##// END OF EJS Templates
users: added SSH key management for user admin pages
marcink -
r1993:dab53d0e default
parent child Browse files
Show More
@@ -0,0 +1,173 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import pytest
22
23 from rhodecode.model.db import User, UserSshKeys
24
25 from rhodecode.tests import TestController, assert_session_flash
26 from rhodecode.tests.fixture import Fixture
27
28 fixture = Fixture()
29
30
31 def route_path(name, params=None, **kwargs):
32 import urllib
33 from rhodecode.apps._base import ADMIN_PREFIX
34
35 base_url = {
36 'edit_user_ssh_keys':
37 ADMIN_PREFIX + '/users/{user_id}/edit/ssh_keys',
38 'edit_user_ssh_keys_generate_keypair':
39 ADMIN_PREFIX + '/users/{user_id}/edit/ssh_keys/generate',
40 'edit_user_ssh_keys_add':
41 ADMIN_PREFIX + '/users/{user_id}/edit/ssh_keys/new',
42 'edit_user_ssh_keys_delete':
43 ADMIN_PREFIX + '/users/{user_id}/edit/ssh_keys/delete',
44
45 }[name].format(**kwargs)
46
47 if params:
48 base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
49 return base_url
50
51
52 class TestAdminUsersSshKeysView(TestController):
53 INVALID_KEY = """\
54 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk+77sjDzVeB6vevJsuZds1iNU5
55 LANOa5CU5G/9JYIA6RYsWWMO7mbsR82IUckdqOHmxSykfR1D1TdluyIpQLrwgH5kb
56 n8FkVI8zBMCKakxowvN67B0R7b1BT4PPzW2JlOXei/m9W12ZY484VTow6/B+kf2Q8
57 cP8tmCJmKWZma5Em7OTUhvjyQVNz3v7HfeY5Hq0Ci4ECJ59hepFDabJvtAXg9XrI6
58 jvdphZTc30I4fG8+hBHzpeFxUGvSGNtXPUbwaAY8j/oHYrTpMgkj6pUEFsiKfC5zP
59 qPFR5HyKTCHW0nFUJnZsbyFT5hMiF/hZkJc9A0ZbdSvJwCRQ/g3bmdL
60 your_email@example.com
61 """
62 VALID_KEY = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk+77sjDzVeB6vev' \
63 'JsuZds1iNU5LANOa5CU5G/9JYIA6RYsWWMO7mbsR82IUckdqOHmxSy' \
64 'kfR1D1TdluyIpQLrwgH5kbn8FkVI8zBMCKakxowvN67B0R7b1BT4PP' \
65 'zW2JlOXei/m9W12ZY484VTow6/B+kf2Q8cP8tmCJmKWZma5Em7OTUh' \
66 'vjyQVNz3v7HfeY5Hq0Ci4ECJ59hepFDabJvtAXg9XrI6jvdphZTc30' \
67 'I4fG8+hBHzpeFxUGvSGNtXPUbwaAY8j/oHYrTpMgkj6pUEFsiKfC5zPq' \
68 'PFR5HyKTCHW0nFUJnZsbyFT5hMiF/hZkJc9A0ZbdSvJwCRQ/g3bmdL ' \
69 'your_email@example.com'
70
71 def test_ssh_keys_default_user(self):
72 self.log_user()
73 user = User.get_default_user()
74 self.app.get(
75 route_path('edit_user_ssh_keys', user_id=user.user_id),
76 status=302)
77
78 def test_add_ssh_key_error(self, user_util):
79 self.log_user()
80 user = user_util.create_user()
81 user_id = user.user_id
82
83 key_data = self.INVALID_KEY
84
85 desc = 'MY SSH KEY'
86 response = self.app.post(
87 route_path('edit_user_ssh_keys_add', user_id=user_id),
88 {'description': desc, 'key_data': key_data,
89 'csrf_token': self.csrf_token})
90 assert_session_flash(response, 'An error occurred during ssh '
91 'key saving: Unable to decode the key')
92
93 def test_ssh_key_duplicate(self, user_util):
94 self.log_user()
95 user = user_util.create_user()
96 user_id = user.user_id
97
98 key_data = self.VALID_KEY
99
100 desc = 'MY SSH KEY'
101 response = self.app.post(
102 route_path('edit_user_ssh_keys_add', user_id=user_id),
103 {'description': desc, 'key_data': key_data,
104 'csrf_token': self.csrf_token})
105 assert_session_flash(response, 'Ssh Key successfully created')
106 response.follow() # flush session flash
107
108 # add the same key AGAIN
109 desc = 'MY SSH KEY'
110 response = self.app.post(
111 route_path('edit_user_ssh_keys_add', user_id=user_id),
112 {'description': desc, 'key_data': key_data,
113 'csrf_token': self.csrf_token})
114 assert_session_flash(response, 'An error occurred during ssh key '
115 'saving: Such key already exists, '
116 'please use a different one')
117
118 def test_add_ssh_key(self, user_util):
119 self.log_user()
120 user = user_util.create_user()
121 user_id = user.user_id
122
123 key_data = self.VALID_KEY
124
125 desc = 'MY SSH KEY'
126 response = self.app.post(
127 route_path('edit_user_ssh_keys_add', user_id=user_id),
128 {'description': desc, 'key_data': key_data,
129 'csrf_token': self.csrf_token})
130 assert_session_flash(response, 'Ssh Key successfully created')
131
132 response = response.follow()
133 response.mustcontain(desc)
134
135 def test_delete_ssh_key(self, user_util):
136 self.log_user()
137 user = user_util.create_user()
138 user_id = user.user_id
139
140 key_data = self.VALID_KEY
141
142 desc = 'MY SSH KEY'
143 response = self.app.post(
144 route_path('edit_user_ssh_keys_add', user_id=user_id),
145 {'description': desc, 'key_data': key_data,
146 'csrf_token': self.csrf_token})
147 assert_session_flash(response, 'Ssh Key successfully created')
148 response = response.follow() # flush the Session flash
149
150 # now delete our key
151 keys = UserSshKeys.query().filter(UserSshKeys.user_id == user_id).all()
152 assert 1 == len(keys)
153
154 response = self.app.post(
155 route_path('edit_user_ssh_keys_delete', user_id=user_id),
156 {'del_ssh_key': keys[0].ssh_key_id,
157 'csrf_token': self.csrf_token})
158
159 assert_session_flash(response, 'Ssh key successfully deleted')
160 keys = UserSshKeys.query().filter(UserSshKeys.user_id == user_id).all()
161 assert 0 == len(keys)
162
163 def test_generate_keypair(self, user_util):
164 self.log_user()
165 user = user_util.create_user()
166 user_id = user.user_id
167
168 response = self.app.get(
169 route_path('edit_user_ssh_keys_generate_keypair', user_id=user_id))
170
171 response.mustcontain('Private key')
172 response.mustcontain('Public key')
173 response.mustcontain('-----BEGIN RSA PRIVATE KEY-----')
This diff has been collapsed as it changes many lines, (4172 lines changed) Show them Hide them
@@ -0,0 +1,4172 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 """
22 Database Models for RhodeCode Enterprise
23 """
24
25 import re
26 import os
27 import time
28 import hashlib
29 import logging
30 import datetime
31 import warnings
32 import ipaddress
33 import functools
34 import traceback
35 import collections
36
37
38 from sqlalchemy import *
39 from sqlalchemy.ext.declarative import declared_attr
40 from sqlalchemy.ext.hybrid import hybrid_property
41 from sqlalchemy.orm import (
42 relationship, joinedload, class_mapper, validates, aliased)
43 from sqlalchemy.sql.expression import true
44 from sqlalchemy.sql.functions import coalesce, count # noqa
45 from beaker.cache import cache_region
46 from zope.cachedescriptors.property import Lazy as LazyProperty
47
48 from pyramid.threadlocal import get_current_request
49
50 from rhodecode.translation import _
51 from rhodecode.lib.vcs import get_vcs_instance
52 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
53 from rhodecode.lib.utils2 import (
54 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
55 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
56 glob2re, StrictAttributeDict, cleaned_uri)
57 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType
58 from rhodecode.lib.ext_json import json
59 from rhodecode.lib.caching_query import FromCache
60 from rhodecode.lib.encrypt import AESCipher
61
62 from rhodecode.model.meta import Base, Session
63
64 URL_SEP = '/'
65 log = logging.getLogger(__name__)
66
67 # =============================================================================
68 # BASE CLASSES
69 # =============================================================================
70
71 # this is propagated from .ini file rhodecode.encrypted_values.secret or
72 # beaker.session.secret if first is not set.
73 # and initialized at environment.py
74 ENCRYPTION_KEY = None
75
76 # used to sort permissions by types, '#' used here is not allowed to be in
77 # usernames, and it's very early in sorted string.printable table.
78 PERMISSION_TYPE_SORT = {
79 'admin': '####',
80 'write': '###',
81 'read': '##',
82 'none': '#',
83 }
84
85
86 def display_sort(obj):
87 """
88 Sort function used to sort permissions in .permissions() function of
89 Repository, RepoGroup, UserGroup. Also it put the default user in front
90 of all other resources
91 """
92
93 if obj.username == User.DEFAULT_USER:
94 return '#####'
95 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
96 return prefix + obj.username
97
98
99 def _hash_key(k):
100 return md5_safe(k)
101
102
103 class EncryptedTextValue(TypeDecorator):
104 """
105 Special column for encrypted long text data, use like::
106
107 value = Column("encrypted_value", EncryptedValue(), nullable=False)
108
109 This column is intelligent so if value is in unencrypted form it return
110 unencrypted form, but on save it always encrypts
111 """
112 impl = Text
113
114 def process_bind_param(self, value, dialect):
115 if not value:
116 return value
117 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
118 # protect against double encrypting if someone manually starts
119 # doing
120 raise ValueError('value needs to be in unencrypted format, ie. '
121 'not starting with enc$aes')
122 return 'enc$aes_hmac$%s' % AESCipher(
123 ENCRYPTION_KEY, hmac=True).encrypt(value)
124
125 def process_result_value(self, value, dialect):
126 import rhodecode
127
128 if not value:
129 return value
130
131 parts = value.split('$', 3)
132 if not len(parts) == 3:
133 # probably not encrypted values
134 return value
135 else:
136 if parts[0] != 'enc':
137 # parts ok but without our header ?
138 return value
139 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
140 'rhodecode.encrypted_values.strict') or True)
141 # at that stage we know it's our encryption
142 if parts[1] == 'aes':
143 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
144 elif parts[1] == 'aes_hmac':
145 decrypted_data = AESCipher(
146 ENCRYPTION_KEY, hmac=True,
147 strict_verification=enc_strict_mode).decrypt(parts[2])
148 else:
149 raise ValueError(
150 'Encryption type part is wrong, must be `aes` '
151 'or `aes_hmac`, got `%s` instead' % (parts[1]))
152 return decrypted_data
153
154
155 class BaseModel(object):
156 """
157 Base Model for all classes
158 """
159
160 @classmethod
161 def _get_keys(cls):
162 """return column names for this model """
163 return class_mapper(cls).c.keys()
164
165 def get_dict(self):
166 """
167 return dict with keys and values corresponding
168 to this model data """
169
170 d = {}
171 for k in self._get_keys():
172 d[k] = getattr(self, k)
173
174 # also use __json__() if present to get additional fields
175 _json_attr = getattr(self, '__json__', None)
176 if _json_attr:
177 # update with attributes from __json__
178 if callable(_json_attr):
179 _json_attr = _json_attr()
180 for k, val in _json_attr.iteritems():
181 d[k] = val
182 return d
183
184 def get_appstruct(self):
185 """return list with keys and values tuples corresponding
186 to this model data """
187
188 l = []
189 for k in self._get_keys():
190 l.append((k, getattr(self, k),))
191 return l
192
193 def populate_obj(self, populate_dict):
194 """populate model with data from given populate_dict"""
195
196 for k in self._get_keys():
197 if k in populate_dict:
198 setattr(self, k, populate_dict[k])
199
200 @classmethod
201 def query(cls):
202 return Session().query(cls)
203
204 @classmethod
205 def get(cls, id_):
206 if id_:
207 return cls.query().get(id_)
208
209 @classmethod
210 def get_or_404(cls, id_):
211 from pyramid.httpexceptions import HTTPNotFound
212
213 try:
214 id_ = int(id_)
215 except (TypeError, ValueError):
216 raise HTTPNotFound()
217
218 res = cls.query().get(id_)
219 if not res:
220 raise HTTPNotFound()
221 return res
222
223 @classmethod
224 def getAll(cls):
225 # deprecated and left for backward compatibility
226 return cls.get_all()
227
228 @classmethod
229 def get_all(cls):
230 return cls.query().all()
231
232 @classmethod
233 def delete(cls, id_):
234 obj = cls.query().get(id_)
235 Session().delete(obj)
236
237 @classmethod
238 def identity_cache(cls, session, attr_name, value):
239 exist_in_session = []
240 for (item_cls, pkey), instance in session.identity_map.items():
241 if cls == item_cls and getattr(instance, attr_name) == value:
242 exist_in_session.append(instance)
243 if exist_in_session:
244 if len(exist_in_session) == 1:
245 return exist_in_session[0]
246 log.exception(
247 'multiple objects with attr %s and '
248 'value %s found with same name: %r',
249 attr_name, value, exist_in_session)
250
251 def __repr__(self):
252 if hasattr(self, '__unicode__'):
253 # python repr needs to return str
254 try:
255 return safe_str(self.__unicode__())
256 except UnicodeDecodeError:
257 pass
258 return '<DB:%s>' % (self.__class__.__name__)
259
260
261 class RhodeCodeSetting(Base, BaseModel):
262 __tablename__ = 'rhodecode_settings'
263 __table_args__ = (
264 UniqueConstraint('app_settings_name'),
265 {'extend_existing': True, 'mysql_engine': 'InnoDB',
266 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
267 )
268
269 SETTINGS_TYPES = {
270 'str': safe_str,
271 'int': safe_int,
272 'unicode': safe_unicode,
273 'bool': str2bool,
274 'list': functools.partial(aslist, sep=',')
275 }
276 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
277 GLOBAL_CONF_KEY = 'app_settings'
278
279 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
280 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
281 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
282 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
283
284 def __init__(self, key='', val='', type='unicode'):
285 self.app_settings_name = key
286 self.app_settings_type = type
287 self.app_settings_value = val
288
289 @validates('_app_settings_value')
290 def validate_settings_value(self, key, val):
291 assert type(val) == unicode
292 return val
293
294 @hybrid_property
295 def app_settings_value(self):
296 v = self._app_settings_value
297 _type = self.app_settings_type
298 if _type:
299 _type = self.app_settings_type.split('.')[0]
300 # decode the encrypted value
301 if 'encrypted' in self.app_settings_type:
302 cipher = EncryptedTextValue()
303 v = safe_unicode(cipher.process_result_value(v, None))
304
305 converter = self.SETTINGS_TYPES.get(_type) or \
306 self.SETTINGS_TYPES['unicode']
307 return converter(v)
308
309 @app_settings_value.setter
310 def app_settings_value(self, val):
311 """
312 Setter that will always make sure we use unicode in app_settings_value
313
314 :param val:
315 """
316 val = safe_unicode(val)
317 # encode the encrypted value
318 if 'encrypted' in self.app_settings_type:
319 cipher = EncryptedTextValue()
320 val = safe_unicode(cipher.process_bind_param(val, None))
321 self._app_settings_value = val
322
323 @hybrid_property
324 def app_settings_type(self):
325 return self._app_settings_type
326
327 @app_settings_type.setter
328 def app_settings_type(self, val):
329 if val.split('.')[0] not in self.SETTINGS_TYPES:
330 raise Exception('type must be one of %s got %s'
331 % (self.SETTINGS_TYPES.keys(), val))
332 self._app_settings_type = val
333
334 def __unicode__(self):
335 return u"<%s('%s:%s[%s]')>" % (
336 self.__class__.__name__,
337 self.app_settings_name, self.app_settings_value,
338 self.app_settings_type
339 )
340
341
342 class RhodeCodeUi(Base, BaseModel):
343 __tablename__ = 'rhodecode_ui'
344 __table_args__ = (
345 UniqueConstraint('ui_key'),
346 {'extend_existing': True, 'mysql_engine': 'InnoDB',
347 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
348 )
349
350 HOOK_REPO_SIZE = 'changegroup.repo_size'
351 # HG
352 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
353 HOOK_PULL = 'outgoing.pull_logger'
354 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
355 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
356 HOOK_PUSH = 'changegroup.push_logger'
357 HOOK_PUSH_KEY = 'pushkey.key_push'
358
359 # TODO: johbo: Unify way how hooks are configured for git and hg,
360 # git part is currently hardcoded.
361
362 # SVN PATTERNS
363 SVN_BRANCH_ID = 'vcs_svn_branch'
364 SVN_TAG_ID = 'vcs_svn_tag'
365
366 ui_id = Column(
367 "ui_id", Integer(), nullable=False, unique=True, default=None,
368 primary_key=True)
369 ui_section = Column(
370 "ui_section", String(255), nullable=True, unique=None, default=None)
371 ui_key = Column(
372 "ui_key", String(255), nullable=True, unique=None, default=None)
373 ui_value = Column(
374 "ui_value", String(255), nullable=True, unique=None, default=None)
375 ui_active = Column(
376 "ui_active", Boolean(), nullable=True, unique=None, default=True)
377
378 def __repr__(self):
379 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
380 self.ui_key, self.ui_value)
381
382
383 class RepoRhodeCodeSetting(Base, BaseModel):
384 __tablename__ = 'repo_rhodecode_settings'
385 __table_args__ = (
386 UniqueConstraint(
387 'app_settings_name', 'repository_id',
388 name='uq_repo_rhodecode_setting_name_repo_id'),
389 {'extend_existing': True, 'mysql_engine': 'InnoDB',
390 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
391 )
392
393 repository_id = Column(
394 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
395 nullable=False)
396 app_settings_id = Column(
397 "app_settings_id", Integer(), nullable=False, unique=True,
398 default=None, primary_key=True)
399 app_settings_name = Column(
400 "app_settings_name", String(255), nullable=True, unique=None,
401 default=None)
402 _app_settings_value = Column(
403 "app_settings_value", String(4096), nullable=True, unique=None,
404 default=None)
405 _app_settings_type = Column(
406 "app_settings_type", String(255), nullable=True, unique=None,
407 default=None)
408
409 repository = relationship('Repository')
410
411 def __init__(self, repository_id, key='', val='', type='unicode'):
412 self.repository_id = repository_id
413 self.app_settings_name = key
414 self.app_settings_type = type
415 self.app_settings_value = val
416
417 @validates('_app_settings_value')
418 def validate_settings_value(self, key, val):
419 assert type(val) == unicode
420 return val
421
422 @hybrid_property
423 def app_settings_value(self):
424 v = self._app_settings_value
425 type_ = self.app_settings_type
426 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
427 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
428 return converter(v)
429
430 @app_settings_value.setter
431 def app_settings_value(self, val):
432 """
433 Setter that will always make sure we use unicode in app_settings_value
434
435 :param val:
436 """
437 self._app_settings_value = safe_unicode(val)
438
439 @hybrid_property
440 def app_settings_type(self):
441 return self._app_settings_type
442
443 @app_settings_type.setter
444 def app_settings_type(self, val):
445 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
446 if val not in SETTINGS_TYPES:
447 raise Exception('type must be one of %s got %s'
448 % (SETTINGS_TYPES.keys(), val))
449 self._app_settings_type = val
450
451 def __unicode__(self):
452 return u"<%s('%s:%s:%s[%s]')>" % (
453 self.__class__.__name__, self.repository.repo_name,
454 self.app_settings_name, self.app_settings_value,
455 self.app_settings_type
456 )
457
458
459 class RepoRhodeCodeUi(Base, BaseModel):
460 __tablename__ = 'repo_rhodecode_ui'
461 __table_args__ = (
462 UniqueConstraint(
463 'repository_id', 'ui_section', 'ui_key',
464 name='uq_repo_rhodecode_ui_repository_id_section_key'),
465 {'extend_existing': True, 'mysql_engine': 'InnoDB',
466 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
467 )
468
469 repository_id = Column(
470 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
471 nullable=False)
472 ui_id = Column(
473 "ui_id", Integer(), nullable=False, unique=True, default=None,
474 primary_key=True)
475 ui_section = Column(
476 "ui_section", String(255), nullable=True, unique=None, default=None)
477 ui_key = Column(
478 "ui_key", String(255), nullable=True, unique=None, default=None)
479 ui_value = Column(
480 "ui_value", String(255), nullable=True, unique=None, default=None)
481 ui_active = Column(
482 "ui_active", Boolean(), nullable=True, unique=None, default=True)
483
484 repository = relationship('Repository')
485
486 def __repr__(self):
487 return '<%s[%s:%s]%s=>%s]>' % (
488 self.__class__.__name__, self.repository.repo_name,
489 self.ui_section, self.ui_key, self.ui_value)
490
491
492 class User(Base, BaseModel):
493 __tablename__ = 'users'
494 __table_args__ = (
495 UniqueConstraint('username'), UniqueConstraint('email'),
496 Index('u_username_idx', 'username'),
497 Index('u_email_idx', 'email'),
498 {'extend_existing': True, 'mysql_engine': 'InnoDB',
499 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
500 )
501 DEFAULT_USER = 'default'
502 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
503 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
504
505 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
506 username = Column("username", String(255), nullable=True, unique=None, default=None)
507 password = Column("password", String(255), nullable=True, unique=None, default=None)
508 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
509 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
510 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
511 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
512 _email = Column("email", String(255), nullable=True, unique=None, default=None)
513 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
514 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
515
516 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
517 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
518 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
519 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
520 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
521 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
522
523 user_log = relationship('UserLog')
524 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
525
526 repositories = relationship('Repository')
527 repository_groups = relationship('RepoGroup')
528 user_groups = relationship('UserGroup')
529
530 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
531 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
532
533 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
534 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
535 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
536
537 group_member = relationship('UserGroupMember', cascade='all')
538
539 notifications = relationship('UserNotification', cascade='all')
540 # notifications assigned to this user
541 user_created_notifications = relationship('Notification', cascade='all')
542 # comments created by this user
543 user_comments = relationship('ChangesetComment', cascade='all')
544 # user profile extra info
545 user_emails = relationship('UserEmailMap', cascade='all')
546 user_ip_map = relationship('UserIpMap', cascade='all')
547 user_auth_tokens = relationship('UserApiKeys', cascade='all')
548 user_ssh_keys = relationship('UserSshKeys', cascade='all')
549
550 # gists
551 user_gists = relationship('Gist', cascade='all')
552 # user pull requests
553 user_pull_requests = relationship('PullRequest', cascade='all')
554 # external identities
555 extenal_identities = relationship(
556 'ExternalIdentity',
557 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
558 cascade='all')
559
560 def __unicode__(self):
561 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
562 self.user_id, self.username)
563
564 @hybrid_property
565 def email(self):
566 return self._email
567
568 @email.setter
569 def email(self, val):
570 self._email = val.lower() if val else None
571
572 @hybrid_property
573 def first_name(self):
574 from rhodecode.lib import helpers as h
575 if self.name:
576 return h.escape(self.name)
577 return self.name
578
579 @hybrid_property
580 def last_name(self):
581 from rhodecode.lib import helpers as h
582 if self.lastname:
583 return h.escape(self.lastname)
584 return self.lastname
585
586 @hybrid_property
587 def api_key(self):
588 """
589 Fetch if exist an auth-token with role ALL connected to this user
590 """
591 user_auth_token = UserApiKeys.query()\
592 .filter(UserApiKeys.user_id == self.user_id)\
593 .filter(or_(UserApiKeys.expires == -1,
594 UserApiKeys.expires >= time.time()))\
595 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
596 if user_auth_token:
597 user_auth_token = user_auth_token.api_key
598
599 return user_auth_token
600
601 @api_key.setter
602 def api_key(self, val):
603 # don't allow to set API key this is deprecated for now
604 self._api_key = None
605
606 @property
607 def reviewer_pull_requests(self):
608 return PullRequestReviewers.query() \
609 .options(joinedload(PullRequestReviewers.pull_request)) \
610 .filter(PullRequestReviewers.user_id == self.user_id) \
611 .all()
612
613 @property
614 def firstname(self):
615 # alias for future
616 return self.name
617
618 @property
619 def emails(self):
620 other = UserEmailMap.query()\
621 .filter(UserEmailMap.user == self) \
622 .order_by(UserEmailMap.email_id.asc()) \
623 .all()
624 return [self.email] + [x.email for x in other]
625
626 @property
627 def auth_tokens(self):
628 auth_tokens = self.get_auth_tokens()
629 return [x.api_key for x in auth_tokens]
630
631 def get_auth_tokens(self):
632 return UserApiKeys.query()\
633 .filter(UserApiKeys.user == self)\
634 .order_by(UserApiKeys.user_api_key_id.asc())\
635 .all()
636
637 @property
638 def feed_token(self):
639 return self.get_feed_token()
640
641 def get_feed_token(self):
642 feed_tokens = UserApiKeys.query()\
643 .filter(UserApiKeys.user == self)\
644 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)\
645 .all()
646 if feed_tokens:
647 return feed_tokens[0].api_key
648 return 'NO_FEED_TOKEN_AVAILABLE'
649
650 @classmethod
651 def extra_valid_auth_tokens(cls, user, role=None):
652 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
653 .filter(or_(UserApiKeys.expires == -1,
654 UserApiKeys.expires >= time.time()))
655 if role:
656 tokens = tokens.filter(or_(UserApiKeys.role == role,
657 UserApiKeys.role == UserApiKeys.ROLE_ALL))
658 return tokens.all()
659
660 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
661 from rhodecode.lib import auth
662
663 log.debug('Trying to authenticate user: %s via auth-token, '
664 'and roles: %s', self, roles)
665
666 if not auth_token:
667 return False
668
669 crypto_backend = auth.crypto_backend()
670
671 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
672 tokens_q = UserApiKeys.query()\
673 .filter(UserApiKeys.user_id == self.user_id)\
674 .filter(or_(UserApiKeys.expires == -1,
675 UserApiKeys.expires >= time.time()))
676
677 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
678
679 plain_tokens = []
680 hash_tokens = []
681
682 for token in tokens_q.all():
683 # verify scope first
684 if token.repo_id:
685 # token has a scope, we need to verify it
686 if scope_repo_id != token.repo_id:
687 log.debug(
688 'Scope mismatch: token has a set repo scope: %s, '
689 'and calling scope is:%s, skipping further checks',
690 token.repo, scope_repo_id)
691 # token has a scope, and it doesn't match, skip token
692 continue
693
694 if token.api_key.startswith(crypto_backend.ENC_PREF):
695 hash_tokens.append(token.api_key)
696 else:
697 plain_tokens.append(token.api_key)
698
699 is_plain_match = auth_token in plain_tokens
700 if is_plain_match:
701 return True
702
703 for hashed in hash_tokens:
704 # TODO(marcink): this is expensive to calculate, but most secure
705 match = crypto_backend.hash_check(auth_token, hashed)
706 if match:
707 return True
708
709 return False
710
711 @property
712 def ip_addresses(self):
713 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
714 return [x.ip_addr for x in ret]
715
716 @property
717 def username_and_name(self):
718 return '%s (%s %s)' % (self.username, self.first_name, self.last_name)
719
720 @property
721 def username_or_name_or_email(self):
722 full_name = self.full_name if self.full_name is not ' ' else None
723 return self.username or full_name or self.email
724
725 @property
726 def full_name(self):
727 return '%s %s' % (self.first_name, self.last_name)
728
729 @property
730 def full_name_or_username(self):
731 return ('%s %s' % (self.first_name, self.last_name)
732 if (self.first_name and self.last_name) else self.username)
733
734 @property
735 def full_contact(self):
736 return '%s %s <%s>' % (self.first_name, self.last_name, self.email)
737
738 @property
739 def short_contact(self):
740 return '%s %s' % (self.first_name, self.last_name)
741
742 @property
743 def is_admin(self):
744 return self.admin
745
746 @property
747 def AuthUser(self):
748 """
749 Returns instance of AuthUser for this user
750 """
751 from rhodecode.lib.auth import AuthUser
752 return AuthUser(user_id=self.user_id, username=self.username)
753
754 @hybrid_property
755 def user_data(self):
756 if not self._user_data:
757 return {}
758
759 try:
760 return json.loads(self._user_data)
761 except TypeError:
762 return {}
763
764 @user_data.setter
765 def user_data(self, val):
766 if not isinstance(val, dict):
767 raise Exception('user_data must be dict, got %s' % type(val))
768 try:
769 self._user_data = json.dumps(val)
770 except Exception:
771 log.error(traceback.format_exc())
772
773 @classmethod
774 def get_by_username(cls, username, case_insensitive=False,
775 cache=False, identity_cache=False):
776 session = Session()
777
778 if case_insensitive:
779 q = cls.query().filter(
780 func.lower(cls.username) == func.lower(username))
781 else:
782 q = cls.query().filter(cls.username == username)
783
784 if cache:
785 if identity_cache:
786 val = cls.identity_cache(session, 'username', username)
787 if val:
788 return val
789 else:
790 cache_key = "get_user_by_name_%s" % _hash_key(username)
791 q = q.options(
792 FromCache("sql_cache_short", cache_key))
793
794 return q.scalar()
795
796 @classmethod
797 def get_by_auth_token(cls, auth_token, cache=False):
798 q = UserApiKeys.query()\
799 .filter(UserApiKeys.api_key == auth_token)\
800 .filter(or_(UserApiKeys.expires == -1,
801 UserApiKeys.expires >= time.time()))
802 if cache:
803 q = q.options(
804 FromCache("sql_cache_short", "get_auth_token_%s" % auth_token))
805
806 match = q.first()
807 if match:
808 return match.user
809
810 @classmethod
811 def get_by_email(cls, email, case_insensitive=False, cache=False):
812
813 if case_insensitive:
814 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
815
816 else:
817 q = cls.query().filter(cls.email == email)
818
819 email_key = _hash_key(email)
820 if cache:
821 q = q.options(
822 FromCache("sql_cache_short", "get_email_key_%s" % email_key))
823
824 ret = q.scalar()
825 if ret is None:
826 q = UserEmailMap.query()
827 # try fetching in alternate email map
828 if case_insensitive:
829 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
830 else:
831 q = q.filter(UserEmailMap.email == email)
832 q = q.options(joinedload(UserEmailMap.user))
833 if cache:
834 q = q.options(
835 FromCache("sql_cache_short", "get_email_map_key_%s" % email_key))
836 ret = getattr(q.scalar(), 'user', None)
837
838 return ret
839
840 @classmethod
841 def get_from_cs_author(cls, author):
842 """
843 Tries to get User objects out of commit author string
844
845 :param author:
846 """
847 from rhodecode.lib.helpers import email, author_name
848 # Valid email in the attribute passed, see if they're in the system
849 _email = email(author)
850 if _email:
851 user = cls.get_by_email(_email, case_insensitive=True)
852 if user:
853 return user
854 # Maybe we can match by username?
855 _author = author_name(author)
856 user = cls.get_by_username(_author, case_insensitive=True)
857 if user:
858 return user
859
860 def update_userdata(self, **kwargs):
861 usr = self
862 old = usr.user_data
863 old.update(**kwargs)
864 usr.user_data = old
865 Session().add(usr)
866 log.debug('updated userdata with ', kwargs)
867
868 def update_lastlogin(self):
869 """Update user lastlogin"""
870 self.last_login = datetime.datetime.now()
871 Session().add(self)
872 log.debug('updated user %s lastlogin', self.username)
873
874 def update_lastactivity(self):
875 """Update user lastactivity"""
876 self.last_activity = datetime.datetime.now()
877 Session().add(self)
878 log.debug('updated user %s lastactivity', self.username)
879
880 def update_password(self, new_password):
881 from rhodecode.lib.auth import get_crypt_password
882
883 self.password = get_crypt_password(new_password)
884 Session().add(self)
885
886 @classmethod
887 def get_first_super_admin(cls):
888 user = User.query().filter(User.admin == true()).first()
889 if user is None:
890 raise Exception('FATAL: Missing administrative account!')
891 return user
892
893 @classmethod
894 def get_all_super_admins(cls):
895 """
896 Returns all admin accounts sorted by username
897 """
898 return User.query().filter(User.admin == true())\
899 .order_by(User.username.asc()).all()
900
901 @classmethod
902 def get_default_user(cls, cache=False, refresh=False):
903 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
904 if user is None:
905 raise Exception('FATAL: Missing default account!')
906 if refresh:
907 # The default user might be based on outdated state which
908 # has been loaded from the cache.
909 # A call to refresh() ensures that the
910 # latest state from the database is used.
911 Session().refresh(user)
912 return user
913
914 def _get_default_perms(self, user, suffix=''):
915 from rhodecode.model.permission import PermissionModel
916 return PermissionModel().get_default_perms(user.user_perms, suffix)
917
918 def get_default_perms(self, suffix=''):
919 return self._get_default_perms(self, suffix)
920
921 def get_api_data(self, include_secrets=False, details='full'):
922 """
923 Common function for generating user related data for API
924
925 :param include_secrets: By default secrets in the API data will be replaced
926 by a placeholder value to prevent exposing this data by accident. In case
927 this data shall be exposed, set this flag to ``True``.
928
929 :param details: details can be 'basic|full' basic gives only a subset of
930 the available user information that includes user_id, name and emails.
931 """
932 user = self
933 user_data = self.user_data
934 data = {
935 'user_id': user.user_id,
936 'username': user.username,
937 'firstname': user.name,
938 'lastname': user.lastname,
939 'email': user.email,
940 'emails': user.emails,
941 }
942 if details == 'basic':
943 return data
944
945 auth_token_length = 40
946 auth_token_replacement = '*' * auth_token_length
947
948 extras = {
949 'auth_tokens': [auth_token_replacement],
950 'active': user.active,
951 'admin': user.admin,
952 'extern_type': user.extern_type,
953 'extern_name': user.extern_name,
954 'last_login': user.last_login,
955 'last_activity': user.last_activity,
956 'ip_addresses': user.ip_addresses,
957 'language': user_data.get('language')
958 }
959 data.update(extras)
960
961 if include_secrets:
962 data['auth_tokens'] = user.auth_tokens
963 return data
964
965 def __json__(self):
966 data = {
967 'full_name': self.full_name,
968 'full_name_or_username': self.full_name_or_username,
969 'short_contact': self.short_contact,
970 'full_contact': self.full_contact,
971 }
972 data.update(self.get_api_data())
973 return data
974
975
976 class UserApiKeys(Base, BaseModel):
977 __tablename__ = 'user_api_keys'
978 __table_args__ = (
979 Index('uak_api_key_idx', 'api_key', unique=True),
980 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
981 {'extend_existing': True, 'mysql_engine': 'InnoDB',
982 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
983 )
984 __mapper_args__ = {}
985
986 # ApiKey role
987 ROLE_ALL = 'token_role_all'
988 ROLE_HTTP = 'token_role_http'
989 ROLE_VCS = 'token_role_vcs'
990 ROLE_API = 'token_role_api'
991 ROLE_FEED = 'token_role_feed'
992 ROLE_PASSWORD_RESET = 'token_password_reset'
993
994 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
995
996 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
997 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
998 api_key = Column("api_key", String(255), nullable=False, unique=True)
999 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1000 expires = Column('expires', Float(53), nullable=False)
1001 role = Column('role', String(255), nullable=True)
1002 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1003
1004 # scope columns
1005 repo_id = Column(
1006 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
1007 nullable=True, unique=None, default=None)
1008 repo = relationship('Repository', lazy='joined')
1009
1010 repo_group_id = Column(
1011 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
1012 nullable=True, unique=None, default=None)
1013 repo_group = relationship('RepoGroup', lazy='joined')
1014
1015 user = relationship('User', lazy='joined')
1016
1017 def __unicode__(self):
1018 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
1019
1020 def __json__(self):
1021 data = {
1022 'auth_token': self.api_key,
1023 'role': self.role,
1024 'scope': self.scope_humanized,
1025 'expired': self.expired
1026 }
1027 return data
1028
1029 def get_api_data(self, include_secrets=False):
1030 data = self.__json__()
1031 if include_secrets:
1032 return data
1033 else:
1034 data['auth_token'] = self.token_obfuscated
1035 return data
1036
1037 @hybrid_property
1038 def description_safe(self):
1039 from rhodecode.lib import helpers as h
1040 return h.escape(self.description)
1041
1042 @property
1043 def expired(self):
1044 if self.expires == -1:
1045 return False
1046 return time.time() > self.expires
1047
1048 @classmethod
1049 def _get_role_name(cls, role):
1050 return {
1051 cls.ROLE_ALL: _('all'),
1052 cls.ROLE_HTTP: _('http/web interface'),
1053 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1054 cls.ROLE_API: _('api calls'),
1055 cls.ROLE_FEED: _('feed access'),
1056 }.get(role, role)
1057
1058 @property
1059 def role_humanized(self):
1060 return self._get_role_name(self.role)
1061
1062 def _get_scope(self):
1063 if self.repo:
1064 return repr(self.repo)
1065 if self.repo_group:
1066 return repr(self.repo_group) + ' (recursive)'
1067 return 'global'
1068
1069 @property
1070 def scope_humanized(self):
1071 return self._get_scope()
1072
1073 @property
1074 def token_obfuscated(self):
1075 if self.api_key:
1076 return self.api_key[:4] + "****"
1077
1078
1079 class UserEmailMap(Base, BaseModel):
1080 __tablename__ = 'user_email_map'
1081 __table_args__ = (
1082 Index('uem_email_idx', 'email'),
1083 UniqueConstraint('email'),
1084 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1085 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1086 )
1087 __mapper_args__ = {}
1088
1089 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1090 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1091 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1092 user = relationship('User', lazy='joined')
1093
1094 @validates('_email')
1095 def validate_email(self, key, email):
1096 # check if this email is not main one
1097 main_email = Session().query(User).filter(User.email == email).scalar()
1098 if main_email is not None:
1099 raise AttributeError('email %s is present is user table' % email)
1100 return email
1101
1102 @hybrid_property
1103 def email(self):
1104 return self._email
1105
1106 @email.setter
1107 def email(self, val):
1108 self._email = val.lower() if val else None
1109
1110
1111 class UserIpMap(Base, BaseModel):
1112 __tablename__ = 'user_ip_map'
1113 __table_args__ = (
1114 UniqueConstraint('user_id', 'ip_addr'),
1115 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1116 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1117 )
1118 __mapper_args__ = {}
1119
1120 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1121 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1122 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1123 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1124 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1125 user = relationship('User', lazy='joined')
1126
1127 @hybrid_property
1128 def description_safe(self):
1129 from rhodecode.lib import helpers as h
1130 return h.escape(self.description)
1131
1132 @classmethod
1133 def _get_ip_range(cls, ip_addr):
1134 net = ipaddress.ip_network(safe_unicode(ip_addr), strict=False)
1135 return [str(net.network_address), str(net.broadcast_address)]
1136
1137 def __json__(self):
1138 return {
1139 'ip_addr': self.ip_addr,
1140 'ip_range': self._get_ip_range(self.ip_addr),
1141 }
1142
1143 def __unicode__(self):
1144 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1145 self.user_id, self.ip_addr)
1146
1147
1148 class UserSshKeys(Base, BaseModel):
1149 __tablename__ = 'user_ssh_keys'
1150 __table_args__ = (
1151 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1152 UniqueConstraint('ssh_key_fingerprint'),
1153
1154 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1155 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1156 )
1157 __mapper_args__ = {}
1158
1159 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1160 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1161 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(1024), nullable=False, unique=None, default=None)
1162
1163 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1164
1165 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1166 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1167 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1168
1169 user = relationship('User', lazy='joined')
1170
1171 def __json__(self):
1172 data = {
1173 'ssh_fingerprint': self.ssh_key_fingerprint,
1174 'description': self.description,
1175 'created_on': self.created_on
1176 }
1177 return data
1178
1179 def get_api_data(self):
1180 data = self.__json__()
1181 return data
1182
1183
1184 class UserLog(Base, BaseModel):
1185 __tablename__ = 'user_logs'
1186 __table_args__ = (
1187 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1188 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1189 )
1190 VERSION_1 = 'v1'
1191 VERSION_2 = 'v2'
1192 VERSIONS = [VERSION_1, VERSION_2]
1193
1194 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1195 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1196 username = Column("username", String(255), nullable=True, unique=None, default=None)
1197 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True)
1198 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1199 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1200 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1201 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1202
1203 version = Column("version", String(255), nullable=True, default=VERSION_1)
1204 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
1205 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
1206
1207 def __unicode__(self):
1208 return u"<%s('id:%s:%s')>" % (
1209 self.__class__.__name__, self.repository_name, self.action)
1210
1211 def __json__(self):
1212 return {
1213 'user_id': self.user_id,
1214 'username': self.username,
1215 'repository_id': self.repository_id,
1216 'repository_name': self.repository_name,
1217 'user_ip': self.user_ip,
1218 'action_date': self.action_date,
1219 'action': self.action,
1220 }
1221
1222 @property
1223 def action_as_day(self):
1224 return datetime.date(*self.action_date.timetuple()[:3])
1225
1226 user = relationship('User')
1227 repository = relationship('Repository', cascade='')
1228
1229
1230 class UserGroup(Base, BaseModel):
1231 __tablename__ = 'users_groups'
1232 __table_args__ = (
1233 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1234 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1235 )
1236
1237 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1238 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1239 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1240 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1241 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1242 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1243 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1244 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1245
1246 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1247 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1248 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1249 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1250 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1251 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1252
1253 user = relationship('User', primaryjoin="User.user_id==UserGroup.user_id")
1254
1255 @classmethod
1256 def _load_group_data(cls, column):
1257 if not column:
1258 return {}
1259
1260 try:
1261 return json.loads(column) or {}
1262 except TypeError:
1263 return {}
1264
1265 @hybrid_property
1266 def description_safe(self):
1267 from rhodecode.lib import helpers as h
1268 return h.escape(self.description)
1269
1270 @hybrid_property
1271 def group_data(self):
1272 return self._load_group_data(self._group_data)
1273
1274 @group_data.expression
1275 def group_data(self, **kwargs):
1276 return self._group_data
1277
1278 @group_data.setter
1279 def group_data(self, val):
1280 try:
1281 self._group_data = json.dumps(val)
1282 except Exception:
1283 log.error(traceback.format_exc())
1284
1285 def __unicode__(self):
1286 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1287 self.users_group_id,
1288 self.users_group_name)
1289
1290 @classmethod
1291 def get_by_group_name(cls, group_name, cache=False,
1292 case_insensitive=False):
1293 if case_insensitive:
1294 q = cls.query().filter(func.lower(cls.users_group_name) ==
1295 func.lower(group_name))
1296
1297 else:
1298 q = cls.query().filter(cls.users_group_name == group_name)
1299 if cache:
1300 q = q.options(
1301 FromCache("sql_cache_short", "get_group_%s" % _hash_key(group_name)))
1302 return q.scalar()
1303
1304 @classmethod
1305 def get(cls, user_group_id, cache=False):
1306 user_group = cls.query()
1307 if cache:
1308 user_group = user_group.options(
1309 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1310 return user_group.get(user_group_id)
1311
1312 def permissions(self, with_admins=True, with_owner=True):
1313 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1314 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1315 joinedload(UserUserGroupToPerm.user),
1316 joinedload(UserUserGroupToPerm.permission),)
1317
1318 # get owners and admins and permissions. We do a trick of re-writing
1319 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1320 # has a global reference and changing one object propagates to all
1321 # others. This means if admin is also an owner admin_row that change
1322 # would propagate to both objects
1323 perm_rows = []
1324 for _usr in q.all():
1325 usr = AttributeDict(_usr.user.get_dict())
1326 usr.permission = _usr.permission.permission_name
1327 perm_rows.append(usr)
1328
1329 # filter the perm rows by 'default' first and then sort them by
1330 # admin,write,read,none permissions sorted again alphabetically in
1331 # each group
1332 perm_rows = sorted(perm_rows, key=display_sort)
1333
1334 _admin_perm = 'usergroup.admin'
1335 owner_row = []
1336 if with_owner:
1337 usr = AttributeDict(self.user.get_dict())
1338 usr.owner_row = True
1339 usr.permission = _admin_perm
1340 owner_row.append(usr)
1341
1342 super_admin_rows = []
1343 if with_admins:
1344 for usr in User.get_all_super_admins():
1345 # if this admin is also owner, don't double the record
1346 if usr.user_id == owner_row[0].user_id:
1347 owner_row[0].admin_row = True
1348 else:
1349 usr = AttributeDict(usr.get_dict())
1350 usr.admin_row = True
1351 usr.permission = _admin_perm
1352 super_admin_rows.append(usr)
1353
1354 return super_admin_rows + owner_row + perm_rows
1355
1356 def permission_user_groups(self):
1357 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1358 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1359 joinedload(UserGroupUserGroupToPerm.target_user_group),
1360 joinedload(UserGroupUserGroupToPerm.permission),)
1361
1362 perm_rows = []
1363 for _user_group in q.all():
1364 usr = AttributeDict(_user_group.user_group.get_dict())
1365 usr.permission = _user_group.permission.permission_name
1366 perm_rows.append(usr)
1367
1368 return perm_rows
1369
1370 def _get_default_perms(self, user_group, suffix=''):
1371 from rhodecode.model.permission import PermissionModel
1372 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1373
1374 def get_default_perms(self, suffix=''):
1375 return self._get_default_perms(self, suffix)
1376
1377 def get_api_data(self, with_group_members=True, include_secrets=False):
1378 """
1379 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1380 basically forwarded.
1381
1382 """
1383 user_group = self
1384 data = {
1385 'users_group_id': user_group.users_group_id,
1386 'group_name': user_group.users_group_name,
1387 'group_description': user_group.user_group_description,
1388 'active': user_group.users_group_active,
1389 'owner': user_group.user.username,
1390 'owner_email': user_group.user.email,
1391 }
1392
1393 if with_group_members:
1394 users = []
1395 for user in user_group.members:
1396 user = user.user
1397 users.append(user.get_api_data(include_secrets=include_secrets))
1398 data['users'] = users
1399
1400 return data
1401
1402
1403 class UserGroupMember(Base, BaseModel):
1404 __tablename__ = 'users_groups_members'
1405 __table_args__ = (
1406 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1407 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1408 )
1409
1410 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1411 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1412 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1413
1414 user = relationship('User', lazy='joined')
1415 users_group = relationship('UserGroup')
1416
1417 def __init__(self, gr_id='', u_id=''):
1418 self.users_group_id = gr_id
1419 self.user_id = u_id
1420
1421
1422 class RepositoryField(Base, BaseModel):
1423 __tablename__ = 'repositories_fields'
1424 __table_args__ = (
1425 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1426 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1427 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1428 )
1429 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1430
1431 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1432 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1433 field_key = Column("field_key", String(250))
1434 field_label = Column("field_label", String(1024), nullable=False)
1435 field_value = Column("field_value", String(10000), nullable=False)
1436 field_desc = Column("field_desc", String(1024), nullable=False)
1437 field_type = Column("field_type", String(255), nullable=False, unique=None)
1438 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1439
1440 repository = relationship('Repository')
1441
1442 @property
1443 def field_key_prefixed(self):
1444 return 'ex_%s' % self.field_key
1445
1446 @classmethod
1447 def un_prefix_key(cls, key):
1448 if key.startswith(cls.PREFIX):
1449 return key[len(cls.PREFIX):]
1450 return key
1451
1452 @classmethod
1453 def get_by_key_name(cls, key, repo):
1454 row = cls.query()\
1455 .filter(cls.repository == repo)\
1456 .filter(cls.field_key == key).scalar()
1457 return row
1458
1459
1460 class Repository(Base, BaseModel):
1461 __tablename__ = 'repositories'
1462 __table_args__ = (
1463 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1464 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1465 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1466 )
1467 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1468 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1469
1470 STATE_CREATED = 'repo_state_created'
1471 STATE_PENDING = 'repo_state_pending'
1472 STATE_ERROR = 'repo_state_error'
1473
1474 LOCK_AUTOMATIC = 'lock_auto'
1475 LOCK_API = 'lock_api'
1476 LOCK_WEB = 'lock_web'
1477 LOCK_PULL = 'lock_pull'
1478
1479 NAME_SEP = URL_SEP
1480
1481 repo_id = Column(
1482 "repo_id", Integer(), nullable=False, unique=True, default=None,
1483 primary_key=True)
1484 _repo_name = Column(
1485 "repo_name", Text(), nullable=False, default=None)
1486 _repo_name_hash = Column(
1487 "repo_name_hash", String(255), nullable=False, unique=True)
1488 repo_state = Column("repo_state", String(255), nullable=True)
1489
1490 clone_uri = Column(
1491 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1492 default=None)
1493 repo_type = Column(
1494 "repo_type", String(255), nullable=False, unique=False, default=None)
1495 user_id = Column(
1496 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1497 unique=False, default=None)
1498 private = Column(
1499 "private", Boolean(), nullable=True, unique=None, default=None)
1500 enable_statistics = Column(
1501 "statistics", Boolean(), nullable=True, unique=None, default=True)
1502 enable_downloads = Column(
1503 "downloads", Boolean(), nullable=True, unique=None, default=True)
1504 description = Column(
1505 "description", String(10000), nullable=True, unique=None, default=None)
1506 created_on = Column(
1507 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1508 default=datetime.datetime.now)
1509 updated_on = Column(
1510 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1511 default=datetime.datetime.now)
1512 _landing_revision = Column(
1513 "landing_revision", String(255), nullable=False, unique=False,
1514 default=None)
1515 enable_locking = Column(
1516 "enable_locking", Boolean(), nullable=False, unique=None,
1517 default=False)
1518 _locked = Column(
1519 "locked", String(255), nullable=True, unique=False, default=None)
1520 _changeset_cache = Column(
1521 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1522
1523 fork_id = Column(
1524 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1525 nullable=True, unique=False, default=None)
1526 group_id = Column(
1527 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1528 unique=False, default=None)
1529
1530 user = relationship('User', lazy='joined')
1531 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1532 group = relationship('RepoGroup', lazy='joined')
1533 repo_to_perm = relationship(
1534 'UserRepoToPerm', cascade='all',
1535 order_by='UserRepoToPerm.repo_to_perm_id')
1536 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1537 stats = relationship('Statistics', cascade='all', uselist=False)
1538
1539 followers = relationship(
1540 'UserFollowing',
1541 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1542 cascade='all')
1543 extra_fields = relationship(
1544 'RepositoryField', cascade="all, delete, delete-orphan")
1545 logs = relationship('UserLog')
1546 comments = relationship(
1547 'ChangesetComment', cascade="all, delete, delete-orphan")
1548 pull_requests_source = relationship(
1549 'PullRequest',
1550 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1551 cascade="all, delete, delete-orphan")
1552 pull_requests_target = relationship(
1553 'PullRequest',
1554 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1555 cascade="all, delete, delete-orphan")
1556 ui = relationship('RepoRhodeCodeUi', cascade="all")
1557 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1558 integrations = relationship('Integration',
1559 cascade="all, delete, delete-orphan")
1560
1561 def __unicode__(self):
1562 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1563 safe_unicode(self.repo_name))
1564
1565 @hybrid_property
1566 def description_safe(self):
1567 from rhodecode.lib import helpers as h
1568 return h.escape(self.description)
1569
1570 @hybrid_property
1571 def landing_rev(self):
1572 # always should return [rev_type, rev]
1573 if self._landing_revision:
1574 _rev_info = self._landing_revision.split(':')
1575 if len(_rev_info) < 2:
1576 _rev_info.insert(0, 'rev')
1577 return [_rev_info[0], _rev_info[1]]
1578 return [None, None]
1579
1580 @landing_rev.setter
1581 def landing_rev(self, val):
1582 if ':' not in val:
1583 raise ValueError('value must be delimited with `:` and consist '
1584 'of <rev_type>:<rev>, got %s instead' % val)
1585 self._landing_revision = val
1586
1587 @hybrid_property
1588 def locked(self):
1589 if self._locked:
1590 user_id, timelocked, reason = self._locked.split(':')
1591 lock_values = int(user_id), timelocked, reason
1592 else:
1593 lock_values = [None, None, None]
1594 return lock_values
1595
1596 @locked.setter
1597 def locked(self, val):
1598 if val and isinstance(val, (list, tuple)):
1599 self._locked = ':'.join(map(str, val))
1600 else:
1601 self._locked = None
1602
1603 @hybrid_property
1604 def changeset_cache(self):
1605 from rhodecode.lib.vcs.backends.base import EmptyCommit
1606 dummy = EmptyCommit().__json__()
1607 if not self._changeset_cache:
1608 return dummy
1609 try:
1610 return json.loads(self._changeset_cache)
1611 except TypeError:
1612 return dummy
1613 except Exception:
1614 log.error(traceback.format_exc())
1615 return dummy
1616
1617 @changeset_cache.setter
1618 def changeset_cache(self, val):
1619 try:
1620 self._changeset_cache = json.dumps(val)
1621 except Exception:
1622 log.error(traceback.format_exc())
1623
1624 @hybrid_property
1625 def repo_name(self):
1626 return self._repo_name
1627
1628 @repo_name.setter
1629 def repo_name(self, value):
1630 self._repo_name = value
1631 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1632
1633 @classmethod
1634 def normalize_repo_name(cls, repo_name):
1635 """
1636 Normalizes os specific repo_name to the format internally stored inside
1637 database using URL_SEP
1638
1639 :param cls:
1640 :param repo_name:
1641 """
1642 return cls.NAME_SEP.join(repo_name.split(os.sep))
1643
1644 @classmethod
1645 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1646 session = Session()
1647 q = session.query(cls).filter(cls.repo_name == repo_name)
1648
1649 if cache:
1650 if identity_cache:
1651 val = cls.identity_cache(session, 'repo_name', repo_name)
1652 if val:
1653 return val
1654 else:
1655 cache_key = "get_repo_by_name_%s" % _hash_key(repo_name)
1656 q = q.options(
1657 FromCache("sql_cache_short", cache_key))
1658
1659 return q.scalar()
1660
1661 @classmethod
1662 def get_by_full_path(cls, repo_full_path):
1663 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1664 repo_name = cls.normalize_repo_name(repo_name)
1665 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1666
1667 @classmethod
1668 def get_repo_forks(cls, repo_id):
1669 return cls.query().filter(Repository.fork_id == repo_id)
1670
1671 @classmethod
1672 def base_path(cls):
1673 """
1674 Returns base path when all repos are stored
1675
1676 :param cls:
1677 """
1678 q = Session().query(RhodeCodeUi)\
1679 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1680 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1681 return q.one().ui_value
1682
1683 @classmethod
1684 def is_valid(cls, repo_name):
1685 """
1686 returns True if given repo name is a valid filesystem repository
1687
1688 :param cls:
1689 :param repo_name:
1690 """
1691 from rhodecode.lib.utils import is_valid_repo
1692
1693 return is_valid_repo(repo_name, cls.base_path())
1694
1695 @classmethod
1696 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1697 case_insensitive=True):
1698 q = Repository.query()
1699
1700 if not isinstance(user_id, Optional):
1701 q = q.filter(Repository.user_id == user_id)
1702
1703 if not isinstance(group_id, Optional):
1704 q = q.filter(Repository.group_id == group_id)
1705
1706 if case_insensitive:
1707 q = q.order_by(func.lower(Repository.repo_name))
1708 else:
1709 q = q.order_by(Repository.repo_name)
1710 return q.all()
1711
1712 @property
1713 def forks(self):
1714 """
1715 Return forks of this repo
1716 """
1717 return Repository.get_repo_forks(self.repo_id)
1718
1719 @property
1720 def parent(self):
1721 """
1722 Returns fork parent
1723 """
1724 return self.fork
1725
1726 @property
1727 def just_name(self):
1728 return self.repo_name.split(self.NAME_SEP)[-1]
1729
1730 @property
1731 def groups_with_parents(self):
1732 groups = []
1733 if self.group is None:
1734 return groups
1735
1736 cur_gr = self.group
1737 groups.insert(0, cur_gr)
1738 while 1:
1739 gr = getattr(cur_gr, 'parent_group', None)
1740 cur_gr = cur_gr.parent_group
1741 if gr is None:
1742 break
1743 groups.insert(0, gr)
1744
1745 return groups
1746
1747 @property
1748 def groups_and_repo(self):
1749 return self.groups_with_parents, self
1750
1751 @LazyProperty
1752 def repo_path(self):
1753 """
1754 Returns base full path for that repository means where it actually
1755 exists on a filesystem
1756 """
1757 q = Session().query(RhodeCodeUi).filter(
1758 RhodeCodeUi.ui_key == self.NAME_SEP)
1759 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1760 return q.one().ui_value
1761
1762 @property
1763 def repo_full_path(self):
1764 p = [self.repo_path]
1765 # we need to split the name by / since this is how we store the
1766 # names in the database, but that eventually needs to be converted
1767 # into a valid system path
1768 p += self.repo_name.split(self.NAME_SEP)
1769 return os.path.join(*map(safe_unicode, p))
1770
1771 @property
1772 def cache_keys(self):
1773 """
1774 Returns associated cache keys for that repo
1775 """
1776 return CacheKey.query()\
1777 .filter(CacheKey.cache_args == self.repo_name)\
1778 .order_by(CacheKey.cache_key)\
1779 .all()
1780
1781 def get_new_name(self, repo_name):
1782 """
1783 returns new full repository name based on assigned group and new new
1784
1785 :param group_name:
1786 """
1787 path_prefix = self.group.full_path_splitted if self.group else []
1788 return self.NAME_SEP.join(path_prefix + [repo_name])
1789
1790 @property
1791 def _config(self):
1792 """
1793 Returns db based config object.
1794 """
1795 from rhodecode.lib.utils import make_db_config
1796 return make_db_config(clear_session=False, repo=self)
1797
1798 def permissions(self, with_admins=True, with_owner=True):
1799 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1800 q = q.options(joinedload(UserRepoToPerm.repository),
1801 joinedload(UserRepoToPerm.user),
1802 joinedload(UserRepoToPerm.permission),)
1803
1804 # get owners and admins and permissions. We do a trick of re-writing
1805 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1806 # has a global reference and changing one object propagates to all
1807 # others. This means if admin is also an owner admin_row that change
1808 # would propagate to both objects
1809 perm_rows = []
1810 for _usr in q.all():
1811 usr = AttributeDict(_usr.user.get_dict())
1812 usr.permission = _usr.permission.permission_name
1813 perm_rows.append(usr)
1814
1815 # filter the perm rows by 'default' first and then sort them by
1816 # admin,write,read,none permissions sorted again alphabetically in
1817 # each group
1818 perm_rows = sorted(perm_rows, key=display_sort)
1819
1820 _admin_perm = 'repository.admin'
1821 owner_row = []
1822 if with_owner:
1823 usr = AttributeDict(self.user.get_dict())
1824 usr.owner_row = True
1825 usr.permission = _admin_perm
1826 owner_row.append(usr)
1827
1828 super_admin_rows = []
1829 if with_admins:
1830 for usr in User.get_all_super_admins():
1831 # if this admin is also owner, don't double the record
1832 if usr.user_id == owner_row[0].user_id:
1833 owner_row[0].admin_row = True
1834 else:
1835 usr = AttributeDict(usr.get_dict())
1836 usr.admin_row = True
1837 usr.permission = _admin_perm
1838 super_admin_rows.append(usr)
1839
1840 return super_admin_rows + owner_row + perm_rows
1841
1842 def permission_user_groups(self):
1843 q = UserGroupRepoToPerm.query().filter(
1844 UserGroupRepoToPerm.repository == self)
1845 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1846 joinedload(UserGroupRepoToPerm.users_group),
1847 joinedload(UserGroupRepoToPerm.permission),)
1848
1849 perm_rows = []
1850 for _user_group in q.all():
1851 usr = AttributeDict(_user_group.users_group.get_dict())
1852 usr.permission = _user_group.permission.permission_name
1853 perm_rows.append(usr)
1854
1855 return perm_rows
1856
1857 def get_api_data(self, include_secrets=False):
1858 """
1859 Common function for generating repo api data
1860
1861 :param include_secrets: See :meth:`User.get_api_data`.
1862
1863 """
1864 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1865 # move this methods on models level.
1866 from rhodecode.model.settings import SettingsModel
1867 from rhodecode.model.repo import RepoModel
1868
1869 repo = self
1870 _user_id, _time, _reason = self.locked
1871
1872 data = {
1873 'repo_id': repo.repo_id,
1874 'repo_name': repo.repo_name,
1875 'repo_type': repo.repo_type,
1876 'clone_uri': repo.clone_uri or '',
1877 'url': RepoModel().get_url(self),
1878 'private': repo.private,
1879 'created_on': repo.created_on,
1880 'description': repo.description_safe,
1881 'landing_rev': repo.landing_rev,
1882 'owner': repo.user.username,
1883 'fork_of': repo.fork.repo_name if repo.fork else None,
1884 'fork_of_id': repo.fork.repo_id if repo.fork else None,
1885 'enable_statistics': repo.enable_statistics,
1886 'enable_locking': repo.enable_locking,
1887 'enable_downloads': repo.enable_downloads,
1888 'last_changeset': repo.changeset_cache,
1889 'locked_by': User.get(_user_id).get_api_data(
1890 include_secrets=include_secrets) if _user_id else None,
1891 'locked_date': time_to_datetime(_time) if _time else None,
1892 'lock_reason': _reason if _reason else None,
1893 }
1894
1895 # TODO: mikhail: should be per-repo settings here
1896 rc_config = SettingsModel().get_all_settings()
1897 repository_fields = str2bool(
1898 rc_config.get('rhodecode_repository_fields'))
1899 if repository_fields:
1900 for f in self.extra_fields:
1901 data[f.field_key_prefixed] = f.field_value
1902
1903 return data
1904
1905 @classmethod
1906 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
1907 if not lock_time:
1908 lock_time = time.time()
1909 if not lock_reason:
1910 lock_reason = cls.LOCK_AUTOMATIC
1911 repo.locked = [user_id, lock_time, lock_reason]
1912 Session().add(repo)
1913 Session().commit()
1914
1915 @classmethod
1916 def unlock(cls, repo):
1917 repo.locked = None
1918 Session().add(repo)
1919 Session().commit()
1920
1921 @classmethod
1922 def getlock(cls, repo):
1923 return repo.locked
1924
1925 def is_user_lock(self, user_id):
1926 if self.lock[0]:
1927 lock_user_id = safe_int(self.lock[0])
1928 user_id = safe_int(user_id)
1929 # both are ints, and they are equal
1930 return all([lock_user_id, user_id]) and lock_user_id == user_id
1931
1932 return False
1933
1934 def get_locking_state(self, action, user_id, only_when_enabled=True):
1935 """
1936 Checks locking on this repository, if locking is enabled and lock is
1937 present returns a tuple of make_lock, locked, locked_by.
1938 make_lock can have 3 states None (do nothing) True, make lock
1939 False release lock, This value is later propagated to hooks, which
1940 do the locking. Think about this as signals passed to hooks what to do.
1941
1942 """
1943 # TODO: johbo: This is part of the business logic and should be moved
1944 # into the RepositoryModel.
1945
1946 if action not in ('push', 'pull'):
1947 raise ValueError("Invalid action value: %s" % repr(action))
1948
1949 # defines if locked error should be thrown to user
1950 currently_locked = False
1951 # defines if new lock should be made, tri-state
1952 make_lock = None
1953 repo = self
1954 user = User.get(user_id)
1955
1956 lock_info = repo.locked
1957
1958 if repo and (repo.enable_locking or not only_when_enabled):
1959 if action == 'push':
1960 # check if it's already locked !, if it is compare users
1961 locked_by_user_id = lock_info[0]
1962 if user.user_id == locked_by_user_id:
1963 log.debug(
1964 'Got `push` action from user %s, now unlocking', user)
1965 # unlock if we have push from user who locked
1966 make_lock = False
1967 else:
1968 # we're not the same user who locked, ban with
1969 # code defined in settings (default is 423 HTTP Locked) !
1970 log.debug('Repo %s is currently locked by %s', repo, user)
1971 currently_locked = True
1972 elif action == 'pull':
1973 # [0] user [1] date
1974 if lock_info[0] and lock_info[1]:
1975 log.debug('Repo %s is currently locked by %s', repo, user)
1976 currently_locked = True
1977 else:
1978 log.debug('Setting lock on repo %s by %s', repo, user)
1979 make_lock = True
1980
1981 else:
1982 log.debug('Repository %s do not have locking enabled', repo)
1983
1984 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
1985 make_lock, currently_locked, lock_info)
1986
1987 from rhodecode.lib.auth import HasRepoPermissionAny
1988 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
1989 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
1990 # if we don't have at least write permission we cannot make a lock
1991 log.debug('lock state reset back to FALSE due to lack '
1992 'of at least read permission')
1993 make_lock = False
1994
1995 return make_lock, currently_locked, lock_info
1996
1997 @property
1998 def last_db_change(self):
1999 return self.updated_on
2000
2001 @property
2002 def clone_uri_hidden(self):
2003 clone_uri = self.clone_uri
2004 if clone_uri:
2005 import urlobject
2006 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
2007 if url_obj.password:
2008 clone_uri = url_obj.with_password('*****')
2009 return clone_uri
2010
2011 def clone_url(self, **override):
2012 from rhodecode.model.settings import SettingsModel
2013
2014 uri_tmpl = None
2015 if 'with_id' in override:
2016 uri_tmpl = self.DEFAULT_CLONE_URI_ID
2017 del override['with_id']
2018
2019 if 'uri_tmpl' in override:
2020 uri_tmpl = override['uri_tmpl']
2021 del override['uri_tmpl']
2022
2023 # we didn't override our tmpl from **overrides
2024 if not uri_tmpl:
2025 rc_config = SettingsModel().get_all_settings(cache=True)
2026 uri_tmpl = rc_config.get(
2027 'rhodecode_clone_uri_tmpl') or self.DEFAULT_CLONE_URI
2028
2029 request = get_current_request()
2030 return get_clone_url(request=request,
2031 uri_tmpl=uri_tmpl,
2032 repo_name=self.repo_name,
2033 repo_id=self.repo_id, **override)
2034
2035 def set_state(self, state):
2036 self.repo_state = state
2037 Session().add(self)
2038 #==========================================================================
2039 # SCM PROPERTIES
2040 #==========================================================================
2041
2042 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
2043 return get_commit_safe(
2044 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
2045
2046 def get_changeset(self, rev=None, pre_load=None):
2047 warnings.warn("Use get_commit", DeprecationWarning)
2048 commit_id = None
2049 commit_idx = None
2050 if isinstance(rev, basestring):
2051 commit_id = rev
2052 else:
2053 commit_idx = rev
2054 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
2055 pre_load=pre_load)
2056
2057 def get_landing_commit(self):
2058 """
2059 Returns landing commit, or if that doesn't exist returns the tip
2060 """
2061 _rev_type, _rev = self.landing_rev
2062 commit = self.get_commit(_rev)
2063 if isinstance(commit, EmptyCommit):
2064 return self.get_commit()
2065 return commit
2066
2067 def update_commit_cache(self, cs_cache=None, config=None):
2068 """
2069 Update cache of last changeset for repository, keys should be::
2070
2071 short_id
2072 raw_id
2073 revision
2074 parents
2075 message
2076 date
2077 author
2078
2079 :param cs_cache:
2080 """
2081 from rhodecode.lib.vcs.backends.base import BaseChangeset
2082 if cs_cache is None:
2083 # use no-cache version here
2084 scm_repo = self.scm_instance(cache=False, config=config)
2085 if scm_repo:
2086 cs_cache = scm_repo.get_commit(
2087 pre_load=["author", "date", "message", "parents"])
2088 else:
2089 cs_cache = EmptyCommit()
2090
2091 if isinstance(cs_cache, BaseChangeset):
2092 cs_cache = cs_cache.__json__()
2093
2094 def is_outdated(new_cs_cache):
2095 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
2096 new_cs_cache['revision'] != self.changeset_cache['revision']):
2097 return True
2098 return False
2099
2100 # check if we have maybe already latest cached revision
2101 if is_outdated(cs_cache) or not self.changeset_cache:
2102 _default = datetime.datetime.fromtimestamp(0)
2103 last_change = cs_cache.get('date') or _default
2104 log.debug('updated repo %s with new cs cache %s',
2105 self.repo_name, cs_cache)
2106 self.updated_on = last_change
2107 self.changeset_cache = cs_cache
2108 Session().add(self)
2109 Session().commit()
2110 else:
2111 log.debug('Skipping update_commit_cache for repo:`%s` '
2112 'commit already with latest changes', self.repo_name)
2113
2114 @property
2115 def tip(self):
2116 return self.get_commit('tip')
2117
2118 @property
2119 def author(self):
2120 return self.tip.author
2121
2122 @property
2123 def last_change(self):
2124 return self.scm_instance().last_change
2125
2126 def get_comments(self, revisions=None):
2127 """
2128 Returns comments for this repository grouped by revisions
2129
2130 :param revisions: filter query by revisions only
2131 """
2132 cmts = ChangesetComment.query()\
2133 .filter(ChangesetComment.repo == self)
2134 if revisions:
2135 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2136 grouped = collections.defaultdict(list)
2137 for cmt in cmts.all():
2138 grouped[cmt.revision].append(cmt)
2139 return grouped
2140
2141 def statuses(self, revisions=None):
2142 """
2143 Returns statuses for this repository
2144
2145 :param revisions: list of revisions to get statuses for
2146 """
2147 statuses = ChangesetStatus.query()\
2148 .filter(ChangesetStatus.repo == self)\
2149 .filter(ChangesetStatus.version == 0)
2150
2151 if revisions:
2152 # Try doing the filtering in chunks to avoid hitting limits
2153 size = 500
2154 status_results = []
2155 for chunk in xrange(0, len(revisions), size):
2156 status_results += statuses.filter(
2157 ChangesetStatus.revision.in_(
2158 revisions[chunk: chunk+size])
2159 ).all()
2160 else:
2161 status_results = statuses.all()
2162
2163 grouped = {}
2164
2165 # maybe we have open new pullrequest without a status?
2166 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2167 status_lbl = ChangesetStatus.get_status_lbl(stat)
2168 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2169 for rev in pr.revisions:
2170 pr_id = pr.pull_request_id
2171 pr_repo = pr.target_repo.repo_name
2172 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2173
2174 for stat in status_results:
2175 pr_id = pr_repo = None
2176 if stat.pull_request:
2177 pr_id = stat.pull_request.pull_request_id
2178 pr_repo = stat.pull_request.target_repo.repo_name
2179 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2180 pr_id, pr_repo]
2181 return grouped
2182
2183 # ==========================================================================
2184 # SCM CACHE INSTANCE
2185 # ==========================================================================
2186
2187 def scm_instance(self, **kwargs):
2188 import rhodecode
2189
2190 # Passing a config will not hit the cache currently only used
2191 # for repo2dbmapper
2192 config = kwargs.pop('config', None)
2193 cache = kwargs.pop('cache', None)
2194 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2195 # if cache is NOT defined use default global, else we have a full
2196 # control over cache behaviour
2197 if cache is None and full_cache and not config:
2198 return self._get_instance_cached()
2199 return self._get_instance(cache=bool(cache), config=config)
2200
2201 def _get_instance_cached(self):
2202 @cache_region('long_term')
2203 def _get_repo(cache_key):
2204 return self._get_instance()
2205
2206 invalidator_context = CacheKey.repo_context_cache(
2207 _get_repo, self.repo_name, None, thread_scoped=True)
2208
2209 with invalidator_context as context:
2210 context.invalidate()
2211 repo = context.compute()
2212
2213 return repo
2214
2215 def _get_instance(self, cache=True, config=None):
2216 config = config or self._config
2217 custom_wire = {
2218 'cache': cache # controls the vcs.remote cache
2219 }
2220 repo = get_vcs_instance(
2221 repo_path=safe_str(self.repo_full_path),
2222 config=config,
2223 with_wire=custom_wire,
2224 create=False,
2225 _vcs_alias=self.repo_type)
2226
2227 return repo
2228
2229 def __json__(self):
2230 return {'landing_rev': self.landing_rev}
2231
2232 def get_dict(self):
2233
2234 # Since we transformed `repo_name` to a hybrid property, we need to
2235 # keep compatibility with the code which uses `repo_name` field.
2236
2237 result = super(Repository, self).get_dict()
2238 result['repo_name'] = result.pop('_repo_name', None)
2239 return result
2240
2241
2242 class RepoGroup(Base, BaseModel):
2243 __tablename__ = 'groups'
2244 __table_args__ = (
2245 UniqueConstraint('group_name', 'group_parent_id'),
2246 CheckConstraint('group_id != group_parent_id'),
2247 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2248 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2249 )
2250 __mapper_args__ = {'order_by': 'group_name'}
2251
2252 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2253
2254 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2255 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2256 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2257 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2258 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2259 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2260 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2261 updated_on = Column('updated_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2262 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2263
2264 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2265 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2266 parent_group = relationship('RepoGroup', remote_side=group_id)
2267 user = relationship('User')
2268 integrations = relationship('Integration',
2269 cascade="all, delete, delete-orphan")
2270
2271 def __init__(self, group_name='', parent_group=None):
2272 self.group_name = group_name
2273 self.parent_group = parent_group
2274
2275 def __unicode__(self):
2276 return u"<%s('id:%s:%s')>" % (
2277 self.__class__.__name__, self.group_id, self.group_name)
2278
2279 @hybrid_property
2280 def description_safe(self):
2281 from rhodecode.lib import helpers as h
2282 return h.escape(self.group_description)
2283
2284 @classmethod
2285 def _generate_choice(cls, repo_group):
2286 from webhelpers.html import literal as _literal
2287 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2288 return repo_group.group_id, _name(repo_group.full_path_splitted)
2289
2290 @classmethod
2291 def groups_choices(cls, groups=None, show_empty_group=True):
2292 if not groups:
2293 groups = cls.query().all()
2294
2295 repo_groups = []
2296 if show_empty_group:
2297 repo_groups = [(-1, u'-- %s --' % _('No parent'))]
2298
2299 repo_groups.extend([cls._generate_choice(x) for x in groups])
2300
2301 repo_groups = sorted(
2302 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2303 return repo_groups
2304
2305 @classmethod
2306 def url_sep(cls):
2307 return URL_SEP
2308
2309 @classmethod
2310 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2311 if case_insensitive:
2312 gr = cls.query().filter(func.lower(cls.group_name)
2313 == func.lower(group_name))
2314 else:
2315 gr = cls.query().filter(cls.group_name == group_name)
2316 if cache:
2317 name_key = _hash_key(group_name)
2318 gr = gr.options(
2319 FromCache("sql_cache_short", "get_group_%s" % name_key))
2320 return gr.scalar()
2321
2322 @classmethod
2323 def get_user_personal_repo_group(cls, user_id):
2324 user = User.get(user_id)
2325 if user.username == User.DEFAULT_USER:
2326 return None
2327
2328 return cls.query()\
2329 .filter(cls.personal == true()) \
2330 .filter(cls.user == user).scalar()
2331
2332 @classmethod
2333 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2334 case_insensitive=True):
2335 q = RepoGroup.query()
2336
2337 if not isinstance(user_id, Optional):
2338 q = q.filter(RepoGroup.user_id == user_id)
2339
2340 if not isinstance(group_id, Optional):
2341 q = q.filter(RepoGroup.group_parent_id == group_id)
2342
2343 if case_insensitive:
2344 q = q.order_by(func.lower(RepoGroup.group_name))
2345 else:
2346 q = q.order_by(RepoGroup.group_name)
2347 return q.all()
2348
2349 @property
2350 def parents(self):
2351 parents_recursion_limit = 10
2352 groups = []
2353 if self.parent_group is None:
2354 return groups
2355 cur_gr = self.parent_group
2356 groups.insert(0, cur_gr)
2357 cnt = 0
2358 while 1:
2359 cnt += 1
2360 gr = getattr(cur_gr, 'parent_group', None)
2361 cur_gr = cur_gr.parent_group
2362 if gr is None:
2363 break
2364 if cnt == parents_recursion_limit:
2365 # this will prevent accidental infinit loops
2366 log.error(('more than %s parents found for group %s, stopping '
2367 'recursive parent fetching' % (parents_recursion_limit, self)))
2368 break
2369
2370 groups.insert(0, gr)
2371 return groups
2372
2373 @property
2374 def last_db_change(self):
2375 return self.updated_on
2376
2377 @property
2378 def children(self):
2379 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2380
2381 @property
2382 def name(self):
2383 return self.group_name.split(RepoGroup.url_sep())[-1]
2384
2385 @property
2386 def full_path(self):
2387 return self.group_name
2388
2389 @property
2390 def full_path_splitted(self):
2391 return self.group_name.split(RepoGroup.url_sep())
2392
2393 @property
2394 def repositories(self):
2395 return Repository.query()\
2396 .filter(Repository.group == self)\
2397 .order_by(Repository.repo_name)
2398
2399 @property
2400 def repositories_recursive_count(self):
2401 cnt = self.repositories.count()
2402
2403 def children_count(group):
2404 cnt = 0
2405 for child in group.children:
2406 cnt += child.repositories.count()
2407 cnt += children_count(child)
2408 return cnt
2409
2410 return cnt + children_count(self)
2411
2412 def _recursive_objects(self, include_repos=True):
2413 all_ = []
2414
2415 def _get_members(root_gr):
2416 if include_repos:
2417 for r in root_gr.repositories:
2418 all_.append(r)
2419 childs = root_gr.children.all()
2420 if childs:
2421 for gr in childs:
2422 all_.append(gr)
2423 _get_members(gr)
2424
2425 _get_members(self)
2426 return [self] + all_
2427
2428 def recursive_groups_and_repos(self):
2429 """
2430 Recursive return all groups, with repositories in those groups
2431 """
2432 return self._recursive_objects()
2433
2434 def recursive_groups(self):
2435 """
2436 Returns all children groups for this group including children of children
2437 """
2438 return self._recursive_objects(include_repos=False)
2439
2440 def get_new_name(self, group_name):
2441 """
2442 returns new full group name based on parent and new name
2443
2444 :param group_name:
2445 """
2446 path_prefix = (self.parent_group.full_path_splitted if
2447 self.parent_group else [])
2448 return RepoGroup.url_sep().join(path_prefix + [group_name])
2449
2450 def permissions(self, with_admins=True, with_owner=True):
2451 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2452 q = q.options(joinedload(UserRepoGroupToPerm.group),
2453 joinedload(UserRepoGroupToPerm.user),
2454 joinedload(UserRepoGroupToPerm.permission),)
2455
2456 # get owners and admins and permissions. We do a trick of re-writing
2457 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2458 # has a global reference and changing one object propagates to all
2459 # others. This means if admin is also an owner admin_row that change
2460 # would propagate to both objects
2461 perm_rows = []
2462 for _usr in q.all():
2463 usr = AttributeDict(_usr.user.get_dict())
2464 usr.permission = _usr.permission.permission_name
2465 perm_rows.append(usr)
2466
2467 # filter the perm rows by 'default' first and then sort them by
2468 # admin,write,read,none permissions sorted again alphabetically in
2469 # each group
2470 perm_rows = sorted(perm_rows, key=display_sort)
2471
2472 _admin_perm = 'group.admin'
2473 owner_row = []
2474 if with_owner:
2475 usr = AttributeDict(self.user.get_dict())
2476 usr.owner_row = True
2477 usr.permission = _admin_perm
2478 owner_row.append(usr)
2479
2480 super_admin_rows = []
2481 if with_admins:
2482 for usr in User.get_all_super_admins():
2483 # if this admin is also owner, don't double the record
2484 if usr.user_id == owner_row[0].user_id:
2485 owner_row[0].admin_row = True
2486 else:
2487 usr = AttributeDict(usr.get_dict())
2488 usr.admin_row = True
2489 usr.permission = _admin_perm
2490 super_admin_rows.append(usr)
2491
2492 return super_admin_rows + owner_row + perm_rows
2493
2494 def permission_user_groups(self):
2495 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2496 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2497 joinedload(UserGroupRepoGroupToPerm.users_group),
2498 joinedload(UserGroupRepoGroupToPerm.permission),)
2499
2500 perm_rows = []
2501 for _user_group in q.all():
2502 usr = AttributeDict(_user_group.users_group.get_dict())
2503 usr.permission = _user_group.permission.permission_name
2504 perm_rows.append(usr)
2505
2506 return perm_rows
2507
2508 def get_api_data(self):
2509 """
2510 Common function for generating api data
2511
2512 """
2513 group = self
2514 data = {
2515 'group_id': group.group_id,
2516 'group_name': group.group_name,
2517 'group_description': group.description_safe,
2518 'parent_group': group.parent_group.group_name if group.parent_group else None,
2519 'repositories': [x.repo_name for x in group.repositories],
2520 'owner': group.user.username,
2521 }
2522 return data
2523
2524
2525 class Permission(Base, BaseModel):
2526 __tablename__ = 'permissions'
2527 __table_args__ = (
2528 Index('p_perm_name_idx', 'permission_name'),
2529 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2530 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2531 )
2532 PERMS = [
2533 ('hg.admin', _('RhodeCode Super Administrator')),
2534
2535 ('repository.none', _('Repository no access')),
2536 ('repository.read', _('Repository read access')),
2537 ('repository.write', _('Repository write access')),
2538 ('repository.admin', _('Repository admin access')),
2539
2540 ('group.none', _('Repository group no access')),
2541 ('group.read', _('Repository group read access')),
2542 ('group.write', _('Repository group write access')),
2543 ('group.admin', _('Repository group admin access')),
2544
2545 ('usergroup.none', _('User group no access')),
2546 ('usergroup.read', _('User group read access')),
2547 ('usergroup.write', _('User group write access')),
2548 ('usergroup.admin', _('User group admin access')),
2549
2550 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2551 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2552
2553 ('hg.usergroup.create.false', _('User Group creation disabled')),
2554 ('hg.usergroup.create.true', _('User Group creation enabled')),
2555
2556 ('hg.create.none', _('Repository creation disabled')),
2557 ('hg.create.repository', _('Repository creation enabled')),
2558 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2559 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2560
2561 ('hg.fork.none', _('Repository forking disabled')),
2562 ('hg.fork.repository', _('Repository forking enabled')),
2563
2564 ('hg.register.none', _('Registration disabled')),
2565 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2566 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2567
2568 ('hg.password_reset.enabled', _('Password reset enabled')),
2569 ('hg.password_reset.hidden', _('Password reset hidden')),
2570 ('hg.password_reset.disabled', _('Password reset disabled')),
2571
2572 ('hg.extern_activate.manual', _('Manual activation of external account')),
2573 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2574
2575 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2576 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2577 ]
2578
2579 # definition of system default permissions for DEFAULT user
2580 DEFAULT_USER_PERMISSIONS = [
2581 'repository.read',
2582 'group.read',
2583 'usergroup.read',
2584 'hg.create.repository',
2585 'hg.repogroup.create.false',
2586 'hg.usergroup.create.false',
2587 'hg.create.write_on_repogroup.true',
2588 'hg.fork.repository',
2589 'hg.register.manual_activate',
2590 'hg.password_reset.enabled',
2591 'hg.extern_activate.auto',
2592 'hg.inherit_default_perms.true',
2593 ]
2594
2595 # defines which permissions are more important higher the more important
2596 # Weight defines which permissions are more important.
2597 # The higher number the more important.
2598 PERM_WEIGHTS = {
2599 'repository.none': 0,
2600 'repository.read': 1,
2601 'repository.write': 3,
2602 'repository.admin': 4,
2603
2604 'group.none': 0,
2605 'group.read': 1,
2606 'group.write': 3,
2607 'group.admin': 4,
2608
2609 'usergroup.none': 0,
2610 'usergroup.read': 1,
2611 'usergroup.write': 3,
2612 'usergroup.admin': 4,
2613
2614 'hg.repogroup.create.false': 0,
2615 'hg.repogroup.create.true': 1,
2616
2617 'hg.usergroup.create.false': 0,
2618 'hg.usergroup.create.true': 1,
2619
2620 'hg.fork.none': 0,
2621 'hg.fork.repository': 1,
2622 'hg.create.none': 0,
2623 'hg.create.repository': 1
2624 }
2625
2626 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2627 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2628 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2629
2630 def __unicode__(self):
2631 return u"<%s('%s:%s')>" % (
2632 self.__class__.__name__, self.permission_id, self.permission_name
2633 )
2634
2635 @classmethod
2636 def get_by_key(cls, key):
2637 return cls.query().filter(cls.permission_name == key).scalar()
2638
2639 @classmethod
2640 def get_default_repo_perms(cls, user_id, repo_id=None):
2641 q = Session().query(UserRepoToPerm, Repository, Permission)\
2642 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2643 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2644 .filter(UserRepoToPerm.user_id == user_id)
2645 if repo_id:
2646 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2647 return q.all()
2648
2649 @classmethod
2650 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2651 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2652 .join(
2653 Permission,
2654 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2655 .join(
2656 Repository,
2657 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2658 .join(
2659 UserGroup,
2660 UserGroupRepoToPerm.users_group_id ==
2661 UserGroup.users_group_id)\
2662 .join(
2663 UserGroupMember,
2664 UserGroupRepoToPerm.users_group_id ==
2665 UserGroupMember.users_group_id)\
2666 .filter(
2667 UserGroupMember.user_id == user_id,
2668 UserGroup.users_group_active == true())
2669 if repo_id:
2670 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2671 return q.all()
2672
2673 @classmethod
2674 def get_default_group_perms(cls, user_id, repo_group_id=None):
2675 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2676 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2677 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2678 .filter(UserRepoGroupToPerm.user_id == user_id)
2679 if repo_group_id:
2680 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2681 return q.all()
2682
2683 @classmethod
2684 def get_default_group_perms_from_user_group(
2685 cls, user_id, repo_group_id=None):
2686 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2687 .join(
2688 Permission,
2689 UserGroupRepoGroupToPerm.permission_id ==
2690 Permission.permission_id)\
2691 .join(
2692 RepoGroup,
2693 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2694 .join(
2695 UserGroup,
2696 UserGroupRepoGroupToPerm.users_group_id ==
2697 UserGroup.users_group_id)\
2698 .join(
2699 UserGroupMember,
2700 UserGroupRepoGroupToPerm.users_group_id ==
2701 UserGroupMember.users_group_id)\
2702 .filter(
2703 UserGroupMember.user_id == user_id,
2704 UserGroup.users_group_active == true())
2705 if repo_group_id:
2706 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2707 return q.all()
2708
2709 @classmethod
2710 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2711 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2712 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2713 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2714 .filter(UserUserGroupToPerm.user_id == user_id)
2715 if user_group_id:
2716 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2717 return q.all()
2718
2719 @classmethod
2720 def get_default_user_group_perms_from_user_group(
2721 cls, user_id, user_group_id=None):
2722 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2723 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2724 .join(
2725 Permission,
2726 UserGroupUserGroupToPerm.permission_id ==
2727 Permission.permission_id)\
2728 .join(
2729 TargetUserGroup,
2730 UserGroupUserGroupToPerm.target_user_group_id ==
2731 TargetUserGroup.users_group_id)\
2732 .join(
2733 UserGroup,
2734 UserGroupUserGroupToPerm.user_group_id ==
2735 UserGroup.users_group_id)\
2736 .join(
2737 UserGroupMember,
2738 UserGroupUserGroupToPerm.user_group_id ==
2739 UserGroupMember.users_group_id)\
2740 .filter(
2741 UserGroupMember.user_id == user_id,
2742 UserGroup.users_group_active == true())
2743 if user_group_id:
2744 q = q.filter(
2745 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2746
2747 return q.all()
2748
2749
2750 class UserRepoToPerm(Base, BaseModel):
2751 __tablename__ = 'repo_to_perm'
2752 __table_args__ = (
2753 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2754 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2755 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2756 )
2757 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2758 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2759 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2760 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2761
2762 user = relationship('User')
2763 repository = relationship('Repository')
2764 permission = relationship('Permission')
2765
2766 @classmethod
2767 def create(cls, user, repository, permission):
2768 n = cls()
2769 n.user = user
2770 n.repository = repository
2771 n.permission = permission
2772 Session().add(n)
2773 return n
2774
2775 def __unicode__(self):
2776 return u'<%s => %s >' % (self.user, self.repository)
2777
2778
2779 class UserUserGroupToPerm(Base, BaseModel):
2780 __tablename__ = 'user_user_group_to_perm'
2781 __table_args__ = (
2782 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2783 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2784 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2785 )
2786 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2787 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2788 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2789 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2790
2791 user = relationship('User')
2792 user_group = relationship('UserGroup')
2793 permission = relationship('Permission')
2794
2795 @classmethod
2796 def create(cls, user, user_group, permission):
2797 n = cls()
2798 n.user = user
2799 n.user_group = user_group
2800 n.permission = permission
2801 Session().add(n)
2802 return n
2803
2804 def __unicode__(self):
2805 return u'<%s => %s >' % (self.user, self.user_group)
2806
2807
2808 class UserToPerm(Base, BaseModel):
2809 __tablename__ = 'user_to_perm'
2810 __table_args__ = (
2811 UniqueConstraint('user_id', 'permission_id'),
2812 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2813 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2814 )
2815 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2816 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2817 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2818
2819 user = relationship('User')
2820 permission = relationship('Permission', lazy='joined')
2821
2822 def __unicode__(self):
2823 return u'<%s => %s >' % (self.user, self.permission)
2824
2825
2826 class UserGroupRepoToPerm(Base, BaseModel):
2827 __tablename__ = 'users_group_repo_to_perm'
2828 __table_args__ = (
2829 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2830 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2831 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2832 )
2833 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2834 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2835 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2836 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2837
2838 users_group = relationship('UserGroup')
2839 permission = relationship('Permission')
2840 repository = relationship('Repository')
2841
2842 @classmethod
2843 def create(cls, users_group, repository, permission):
2844 n = cls()
2845 n.users_group = users_group
2846 n.repository = repository
2847 n.permission = permission
2848 Session().add(n)
2849 return n
2850
2851 def __unicode__(self):
2852 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2853
2854
2855 class UserGroupUserGroupToPerm(Base, BaseModel):
2856 __tablename__ = 'user_group_user_group_to_perm'
2857 __table_args__ = (
2858 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2859 CheckConstraint('target_user_group_id != user_group_id'),
2860 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2861 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2862 )
2863 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2864 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2865 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2866 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2867
2868 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
2869 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
2870 permission = relationship('Permission')
2871
2872 @classmethod
2873 def create(cls, target_user_group, user_group, permission):
2874 n = cls()
2875 n.target_user_group = target_user_group
2876 n.user_group = user_group
2877 n.permission = permission
2878 Session().add(n)
2879 return n
2880
2881 def __unicode__(self):
2882 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
2883
2884
2885 class UserGroupToPerm(Base, BaseModel):
2886 __tablename__ = 'users_group_to_perm'
2887 __table_args__ = (
2888 UniqueConstraint('users_group_id', 'permission_id',),
2889 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2890 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2891 )
2892 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2893 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2894 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2895
2896 users_group = relationship('UserGroup')
2897 permission = relationship('Permission')
2898
2899
2900 class UserRepoGroupToPerm(Base, BaseModel):
2901 __tablename__ = 'user_repo_group_to_perm'
2902 __table_args__ = (
2903 UniqueConstraint('user_id', 'group_id', 'permission_id'),
2904 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2905 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2906 )
2907
2908 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2909 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2910 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2911 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2912
2913 user = relationship('User')
2914 group = relationship('RepoGroup')
2915 permission = relationship('Permission')
2916
2917 @classmethod
2918 def create(cls, user, repository_group, permission):
2919 n = cls()
2920 n.user = user
2921 n.group = repository_group
2922 n.permission = permission
2923 Session().add(n)
2924 return n
2925
2926
2927 class UserGroupRepoGroupToPerm(Base, BaseModel):
2928 __tablename__ = 'users_group_repo_group_to_perm'
2929 __table_args__ = (
2930 UniqueConstraint('users_group_id', 'group_id'),
2931 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2932 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2933 )
2934
2935 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2936 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2937 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2938 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2939
2940 users_group = relationship('UserGroup')
2941 permission = relationship('Permission')
2942 group = relationship('RepoGroup')
2943
2944 @classmethod
2945 def create(cls, user_group, repository_group, permission):
2946 n = cls()
2947 n.users_group = user_group
2948 n.group = repository_group
2949 n.permission = permission
2950 Session().add(n)
2951 return n
2952
2953 def __unicode__(self):
2954 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
2955
2956
2957 class Statistics(Base, BaseModel):
2958 __tablename__ = 'statistics'
2959 __table_args__ = (
2960 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2961 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2962 )
2963 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2964 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
2965 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
2966 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
2967 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
2968 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
2969
2970 repository = relationship('Repository', single_parent=True)
2971
2972
2973 class UserFollowing(Base, BaseModel):
2974 __tablename__ = 'user_followings'
2975 __table_args__ = (
2976 UniqueConstraint('user_id', 'follows_repository_id'),
2977 UniqueConstraint('user_id', 'follows_user_id'),
2978 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2979 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2980 )
2981
2982 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2983 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2984 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
2985 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
2986 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2987
2988 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
2989
2990 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
2991 follows_repository = relationship('Repository', order_by='Repository.repo_name')
2992
2993 @classmethod
2994 def get_repo_followers(cls, repo_id):
2995 return cls.query().filter(cls.follows_repo_id == repo_id)
2996
2997
2998 class CacheKey(Base, BaseModel):
2999 __tablename__ = 'cache_invalidation'
3000 __table_args__ = (
3001 UniqueConstraint('cache_key'),
3002 Index('key_idx', 'cache_key'),
3003 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3004 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3005 )
3006 CACHE_TYPE_ATOM = 'ATOM'
3007 CACHE_TYPE_RSS = 'RSS'
3008 CACHE_TYPE_README = 'README'
3009
3010 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
3011 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
3012 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
3013 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
3014
3015 def __init__(self, cache_key, cache_args=''):
3016 self.cache_key = cache_key
3017 self.cache_args = cache_args
3018 self.cache_active = False
3019
3020 def __unicode__(self):
3021 return u"<%s('%s:%s[%s]')>" % (
3022 self.__class__.__name__,
3023 self.cache_id, self.cache_key, self.cache_active)
3024
3025 def _cache_key_partition(self):
3026 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
3027 return prefix, repo_name, suffix
3028
3029 def get_prefix(self):
3030 """
3031 Try to extract prefix from existing cache key. The key could consist
3032 of prefix, repo_name, suffix
3033 """
3034 # this returns prefix, repo_name, suffix
3035 return self._cache_key_partition()[0]
3036
3037 def get_suffix(self):
3038 """
3039 get suffix that might have been used in _get_cache_key to
3040 generate self.cache_key. Only used for informational purposes
3041 in repo_edit.mako.
3042 """
3043 # prefix, repo_name, suffix
3044 return self._cache_key_partition()[2]
3045
3046 @classmethod
3047 def delete_all_cache(cls):
3048 """
3049 Delete all cache keys from database.
3050 Should only be run when all instances are down and all entries
3051 thus stale.
3052 """
3053 cls.query().delete()
3054 Session().commit()
3055
3056 @classmethod
3057 def get_cache_key(cls, repo_name, cache_type):
3058 """
3059
3060 Generate a cache key for this process of RhodeCode instance.
3061 Prefix most likely will be process id or maybe explicitly set
3062 instance_id from .ini file.
3063 """
3064 import rhodecode
3065 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
3066
3067 repo_as_unicode = safe_unicode(repo_name)
3068 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
3069 if cache_type else repo_as_unicode
3070
3071 return u'{}{}'.format(prefix, key)
3072
3073 @classmethod
3074 def set_invalidate(cls, repo_name, delete=False):
3075 """
3076 Mark all caches of a repo as invalid in the database.
3077 """
3078
3079 try:
3080 qry = Session().query(cls).filter(cls.cache_args == repo_name)
3081 if delete:
3082 log.debug('cache objects deleted for repo %s',
3083 safe_str(repo_name))
3084 qry.delete()
3085 else:
3086 log.debug('cache objects marked as invalid for repo %s',
3087 safe_str(repo_name))
3088 qry.update({"cache_active": False})
3089
3090 Session().commit()
3091 except Exception:
3092 log.exception(
3093 'Cache key invalidation failed for repository %s',
3094 safe_str(repo_name))
3095 Session().rollback()
3096
3097 @classmethod
3098 def get_active_cache(cls, cache_key):
3099 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
3100 if inv_obj:
3101 return inv_obj
3102 return None
3103
3104 @classmethod
3105 def repo_context_cache(cls, compute_func, repo_name, cache_type,
3106 thread_scoped=False):
3107 """
3108 @cache_region('long_term')
3109 def _heavy_calculation(cache_key):
3110 return 'result'
3111
3112 cache_context = CacheKey.repo_context_cache(
3113 _heavy_calculation, repo_name, cache_type)
3114
3115 with cache_context as context:
3116 context.invalidate()
3117 computed = context.compute()
3118
3119 assert computed == 'result'
3120 """
3121 from rhodecode.lib import caches
3122 return caches.InvalidationContext(
3123 compute_func, repo_name, cache_type, thread_scoped=thread_scoped)
3124
3125
3126 class ChangesetComment(Base, BaseModel):
3127 __tablename__ = 'changeset_comments'
3128 __table_args__ = (
3129 Index('cc_revision_idx', 'revision'),
3130 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3131 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3132 )
3133
3134 COMMENT_OUTDATED = u'comment_outdated'
3135 COMMENT_TYPE_NOTE = u'note'
3136 COMMENT_TYPE_TODO = u'todo'
3137 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3138
3139 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3140 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3141 revision = Column('revision', String(40), nullable=True)
3142 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3143 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3144 line_no = Column('line_no', Unicode(10), nullable=True)
3145 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3146 f_path = Column('f_path', Unicode(1000), nullable=True)
3147 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3148 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3149 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3150 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3151 renderer = Column('renderer', Unicode(64), nullable=True)
3152 display_state = Column('display_state', Unicode(128), nullable=True)
3153
3154 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3155 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3156 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, backref='resolved_by')
3157 author = relationship('User', lazy='joined')
3158 repo = relationship('Repository')
3159 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3160 pull_request = relationship('PullRequest', lazy='joined')
3161 pull_request_version = relationship('PullRequestVersion')
3162
3163 @classmethod
3164 def get_users(cls, revision=None, pull_request_id=None):
3165 """
3166 Returns user associated with this ChangesetComment. ie those
3167 who actually commented
3168
3169 :param cls:
3170 :param revision:
3171 """
3172 q = Session().query(User)\
3173 .join(ChangesetComment.author)
3174 if revision:
3175 q = q.filter(cls.revision == revision)
3176 elif pull_request_id:
3177 q = q.filter(cls.pull_request_id == pull_request_id)
3178 return q.all()
3179
3180 @classmethod
3181 def get_index_from_version(cls, pr_version, versions):
3182 num_versions = [x.pull_request_version_id for x in versions]
3183 try:
3184 return num_versions.index(pr_version) +1
3185 except (IndexError, ValueError):
3186 return
3187
3188 @property
3189 def outdated(self):
3190 return self.display_state == self.COMMENT_OUTDATED
3191
3192 def outdated_at_version(self, version):
3193 """
3194 Checks if comment is outdated for given pull request version
3195 """
3196 return self.outdated and self.pull_request_version_id != version
3197
3198 def older_than_version(self, version):
3199 """
3200 Checks if comment is made from previous version than given
3201 """
3202 if version is None:
3203 return self.pull_request_version_id is not None
3204
3205 return self.pull_request_version_id < version
3206
3207 @property
3208 def resolved(self):
3209 return self.resolved_by[0] if self.resolved_by else None
3210
3211 @property
3212 def is_todo(self):
3213 return self.comment_type == self.COMMENT_TYPE_TODO
3214
3215 @property
3216 def is_inline(self):
3217 return self.line_no and self.f_path
3218
3219 def get_index_version(self, versions):
3220 return self.get_index_from_version(
3221 self.pull_request_version_id, versions)
3222
3223 def __repr__(self):
3224 if self.comment_id:
3225 return '<DB:Comment #%s>' % self.comment_id
3226 else:
3227 return '<DB:Comment at %#x>' % id(self)
3228
3229 def get_api_data(self):
3230 comment = self
3231 data = {
3232 'comment_id': comment.comment_id,
3233 'comment_type': comment.comment_type,
3234 'comment_text': comment.text,
3235 'comment_status': comment.status_change,
3236 'comment_f_path': comment.f_path,
3237 'comment_lineno': comment.line_no,
3238 'comment_author': comment.author,
3239 'comment_created_on': comment.created_on
3240 }
3241 return data
3242
3243 def __json__(self):
3244 data = dict()
3245 data.update(self.get_api_data())
3246 return data
3247
3248
3249 class ChangesetStatus(Base, BaseModel):
3250 __tablename__ = 'changeset_statuses'
3251 __table_args__ = (
3252 Index('cs_revision_idx', 'revision'),
3253 Index('cs_version_idx', 'version'),
3254 UniqueConstraint('repo_id', 'revision', 'version'),
3255 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3256 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3257 )
3258 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3259 STATUS_APPROVED = 'approved'
3260 STATUS_REJECTED = 'rejected'
3261 STATUS_UNDER_REVIEW = 'under_review'
3262
3263 STATUSES = [
3264 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3265 (STATUS_APPROVED, _("Approved")),
3266 (STATUS_REJECTED, _("Rejected")),
3267 (STATUS_UNDER_REVIEW, _("Under Review")),
3268 ]
3269
3270 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3271 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3272 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3273 revision = Column('revision', String(40), nullable=False)
3274 status = Column('status', String(128), nullable=False, default=DEFAULT)
3275 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3276 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3277 version = Column('version', Integer(), nullable=False, default=0)
3278 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3279
3280 author = relationship('User', lazy='joined')
3281 repo = relationship('Repository')
3282 comment = relationship('ChangesetComment', lazy='joined')
3283 pull_request = relationship('PullRequest', lazy='joined')
3284
3285 def __unicode__(self):
3286 return u"<%s('%s[v%s]:%s')>" % (
3287 self.__class__.__name__,
3288 self.status, self.version, self.author
3289 )
3290
3291 @classmethod
3292 def get_status_lbl(cls, value):
3293 return dict(cls.STATUSES).get(value)
3294
3295 @property
3296 def status_lbl(self):
3297 return ChangesetStatus.get_status_lbl(self.status)
3298
3299 def get_api_data(self):
3300 status = self
3301 data = {
3302 'status_id': status.changeset_status_id,
3303 'status': status.status,
3304 }
3305 return data
3306
3307 def __json__(self):
3308 data = dict()
3309 data.update(self.get_api_data())
3310 return data
3311
3312
3313 class _PullRequestBase(BaseModel):
3314 """
3315 Common attributes of pull request and version entries.
3316 """
3317
3318 # .status values
3319 STATUS_NEW = u'new'
3320 STATUS_OPEN = u'open'
3321 STATUS_CLOSED = u'closed'
3322
3323 title = Column('title', Unicode(255), nullable=True)
3324 description = Column(
3325 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3326 nullable=True)
3327 # new/open/closed status of pull request (not approve/reject/etc)
3328 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3329 created_on = Column(
3330 'created_on', DateTime(timezone=False), nullable=False,
3331 default=datetime.datetime.now)
3332 updated_on = Column(
3333 'updated_on', DateTime(timezone=False), nullable=False,
3334 default=datetime.datetime.now)
3335
3336 @declared_attr
3337 def user_id(cls):
3338 return Column(
3339 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3340 unique=None)
3341
3342 # 500 revisions max
3343 _revisions = Column(
3344 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3345
3346 @declared_attr
3347 def source_repo_id(cls):
3348 # TODO: dan: rename column to source_repo_id
3349 return Column(
3350 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3351 nullable=False)
3352
3353 source_ref = Column('org_ref', Unicode(255), nullable=False)
3354
3355 @declared_attr
3356 def target_repo_id(cls):
3357 # TODO: dan: rename column to target_repo_id
3358 return Column(
3359 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3360 nullable=False)
3361
3362 target_ref = Column('other_ref', Unicode(255), nullable=False)
3363 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3364
3365 # TODO: dan: rename column to last_merge_source_rev
3366 _last_merge_source_rev = Column(
3367 'last_merge_org_rev', String(40), nullable=True)
3368 # TODO: dan: rename column to last_merge_target_rev
3369 _last_merge_target_rev = Column(
3370 'last_merge_other_rev', String(40), nullable=True)
3371 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3372 merge_rev = Column('merge_rev', String(40), nullable=True)
3373
3374 reviewer_data = Column(
3375 'reviewer_data_json', MutationObj.as_mutable(
3376 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3377
3378 @property
3379 def reviewer_data_json(self):
3380 return json.dumps(self.reviewer_data)
3381
3382 @hybrid_property
3383 def description_safe(self):
3384 from rhodecode.lib import helpers as h
3385 return h.escape(self.description)
3386
3387 @hybrid_property
3388 def revisions(self):
3389 return self._revisions.split(':') if self._revisions else []
3390
3391 @revisions.setter
3392 def revisions(self, val):
3393 self._revisions = ':'.join(val)
3394
3395 @hybrid_property
3396 def last_merge_status(self):
3397 return safe_int(self._last_merge_status)
3398
3399 @last_merge_status.setter
3400 def last_merge_status(self, val):
3401 self._last_merge_status = val
3402
3403 @declared_attr
3404 def author(cls):
3405 return relationship('User', lazy='joined')
3406
3407 @declared_attr
3408 def source_repo(cls):
3409 return relationship(
3410 'Repository',
3411 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3412
3413 @property
3414 def source_ref_parts(self):
3415 return self.unicode_to_reference(self.source_ref)
3416
3417 @declared_attr
3418 def target_repo(cls):
3419 return relationship(
3420 'Repository',
3421 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3422
3423 @property
3424 def target_ref_parts(self):
3425 return self.unicode_to_reference(self.target_ref)
3426
3427 @property
3428 def shadow_merge_ref(self):
3429 return self.unicode_to_reference(self._shadow_merge_ref)
3430
3431 @shadow_merge_ref.setter
3432 def shadow_merge_ref(self, ref):
3433 self._shadow_merge_ref = self.reference_to_unicode(ref)
3434
3435 def unicode_to_reference(self, raw):
3436 """
3437 Convert a unicode (or string) to a reference object.
3438 If unicode evaluates to False it returns None.
3439 """
3440 if raw:
3441 refs = raw.split(':')
3442 return Reference(*refs)
3443 else:
3444 return None
3445
3446 def reference_to_unicode(self, ref):
3447 """
3448 Convert a reference object to unicode.
3449 If reference is None it returns None.
3450 """
3451 if ref:
3452 return u':'.join(ref)
3453 else:
3454 return None
3455
3456 def get_api_data(self, with_merge_state=True):
3457 from rhodecode.model.pull_request import PullRequestModel
3458
3459 pull_request = self
3460 if with_merge_state:
3461 merge_status = PullRequestModel().merge_status(pull_request)
3462 merge_state = {
3463 'status': merge_status[0],
3464 'message': safe_unicode(merge_status[1]),
3465 }
3466 else:
3467 merge_state = {'status': 'not_available',
3468 'message': 'not_available'}
3469
3470 merge_data = {
3471 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3472 'reference': (
3473 pull_request.shadow_merge_ref._asdict()
3474 if pull_request.shadow_merge_ref else None),
3475 }
3476
3477 data = {
3478 'pull_request_id': pull_request.pull_request_id,
3479 'url': PullRequestModel().get_url(pull_request),
3480 'title': pull_request.title,
3481 'description': pull_request.description,
3482 'status': pull_request.status,
3483 'created_on': pull_request.created_on,
3484 'updated_on': pull_request.updated_on,
3485 'commit_ids': pull_request.revisions,
3486 'review_status': pull_request.calculated_review_status(),
3487 'mergeable': merge_state,
3488 'source': {
3489 'clone_url': pull_request.source_repo.clone_url(),
3490 'repository': pull_request.source_repo.repo_name,
3491 'reference': {
3492 'name': pull_request.source_ref_parts.name,
3493 'type': pull_request.source_ref_parts.type,
3494 'commit_id': pull_request.source_ref_parts.commit_id,
3495 },
3496 },
3497 'target': {
3498 'clone_url': pull_request.target_repo.clone_url(),
3499 'repository': pull_request.target_repo.repo_name,
3500 'reference': {
3501 'name': pull_request.target_ref_parts.name,
3502 'type': pull_request.target_ref_parts.type,
3503 'commit_id': pull_request.target_ref_parts.commit_id,
3504 },
3505 },
3506 'merge': merge_data,
3507 'author': pull_request.author.get_api_data(include_secrets=False,
3508 details='basic'),
3509 'reviewers': [
3510 {
3511 'user': reviewer.get_api_data(include_secrets=False,
3512 details='basic'),
3513 'reasons': reasons,
3514 'review_status': st[0][1].status if st else 'not_reviewed',
3515 }
3516 for reviewer, reasons, mandatory, st in
3517 pull_request.reviewers_statuses()
3518 ]
3519 }
3520
3521 return data
3522
3523
3524 class PullRequest(Base, _PullRequestBase):
3525 __tablename__ = 'pull_requests'
3526 __table_args__ = (
3527 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3528 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3529 )
3530
3531 pull_request_id = Column(
3532 'pull_request_id', Integer(), nullable=False, primary_key=True)
3533
3534 def __repr__(self):
3535 if self.pull_request_id:
3536 return '<DB:PullRequest #%s>' % self.pull_request_id
3537 else:
3538 return '<DB:PullRequest at %#x>' % id(self)
3539
3540 reviewers = relationship('PullRequestReviewers',
3541 cascade="all, delete, delete-orphan")
3542 statuses = relationship('ChangesetStatus',
3543 cascade="all, delete, delete-orphan")
3544 comments = relationship('ChangesetComment',
3545 cascade="all, delete, delete-orphan")
3546 versions = relationship('PullRequestVersion',
3547 cascade="all, delete, delete-orphan",
3548 lazy='dynamic')
3549
3550 @classmethod
3551 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3552 internal_methods=None):
3553
3554 class PullRequestDisplay(object):
3555 """
3556 Special object wrapper for showing PullRequest data via Versions
3557 It mimics PR object as close as possible. This is read only object
3558 just for display
3559 """
3560
3561 def __init__(self, attrs, internal=None):
3562 self.attrs = attrs
3563 # internal have priority over the given ones via attrs
3564 self.internal = internal or ['versions']
3565
3566 def __getattr__(self, item):
3567 if item in self.internal:
3568 return getattr(self, item)
3569 try:
3570 return self.attrs[item]
3571 except KeyError:
3572 raise AttributeError(
3573 '%s object has no attribute %s' % (self, item))
3574
3575 def __repr__(self):
3576 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3577
3578 def versions(self):
3579 return pull_request_obj.versions.order_by(
3580 PullRequestVersion.pull_request_version_id).all()
3581
3582 def is_closed(self):
3583 return pull_request_obj.is_closed()
3584
3585 @property
3586 def pull_request_version_id(self):
3587 return getattr(pull_request_obj, 'pull_request_version_id', None)
3588
3589 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3590
3591 attrs.author = StrictAttributeDict(
3592 pull_request_obj.author.get_api_data())
3593 if pull_request_obj.target_repo:
3594 attrs.target_repo = StrictAttributeDict(
3595 pull_request_obj.target_repo.get_api_data())
3596 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3597
3598 if pull_request_obj.source_repo:
3599 attrs.source_repo = StrictAttributeDict(
3600 pull_request_obj.source_repo.get_api_data())
3601 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3602
3603 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3604 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3605 attrs.revisions = pull_request_obj.revisions
3606
3607 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3608 attrs.reviewer_data = org_pull_request_obj.reviewer_data
3609 attrs.reviewer_data_json = org_pull_request_obj.reviewer_data_json
3610
3611 return PullRequestDisplay(attrs, internal=internal_methods)
3612
3613 def is_closed(self):
3614 return self.status == self.STATUS_CLOSED
3615
3616 def __json__(self):
3617 return {
3618 'revisions': self.revisions,
3619 }
3620
3621 def calculated_review_status(self):
3622 from rhodecode.model.changeset_status import ChangesetStatusModel
3623 return ChangesetStatusModel().calculated_review_status(self)
3624
3625 def reviewers_statuses(self):
3626 from rhodecode.model.changeset_status import ChangesetStatusModel
3627 return ChangesetStatusModel().reviewers_statuses(self)
3628
3629 @property
3630 def workspace_id(self):
3631 from rhodecode.model.pull_request import PullRequestModel
3632 return PullRequestModel()._workspace_id(self)
3633
3634 def get_shadow_repo(self):
3635 workspace_id = self.workspace_id
3636 vcs_obj = self.target_repo.scm_instance()
3637 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3638 workspace_id)
3639 return vcs_obj._get_shadow_instance(shadow_repository_path)
3640
3641
3642 class PullRequestVersion(Base, _PullRequestBase):
3643 __tablename__ = 'pull_request_versions'
3644 __table_args__ = (
3645 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3646 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3647 )
3648
3649 pull_request_version_id = Column(
3650 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3651 pull_request_id = Column(
3652 'pull_request_id', Integer(),
3653 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3654 pull_request = relationship('PullRequest')
3655
3656 def __repr__(self):
3657 if self.pull_request_version_id:
3658 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3659 else:
3660 return '<DB:PullRequestVersion at %#x>' % id(self)
3661
3662 @property
3663 def reviewers(self):
3664 return self.pull_request.reviewers
3665
3666 @property
3667 def versions(self):
3668 return self.pull_request.versions
3669
3670 def is_closed(self):
3671 # calculate from original
3672 return self.pull_request.status == self.STATUS_CLOSED
3673
3674 def calculated_review_status(self):
3675 return self.pull_request.calculated_review_status()
3676
3677 def reviewers_statuses(self):
3678 return self.pull_request.reviewers_statuses()
3679
3680
3681 class PullRequestReviewers(Base, BaseModel):
3682 __tablename__ = 'pull_request_reviewers'
3683 __table_args__ = (
3684 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3685 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3686 )
3687
3688 @hybrid_property
3689 def reasons(self):
3690 if not self._reasons:
3691 return []
3692 return self._reasons
3693
3694 @reasons.setter
3695 def reasons(self, val):
3696 val = val or []
3697 if any(not isinstance(x, basestring) for x in val):
3698 raise Exception('invalid reasons type, must be list of strings')
3699 self._reasons = val
3700
3701 pull_requests_reviewers_id = Column(
3702 'pull_requests_reviewers_id', Integer(), nullable=False,
3703 primary_key=True)
3704 pull_request_id = Column(
3705 "pull_request_id", Integer(),
3706 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3707 user_id = Column(
3708 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3709 _reasons = Column(
3710 'reason', MutationList.as_mutable(
3711 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3712 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
3713 user = relationship('User')
3714 pull_request = relationship('PullRequest')
3715
3716
3717 class Notification(Base, BaseModel):
3718 __tablename__ = 'notifications'
3719 __table_args__ = (
3720 Index('notification_type_idx', 'type'),
3721 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3722 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3723 )
3724
3725 TYPE_CHANGESET_COMMENT = u'cs_comment'
3726 TYPE_MESSAGE = u'message'
3727 TYPE_MENTION = u'mention'
3728 TYPE_REGISTRATION = u'registration'
3729 TYPE_PULL_REQUEST = u'pull_request'
3730 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3731
3732 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3733 subject = Column('subject', Unicode(512), nullable=True)
3734 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3735 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3736 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3737 type_ = Column('type', Unicode(255))
3738
3739 created_by_user = relationship('User')
3740 notifications_to_users = relationship('UserNotification', lazy='joined',
3741 cascade="all, delete, delete-orphan")
3742
3743 @property
3744 def recipients(self):
3745 return [x.user for x in UserNotification.query()\
3746 .filter(UserNotification.notification == self)\
3747 .order_by(UserNotification.user_id.asc()).all()]
3748
3749 @classmethod
3750 def create(cls, created_by, subject, body, recipients, type_=None):
3751 if type_ is None:
3752 type_ = Notification.TYPE_MESSAGE
3753
3754 notification = cls()
3755 notification.created_by_user = created_by
3756 notification.subject = subject
3757 notification.body = body
3758 notification.type_ = type_
3759 notification.created_on = datetime.datetime.now()
3760
3761 for u in recipients:
3762 assoc = UserNotification()
3763 assoc.notification = notification
3764
3765 # if created_by is inside recipients mark his notification
3766 # as read
3767 if u.user_id == created_by.user_id:
3768 assoc.read = True
3769
3770 u.notifications.append(assoc)
3771 Session().add(notification)
3772
3773 return notification
3774
3775
3776 class UserNotification(Base, BaseModel):
3777 __tablename__ = 'user_to_notification'
3778 __table_args__ = (
3779 UniqueConstraint('user_id', 'notification_id'),
3780 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3781 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3782 )
3783 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3784 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3785 read = Column('read', Boolean, default=False)
3786 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3787
3788 user = relationship('User', lazy="joined")
3789 notification = relationship('Notification', lazy="joined",
3790 order_by=lambda: Notification.created_on.desc(),)
3791
3792 def mark_as_read(self):
3793 self.read = True
3794 Session().add(self)
3795
3796
3797 class Gist(Base, BaseModel):
3798 __tablename__ = 'gists'
3799 __table_args__ = (
3800 Index('g_gist_access_id_idx', 'gist_access_id'),
3801 Index('g_created_on_idx', 'created_on'),
3802 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3803 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3804 )
3805 GIST_PUBLIC = u'public'
3806 GIST_PRIVATE = u'private'
3807 DEFAULT_FILENAME = u'gistfile1.txt'
3808
3809 ACL_LEVEL_PUBLIC = u'acl_public'
3810 ACL_LEVEL_PRIVATE = u'acl_private'
3811
3812 gist_id = Column('gist_id', Integer(), primary_key=True)
3813 gist_access_id = Column('gist_access_id', Unicode(250))
3814 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3815 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3816 gist_expires = Column('gist_expires', Float(53), nullable=False)
3817 gist_type = Column('gist_type', Unicode(128), nullable=False)
3818 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3819 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3820 acl_level = Column('acl_level', Unicode(128), nullable=True)
3821
3822 owner = relationship('User')
3823
3824 def __repr__(self):
3825 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3826
3827 @hybrid_property
3828 def description_safe(self):
3829 from rhodecode.lib import helpers as h
3830 return h.escape(self.gist_description)
3831
3832 @classmethod
3833 def get_or_404(cls, id_):
3834 from pyramid.httpexceptions import HTTPNotFound
3835
3836 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3837 if not res:
3838 raise HTTPNotFound()
3839 return res
3840
3841 @classmethod
3842 def get_by_access_id(cls, gist_access_id):
3843 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3844
3845 def gist_url(self):
3846 from rhodecode.model.gist import GistModel
3847 return GistModel().get_url(self)
3848
3849 @classmethod
3850 def base_path(cls):
3851 """
3852 Returns base path when all gists are stored
3853
3854 :param cls:
3855 """
3856 from rhodecode.model.gist import GIST_STORE_LOC
3857 q = Session().query(RhodeCodeUi)\
3858 .filter(RhodeCodeUi.ui_key == URL_SEP)
3859 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3860 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
3861
3862 def get_api_data(self):
3863 """
3864 Common function for generating gist related data for API
3865 """
3866 gist = self
3867 data = {
3868 'gist_id': gist.gist_id,
3869 'type': gist.gist_type,
3870 'access_id': gist.gist_access_id,
3871 'description': gist.gist_description,
3872 'url': gist.gist_url(),
3873 'expires': gist.gist_expires,
3874 'created_on': gist.created_on,
3875 'modified_at': gist.modified_at,
3876 'content': None,
3877 'acl_level': gist.acl_level,
3878 }
3879 return data
3880
3881 def __json__(self):
3882 data = dict(
3883 )
3884 data.update(self.get_api_data())
3885 return data
3886 # SCM functions
3887
3888 def scm_instance(self, **kwargs):
3889 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
3890 return get_vcs_instance(
3891 repo_path=safe_str(full_repo_path), create=False)
3892
3893
3894 class ExternalIdentity(Base, BaseModel):
3895 __tablename__ = 'external_identities'
3896 __table_args__ = (
3897 Index('local_user_id_idx', 'local_user_id'),
3898 Index('external_id_idx', 'external_id'),
3899 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3900 'mysql_charset': 'utf8'})
3901
3902 external_id = Column('external_id', Unicode(255), default=u'',
3903 primary_key=True)
3904 external_username = Column('external_username', Unicode(1024), default=u'')
3905 local_user_id = Column('local_user_id', Integer(),
3906 ForeignKey('users.user_id'), primary_key=True)
3907 provider_name = Column('provider_name', Unicode(255), default=u'',
3908 primary_key=True)
3909 access_token = Column('access_token', String(1024), default=u'')
3910 alt_token = Column('alt_token', String(1024), default=u'')
3911 token_secret = Column('token_secret', String(1024), default=u'')
3912
3913 @classmethod
3914 def by_external_id_and_provider(cls, external_id, provider_name,
3915 local_user_id=None):
3916 """
3917 Returns ExternalIdentity instance based on search params
3918
3919 :param external_id:
3920 :param provider_name:
3921 :return: ExternalIdentity
3922 """
3923 query = cls.query()
3924 query = query.filter(cls.external_id == external_id)
3925 query = query.filter(cls.provider_name == provider_name)
3926 if local_user_id:
3927 query = query.filter(cls.local_user_id == local_user_id)
3928 return query.first()
3929
3930 @classmethod
3931 def user_by_external_id_and_provider(cls, external_id, provider_name):
3932 """
3933 Returns User instance based on search params
3934
3935 :param external_id:
3936 :param provider_name:
3937 :return: User
3938 """
3939 query = User.query()
3940 query = query.filter(cls.external_id == external_id)
3941 query = query.filter(cls.provider_name == provider_name)
3942 query = query.filter(User.user_id == cls.local_user_id)
3943 return query.first()
3944
3945 @classmethod
3946 def by_local_user_id(cls, local_user_id):
3947 """
3948 Returns all tokens for user
3949
3950 :param local_user_id:
3951 :return: ExternalIdentity
3952 """
3953 query = cls.query()
3954 query = query.filter(cls.local_user_id == local_user_id)
3955 return query
3956
3957
3958 class Integration(Base, BaseModel):
3959 __tablename__ = 'integrations'
3960 __table_args__ = (
3961 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3962 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3963 )
3964
3965 integration_id = Column('integration_id', Integer(), primary_key=True)
3966 integration_type = Column('integration_type', String(255))
3967 enabled = Column('enabled', Boolean(), nullable=False)
3968 name = Column('name', String(255), nullable=False)
3969 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
3970 default=False)
3971
3972 settings = Column(
3973 'settings_json', MutationObj.as_mutable(
3974 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3975 repo_id = Column(
3976 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
3977 nullable=True, unique=None, default=None)
3978 repo = relationship('Repository', lazy='joined')
3979
3980 repo_group_id = Column(
3981 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
3982 nullable=True, unique=None, default=None)
3983 repo_group = relationship('RepoGroup', lazy='joined')
3984
3985 @property
3986 def scope(self):
3987 if self.repo:
3988 return repr(self.repo)
3989 if self.repo_group:
3990 if self.child_repos_only:
3991 return repr(self.repo_group) + ' (child repos only)'
3992 else:
3993 return repr(self.repo_group) + ' (recursive)'
3994 if self.child_repos_only:
3995 return 'root_repos'
3996 return 'global'
3997
3998 def __repr__(self):
3999 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
4000
4001
4002 class RepoReviewRuleUser(Base, BaseModel):
4003 __tablename__ = 'repo_review_rules_users'
4004 __table_args__ = (
4005 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4006 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4007 )
4008 repo_review_rule_user_id = Column('repo_review_rule_user_id', Integer(), primary_key=True)
4009 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4010 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False)
4011 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4012 user = relationship('User')
4013
4014 def rule_data(self):
4015 return {
4016 'mandatory': self.mandatory
4017 }
4018
4019
4020 class RepoReviewRuleUserGroup(Base, BaseModel):
4021 __tablename__ = 'repo_review_rules_users_groups'
4022 __table_args__ = (
4023 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4024 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4025 )
4026 repo_review_rule_users_group_id = Column('repo_review_rule_users_group_id', Integer(), primary_key=True)
4027 repo_review_rule_id = Column("repo_review_rule_id", Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
4028 users_group_id = Column("users_group_id", Integer(),ForeignKey('users_groups.users_group_id'), nullable=False)
4029 mandatory = Column("mandatory", Boolean(), nullable=False, default=False)
4030 users_group = relationship('UserGroup')
4031
4032 def rule_data(self):
4033 return {
4034 'mandatory': self.mandatory
4035 }
4036
4037
4038 class RepoReviewRule(Base, BaseModel):
4039 __tablename__ = 'repo_review_rules'
4040 __table_args__ = (
4041 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4042 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
4043 )
4044
4045 repo_review_rule_id = Column(
4046 'repo_review_rule_id', Integer(), primary_key=True)
4047 repo_id = Column(
4048 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
4049 repo = relationship('Repository', backref='review_rules')
4050
4051 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4052 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'), default=u'*') # glob
4053
4054 use_authors_for_review = Column("use_authors_for_review", Boolean(), nullable=False, default=False)
4055 forbid_author_to_review = Column("forbid_author_to_review", Boolean(), nullable=False, default=False)
4056 forbid_commit_author_to_review = Column("forbid_commit_author_to_review", Boolean(), nullable=False, default=False)
4057 forbid_adding_reviewers = Column("forbid_adding_reviewers", Boolean(), nullable=False, default=False)
4058
4059 rule_users = relationship('RepoReviewRuleUser')
4060 rule_user_groups = relationship('RepoReviewRuleUserGroup')
4061
4062 @hybrid_property
4063 def branch_pattern(self):
4064 return self._branch_pattern or '*'
4065
4066 def _validate_glob(self, value):
4067 re.compile('^' + glob2re(value) + '$')
4068
4069 @branch_pattern.setter
4070 def branch_pattern(self, value):
4071 self._validate_glob(value)
4072 self._branch_pattern = value or '*'
4073
4074 @hybrid_property
4075 def file_pattern(self):
4076 return self._file_pattern or '*'
4077
4078 @file_pattern.setter
4079 def file_pattern(self, value):
4080 self._validate_glob(value)
4081 self._file_pattern = value or '*'
4082
4083 def matches(self, branch, files_changed):
4084 """
4085 Check if this review rule matches a branch/files in a pull request
4086
4087 :param branch: branch name for the commit
4088 :param files_changed: list of file paths changed in the pull request
4089 """
4090
4091 branch = branch or ''
4092 files_changed = files_changed or []
4093
4094 branch_matches = True
4095 if branch:
4096 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
4097 branch_matches = bool(branch_regex.search(branch))
4098
4099 files_matches = True
4100 if self.file_pattern != '*':
4101 files_matches = False
4102 file_regex = re.compile(glob2re(self.file_pattern))
4103 for filename in files_changed:
4104 if file_regex.search(filename):
4105 files_matches = True
4106 break
4107
4108 return branch_matches and files_matches
4109
4110 @property
4111 def review_users(self):
4112 """ Returns the users which this rule applies to """
4113
4114 users = collections.OrderedDict()
4115
4116 for rule_user in self.rule_users:
4117 if rule_user.user.active:
4118 if rule_user.user not in users:
4119 users[rule_user.user.username] = {
4120 'user': rule_user.user,
4121 'source': 'user',
4122 'source_data': {},
4123 'data': rule_user.rule_data()
4124 }
4125
4126 for rule_user_group in self.rule_user_groups:
4127 source_data = {
4128 'name': rule_user_group.users_group.users_group_name,
4129 'members': len(rule_user_group.users_group.members)
4130 }
4131 for member in rule_user_group.users_group.members:
4132 if member.user.active:
4133 users[member.user.username] = {
4134 'user': member.user,
4135 'source': 'user_group',
4136 'source_data': source_data,
4137 'data': rule_user_group.rule_data()
4138 }
4139
4140 return users
4141
4142 def __repr__(self):
4143 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
4144 self.repo_review_rule_id, self.repo)
4145
4146
4147 class DbMigrateVersion(Base, BaseModel):
4148 __tablename__ = 'db_migrate_version'
4149 __table_args__ = (
4150 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4151 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4152 )
4153 repository_id = Column('repository_id', String(250), primary_key=True)
4154 repository_path = Column('repository_path', Text)
4155 version = Column('version', Integer)
4156
4157
4158 class DbSession(Base, BaseModel):
4159 __tablename__ = 'db_session'
4160 __table_args__ = (
4161 {'extend_existing': True, 'mysql_engine': 'InnoDB',
4162 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
4163 )
4164
4165 def __repr__(self):
4166 return '<DB:DbSession({})>'.format(self.id)
4167
4168 id = Column('id', Integer())
4169 namespace = Column('namespace', String(255), primary_key=True)
4170 accessed = Column('accessed', DateTime, nullable=False)
4171 created = Column('created', DateTime, nullable=False)
4172 data = Column('data', PickleType, nullable=False)
@@ -0,0 +1,29 b''
1 import logging
2
3 from sqlalchemy import *
4 from rhodecode.model import meta
5 from rhodecode.lib.dbmigrate.versions import _reset_base, notify
6
7 log = logging.getLogger(__name__)
8
9
10 def upgrade(migrate_engine):
11 """
12 Upgrade operations go here.
13 Don't create your own engine; bind migrate_engine to your metadata
14 """
15 _reset_base(migrate_engine)
16 from rhodecode.lib.dbmigrate.schema import db_4_9_0_0 as db
17
18 db.UserSshKeys.__table__.create()
19
20 fixups(db, meta.Session)
21
22
23 def downgrade(migrate_engine):
24 meta = MetaData()
25 meta.bind = migrate_engine
26
27
28 def fixups(models, _SESSION):
29 pass
@@ -0,0 +1,123 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2013-2017 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import logging
22 import traceback
23
24 import sshpubkeys
25 import sshpubkeys.exceptions
26
27 from rhodecode.model import BaseModel
28 from rhodecode.model.db import UserSshKeys
29 from rhodecode.model.meta import Session
30
31 log = logging.getLogger(__name__)
32
33
34 class SshKeyModel(BaseModel):
35 cls = UserSshKeys
36
37 def parse_key(self, key_data):
38 """
39 print(ssh.bits) # 768
40 print(ssh.hash_md5()) # 56:84:1e:90:08:3b:60:c7:29:70:5f:5e:25:a6:3b:86
41 print(ssh.hash_sha256()) # SHA256:xk3IEJIdIoR9MmSRXTP98rjDdZocmXJje/28ohMQEwM
42 print(ssh.hash_sha512()) # SHA512:1C3lNBhjpDVQe39hnyy+xvlZYU3IPwzqK1rVneGavy6O3/ebjEQSFvmeWoyMTplIanmUK1hmr9nA8Skmj516HA
43 print(ssh.comment) # ojar@ojar-laptop
44 print(ssh.options_raw) # None (string of optional options at the beginning of public key)
45 print(ssh.options) # None (options as a dictionary, parsed and validated)
46
47 :param key_data:
48 :return:
49 """
50 ssh = sshpubkeys.SSHKey(strict_mode=True)
51 try:
52 ssh.parse(key_data)
53 return ssh
54 except sshpubkeys.exceptions.InvalidKeyException as err:
55 log.error("Invalid key: %s", err)
56 raise
57 except NotImplementedError as err:
58 log.error("Invalid key type: %s", err)
59 raise
60 except Exception as err:
61 log.error("Key Parse error: %s", err)
62 raise
63
64 def generate_keypair(self, comment=None):
65 from Crypto.PublicKey import RSA
66
67 key = RSA.generate(2048)
68 private = key.exportKey('PEM')
69
70 pubkey = key.publickey()
71 public = pubkey.exportKey('OpenSSH')
72 if comment:
73 public = public + " " + comment
74 return private, public
75
76 def create(self, user, fingerprint, key_data, description):
77 """
78 """
79 user = self._get_user(user)
80
81 new_ssh_key = UserSshKeys()
82 new_ssh_key.ssh_key_fingerprint = fingerprint
83 new_ssh_key.ssh_key_data = key_data
84 new_ssh_key.user_id = user.user_id
85 new_ssh_key.description = description
86
87 Session().add(new_ssh_key)
88
89 return new_ssh_key
90
91 def delete(self, ssh_key_id, user=None):
92 """
93 Deletes given api_key, if user is set it also filters the object for
94 deletion by given user.
95 """
96 ssh_key = UserSshKeys.query().filter(
97 UserSshKeys.ssh_key_id == ssh_key_id)
98
99 if user:
100 user = self._get_user(user)
101 ssh_key = ssh_key.filter(UserSshKeys.user_id == user.user_id)
102 ssh_key = ssh_key.scalar()
103
104 if ssh_key:
105 try:
106 Session().delete(ssh_key)
107 except Exception:
108 log.error(traceback.format_exc())
109 raise
110
111 def get_ssh_keys(self, user):
112 user = self._get_user(user)
113 user_ssh_keys = UserSshKeys.query()\
114 .filter(UserSshKeys.user_id == user.user_id)
115 user_ssh_keys = user_ssh_keys.order_by(UserSshKeys.ssh_key_id)
116 return user_ssh_keys
117
118 def get_ssh_key_by_fingerprint(self, ssh_key_fingerprint):
119 user_ssh_key = UserSshKeys.query()\
120 .filter(UserSshKeys.ssh_key_fingerprint == ssh_key_fingerprint)\
121 .first()
122
123 return user_ssh_key
@@ -0,0 +1,78 b''
1 <div class="panel panel-default">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('SSH Keys')}</h3>
4 </div>
5 <div class="panel-body">
6 <div class="sshkeys_wrap">
7 <table class="rctable ssh_keys">
8 <tr>
9 <th>${_('Fingerprint')}</th>
10 <th>${_('Description')}</th>
11 <th>${_('Created')}</th>
12 <th>${_('Action')}</th>
13 </tr>
14 %if c.user_ssh_keys:
15 %for ssh_key in c.user_ssh_keys:
16 <tr class="">
17 <td class="">
18 <code>${ssh_key.ssh_key_fingerprint}</code>
19 </td>
20 <td class="td-wrap">${ssh_key.description}</td>
21 <td class="td-tags">${h.format_date(ssh_key.created_on)}</td>
22
23 <td class="td-action">
24 ${h.secure_form(h.route_path('edit_user_ssh_keys_delete', user_id=c.user.user_id), method='POST', request=request)}
25 ${h.hidden('del_ssh_key', ssh_key.ssh_key_id)}
26 <button class="btn btn-link btn-danger" type="submit"
27 onclick="return confirm('${_('Confirm to remove ssh key %s') % ssh_key.ssh_key_fingerprint}');">
28 ${_('Delete')}
29 </button>
30 ${h.end_form()}
31 </td>
32 </tr>
33 %endfor
34 %else:
35 <tr><td><div class="ip">${_('No additional ssh keys specified')}</div></td></tr>
36 %endif
37 </table>
38 </div>
39
40 <div class="user_ssh_keys">
41 ${h.secure_form(h.route_path('edit_user_ssh_keys_add', user_id=c.user.user_id), method='POST', request=request)}
42 <div class="form form-vertical">
43 <!-- fields -->
44 <div class="fields">
45 <div class="field">
46 <div class="label">
47 <label for="new_email">${_('New ssh key')}:</label>
48 </div>
49 <div class="input">
50 ${h.text('description', class_='medium', placeholder=_('Description'))}
51 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
52 </div>
53 </div>
54
55 <div class="field">
56 <div class="textarea text-area editor">
57 ${h.textarea('key_data',c.default_key, size=30, placeholder=_("Public key, begins with 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'"))}
58 </div>
59 </div>
60
61 <div class="buttons">
62 ${h.submit('save',_('Add'),class_="btn")}
63 ${h.reset('reset',_('Reset'),class_="btn")}
64 </div>
65 </div>
66 </div>
67 ${h.end_form()}
68 </div>
69 </div>
70 </div>
71
72 <script>
73
74 $(document).ready(function(){
75
76
77 });
78 </script>
@@ -0,0 +1,45 b''
1 <div class="panel panel-default">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
4 </div>
5 <div class="panel-body">
6 <p>
7 ${_('Below is a 2048 bit generated SSH RSA key. You can use it to access RhodeCode via the SSH wrapper.')}
8 </p>
9 <h4>${_('Private key')}</h4>
10 <pre>
11 # Save the content as
12 ~/.ssh/id_rsa_rhodecode_access_priv.key
13 # Change permissions
14 chmod 0600 ~/.ssh/id_rsa_rhodecode_access_priv.key
15 </pre>
16
17 <div>
18 <textarea style="height: 300px">${c.private}</textarea>
19 </div>
20 <br/>
21
22
23 <h4>${_('Public key')}</h4>
24 <pre>
25 # Save the content as
26 ~/.ssh/id_rsa_rhodecode_access_pub.key
27 # Change permissions
28 chmod 0600 ~/.ssh/id_rsa_rhodecode_access_pub.key
29 </pre>
30
31 <input type="text" value="${c.public}" class="large text" size="100"/>
32 <p>
33 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Add this generated key')}</a>
34 </p>
35
36 </div>
37 </div>
38
39 <script>
40
41 $(document).ready(function(){
42
43
44 });
45 </script>
@@ -653,13 +653,13 b''
653 653 };
654 654 };
655 655 ecdsa = super.buildPythonPackage {
656 name = "ecdsa-0.11";
656 name = "ecdsa-0.13";
657 657 buildInputs = with self; [];
658 658 doCheck = false;
659 659 propagatedBuildInputs = with self; [];
660 660 src = fetchurl {
661 url = "https://pypi.python.org/packages/6c/3f/92fe5dcdcaa7bd117be21e5520c9a54375112b66ec000d209e9e9519fad1/ecdsa-0.11.tar.gz";
662 md5 = "8ef586fe4dbb156697d756900cb41d7c";
661 url = "https://pypi.python.org/packages/f9/e5/99ebb176e47f150ac115ffeda5fedb6a3dbb3c00c74a59fd84ddf12f5857/ecdsa-0.13.tar.gz";
662 md5 = "1f60eda9cb5c46722856db41a3ae6670";
663 663 };
664 664 meta = {
665 665 license = [ pkgs.lib.licenses.mit ];
@@ -1172,19 +1172,6 b''
1172 1172 license = [ pkgs.lib.licenses.bsdOriginal ];
1173 1173 };
1174 1174 };
1175 paramiko = super.buildPythonPackage {
1176 name = "paramiko-1.15.1";
1177 buildInputs = with self; [];
1178 doCheck = false;
1179 propagatedBuildInputs = with self; [pycrypto ecdsa];
1180 src = fetchurl {
1181 url = "https://pypi.python.org/packages/04/2b/a22d2a560c1951abbbf95a0628e245945565f70dc082d9e784666887222c/paramiko-1.15.1.tar.gz";
1182 md5 = "48c274c3f9b1282932567b21f6acf3b5";
1183 };
1184 meta = {
1185 license = [ { fullName = "LGPL"; } { fullName = "GNU Library or Lesser General Public License (LGPL)"; } ];
1186 };
1187 };
1188 1175 pathlib2 = super.buildPythonPackage {
1189 1176 name = "pathlib2-2.3.0";
1190 1177 buildInputs = with self; [];
@@ -1722,7 +1709,7 b''
1722 1709 name = "rhodecode-enterprise-ce-4.9.0";
1723 1710 buildInputs = with self; [pytest py pytest-cov pytest-sugar pytest-runner pytest-catchlog pytest-profiling gprof2dot pytest-timeout mock WebTest cov-core coverage configobj];
1724 1711 doCheck = true;
1725 propagatedBuildInputs = with self; [Babel Beaker FormEncode Mako Markdown MarkupSafe MySQL-python Paste PasteDeploy PasteScript Pygments pygments-markdown-lexer Pylons Routes SQLAlchemy Tempita URLObject WebError WebHelpers WebHelpers2 WebOb WebTest Whoosh alembic amqplib anyjson appenlight-client authomatic cssselect celery channelstream colander decorator deform docutils gevent gunicorn infrae.cache ipython iso8601 kombu lxml msgpack-python nbconvert packaging psycopg2 py-gfm pycrypto pycurl pyparsing pyramid pyramid-debugtoolbar pyramid-mako pyramid-beaker pysqlite python-dateutil python-ldap python-memcached python-pam recaptcha-client repoze.lru requests simplejson subprocess32 waitress zope.cachedescriptors dogpile.cache dogpile.core psutil py-bcrypt];
1712 propagatedBuildInputs = with self; [Babel Beaker FormEncode Mako Markdown MarkupSafe MySQL-python Paste PasteDeploy PasteScript Pygments pygments-markdown-lexer Pylons Routes SQLAlchemy Tempita URLObject WebError WebHelpers WebHelpers2 WebOb WebTest Whoosh alembic amqplib anyjson appenlight-client authomatic cssselect celery channelstream colander decorator deform docutils gevent gunicorn infrae.cache ipython iso8601 kombu lxml msgpack-python nbconvert packaging psycopg2 py-gfm pycrypto pycurl pyparsing pyramid pyramid-debugtoolbar pyramid-mako pyramid-beaker pysqlite python-dateutil python-ldap python-memcached python-pam recaptcha-client repoze.lru requests simplejson sshpubkeys subprocess32 waitress zope.cachedescriptors dogpile.cache dogpile.core psutil py-bcrypt];
1726 1713 src = ./.;
1727 1714 meta = {
1728 1715 license = [ { fullName = "Affero GNU General Public License v3 or later (AGPLv3+)"; } { fullName = "AGPLv3, and Commercial License"; } ];
@@ -1832,6 +1819,19 b''
1832 1819 license = [ pkgs.lib.licenses.mit ];
1833 1820 };
1834 1821 };
1822 sshpubkeys = super.buildPythonPackage {
1823 name = "sshpubkeys-2.2.0";
1824 buildInputs = with self; [];
1825 doCheck = false;
1826 propagatedBuildInputs = with self; [pycrypto ecdsa];
1827 src = fetchurl {
1828 url = "https://pypi.python.org/packages/27/da/337fabeb3dca6b62039a93ceaa636f25065e0ae92b575b1235342076cf0a/sshpubkeys-2.2.0.tar.gz";
1829 md5 = "458e45f6b92b1afa84f0ffe1f1c90935";
1830 };
1831 meta = {
1832 license = [ pkgs.lib.licenses.bsdOriginal ];
1833 };
1834 };
1835 1835 subprocess32 = super.buildPythonPackage {
1836 1836 name = "subprocess32-3.2.7";
1837 1837 buildInputs = with self; [];
@@ -19,7 +19,7 b' deform==2.0.4'
19 19 docutils==0.13.1
20 20 dogpile.cache==0.6.4
21 21 dogpile.core==0.4.1
22 ecdsa==0.11
22 ecdsa==0.13
23 23 FormEncode==1.2.4
24 24 future==0.14.3
25 25 futures==3.0.2
@@ -39,7 +39,6 b' MySQL-python==1.2.5'
39 39 nose==1.3.6
40 40 objgraph==3.1.0
41 41 packaging==15.2
42 paramiko==1.15.1
43 42 Paste==2.0.3
44 43 PasteDeploy==1.5.2
45 44 PasteScript==1.7.5
@@ -74,6 +73,7 b' simplejson==3.11.1'
74 73 six==1.9.0
75 74 Sphinx==1.2.2
76 75 SQLAlchemy==1.1.11
76 sshpubkeys==2.2.0
77 77 subprocess32==3.2.7
78 78 supervisor==3.3.2
79 79 Tempita==0.5.2
@@ -51,7 +51,7 b' PYRAMID_SETTINGS = {}'
51 51 EXTENSIONS = {}
52 52
53 53 __version__ = ('.'.join((str(each) for each in VERSION[:3])))
54 __dbversion__ = 79 # defines current db version for migrations
54 __dbversion__ = 80 # defines current db version for migrations
55 55 __platform__ = platform.system()
56 56 __license__ = 'AGPLv3, and Commercial License'
57 57 __author__ = 'RhodeCode GmbH'
@@ -126,6 +126,20 b' def admin_routes(config):'
126 126 name='edit_user_auth_tokens_delete',
127 127 pattern='/users/{user_id:\d+}/edit/auth_tokens/delete')
128 128
129 # user ssh keys
130 config.add_route(
131 name='edit_user_ssh_keys',
132 pattern='/users/{user_id:\d+}/edit/ssh_keys')
133 config.add_route(
134 name='edit_user_ssh_keys_generate_keypair',
135 pattern='/users/{user_id:\d+}/edit/ssh_keys/generate')
136 config.add_route(
137 name='edit_user_ssh_keys_add',
138 pattern='/users/{user_id:\d+}/edit/ssh_keys/new')
139 config.add_route(
140 name='edit_user_ssh_keys_delete',
141 pattern='/users/{user_id:\d+}/edit/ssh_keys/delete')
142
129 143 # user emails
130 144 config.add_route(
131 145 name='edit_user_emails',
@@ -25,6 +25,7 b' import formencode'
25 25 from pyramid.httpexceptions import HTTPFound
26 26 from pyramid.view import view_config
27 27 from sqlalchemy.sql.functions import coalesce
28 from sqlalchemy.exc import IntegrityError
28 29
29 30 from rhodecode.apps._base import BaseAppView, DataGridAppView
30 31
@@ -35,9 +36,11 b' from rhodecode.lib.auth import ('
35 36 from rhodecode.lib import helpers as h
36 37 from rhodecode.lib.utils2 import safe_int, safe_unicode
37 38 from rhodecode.model.auth_token import AuthTokenModel
39 from rhodecode.model.ssh_key import SshKeyModel
38 40 from rhodecode.model.user import UserModel
39 41 from rhodecode.model.user_group import UserGroupModel
40 from rhodecode.model.db import User, or_, UserIpMap, UserEmailMap, UserApiKeys
42 from rhodecode.model.db import (
43 or_, User, UserIpMap, UserEmailMap, UserApiKeys, UserSshKeys)
41 44 from rhodecode.model.meta import Session
42 45
43 46 log = logging.getLogger(__name__)
@@ -255,6 +258,123 b' class AdminUsersView(BaseAppView, DataGr'
255 258 @LoginRequired()
256 259 @HasPermissionAllDecorator('hg.admin')
257 260 @view_config(
261 route_name='edit_user_ssh_keys', request_method='GET',
262 renderer='rhodecode:templates/admin/users/user_edit.mako')
263 def ssh_keys(self):
264 _ = self.request.translate
265 c = self.load_default_context()
266
267 user_id = self.request.matchdict.get('user_id')
268 c.user = User.get_or_404(user_id)
269 self._redirect_for_default_user(c.user.username)
270
271 c.active = 'ssh_keys'
272 c.default_key = self.request.GET.get('default_key')
273 c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
274 return self._get_template_context(c)
275
276 @LoginRequired()
277 @HasPermissionAllDecorator('hg.admin')
278 @view_config(
279 route_name='edit_user_ssh_keys_generate_keypair', request_method='GET',
280 renderer='rhodecode:templates/admin/users/user_edit.mako')
281 def ssh_keys_generate_keypair(self):
282 _ = self.request.translate
283 c = self.load_default_context()
284
285 user_id = self.request.matchdict.get('user_id')
286 c.user = User.get_or_404(user_id)
287 self._redirect_for_default_user(c.user.username)
288
289 c.active = 'ssh_keys_generate'
290 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
291 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
292
293 return self._get_template_context(c)
294
295 @LoginRequired()
296 @HasPermissionAllDecorator('hg.admin')
297 @CSRFRequired()
298 @view_config(
299 route_name='edit_user_ssh_keys_add', request_method='POST')
300 def ssh_keys_add(self):
301 _ = self.request.translate
302 c = self.load_default_context()
303
304 user_id = self.request.matchdict.get('user_id')
305 c.user = User.get_or_404(user_id)
306
307 self._redirect_for_default_user(c.user.username)
308
309 user_data = c.user.get_api_data()
310 key_data = self.request.POST.get('key_data')
311 description = self.request.POST.get('description')
312
313 try:
314 if not key_data:
315 raise ValueError('Please add a valid public key')
316
317 key = SshKeyModel().parse_key(key_data.strip())
318 fingerprint = key.hash_md5()
319
320 ssh_key = SshKeyModel().create(
321 c.user.user_id, fingerprint, key_data, description)
322 ssh_key_data = ssh_key.get_api_data()
323
324 audit_logger.store_web(
325 'user.edit.ssh_key.add', action_data={
326 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
327 user=self._rhodecode_user, )
328 Session().commit()
329
330 h.flash(_("Ssh Key successfully created"), category='success')
331
332 except IntegrityError:
333 log.exception("Exception during ssh key saving")
334 h.flash(_('An error occurred during ssh key saving: {}').format(
335 'Such key already exists, please use a different one'),
336 category='error')
337 except Exception as e:
338 log.exception("Exception during ssh key saving")
339 h.flash(_('An error occurred during ssh key saving: {}').format(e),
340 category='error')
341
342 return HTTPFound(
343 h.route_path('edit_user_ssh_keys', user_id=user_id))
344
345 @LoginRequired()
346 @HasPermissionAllDecorator('hg.admin')
347 @CSRFRequired()
348 @view_config(
349 route_name='edit_user_ssh_keys_delete', request_method='POST')
350 def ssh_keys_delete(self):
351 _ = self.request.translate
352 c = self.load_default_context()
353
354 user_id = self.request.matchdict.get('user_id')
355 c.user = User.get_or_404(user_id)
356 self._redirect_for_default_user(c.user.username)
357 user_data = c.user.get_api_data()
358
359 del_ssh_key = self.request.POST.get('del_ssh_key')
360
361 if del_ssh_key:
362 ssh_key = UserSshKeys.get_or_404(del_ssh_key)
363 ssh_key_data = ssh_key.get_api_data()
364
365 SshKeyModel().delete(del_ssh_key, c.user.user_id)
366 audit_logger.store_web(
367 'user.edit.ssh_key.delete', action_data={
368 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
369 user=self._rhodecode_user,)
370 Session().commit()
371 h.flash(_("Ssh key successfully deleted"), category='success')
372
373 return HTTPFound(h.route_path('edit_user_ssh_keys', user_id=user_id))
374
375 @LoginRequired()
376 @HasPermissionAllDecorator('hg.admin')
377 @view_config(
258 378 route_name='edit_user_emails', request_method='GET',
259 379 renderer='rhodecode:templates/admin/users/user_edit.mako')
260 380 def emails(self):
@@ -46,6 +46,8 b' ACTIONS_V1 = {'
46 46 'user.edit.token.delete': {'token': {}, 'user': {}},
47 47 'user.edit.email.add': {'email': ''},
48 48 'user.edit.email.delete': {'email': ''},
49 'user.edit.ssh_key.add': {'token': {}, 'user': {}},
50 'user.edit.ssh_key.delete': {'token': {}, 'user': {}},
49 51 'user.edit.password_reset.enabled': {},
50 52 'user.edit.password_reset.disabled': {},
51 53
@@ -545,6 +545,8 b' class User(Base, BaseModel):'
545 545 user_emails = relationship('UserEmailMap', cascade='all')
546 546 user_ip_map = relationship('UserIpMap', cascade='all')
547 547 user_auth_tokens = relationship('UserApiKeys', cascade='all')
548 user_ssh_keys = relationship('UserSshKeys', cascade='all')
549
548 550 # gists
549 551 user_gists = relationship('Gist', cascade='all')
550 552 # user pull requests
@@ -1143,6 +1145,43 b' class UserIpMap(Base, BaseModel):'
1143 1145 self.user_id, self.ip_addr)
1144 1146
1145 1147
1148 class UserSshKeys(Base, BaseModel):
1149 __tablename__ = 'user_ssh_keys'
1150 __table_args__ = (
1151 Index('usk_ssh_key_fingerprint_idx', 'ssh_key_fingerprint'),
1152
1153 UniqueConstraint('ssh_key_fingerprint'),
1154
1155 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1156 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1157 )
1158 __mapper_args__ = {}
1159
1160 ssh_key_id = Column('ssh_key_id', Integer(), nullable=False, unique=True, default=None, primary_key=True)
1161 ssh_key_data = Column('ssh_key_data', String(10240), nullable=False, unique=None, default=None)
1162 ssh_key_fingerprint = Column('ssh_key_fingerprint', String(1024), nullable=False, unique=None, default=None)
1163
1164 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
1165
1166 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1167 accessed_on = Column('accessed_on', DateTime(timezone=False), nullable=True, default=None)
1168 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1169
1170 user = relationship('User', lazy='joined')
1171
1172 def __json__(self):
1173 data = {
1174 'ssh_fingerprint': self.ssh_key_fingerprint,
1175 'description': self.description,
1176 'created_on': self.created_on
1177 }
1178 return data
1179
1180 def get_api_data(self):
1181 data = self.__json__()
1182 return data
1183
1184
1146 1185 class UserLog(Base, BaseModel):
1147 1186 __tablename__ = 'user_logs'
1148 1187 __table_args__ = (
@@ -62,6 +62,10 b' function registerRCRoutes() {'
62 62 pyroutes.register('edit_user_auth_tokens', '/_admin/users/%(user_id)s/edit/auth_tokens', ['user_id']);
63 63 pyroutes.register('edit_user_auth_tokens_add', '/_admin/users/%(user_id)s/edit/auth_tokens/new', ['user_id']);
64 64 pyroutes.register('edit_user_auth_tokens_delete', '/_admin/users/%(user_id)s/edit/auth_tokens/delete', ['user_id']);
65 pyroutes.register('edit_user_ssh_keys', '/_admin/users/%(user_id)s/edit/ssh_keys', ['user_id']);
66 pyroutes.register('edit_user_ssh_keys_generate_keypair', '/_admin/users/%(user_id)s/edit/ssh_keys/generate', ['user_id']);
67 pyroutes.register('edit_user_ssh_keys_add', '/_admin/users/%(user_id)s/edit/ssh_keys/new', ['user_id']);
68 pyroutes.register('edit_user_ssh_keys_delete', '/_admin/users/%(user_id)s/edit/ssh_keys/delete', ['user_id']);
65 69 pyroutes.register('edit_user_emails', '/_admin/users/%(user_id)s/edit/emails', ['user_id']);
66 70 pyroutes.register('edit_user_emails_add', '/_admin/users/%(user_id)s/edit/emails/new', ['user_id']);
67 71 pyroutes.register('edit_user_emails_delete', '/_admin/users/%(user_id)s/edit/emails/delete', ['user_id']);
@@ -37,6 +37,7 b''
37 37 <ul class="nav nav-pills nav-stacked">
38 38 <li class="${'active' if c.active=='profile' else ''}"><a href="${h.url('edit_user', user_id=c.user.user_id)}">${_('User Profile')}</a></li>
39 39 <li class="${'active' if c.active=='auth_tokens' else ''}"><a href="${h.route_path('edit_user_auth_tokens', user_id=c.user.user_id)}">${_('Auth tokens')}</a></li>
40 <li class="${'active' if c.active in ['ssh_keys','ssh_keys_generate'] else ''}"><a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id)}">${_('SSH Keys')}</a></li>
40 41 <li class="${'active' if c.active=='advanced' else ''}"><a href="${h.url('edit_user_advanced', user_id=c.user.user_id)}">${_('Advanced')}</a></li>
41 42 <li class="${'active' if c.active=='global_perms' else ''}"><a href="${h.url('edit_user_global_perms', user_id=c.user.user_id)}">${_('Global permissions')}</a></li>
42 43 <li class="${'active' if c.active=='perms_summary' else ''}"><a href="${h.url('edit_user_perms_summary', user_id=c.user.user_id)}">${_('Permissions summary')}</a></li>
@@ -134,6 +134,7 b' install_requirements = ['
134 134 'repoze.lru',
135 135 'requests',
136 136 'simplejson',
137 'sshpubkeys',
137 138 'subprocess32',
138 139 'waitress',
139 140 'zope.cachedescriptors',
General Comments 0
You need to be logged in to leave comments. Login now