encoding="UTF-8",
199 encoding="UTF-8",
200 force_defaults=False
200 force_defaults=False
201 )
201 )
202 return Response(html)
202 return Response(html)
203
203
204 except Exception:
204 except Exception:
205 log.exception("Exception during update of user group")
205 log.exception("Exception during update of user group")
206 h.flash(_('Error occurred during update of user group %s')
206 h.flash(_('Error occurred during update of user group %s')
207 % user_group_name, category='error')
207 % user_group_name, category='error')
208
208
209 raise HTTPFound(
209 raise HTTPFound(
210 h.route_path('edit_user_group', user_group_id=user_group_id))
210 h.route_path('edit_user_group', user_group_id=user_group_id))
211
211
212 @LoginRequired()
212 @LoginRequired()
213 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
213 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
214 @CSRFRequired()
214 @CSRFRequired()
215 @view_config(
215 @view_config(
216 route_name='user_groups_delete', request_method='POST',
216 route_name='user_groups_delete', request_method='POST',
217 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
217 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
218 def user_group_delete(self):
218 def user_group_delete(self):
219 _ = self.request.translate
219 _ = self.request.translate
220 user_group = self.db_user_group
220 user_group = self.db_user_group
221
221
222 self.load_default_context()
222 self.load_default_context()
223 force = str2bool(self.request.POST.get('force'))
223 force = str2bool(self.request.POST.get('force'))
224
224
225 old_values = user_group.get_api_data()
225 old_values = user_group.get_api_data()
226 try:
226 try:
227 UserGroupModel().delete(user_group, force=force)
227 UserGroupModel().delete(user_group, force=force)
228 audit_logger.store_web(
228 audit_logger.store_web(
229 'user.delete', action_data={'old_data': old_values},
229 'user.delete', action_data={'old_data': old_values},
230 user=self._rhodecode_user)
230 user=self._rhodecode_user)
231 Session().commit()
231 Session().commit()
232 h.flash(_('Successfully deleted user group'), category='success')
232 h.flash(_('Successfully deleted user group'), category='success')
233 except UserGroupAssignedException as e:
233 except UserGroupAssignedException as e:
234 h.flash(str(e), category='error')
234 h.flash(str(e), category='error')
235 except Exception:
235 except Exception:
236 log.exception("Exception during deletion of user group")
236 log.exception("Exception during deletion of user group")
237 h.flash(_('An error occurred during deletion of user group'),
237 h.flash(_('An error occurred during deletion of user group'),
238 category='error')
238 category='error')
239 raise HTTPFound(h.route_path('user_groups'))
239 raise HTTPFound(h.route_path('user_groups'))
240
240
241 @LoginRequired()
241 @LoginRequired()
242 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
242 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
243 @view_config(
243 @view_config(
244 route_name='edit_user_group', request_method='GET',
244 route_name='edit_user_group', request_method='GET',
245 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
245 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
246 def user_group_edit(self):
246 def user_group_edit(self):
247 user_group = self.db_user_group
247 user_group = self.db_user_group
248
248
249 c = self.load_default_context()
249 c = self.load_default_context()
250 c.user_group = user_group
250 c.user_group = user_group
251 c.group_members_obj = [x.user for x in c.user_group.members]
251 c.group_members_obj = [x.user for x in c.user_group.members]
252 c.group_members_obj.sort(key=lambda u: u.username.lower())
252 c.group_members_obj.sort(key=lambda u: u.username.lower())
253 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
253 c.group_members = [(x.user_id, x.username) for x in c.group_members_obj]
254
254
255 c.active = 'settings'
255 c.active = 'settings'
256
256
257 defaults = user_group.get_dict()
257 defaults = user_group.get_dict()
258 # fill owner
258 # fill owner
259 if user_group.user:
259 if user_group.user:
260 defaults.update({'user': user_group.user.username})
260 defaults.update({'user': user_group.user.username})
261 else:
261 else:
262 replacement_user = User.get_first_super_admin().username
262 replacement_user = User.get_first_super_admin().username
263 defaults.update({'user': replacement_user})
263 defaults.update({'user': replacement_user})
264
264
265 data = render(
265 data = render(
266 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
266 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
267 self._get_template_context(c), self.request)
267 self._get_template_context(c), self.request)
268 html = formencode.htmlfill.render(
268 html = formencode.htmlfill.render(
269 data,
269 data,
270 defaults=defaults,
270 defaults=defaults,
271 encoding="UTF-8",
271 encoding="UTF-8",
272 force_defaults=False
272 force_defaults=False
273 )
273 )
274 return Response(html)
274 return Response(html)
275
275
276 @LoginRequired()
276 @LoginRequired()
277 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
277 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
278 @view_config(
278 @view_config(
279 route_name='edit_user_group_perms', request_method='GET',
279 route_name='edit_user_group_perms', request_method='GET',
280 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
280 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
281 def user_group_edit_perms(self):
281 def user_group_edit_perms(self):
282 user_group = self.db_user_group
282 user_group = self.db_user_group
283 c = self.load_default_context()
283 c = self.load_default_context()
284 c.user_group = user_group
284 c.user_group = user_group
285 c.active = 'perms'
285 c.active = 'perms'
286
286
287 defaults = {}
287 defaults = {}
288 # fill user group users
288 # fill user group users
289 for p in c.user_group.user_user_group_to_perm:
289 for p in c.user_group.user_user_group_to_perm:
290 defaults.update({'u_perm_%s' % p.user.user_id:
290 defaults.update({'u_perm_%s' % p.user.user_id:
291 p.permission.permission_name})
291 p.permission.permission_name})
292
292
293 for p in c.user_group.user_group_user_group_to_perm:
293 for p in c.user_group.user_group_user_group_to_perm:
294 defaults.update({'g_perm_%s' % p.user_group.users_group_id:
294 defaults.update({'g_perm_%s' % p.user_group.users_group_id:
295 p.permission.permission_name})
295 p.permission.permission_name})
296
296
297 data = render(
297 data = render(
298 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
298 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
299 self._get_template_context(c), self.request)
299 self._get_template_context(c), self.request)
300 html = formencode.htmlfill.render(
300 html = formencode.htmlfill.render(
301 data,
301 data,
302 defaults=defaults,
302 defaults=defaults,
303 encoding="UTF-8",
303 encoding="UTF-8",
304 force_defaults=False
304 force_defaults=False
305 )
305 )
306 return Response(html)
306 return Response(html)
307
307
308 @LoginRequired()
308 @LoginRequired()
309 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
309 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
310 @CSRFRequired()
310 @CSRFRequired()
311 @view_config(
311 @view_config(
312 route_name='edit_user_group_perms_update', request_method='POST',
312 route_name='edit_user_group_perms_update', request_method='POST',
313 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
313 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
314 def user_group_update_perms(self):
314 def user_group_update_perms(self):
315 """
315 """
316 grant permission for given user group
316 grant permission for given user group
317 """
317 """
318 _ = self.request.translate
318 _ = self.request.translate
319
319
320 user_group = self.db_user_group
320 user_group = self.db_user_group
321 user_group_id = user_group.users_group_id
321 user_group_id = user_group.users_group_id
322 c = self.load_default_context()
322 c = self.load_default_context()
323 c.user_group = user_group
323 c.user_group = user_group
324 form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)
324 form = UserGroupPermsForm(self.request.translate)().to_python(self.request.POST)
325
325
326 if not self._rhodecode_user.is_admin:
326 if not self._rhodecode_user.is_admin:
327 if self._revoke_perms_on_yourself(form):
327 if self._revoke_perms_on_yourself(form):
328 msg = _('Cannot change permission for yourself as admin')
328 msg = _('Cannot change permission for yourself as admin')
329 h.flash(msg, category='warning')
329 h.flash(msg, category='warning')
330 raise HTTPFound(
330 raise HTTPFound(
331 h.route_path('edit_user_group_perms',
331 h.route_path('edit_user_group_perms',
332 user_group_id=user_group_id))
332 user_group_id=user_group_id))
333
333
334 try:
334 try:
335 changes = UserGroupModel().update_permissions(
335 changes = UserGroupModel().update_permissions(
336 user_group_id,
336 user_group,
337 form['perm_additions'], form['perm_updates'],
337 form['perm_additions'], form['perm_updates'],
338 form['perm_deletions'])
338 form['perm_deletions'])
339
339
340 except RepoGroupAssignmentError:
340 except RepoGroupAssignmentError:
341 h.flash(_('Target group cannot be the same'), category='error')
341 h.flash(_('Target group cannot be the same'), category='error')
342 raise HTTPFound(
342 raise HTTPFound(
343 h.route_path('edit_user_group_perms',
343 h.route_path('edit_user_group_perms',
344 user_group_id=user_group_id))
344 user_group_id=user_group_id))
345
345
346 action_data = {
346 action_data = {
347 'added': changes['added'],
347 'added': changes['added'],
348 'updated': changes['updated'],
348 'updated': changes['updated'],
349 'deleted': changes['deleted'],
349 'deleted': changes['deleted'],
350 }
350 }
351 audit_logger.store_web(
351 audit_logger.store_web(
352 'user_group.edit.permissions', action_data=action_data,
352 'user_group.edit.permissions', action_data=action_data,
353 user=self._rhodecode_user)
353 user=self._rhodecode_user)
354
354
355 Session().commit()
355 Session().commit()
356 h.flash(_('User Group permissions updated'), category='success')
356 h.flash(_('User Group permissions updated'), category='success')
357 raise HTTPFound(
357 raise HTTPFound(
358 h.route_path('edit_user_group_perms', user_group_id=user_group_id))
358 h.route_path('edit_user_group_perms', user_group_id=user_group_id))
359
359
360 @LoginRequired()
360 @LoginRequired()
361 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
361 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
362 @view_config(
362 @view_config(
363 route_name='edit_user_group_global_perms', request_method='GET',
363 route_name='edit_user_group_global_perms', request_method='GET',
364 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
364 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
365 def user_group_global_perms_edit(self):
365 def user_group_global_perms_edit(self):
366 user_group = self.db_user_group
366 user_group = self.db_user_group
367 c = self.load_default_context()
367 c = self.load_default_context()
368 c.user_group = user_group
368 c.user_group = user_group
369 c.active = 'global_perms'
369 c.active = 'global_perms'
370
370
371 c.default_user = User.get_default_user()
371 c.default_user = User.get_default_user()
372 defaults = c.user_group.get_dict()
372 defaults = c.user_group.get_dict()
373 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
373 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
374 defaults.update(c.user_group.get_default_perms())
374 defaults.update(c.user_group.get_default_perms())
375
375
376 data = render(
376 data = render(
377 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
377 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
378 self._get_template_context(c), self.request)
378 self._get_template_context(c), self.request)
379 html = formencode.htmlfill.render(
379 html = formencode.htmlfill.render(
380 data,
380 data,
381 defaults=defaults,
381 defaults=defaults,
382 encoding="UTF-8",
382 encoding="UTF-8",
383 force_defaults=False
383 force_defaults=False
384 )
384 )
385 return Response(html)
385 return Response(html)
386
386
387 @LoginRequired()
387 @LoginRequired()
388 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
388 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
389 @CSRFRequired()
389 @CSRFRequired()
390 @view_config(
390 @view_config(
391 route_name='edit_user_group_global_perms_update', request_method='POST',
391 route_name='edit_user_group_global_perms_update', request_method='POST',
392 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
392 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
393 def user_group_global_perms_update(self):
393 def user_group_global_perms_update(self):
394 _ = self.request.translate
394 _ = self.request.translate
395 user_group = self.db_user_group
395 user_group = self.db_user_group
396 user_group_id = self.db_user_group.users_group_id
396 user_group_id = self.db_user_group.users_group_id
397
397
398 c = self.load_default_context()
398 c = self.load_default_context()
399 c.user_group = user_group
399 c.user_group = user_group
400 c.active = 'global_perms'
400 c.active = 'global_perms'
401
401
402 try:
402 try:
403 # first stage that verifies the checkbox
403 # first stage that verifies the checkbox
404 _form = UserIndividualPermissionsForm(self.request.translate)
404 _form = UserIndividualPermissionsForm(self.request.translate)
405 form_result = _form.to_python(dict(self.request.POST))
405 form_result = _form.to_python(dict(self.request.POST))
406 inherit_perms = form_result['inherit_default_permissions']
406 inherit_perms = form_result['inherit_default_permissions']
407 user_group.inherit_default_permissions = inherit_perms
407 user_group.inherit_default_permissions = inherit_perms
408 Session().add(user_group)
408 Session().add(user_group)
409
409
410 if not inherit_perms:
410 if not inherit_perms:
411 # only update the individual ones if we un check the flag
411 # only update the individual ones if we un check the flag
412 _form = UserPermissionsForm(
412 _form = UserPermissionsForm(
413 self.request.translate,
413 self.request.translate,
414 [x[0] for x in c.repo_create_choices],
414 [x[0] for x in c.repo_create_choices],
415 [x[0] for x in c.repo_create_on_write_choices],
415 [x[0] for x in c.repo_create_on_write_choices],
416 [x[0] for x in c.repo_group_create_choices],
416 [x[0] for x in c.repo_group_create_choices],
417 [x[0] for x in c.user_group_create_choices],
417 [x[0] for x in c.user_group_create_choices],
418 [x[0] for x in c.fork_choices],
418 [x[0] for x in c.fork_choices],
419 [x[0] for x in c.inherit_default_permission_choices])()
419 [x[0] for x in c.inherit_default_permission_choices])()
420
420
421 form_result = _form.to_python(dict(self.request.POST))
421 form_result = _form.to_python(dict(self.request.POST))
422 form_result.update(
422 form_result.update(
423 {'perm_user_group_id': user_group.users_group_id})
423 {'perm_user_group_id': user_group.users_group_id})
424
424
425 PermissionModel().update_user_group_permissions(form_result)
425 PermissionModel().update_user_group_permissions(form_result)
426
426
427 Session().commit()
427 Session().commit()
428 h.flash(_('User Group global permissions updated successfully'),
428 h.flash(_('User Group global permissions updated successfully'),
429 category='success')
429 category='success')
430
430
431 except formencode.Invalid as errors:
431 except formencode.Invalid as errors:
432 defaults = errors.value
432 defaults = errors.value
433
433
434 data = render(
434 data = render(
435 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
435 'rhodecode:templates/admin/user_groups/user_group_edit.mako',
436 self._get_template_context(c), self.request)
436 self._get_template_context(c), self.request)
437 html = formencode.htmlfill.render(
437 html = formencode.htmlfill.render(
438 data,
438 data,
439 defaults=defaults,
439 defaults=defaults,
440 errors=errors.error_dict or {},
440 errors=errors.error_dict or {},
441 prefix_error=False,
441 prefix_error=False,
442 encoding="UTF-8",
442 encoding="UTF-8",
443 force_defaults=False
443 force_defaults=False
444 )
444 )
445 return Response(html)
445 return Response(html)
446 except Exception:
446 except Exception:
447 log.exception("Exception during permissions saving")
447 log.exception("Exception during permissions saving")
448 h.flash(_('An error occurred during permissions saving'),
448 h.flash(_('An error occurred during permissions saving'),
449 category='error')
449 category='error')
450
450
451 raise HTTPFound(
451 raise HTTPFound(
452 h.route_path('edit_user_group_global_perms',
452 h.route_path('edit_user_group_global_perms',
453 user_group_id=user_group_id))
453 user_group_id=user_group_id))
454
454
455 @LoginRequired()
455 @LoginRequired()
456 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
456 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
457 @view_config(
457 @view_config(
458 route_name='edit_user_group_advanced', request_method='GET',
458 route_name='edit_user_group_advanced', request_method='GET',
459 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
459 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
460 def user_group_edit_advanced(self):
460 def user_group_edit_advanced(self):
461 user_group = self.db_user_group
461 user_group = self.db_user_group
462
462
463 c = self.load_default_context()
463 c = self.load_default_context()
464 c.user_group = user_group
464 c.user_group = user_group
465 c.active = 'advanced'
465 c.active = 'advanced'
466 c.group_members_obj = sorted(
466 c.group_members_obj = sorted(
467 (x.user for x in c.user_group.members),
467 (x.user for x in c.user_group.members),
468 key=lambda u: u.username.lower())
468 key=lambda u: u.username.lower())
469
469
470 c.group_to_repos = sorted(
470 c.group_to_repos = sorted(
471 (x.repository for x in c.user_group.users_group_repo_to_perm),
471 (x.repository for x in c.user_group.users_group_repo_to_perm),
472 key=lambda u: u.repo_name.lower())
472 key=lambda u: u.repo_name.lower())
473
473
474 c.group_to_repo_groups = sorted(
474 c.group_to_repo_groups = sorted(
475 (x.group for x in c.user_group.users_group_repo_group_to_perm),
475 (x.group for x in c.user_group.users_group_repo_group_to_perm),
476 key=lambda u: u.group_name.lower())
476 key=lambda u: u.group_name.lower())
477
477
478 c.group_to_review_rules = sorted(
478 c.group_to_review_rules = sorted(
479 (x.users_group for x in c.user_group.user_group_review_rules),
479 (x.users_group for x in c.user_group.user_group_review_rules),
480 key=lambda u: u.users_group_name.lower())
480 key=lambda u: u.users_group_name.lower())
481
481
482 return self._get_template_context(c)
482 return self._get_template_context(c)
483
483
484 @LoginRequired()
484 @LoginRequired()
485 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
485 @HasUserGroupPermissionAnyDecorator('usergroup.admin')
486 @CSRFRequired()
486 @CSRFRequired()
487 @view_config(
487 @view_config(
488 route_name='edit_user_group_advanced_sync', request_method='POST',
488 route_name='edit_user_group_advanced_sync', request_method='POST',
489 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
489 renderer='rhodecode:templates/admin/user_groups/user_group_edit.mako')
490 def user_group_edit_advanced_set_synchronization(self):
490 def user_group_edit_advanced_set_synchronization(self):
491 _ = self.request.translate
491 _ = self.request.translate
492 user_group = self.db_user_group
492 user_group = self.db_user_group
493 user_group_id = user_group.users_group_id
493 user_group_id = user_group.users_group_id
494
494
495 existing = user_group.group_data.get('extern_type')
495 existing = user_group.group_data.get('extern_type')
496
496
497 if existing:
497 if existing:
498 new_state = user_group.group_data
498 new_state = user_group.group_data
499 new_state['extern_type'] = None
499 new_state['extern_type'] = None
500 else:
500 else:
501 new_state = user_group.group_data
501 new_state = user_group.group_data
502 new_state['extern_type'] = 'manual'
502 new_state['extern_type'] = 'manual'
503 new_state['extern_type_set_by'] = self._rhodecode_user.username
503 new_state['extern_type_set_by'] = self._rhodecode_user.username
504
504
505 try:
505 try:
506 user_group.group_data = new_state
506 user_group.group_data = new_state
507 Session().add(user_group)
507 Session().add(user_group)
508 Session().commit()
508 Session().commit()
509
509
510 h.flash(_('User Group synchronization updated successfully'),
510 h.flash(_('User Group synchronization updated successfully'),
511 category='success')
511 category='success')
512 except Exception:
512 except Exception:
513 log.exception("Exception during sync settings saving")
513 log.exception("Exception during sync settings saving")
514 h.flash(_('An error occurred during synchronization update'),
514 h.flash(_('An error occurred during synchronization update'),
515 category='error')
515 category='error')
516
516
517 raise HTTPFound(
517 raise HTTPFound(
518 h.route_path('edit_user_group_advanced',
518 h.route_path('edit_user_group_advanced',
519 user_group_id=user_group_id))
519 user_group_id=user_group_id))
General Comments 0
You need to be logged in to leave comments. Login now