##// END OF EJS Templates
permissions: handle more cases for invalidating permission caches...
marcink -
r3383:c5723c68 default
parent child Browse files
Show More
@@ -159,6 +159,7 b' class AdminRepoGroupsView(BaseAppView, D'
159 159 try:
160 160 owner = self._rhodecode_user
161 161 form_result = repo_group_form.to_python(dict(self.request.POST))
162 copy_permissions = form_result.get('group_copy_permissions')
162 163 repo_group = RepoGroupModel().create(
163 164 group_name=form_result['group_name_full'],
164 165 group_description=form_result['group_description'],
@@ -201,7 +202,14 b' class AdminRepoGroupsView(BaseAppView, D'
201 202 % repo_group_name, category='error')
202 203 raise HTTPFound(h.route_path('home'))
203 204
204 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
205 affected_user_ids = [self._rhodecode_user.user_id]
206 if copy_permissions:
207 user_group_perms = repo_group.permissions(expand_from_user_groups=True)
208 copy_perms = [perm['user_id'] for perm in user_group_perms]
209 # also include those newly created by copy
210 affected_user_ids.extend(copy_perms)
211 events.trigger(events.UserPermissionsChange(affected_user_ids))
212
205 213 raise HTTPFound(
206 214 h.route_path('repo_group_home',
207 215 repo_group_name=form_result['group_name_full']))
@@ -146,14 +146,14 b' class AdminReposView(BaseAppView, DataGr'
146 146
147 147 form_result = {}
148 148 self._load_form_data(c)
149 task_id = None
149
150 150 try:
151 151 # CanWriteToGroup validators checks permissions of this POST
152 152 form = RepoForm(
153 153 self.request.translate, repo_groups=c.repo_groups_choices,
154 154 landing_revs=c.landing_revs_choices)()
155 155 form_result = form.to_python(dict(self.request.POST))
156
156 copy_permissions = form_result.get('repo_copy_permissions')
157 157 # create is done sometimes async on celery, db transaction
158 158 # management is handled there.
159 159 task = RepoModel().create(form_result, self._rhodecode_user.user_id)
@@ -176,9 +176,19 b' class AdminReposView(BaseAppView, DataGr'
176 176 h.flash(msg, category='error')
177 177 raise HTTPFound(h.route_path('home'))
178 178
179 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
179 repo_name = form_result.get('repo_name_full')
180
181 affected_user_ids = [self._rhodecode_user.user_id]
182 if copy_permissions:
183 repository = Repository.get_by_repo_name(repo_name)
184 # also include those newly created by copy
185 user_group_perms = repository.permissions(expand_from_user_groups=True)
186 copy_perms = [perm['user_id'] for perm in user_group_perms]
187 # also include those newly created by copy
188 affected_user_ids.extend(copy_perms)
189
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
180 191
181 192 raise HTTPFound(
182 h.route_path('repo_creating',
183 repo_name=form_result['repo_name_full'],
193 h.route_path('repo_creating', repo_name=repo_name,
184 194 _query=dict(task_id=task_id)))
@@ -28,6 +28,7 b' from pyramid.view import view_config'
28 28 from pyramid.renderers import render
29 29 from pyramid.response import Response
30 30
31 from rhodecode import events
31 32 from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
32 33 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
33 34 from rhodecode.authentication.plugins import auth_rhodecode
@@ -573,6 +574,7 b' class UsersView(UserAppView):'
573 574 # audit_log.store_web('user.edit.permissions')
574 575
575 576 Session().commit()
577
576 578 h.flash(_('User global permissions updated successfully'),
577 579 category='success')
578 580
@@ -593,6 +595,9 b' class UsersView(UserAppView):'
593 595 log.exception("Exception during permissions saving")
594 596 h.flash(_('An error occurred during permissions saving'),
595 597 category='error')
598
599 affected_user_ids = [user_id]
600 events.trigger(events.UserPermissionsChange(affected_user_ids))
596 601 raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
597 602
598 603 @LoginRequired()
@@ -180,10 +180,14 b' class RepoGroupSettingsView(RepoGroupApp'
180 180
181 181 name_changed = old_repo_group_name != new_repo_group_name
182 182 if name_changed:
183 current_perms = self.db_repo_group.permissions(expand_from_user_groups=True)
184 affected_user_ids = [perm['user_id'] for perm in current_perms]
185
186 # NOTE(marcink): also add owner maybe it has changed
183 187 owner = User.get_by_username(schema_data['repo_group_owner'])
184 188 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
185 events.trigger(events.UserPermissionsChange([
186 self._rhodecode_user.user_id, owner_id]))
189 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
187 191
188 192 raise HTTPFound(
189 193 h.route_path('edit_repo_group', repo_group_name=new_repo_group_name))
@@ -224,6 +224,7 b' class RepoForksView(RepoAppView, DataGri'
224 224 task_id = None
225 225 try:
226 226 form_result = _form.to_python(post_data)
227 copy_permissions = form_result.get('copy_permissions')
227 228 # create fork is done sometimes async on celery, db transaction
228 229 # management is handled there.
229 230 task = RepoModel().create_fork(
@@ -246,18 +247,24 b' class RepoForksView(RepoAppView, DataGri'
246 247 return Response(html)
247 248 except Exception:
248 249 log.exception(
249 u'Exception while trying to fork the repository %s',
250 self.db_repo_name)
251 msg = (
252 _('An error occurred during repository forking %s') % (
253 self.db_repo_name, ))
250 u'Exception while trying to fork the repository %s', self.db_repo_name)
251 msg = _('An error occurred during repository forking %s') % (self.db_repo_name, )
254 252 h.flash(msg, category='error')
253 raise HTTPFound(h.route_path('home'))
255 254
256 255 repo_name = form_result.get('repo_name_full', self.db_repo_name)
257 256
258 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
257 affected_user_ids = [self._rhodecode_user.user_id]
258 if copy_permissions:
259 repository = Repository.get_by_repo_name(repo_name)
260 # also include those newly created by copy
261 user_group_perms = repository.permissions(expand_from_user_groups=True)
262 copy_perms = [perm['user_id'] for perm in user_group_perms]
263 # also include those newly created by copy
264 affected_user_ids.extend(copy_perms)
265
266 events.trigger(events.UserPermissionsChange(affected_user_ids))
259 267
260 268 raise HTTPFound(
261 h.route_path('repo_creating',
262 repo_name=repo_name,
269 h.route_path('repo_creating', repo_name=repo_name,
263 270 _query=dict(task_id=task_id)))
@@ -168,8 +168,8 b' class RepoSettingsView(RepoAppView):'
168 168
169 169 Session().commit()
170 170
171 h.flash(_('Repository `{}` updated successfully').format(
172 old_repo_name), category='success')
171 h.flash(_('Repository `{}` updated successfully').format(old_repo_name),
172 category='success')
173 173 except Exception:
174 174 log.exception("Exception during update of repository")
175 175 h.flash(_('Error occurred during update of repository {}').format(
@@ -177,10 +177,14 b' class RepoSettingsView(RepoAppView):'
177 177
178 178 name_changed = old_repo_name != new_repo_name
179 179 if name_changed:
180 current_perms = self.db_repo.permissions(expand_from_user_groups=True)
181 affected_user_ids = [perm['user_id'] for perm in current_perms]
182
183 # NOTE(marcink): also add owner maybe it has changed
180 184 owner = User.get_by_username(schema_data['repo_owner'])
181 185 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
182 events.trigger(events.UserPermissionsChange([
183 self._rhodecode_user.user_id, owner_id]))
186 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
187 events.trigger(events.UserPermissionsChange(affected_user_ids))
184 188
185 189 raise HTTPFound(
186 190 h.route_path('edit_repo', repo_name=new_repo_name))
@@ -959,12 +959,14 b' class User(Base, BaseModel):'
959 959 return user
960 960
961 961 @classmethod
962 def get_all_super_admins(cls):
962 def get_all_super_admins(cls, only_active=False):
963 963 """
964 964 Returns all admin accounts sorted by username
965 965 """
966 return User.query().filter(User.admin == true())\
967 .order_by(User.username.asc()).all()
966 qry = User.query().filter(User.admin == true()).order_by(User.username.asc())
967 if only_active:
968 qry = qry.filter(User.active == true())
969 return qry.all()
968 970
969 971 @classmethod
970 972 def get_default_user(cls, cache=False, refresh=False):
@@ -1390,7 +1392,8 b' class UserGroup(Base, BaseModel):'
1390 1392 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1391 1393 return user_group.get(user_group_id)
1392 1394
1393 def permissions(self, with_admins=True, with_owner=True):
1395 def permissions(self, with_admins=True, with_owner=True,
1396 expand_from_user_groups=False):
1394 1397 """
1395 1398 Permissions for user groups
1396 1399 """
@@ -1441,19 +1444,29 b' class UserGroup(Base, BaseModel):'
1441 1444 # each group
1442 1445 perm_rows = sorted(perm_rows, key=display_user_sort)
1443 1446
1444 return super_admin_rows + owner_row + perm_rows
1445
1446 def permission_user_groups(self):
1447 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1447 user_groups_rows = []
1448 if expand_from_user_groups:
1449 for ug in self.permission_user_groups(with_members=True):
1450 for user_data in ug.members:
1451 user_groups_rows.append(user_data)
1452
1453 return super_admin_rows + owner_row + perm_rows + user_groups_rows
1454
1455 def permission_user_groups(self, with_members=False):
1456 q = UserGroupUserGroupToPerm.query()\
1457 .filter(UserGroupUserGroupToPerm.target_user_group == self)
1448 1458 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1449 1459 joinedload(UserGroupUserGroupToPerm.target_user_group),
1450 1460 joinedload(UserGroupUserGroupToPerm.permission),)
1451 1461
1452 1462 perm_rows = []
1453 1463 for _user_group in q.all():
1454 usr = AttributeDict(_user_group.user_group.get_dict())
1455 usr.permission = _user_group.permission.permission_name
1456 perm_rows.append(usr)
1464 entry = AttributeDict(_user_group.user_group.get_dict())
1465 entry.permission = _user_group.permission.permission_name
1466 if with_members:
1467 entry.members = [x.user.get_dict()
1468 for x in _user_group.users_group.members]
1469 perm_rows.append(entry)
1457 1470
1458 1471 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1459 1472 return perm_rows
@@ -1928,7 +1941,8 b' class Repository(Base, BaseModel):'
1928 1941 from rhodecode.lib.utils import make_db_config
1929 1942 return make_db_config(clear_session=False, repo=self)
1930 1943
1931 def permissions(self, with_admins=True, with_owner=True):
1944 def permissions(self, with_admins=True, with_owner=True,
1945 expand_from_user_groups=False):
1932 1946 """
1933 1947 Permissions for repositories
1934 1948 """
@@ -1986,20 +2000,29 b' class Repository(Base, BaseModel):'
1986 2000 # each group
1987 2001 perm_rows = sorted(perm_rows, key=display_user_sort)
1988 2002
1989 return super_admin_rows + owner_row + perm_rows
1990
1991 def permission_user_groups(self):
1992 q = UserGroupRepoToPerm.query().filter(
1993 UserGroupRepoToPerm.repository == self)
2003 user_groups_rows = []
2004 if expand_from_user_groups:
2005 for ug in self.permission_user_groups(with_members=True):
2006 for user_data in ug.members:
2007 user_groups_rows.append(user_data)
2008
2009 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2010
2011 def permission_user_groups(self, with_members=True):
2012 q = UserGroupRepoToPerm.query()\
2013 .filter(UserGroupRepoToPerm.repository == self)
1994 2014 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1995 2015 joinedload(UserGroupRepoToPerm.users_group),
1996 2016 joinedload(UserGroupRepoToPerm.permission),)
1997 2017
1998 2018 perm_rows = []
1999 2019 for _user_group in q.all():
2000 usr = AttributeDict(_user_group.users_group.get_dict())
2001 usr.permission = _user_group.permission.permission_name
2002 perm_rows.append(usr)
2020 entry = AttributeDict(_user_group.users_group.get_dict())
2021 entry.permission = _user_group.permission.permission_name
2022 if with_members:
2023 entry.members = [x.user.get_dict()
2024 for x in _user_group.users_group.members]
2025 perm_rows.append(entry)
2003 2026
2004 2027 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2005 2028 return perm_rows
@@ -2641,7 +2664,8 b' class RepoGroup(Base, BaseModel):'
2641 2664 self.parent_group else [])
2642 2665 return RepoGroup.url_sep().join(path_prefix + [group_name])
2643 2666
2644 def permissions(self, with_admins=True, with_owner=True):
2667 def permissions(self, with_admins=True, with_owner=True,
2668 expand_from_user_groups=False):
2645 2669 """
2646 2670 Permissions for repository groups
2647 2671 """
@@ -2692,20 +2716,29 b' class RepoGroup(Base, BaseModel):'
2692 2716 # each group
2693 2717 perm_rows = sorted(perm_rows, key=display_user_sort)
2694 2718
2695 return super_admin_rows + owner_row + perm_rows
2696
2697 def permission_user_groups(self):
2698 q = UserGroupRepoGroupToPerm.query().filter(
2699 UserGroupRepoGroupToPerm.group == self)
2719 user_groups_rows = []
2720 if expand_from_user_groups:
2721 for ug in self.permission_user_groups(with_members=True):
2722 for user_data in ug.members:
2723 user_groups_rows.append(user_data)
2724
2725 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2726
2727 def permission_user_groups(self, with_members=False):
2728 q = UserGroupRepoGroupToPerm.query()\
2729 .filter(UserGroupRepoGroupToPerm.group == self)
2700 2730 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2701 2731 joinedload(UserGroupRepoGroupToPerm.users_group),
2702 2732 joinedload(UserGroupRepoGroupToPerm.permission),)
2703 2733
2704 2734 perm_rows = []
2705 2735 for _user_group in q.all():
2706 usr = AttributeDict(_user_group.users_group.get_dict())
2707 usr.permission = _user_group.permission.permission_name
2708 perm_rows.append(usr)
2736 entry = AttributeDict(_user_group.users_group.get_dict())
2737 entry.permission = _user_group.permission.permission_name
2738 if with_members:
2739 entry.members = [x.user.get_dict()
2740 for x in _user_group.users_group.members]
2741 perm_rows.append(entry)
2709 2742
2710 2743 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2711 2744 return perm_rows
General Comments 0
You need to be logged in to leave comments. Login now