Show More
The requested changes are too big and content was truncated. Show full diff
| @@ -1,110 +1,110 b'' | |||
|
|
1 | 1 | # -*- coding: utf-8 -*- |
|
|
2 | 2 | |
|
|
3 | 3 | # Copyright (C) 2011-2019 RhodeCode GmbH |
|
|
4 | 4 | # |
|
|
5 | 5 | # This program is free software: you can redistribute it and/or modify |
|
|
6 | 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
|
7 | 7 | # (only), as published by the Free Software Foundation. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU Affero General Public License |
|
|
15 | 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
|
16 | 16 | # |
|
|
17 | 17 | # This program is dual-licensed. If you wish to learn more about the |
|
|
18 | 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
|
19 | 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
|
20 | 20 | |
|
|
21 | 21 | import logging |
|
|
22 | 22 | |
|
|
23 | 23 | from pyramid.view import view_config |
|
|
24 | 24 | from pyramid.httpexceptions import HTTPFound |
|
|
25 | 25 | |
|
|
26 | 26 | from rhodecode.apps._base import RepoGroupAppView |
|
|
27 | 27 | from rhodecode.lib import helpers as h |
|
|
28 | 28 | from rhodecode.lib import audit_logger |
|
|
29 | 29 | from rhodecode.lib.auth import ( |
|
|
30 | 30 | LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired) |
|
|
31 | 31 | from rhodecode.model.db import User |
|
|
32 | 32 | from rhodecode.model.permission import PermissionModel |
|
|
33 | 33 | from rhodecode.model.repo_group import RepoGroupModel |
|
|
34 | 34 | from rhodecode.model.forms import RepoGroupPermsForm |
|
|
35 | 35 | from rhodecode.model.meta import Session |
|
|
36 | 36 | |
|
|
37 | 37 | log = logging.getLogger(__name__) |
|
|
38 | 38 | |
|
|
39 | 39 | |
|
|
40 | 40 | class RepoGroupPermissionsView(RepoGroupAppView): |
|
|
41 | 41 | def load_default_context(self): |
|
|
42 | 42 | c = self._get_local_tmpl_context() |
|
|
43 | 43 | |
|
|
44 | 44 | return c |
|
|
45 | 45 | |
|
|
46 | 46 | @LoginRequired() |
|
|
47 | 47 | @HasRepoGroupPermissionAnyDecorator('group.admin') |
|
|
48 | 48 | @view_config( |
|
|
49 | 49 | route_name='edit_repo_group_perms', request_method='GET', |
|
|
50 | 50 | renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako') |
|
|
51 | 51 | def edit_repo_group_permissions(self): |
|
|
52 | 52 | c = self.load_default_context() |
|
|
53 | 53 | c.active = 'permissions' |
|
|
54 | 54 | c.repo_group = self.db_repo_group |
|
|
55 | 55 | return self._get_template_context(c) |
|
|
56 | 56 | |
|
|
57 | 57 | @LoginRequired() |
|
|
58 | 58 | @HasRepoGroupPermissionAnyDecorator('group.admin') |
|
|
59 | 59 | @CSRFRequired() |
|
|
60 | 60 | @view_config( |
|
|
61 | 61 | route_name='edit_repo_group_perms_update', request_method='POST', |
|
|
62 | 62 | renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako') |
|
|
63 | 63 | def edit_repo_groups_permissions_update(self): |
|
|
64 | 64 | _ = self.request.translate |
|
|
65 | 65 | c = self.load_default_context() |
|
|
66 | 66 | c.active = 'perms' |
|
|
67 | 67 | c.repo_group = self.db_repo_group |
|
|
68 | 68 | |
|
|
69 | 69 | valid_recursive_choices = ['none', 'repos', 'groups', 'all'] |
|
|
70 | 70 | form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\ |
|
|
71 | 71 | .to_python(self.request.POST) |
|
|
72 | 72 | |
|
|
73 | 73 | if not c.rhodecode_user.is_admin: |
|
|
74 | 74 | if self._revoke_perms_on_yourself(form): |
|
|
75 | 75 | msg = _('Cannot change permission for yourself as admin') |
|
|
76 | 76 | h.flash(msg, category='warning') |
|
|
77 | 77 | raise HTTPFound( |
|
|
78 | 78 | h.route_path('edit_repo_group_perms', |
|
|
79 | 79 | repo_group_name=self.db_repo_group_name)) |
|
|
80 | 80 | |
|
|
81 | 81 | # iterate over all members(if in recursive mode) of this groups and |
|
|
82 | 82 | # set the permissions ! |
|
|
83 | 83 | # this can be potentially heavy operation |
|
|
84 | 84 | changes = RepoGroupModel().update_permissions( |
|
|
85 | 85 | c.repo_group, |
|
|
86 | 86 | form['perm_additions'], form['perm_updates'], form['perm_deletions'], |
|
|
87 | 87 | form['recursive']) |
|
|
88 | 88 | |
|
|
89 | 89 | action_data = { |
|
|
90 | 90 | 'added': changes['added'], |
|
|
91 | 91 | 'updated': changes['updated'], |
|
|
92 | 92 | 'deleted': changes['deleted'], |
|
|
93 | 93 | } |
|
|
94 | 94 | audit_logger.store_web( |
|
|
95 | 95 | 'repo_group.edit.permissions', action_data=action_data, |
|
|
96 | 96 | user=c.rhodecode_user) |
|
|
97 | 97 | |
|
|
98 | 98 | Session().commit() |
|
|
99 | 99 | h.flash(_('Repository Group permissions updated'), category='success') |
|
|
100 | 100 | |
|
|
101 | 101 | affected_user_ids = None |
|
|
102 | 102 | if changes.get('default_user_changed', False): |
|
|
103 | 103 | # if we change the default user, we need to flush everyone permissions |
|
|
104 |
affected_user_ids = |
|
|
|
104 | affected_user_ids = User.get_all_user_ids() | |
|
|
105 | 105 | PermissionModel().flush_user_permission_caches( |
|
|
106 | 106 | changes, affected_user_ids=affected_user_ids) |
|
|
107 | 107 | |
|
|
108 | 108 | raise HTTPFound( |
|
|
109 | 109 | h.route_path('edit_repo_group_perms', |
|
|
110 | 110 | repo_group_name=self.db_repo_group_name)) |
| @@ -1,135 +1,135 b'' | |||
|
|
1 | 1 | # -*- coding: utf-8 -*- |
|
|
2 | 2 | |
|
|
3 | 3 | # Copyright (C) 2011-2019 RhodeCode GmbH |
|
|
4 | 4 | # |
|
|
5 | 5 | # This program is free software: you can redistribute it and/or modify |
|
|
6 | 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
|
7 | 7 | # (only), as published by the Free Software Foundation. |
|
|
8 | 8 | # |
|
|
9 | 9 | # This program is distributed in the hope that it will be useful, |
|
|
10 | 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
11 | 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
12 | 12 | # GNU General Public License for more details. |
|
|
13 | 13 | # |
|
|
14 | 14 | # You should have received a copy of the GNU Affero General Public License |
|
|
15 | 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
|
16 | 16 | # |
|
|
17 | 17 | # This program is dual-licensed. If you wish to learn more about the |
|
|
18 | 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
|
19 | 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
|
20 | 20 | |
|
|
21 | 21 | import logging |
|
|
22 | 22 | |
|
|
23 | 23 | from pyramid.httpexceptions import HTTPFound |
|
|
24 | 24 | from pyramid.view import view_config |
|
|
25 | 25 | |
|
|
26 | 26 | from rhodecode.apps._base import RepoAppView |
|
|
27 | 27 | from rhodecode.lib import helpers as h |
|
|
28 | 28 | from rhodecode.lib import audit_logger |
|
|
29 | 29 | from rhodecode.lib.auth import ( |
|
|
30 | 30 | LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired) |
|
|
31 | 31 | from rhodecode.lib.utils2 import str2bool |
|
|
32 | 32 | from rhodecode.model.db import User |
|
|
33 | 33 | from rhodecode.model.forms import RepoPermsForm |
|
|
34 | 34 | from rhodecode.model.meta import Session |
|
|
35 | 35 | from rhodecode.model.permission import PermissionModel |
|
|
36 | 36 | from rhodecode.model.repo import RepoModel |
|
|
37 | 37 | |
|
|
38 | 38 | log = logging.getLogger(__name__) |
|
|
39 | 39 | |
|
|
40 | 40 | |
|
|
41 | 41 | class RepoSettingsPermissionsView(RepoAppView): |
|
|
42 | 42 | |
|
|
43 | 43 | def load_default_context(self): |
|
|
44 | 44 | c = self._get_local_tmpl_context() |
|
|
45 | 45 | return c |
|
|
46 | 46 | |
|
|
47 | 47 | @LoginRequired() |
|
|
48 | 48 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
49 | 49 | @view_config( |
|
|
50 | 50 | route_name='edit_repo_perms', request_method='GET', |
|
|
51 | 51 | renderer='rhodecode:templates/admin/repos/repo_edit.mako') |
|
|
52 | 52 | def edit_permissions(self): |
|
|
53 | 53 | _ = self.request.translate |
|
|
54 | 54 | c = self.load_default_context() |
|
|
55 | 55 | c.active = 'permissions' |
|
|
56 | 56 | if self.request.GET.get('branch_permissions'): |
|
|
57 | 57 | h.flash(_('Explicitly add user or user group with write+ ' |
|
|
58 | 58 | 'permission to modify their branch permissions.'), |
|
|
59 | 59 | category='notice') |
|
|
60 | 60 | return self._get_template_context(c) |
|
|
61 | 61 | |
|
|
62 | 62 | @LoginRequired() |
|
|
63 | 63 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
64 | 64 | @CSRFRequired() |
|
|
65 | 65 | @view_config( |
|
|
66 | 66 | route_name='edit_repo_perms', request_method='POST', |
|
|
67 | 67 | renderer='rhodecode:templates/admin/repos/repo_edit.mako') |
|
|
68 | 68 | def edit_permissions_update(self): |
|
|
69 | 69 | _ = self.request.translate |
|
|
70 | 70 | c = self.load_default_context() |
|
|
71 | 71 | c.active = 'permissions' |
|
|
72 | 72 | data = self.request.POST |
|
|
73 | 73 | # store private flag outside of HTML to verify if we can modify |
|
|
74 | 74 | # default user permissions, prevents submission of FAKE post data |
|
|
75 | 75 | # into the form for private repos |
|
|
76 | 76 | data['repo_private'] = self.db_repo.private |
|
|
77 | 77 | form = RepoPermsForm(self.request.translate)().to_python(data) |
|
|
78 | 78 | changes = RepoModel().update_permissions( |
|
|
79 | 79 | self.db_repo_name, form['perm_additions'], form['perm_updates'], |
|
|
80 | 80 | form['perm_deletions']) |
|
|
81 | 81 | |
|
|
82 | 82 | action_data = { |
|
|
83 | 83 | 'added': changes['added'], |
|
|
84 | 84 | 'updated': changes['updated'], |
|
|
85 | 85 | 'deleted': changes['deleted'], |
|
|
86 | 86 | } |
|
|
87 | 87 | audit_logger.store_web( |
|
|
88 | 88 | 'repo.edit.permissions', action_data=action_data, |
|
|
89 | 89 | user=self._rhodecode_user, repo=self.db_repo) |
|
|
90 | 90 | |
|
|
91 | 91 | Session().commit() |
|
|
92 | 92 | h.flash(_('Repository access permissions updated'), category='success') |
|
|
93 | 93 | |
|
|
94 | 94 | affected_user_ids = None |
|
|
95 | 95 | if changes.get('default_user_changed', False): |
|
|
96 | 96 | # if we change the default user, we need to flush everyone permissions |
|
|
97 |
affected_user_ids = |
|
|
|
97 | affected_user_ids = User.get_all_user_ids() | |
|
|
98 | 98 | PermissionModel().flush_user_permission_caches( |
|
|
99 | 99 | changes, affected_user_ids=affected_user_ids) |
|
|
100 | 100 | |
|
|
101 | 101 | raise HTTPFound( |
|
|
102 | 102 | h.route_path('edit_repo_perms', repo_name=self.db_repo_name)) |
|
|
103 | 103 | |
|
|
104 | 104 | @LoginRequired() |
|
|
105 | 105 | @HasRepoPermissionAnyDecorator('repository.admin') |
|
|
106 | 106 | @CSRFRequired() |
|
|
107 | 107 | @view_config( |
|
|
108 | 108 | route_name='edit_repo_perms_set_private', request_method='POST', |
|
|
109 | 109 | renderer='json_ext') |
|
|
110 | 110 | def edit_permissions_set_private_repo(self): |
|
|
111 | 111 | _ = self.request.translate |
|
|
112 | 112 | self.load_default_context() |
|
|
113 | 113 | |
|
|
114 | 114 | private_flag = str2bool(self.request.POST.get('private')) |
|
|
115 | 115 | |
|
|
116 | 116 | try: |
|
|
117 | 117 | RepoModel().update( |
|
|
118 | 118 | self.db_repo, **{'repo_private': private_flag, 'repo_name': self.db_repo_name}) |
|
|
119 | 119 | Session().commit() |
|
|
120 | 120 | |
|
|
121 | 121 | h.flash(_('Repository `{}` private mode set successfully').format(self.db_repo_name), |
|
|
122 | 122 | category='success') |
|
|
123 | 123 | except Exception: |
|
|
124 | 124 | log.exception("Exception during update of repository") |
|
|
125 | 125 | h.flash(_('Error occurred during update of repository {}').format( |
|
|
126 | 126 | self.db_repo_name), category='error') |
|
|
127 | 127 | |
|
|
128 | 128 | # NOTE(dan): we change repo private mode we need to notify all USERS |
|
|
129 |
affected_user_ids = |
|
|
|
129 | affected_user_ids = User.get_all_user_ids() | |
|
|
130 | 130 | PermissionModel().trigger_permission_flush(affected_user_ids) |
|
|
131 | 131 | |
|
|
132 | 132 | return { |
|
|
133 | 133 | 'redirect_url': h.route_path('edit_repo_perms', repo_name=self.db_repo_name), |
|
|
134 | 134 | 'private': private_flag |
|
|
135 | 135 | } |
|
|
1 | NO CONTENT: modified file | |
| The requested commit or file is too big and content was truncated. Show full diff | |||
General Comments 0
You need to be logged in to leave comments.
Login now