##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
users: replaced extraction of user_ids with more efficient method....
dan -
r4190:d89af9cb stable
parent child Browse files
Show More

The requested changes are too big and content was truncated. Show full diff

Show file before | Show file after | Hide comments
@@ -1,110 +1,110 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2019 RhodeCode GmbH
3 # Copyright (C) 2011-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from pyramid.view import view_config
23 from pyramid.view import view_config
24 from pyramid.httpexceptions import HTTPFound
24 from pyramid.httpexceptions import HTTPFound
25
25
26 from rhodecode.apps._base import RepoGroupAppView
26 from rhodecode.apps._base import RepoGroupAppView
27 from rhodecode.lib import helpers as h
27 from rhodecode.lib import helpers as h
28 from rhodecode.lib import audit_logger
28 from rhodecode.lib import audit_logger
29 from rhodecode.lib.auth import (
29 from rhodecode.lib.auth import (
30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
30 LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
31 from rhodecode.model.db import User
31 from rhodecode.model.db import User
32 from rhodecode.model.permission import PermissionModel
32 from rhodecode.model.permission import PermissionModel
33 from rhodecode.model.repo_group import RepoGroupModel
33 from rhodecode.model.repo_group import RepoGroupModel
34 from rhodecode.model.forms import RepoGroupPermsForm
34 from rhodecode.model.forms import RepoGroupPermsForm
35 from rhodecode.model.meta import Session
35 from rhodecode.model.meta import Session
36
36
37 log = logging.getLogger(__name__)
37 log = logging.getLogger(__name__)
38
38
39
39
40 class RepoGroupPermissionsView(RepoGroupAppView):
40 class RepoGroupPermissionsView(RepoGroupAppView):
41 def load_default_context(self):
41 def load_default_context(self):
42 c = self._get_local_tmpl_context()
42 c = self._get_local_tmpl_context()
43
43
44 return c
44 return c
45
45
46 @LoginRequired()
46 @LoginRequired()
47 @HasRepoGroupPermissionAnyDecorator('group.admin')
47 @HasRepoGroupPermissionAnyDecorator('group.admin')
48 @view_config(
48 @view_config(
49 route_name='edit_repo_group_perms', request_method='GET',
49 route_name='edit_repo_group_perms', request_method='GET',
50 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
50 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
51 def edit_repo_group_permissions(self):
51 def edit_repo_group_permissions(self):
52 c = self.load_default_context()
52 c = self.load_default_context()
53 c.active = 'permissions'
53 c.active = 'permissions'
54 c.repo_group = self.db_repo_group
54 c.repo_group = self.db_repo_group
55 return self._get_template_context(c)
55 return self._get_template_context(c)
56
56
57 @LoginRequired()
57 @LoginRequired()
58 @HasRepoGroupPermissionAnyDecorator('group.admin')
58 @HasRepoGroupPermissionAnyDecorator('group.admin')
59 @CSRFRequired()
59 @CSRFRequired()
60 @view_config(
60 @view_config(
61 route_name='edit_repo_group_perms_update', request_method='POST',
61 route_name='edit_repo_group_perms_update', request_method='POST',
62 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
62 renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
63 def edit_repo_groups_permissions_update(self):
63 def edit_repo_groups_permissions_update(self):
64 _ = self.request.translate
64 _ = self.request.translate
65 c = self.load_default_context()
65 c = self.load_default_context()
66 c.active = 'perms'
66 c.active = 'perms'
67 c.repo_group = self.db_repo_group
67 c.repo_group = self.db_repo_group
68
68
69 valid_recursive_choices = ['none', 'repos', 'groups', 'all']
69 valid_recursive_choices = ['none', 'repos', 'groups', 'all']
70 form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\
70 form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\
71 .to_python(self.request.POST)
71 .to_python(self.request.POST)
72
72
73 if not c.rhodecode_user.is_admin:
73 if not c.rhodecode_user.is_admin:
74 if self._revoke_perms_on_yourself(form):
74 if self._revoke_perms_on_yourself(form):
75 msg = _('Cannot change permission for yourself as admin')
75 msg = _('Cannot change permission for yourself as admin')
76 h.flash(msg, category='warning')
76 h.flash(msg, category='warning')
77 raise HTTPFound(
77 raise HTTPFound(
78 h.route_path('edit_repo_group_perms',
78 h.route_path('edit_repo_group_perms',
79 repo_group_name=self.db_repo_group_name))
79 repo_group_name=self.db_repo_group_name))
80
80
81 # iterate over all members(if in recursive mode) of this groups and
81 # iterate over all members(if in recursive mode) of this groups and
82 # set the permissions !
82 # set the permissions !
83 # this can be potentially heavy operation
83 # this can be potentially heavy operation
84 changes = RepoGroupModel().update_permissions(
84 changes = RepoGroupModel().update_permissions(
85 c.repo_group,
85 c.repo_group,
86 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
86 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
87 form['recursive'])
87 form['recursive'])
88
88
89 action_data = {
89 action_data = {
90 'added': changes['added'],
90 'added': changes['added'],
91 'updated': changes['updated'],
91 'updated': changes['updated'],
92 'deleted': changes['deleted'],
92 'deleted': changes['deleted'],
93 }
93 }
94 audit_logger.store_web(
94 audit_logger.store_web(
95 'repo_group.edit.permissions', action_data=action_data,
95 'repo_group.edit.permissions', action_data=action_data,
96 user=c.rhodecode_user)
96 user=c.rhodecode_user)
97
97
98 Session().commit()
98 Session().commit()
99 h.flash(_('Repository Group permissions updated'), category='success')
99 h.flash(_('Repository Group permissions updated'), category='success')
100
100
101 affected_user_ids = None
101 affected_user_ids = None
102 if changes.get('default_user_changed', False):
102 if changes.get('default_user_changed', False):
103 # if we change the default user, we need to flush everyone permissions
103 # if we change the default user, we need to flush everyone permissions
104 affected_user_ids = [x.user_id for x in User.get_all()]
104 affected_user_ids = User.get_all_user_ids()
105 PermissionModel().flush_user_permission_caches(
105 PermissionModel().flush_user_permission_caches(
106 changes, affected_user_ids=affected_user_ids)
106 changes, affected_user_ids=affected_user_ids)
107
107
108 raise HTTPFound(
108 raise HTTPFound(
109 h.route_path('edit_repo_group_perms',
109 h.route_path('edit_repo_group_perms',
110 repo_group_name=self.db_repo_group_name))
110 repo_group_name=self.db_repo_group_name))
Show file before | Show file after | Hide comments
@@ -1,135 +1,135 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2011-2019 RhodeCode GmbH
3 # Copyright (C) 2011-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from pyramid.httpexceptions import HTTPFound
23 from pyramid.httpexceptions import HTTPFound
24 from pyramid.view import view_config
24 from pyramid.view import view_config
25
25
26 from rhodecode.apps._base import RepoAppView
26 from rhodecode.apps._base import RepoAppView
27 from rhodecode.lib import helpers as h
27 from rhodecode.lib import helpers as h
28 from rhodecode.lib import audit_logger
28 from rhodecode.lib import audit_logger
29 from rhodecode.lib.auth import (
29 from rhodecode.lib.auth import (
30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
30 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
31 from rhodecode.lib.utils2 import str2bool
31 from rhodecode.lib.utils2 import str2bool
32 from rhodecode.model.db import User
32 from rhodecode.model.db import User
33 from rhodecode.model.forms import RepoPermsForm
33 from rhodecode.model.forms import RepoPermsForm
34 from rhodecode.model.meta import Session
34 from rhodecode.model.meta import Session
35 from rhodecode.model.permission import PermissionModel
35 from rhodecode.model.permission import PermissionModel
36 from rhodecode.model.repo import RepoModel
36 from rhodecode.model.repo import RepoModel
37
37
38 log = logging.getLogger(__name__)
38 log = logging.getLogger(__name__)
39
39
40
40
41 class RepoSettingsPermissionsView(RepoAppView):
41 class RepoSettingsPermissionsView(RepoAppView):
42
42
43 def load_default_context(self):
43 def load_default_context(self):
44 c = self._get_local_tmpl_context()
44 c = self._get_local_tmpl_context()
45 return c
45 return c
46
46
47 @LoginRequired()
47 @LoginRequired()
48 @HasRepoPermissionAnyDecorator('repository.admin')
48 @HasRepoPermissionAnyDecorator('repository.admin')
49 @view_config(
49 @view_config(
50 route_name='edit_repo_perms', request_method='GET',
50 route_name='edit_repo_perms', request_method='GET',
51 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
51 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
52 def edit_permissions(self):
52 def edit_permissions(self):
53 _ = self.request.translate
53 _ = self.request.translate
54 c = self.load_default_context()
54 c = self.load_default_context()
55 c.active = 'permissions'
55 c.active = 'permissions'
56 if self.request.GET.get('branch_permissions'):
56 if self.request.GET.get('branch_permissions'):
57 h.flash(_('Explicitly add user or user group with write+ '
57 h.flash(_('Explicitly add user or user group with write+ '
58 'permission to modify their branch permissions.'),
58 'permission to modify their branch permissions.'),
59 category='notice')
59 category='notice')
60 return self._get_template_context(c)
60 return self._get_template_context(c)
61
61
62 @LoginRequired()
62 @LoginRequired()
63 @HasRepoPermissionAnyDecorator('repository.admin')
63 @HasRepoPermissionAnyDecorator('repository.admin')
64 @CSRFRequired()
64 @CSRFRequired()
65 @view_config(
65 @view_config(
66 route_name='edit_repo_perms', request_method='POST',
66 route_name='edit_repo_perms', request_method='POST',
67 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
67 renderer='rhodecode:templates/admin/repos/repo_edit.mako')
68 def edit_permissions_update(self):
68 def edit_permissions_update(self):
69 _ = self.request.translate
69 _ = self.request.translate
70 c = self.load_default_context()
70 c = self.load_default_context()
71 c.active = 'permissions'
71 c.active = 'permissions'
72 data = self.request.POST
72 data = self.request.POST
73 # store private flag outside of HTML to verify if we can modify
73 # store private flag outside of HTML to verify if we can modify
74 # default user permissions, prevents submission of FAKE post data
74 # default user permissions, prevents submission of FAKE post data
75 # into the form for private repos
75 # into the form for private repos
76 data['repo_private'] = self.db_repo.private
76 data['repo_private'] = self.db_repo.private
77 form = RepoPermsForm(self.request.translate)().to_python(data)
77 form = RepoPermsForm(self.request.translate)().to_python(data)
78 changes = RepoModel().update_permissions(
78 changes = RepoModel().update_permissions(
79 self.db_repo_name, form['perm_additions'], form['perm_updates'],
79 self.db_repo_name, form['perm_additions'], form['perm_updates'],
80 form['perm_deletions'])
80 form['perm_deletions'])
81
81
82 action_data = {
82 action_data = {
83 'added': changes['added'],
83 'added': changes['added'],
84 'updated': changes['updated'],
84 'updated': changes['updated'],
85 'deleted': changes['deleted'],
85 'deleted': changes['deleted'],
86 }
86 }
87 audit_logger.store_web(
87 audit_logger.store_web(
88 'repo.edit.permissions', action_data=action_data,
88 'repo.edit.permissions', action_data=action_data,
89 user=self._rhodecode_user, repo=self.db_repo)
89 user=self._rhodecode_user, repo=self.db_repo)
90
90
91 Session().commit()
91 Session().commit()
92 h.flash(_('Repository access permissions updated'), category='success')
92 h.flash(_('Repository access permissions updated'), category='success')
93
93
94 affected_user_ids = None
94 affected_user_ids = None
95 if changes.get('default_user_changed', False):
95 if changes.get('default_user_changed', False):
96 # if we change the default user, we need to flush everyone permissions
96 # if we change the default user, we need to flush everyone permissions
97 affected_user_ids = [x.user_id for x in User.get_all()]
97 affected_user_ids = User.get_all_user_ids()
98 PermissionModel().flush_user_permission_caches(
98 PermissionModel().flush_user_permission_caches(
99 changes, affected_user_ids=affected_user_ids)
99 changes, affected_user_ids=affected_user_ids)
100
100
101 raise HTTPFound(
101 raise HTTPFound(
102 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
102 h.route_path('edit_repo_perms', repo_name=self.db_repo_name))
103
103
104 @LoginRequired()
104 @LoginRequired()
105 @HasRepoPermissionAnyDecorator('repository.admin')
105 @HasRepoPermissionAnyDecorator('repository.admin')
106 @CSRFRequired()
106 @CSRFRequired()
107 @view_config(
107 @view_config(
108 route_name='edit_repo_perms_set_private', request_method='POST',
108 route_name='edit_repo_perms_set_private', request_method='POST',
109 renderer='json_ext')
109 renderer='json_ext')
110 def edit_permissions_set_private_repo(self):
110 def edit_permissions_set_private_repo(self):
111 _ = self.request.translate
111 _ = self.request.translate
112 self.load_default_context()
112 self.load_default_context()
113
113
114 private_flag = str2bool(self.request.POST.get('private'))
114 private_flag = str2bool(self.request.POST.get('private'))
115
115
116 try:
116 try:
117 RepoModel().update(
117 RepoModel().update(
118 self.db_repo, **{'repo_private': private_flag, 'repo_name': self.db_repo_name})
118 self.db_repo, **{'repo_private': private_flag, 'repo_name': self.db_repo_name})
119 Session().commit()
119 Session().commit()
120
120
121 h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
121 h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name),
122 category='success')
122 category='success')
123 except Exception:
123 except Exception:
124 log.exception("Exception during update of repository")
124 log.exception("Exception during update of repository")
125 h.flash(_('Error occurred during update of repository {}').format(
125 h.flash(_('Error occurred during update of repository {}').format(
126 self.db_repo_name), category='error')
126 self.db_repo_name), category='error')
127
127
128 # NOTE(dan): we change repo private mode we need to notify all USERS
128 # NOTE(dan): we change repo private mode we need to notify all USERS
129 affected_user_ids = [x.user_id for x in User.get_all()]
129 affected_user_ids = User.get_all_user_ids()
130 PermissionModel().trigger_permission_flush(affected_user_ids)
130 PermissionModel().trigger_permission_flush(affected_user_ids)
131
131
132 return {
132 return {
133 'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
133 'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name),
134 'private': private_flag
134 'private': private_flag
135 }
135 }
Show file before | Show file after | Hide comments
1 NO CONTENT: modified file
NO CONTENT: modified file
The requested commit or file is too big and content was truncated. Show full diff
General Comments 0
You need to be logged in to leave comments. Login now