##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
permissions: added helper to fetch users with write permissions. Used mostly in branch protection logic.
marcink -
r4234:dbc50246 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,577 +1,597 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 permissions model for RhodeCode
23 23 """
24
25
24 import collections
26 25 import logging
27 26 import traceback
28 27
29 28 from sqlalchemy.exc import DatabaseError
30 29
31 30 from rhodecode import events
32 31 from rhodecode.model import BaseModel
33 32 from rhodecode.model.db import (
34 33 User, Permission, UserToPerm, UserRepoToPerm, UserRepoGroupToPerm,
35 34 UserUserGroupToPerm, UserGroup, UserGroupToPerm, UserToRepoBranchPermission)
36 35 from rhodecode.lib.utils2 import str2bool, safe_int
37 36
38 37 log = logging.getLogger(__name__)
39 38
40 39
41 40 class PermissionModel(BaseModel):
42 41 """
43 42 Permissions model for RhodeCode
44 43 """
45 44
46 45 cls = Permission
47 46 global_perms = {
48 47 'default_repo_create': None,
49 48 # special case for create repos on write access to group
50 49 'default_repo_create_on_write': None,
51 50 'default_repo_group_create': None,
52 51 'default_user_group_create': None,
53 52 'default_fork_create': None,
54 53 'default_inherit_default_permissions': None,
55 54 'default_register': None,
56 55 'default_password_reset': None,
57 56 'default_extern_activate': None,
58 57
59 58 # object permissions below
60 59 'default_repo_perm': None,
61 60 'default_group_perm': None,
62 61 'default_user_group_perm': None,
63 62
64 63 # branch
65 64 'default_branch_perm': None,
66 65 }
67 66
68 67 def set_global_permission_choices(self, c_obj, gettext_translator):
69 68 _ = gettext_translator
70 69
71 70 c_obj.repo_perms_choices = [
72 71 ('repository.none', _('None'),),
73 72 ('repository.read', _('Read'),),
74 73 ('repository.write', _('Write'),),
75 74 ('repository.admin', _('Admin'),)]
76 75
77 76 c_obj.group_perms_choices = [
78 77 ('group.none', _('None'),),
79 78 ('group.read', _('Read'),),
80 79 ('group.write', _('Write'),),
81 80 ('group.admin', _('Admin'),)]
82 81
83 82 c_obj.user_group_perms_choices = [
84 83 ('usergroup.none', _('None'),),
85 84 ('usergroup.read', _('Read'),),
86 85 ('usergroup.write', _('Write'),),
87 86 ('usergroup.admin', _('Admin'),)]
88 87
89 88 c_obj.branch_perms_choices = [
90 89 ('branch.none', _('Protected/No Access'),),
91 90 ('branch.merge', _('Web merge'),),
92 91 ('branch.push', _('Push'),),
93 92 ('branch.push_force', _('Force Push'),)]
94 93
95 94 c_obj.register_choices = [
96 95 ('hg.register.none', _('Disabled')),
97 96 ('hg.register.manual_activate', _('Allowed with manual account activation')),
98 97 ('hg.register.auto_activate', _('Allowed with automatic account activation')),]
99 98
100 99 c_obj.password_reset_choices = [
101 100 ('hg.password_reset.enabled', _('Allow password recovery')),
102 101 ('hg.password_reset.hidden', _('Hide password recovery link')),
103 102 ('hg.password_reset.disabled', _('Disable password recovery')),]
104 103
105 104 c_obj.extern_activate_choices = [
106 105 ('hg.extern_activate.manual', _('Manual activation of external account')),
107 106 ('hg.extern_activate.auto', _('Automatic activation of external account')),]
108 107
109 108 c_obj.repo_create_choices = [
110 109 ('hg.create.none', _('Disabled')),
111 110 ('hg.create.repository', _('Enabled'))]
112 111
113 112 c_obj.repo_create_on_write_choices = [
114 113 ('hg.create.write_on_repogroup.false', _('Disabled')),
115 114 ('hg.create.write_on_repogroup.true', _('Enabled'))]
116 115
117 116 c_obj.user_group_create_choices = [
118 117 ('hg.usergroup.create.false', _('Disabled')),
119 118 ('hg.usergroup.create.true', _('Enabled'))]
120 119
121 120 c_obj.repo_group_create_choices = [
122 121 ('hg.repogroup.create.false', _('Disabled')),
123 122 ('hg.repogroup.create.true', _('Enabled'))]
124 123
125 124 c_obj.fork_choices = [
126 125 ('hg.fork.none', _('Disabled')),
127 126 ('hg.fork.repository', _('Enabled'))]
128 127
129 128 c_obj.inherit_default_permission_choices = [
130 129 ('hg.inherit_default_perms.false', _('Disabled')),
131 130 ('hg.inherit_default_perms.true', _('Enabled'))]
132 131
133 132 def get_default_perms(self, object_perms, suffix):
134 133 defaults = {}
135 134 for perm in object_perms:
136 135 # perms
137 136 if perm.permission.permission_name.startswith('repository.'):
138 137 defaults['default_repo_perm' + suffix] = perm.permission.permission_name
139 138
140 139 if perm.permission.permission_name.startswith('group.'):
141 140 defaults['default_group_perm' + suffix] = perm.permission.permission_name
142 141
143 142 if perm.permission.permission_name.startswith('usergroup.'):
144 143 defaults['default_user_group_perm' + suffix] = perm.permission.permission_name
145 144
146 145 # branch
147 146 if perm.permission.permission_name.startswith('branch.'):
148 147 defaults['default_branch_perm' + suffix] = perm.permission.permission_name
149 148
150 149 # creation of objects
151 150 if perm.permission.permission_name.startswith('hg.create.write_on_repogroup'):
152 151 defaults['default_repo_create_on_write' + suffix] = perm.permission.permission_name
153 152
154 153 elif perm.permission.permission_name.startswith('hg.create.'):
155 154 defaults['default_repo_create' + suffix] = perm.permission.permission_name
156 155
157 156 if perm.permission.permission_name.startswith('hg.fork.'):
158 157 defaults['default_fork_create' + suffix] = perm.permission.permission_name
159 158
160 159 if perm.permission.permission_name.startswith('hg.inherit_default_perms.'):
161 160 defaults['default_inherit_default_permissions' + suffix] = perm.permission.permission_name
162 161
163 162 if perm.permission.permission_name.startswith('hg.repogroup.'):
164 163 defaults['default_repo_group_create' + suffix] = perm.permission.permission_name
165 164
166 165 if perm.permission.permission_name.startswith('hg.usergroup.'):
167 166 defaults['default_user_group_create' + suffix] = perm.permission.permission_name
168 167
169 168 # registration and external account activation
170 169 if perm.permission.permission_name.startswith('hg.register.'):
171 170 defaults['default_register' + suffix] = perm.permission.permission_name
172 171
173 172 if perm.permission.permission_name.startswith('hg.password_reset.'):
174 173 defaults['default_password_reset' + suffix] = perm.permission.permission_name
175 174
176 175 if perm.permission.permission_name.startswith('hg.extern_activate.'):
177 176 defaults['default_extern_activate' + suffix] = perm.permission.permission_name
178 177
179 178 return defaults
180 179
181 180 def _make_new_user_perm(self, user, perm_name):
182 181 log.debug('Creating new user permission:%s', perm_name)
183 182 new = UserToPerm()
184 183 new.user = user
185 184 new.permission = Permission.get_by_key(perm_name)
186 185 return new
187 186
188 187 def _make_new_user_group_perm(self, user_group, perm_name):
189 188 log.debug('Creating new user group permission:%s', perm_name)
190 189 new = UserGroupToPerm()
191 190 new.users_group = user_group
192 191 new.permission = Permission.get_by_key(perm_name)
193 192 return new
194 193
195 194 def _keep_perm(self, perm_name, keep_fields):
196 195 def get_pat(field_name):
197 196 return {
198 197 # global perms
199 198 'default_repo_create': 'hg.create.',
200 199 # special case for create repos on write access to group
201 200 'default_repo_create_on_write': 'hg.create.write_on_repogroup.',
202 201 'default_repo_group_create': 'hg.repogroup.create.',
203 202 'default_user_group_create': 'hg.usergroup.create.',
204 203 'default_fork_create': 'hg.fork.',
205 204 'default_inherit_default_permissions': 'hg.inherit_default_perms.',
206 205
207 206 # application perms
208 207 'default_register': 'hg.register.',
209 208 'default_password_reset': 'hg.password_reset.',
210 209 'default_extern_activate': 'hg.extern_activate.',
211 210
212 211 # object permissions below
213 212 'default_repo_perm': 'repository.',
214 213 'default_group_perm': 'group.',
215 214 'default_user_group_perm': 'usergroup.',
216 215 # branch
217 216 'default_branch_perm': 'branch.',
218 217
219 218 }[field_name]
220 219 for field in keep_fields:
221 220 pat = get_pat(field)
222 221 if perm_name.startswith(pat):
223 222 return True
224 223 return False
225 224
226 225 def _clear_object_perm(self, object_perms, preserve=None):
227 226 preserve = preserve or []
228 227 _deleted = []
229 228 for perm in object_perms:
230 229 perm_name = perm.permission.permission_name
231 230 if not self._keep_perm(perm_name, keep_fields=preserve):
232 231 _deleted.append(perm_name)
233 232 self.sa.delete(perm)
234 233 return _deleted
235 234
236 235 def _clear_user_perms(self, user_id, preserve=None):
237 236 perms = self.sa.query(UserToPerm)\
238 237 .filter(UserToPerm.user_id == user_id)\
239 238 .all()
240 239 return self._clear_object_perm(perms, preserve=preserve)
241 240
242 241 def _clear_user_group_perms(self, user_group_id, preserve=None):
243 242 perms = self.sa.query(UserGroupToPerm)\
244 243 .filter(UserGroupToPerm.users_group_id == user_group_id)\
245 244 .all()
246 245 return self._clear_object_perm(perms, preserve=preserve)
247 246
248 247 def _set_new_object_perms(self, obj_type, object, form_result, preserve=None):
249 248 # clear current entries, to make this function idempotent
250 249 # it will fix even if we define more permissions or permissions
251 250 # are somehow missing
252 251 preserve = preserve or []
253 252 _global_perms = self.global_perms.copy()
254 253 if obj_type not in ['user', 'user_group']:
255 254 raise ValueError("obj_type must be on of 'user' or 'user_group'")
256 255 global_perms = len(_global_perms)
257 256 default_user_perms = len(Permission.DEFAULT_USER_PERMISSIONS)
258 257 if global_perms != default_user_perms:
259 258 raise Exception(
260 259 'Inconsistent permissions definition. Got {} vs {}'.format(
261 260 global_perms, default_user_perms))
262 261
263 262 if obj_type == 'user':
264 263 self._clear_user_perms(object.user_id, preserve)
265 264 if obj_type == 'user_group':
266 265 self._clear_user_group_perms(object.users_group_id, preserve)
267 266
268 267 # now kill the keys that we want to preserve from the form.
269 268 for key in preserve:
270 269 del _global_perms[key]
271 270
272 271 for k in _global_perms.copy():
273 272 _global_perms[k] = form_result[k]
274 273
275 274 # at that stage we validate all are passed inside form_result
276 275 for _perm_key, perm_value in _global_perms.items():
277 276 if perm_value is None:
278 277 raise ValueError('Missing permission for %s' % (_perm_key,))
279 278
280 279 if obj_type == 'user':
281 280 p = self._make_new_user_perm(object, perm_value)
282 281 self.sa.add(p)
283 282 if obj_type == 'user_group':
284 283 p = self._make_new_user_group_perm(object, perm_value)
285 284 self.sa.add(p)
286 285
287 286 def _set_new_user_perms(self, user, form_result, preserve=None):
288 287 return self._set_new_object_perms(
289 288 'user', user, form_result, preserve)
290 289
291 290 def _set_new_user_group_perms(self, user_group, form_result, preserve=None):
292 291 return self._set_new_object_perms(
293 292 'user_group', user_group, form_result, preserve)
294 293
295 294 def set_new_user_perms(self, user, form_result):
296 295 # calculate what to preserve from what is given in form_result
297 296 preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
298 297 return self._set_new_user_perms(user, form_result, preserve)
299 298
300 299 def set_new_user_group_perms(self, user_group, form_result):
301 300 # calculate what to preserve from what is given in form_result
302 301 preserve = set(self.global_perms.keys()).difference(set(form_result.keys()))
303 302 return self._set_new_user_group_perms(user_group, form_result, preserve)
304 303
305 304 def create_permissions(self):
306 305 """
307 306 Create permissions for whole system
308 307 """
309 308 for p in Permission.PERMS:
310 309 if not Permission.get_by_key(p[0]):
311 310 new_perm = Permission()
312 311 new_perm.permission_name = p[0]
313 312 new_perm.permission_longname = p[0] # translation err with p[1]
314 313 self.sa.add(new_perm)
315 314
316 315 def _create_default_object_permission(self, obj_type, obj, obj_perms,
317 316 force=False):
318 317 if obj_type not in ['user', 'user_group']:
319 318 raise ValueError("obj_type must be on of 'user' or 'user_group'")
320 319
321 320 def _get_group(perm_name):
322 321 return '.'.join(perm_name.split('.')[:1])
323 322
324 323 defined_perms_groups = map(
325 324 _get_group, (x.permission.permission_name for x in obj_perms))
326 325 log.debug('GOT ALREADY DEFINED:%s', obj_perms)
327 326
328 327 if force:
329 328 self._clear_object_perm(obj_perms)
330 329 self.sa.commit()
331 330 defined_perms_groups = []
332 331 # for every default permission that needs to be created, we check if
333 332 # it's group is already defined, if it's not we create default perm
334 333 for perm_name in Permission.DEFAULT_USER_PERMISSIONS:
335 334 gr = _get_group(perm_name)
336 335 if gr not in defined_perms_groups:
337 336 log.debug('GR:%s not found, creating permission %s',
338 337 gr, perm_name)
339 338 if obj_type == 'user':
340 339 new_perm = self._make_new_user_perm(obj, perm_name)
341 340 self.sa.add(new_perm)
342 341 if obj_type == 'user_group':
343 342 new_perm = self._make_new_user_group_perm(obj, perm_name)
344 343 self.sa.add(new_perm)
345 344
346 345 def create_default_user_permissions(self, user, force=False):
347 346 """
348 347 Creates only missing default permissions for user, if force is set it
349 348 resets the default permissions for that user
350 349
351 350 :param user:
352 351 :param force:
353 352 """
354 353 user = self._get_user(user)
355 354 obj_perms = UserToPerm.query().filter(UserToPerm.user == user).all()
356 355 return self._create_default_object_permission(
357 356 'user', user, obj_perms, force)
358 357
359 358 def create_default_user_group_permissions(self, user_group, force=False):
360 359 """
361 360 Creates only missing default permissions for user group, if force is
362 361 set it resets the default permissions for that user group
363 362
364 363 :param user_group:
365 364 :param force:
366 365 """
367 366 user_group = self._get_user_group(user_group)
368 367 obj_perms = UserToPerm.query().filter(UserGroupToPerm.users_group == user_group).all()
369 368 return self._create_default_object_permission(
370 369 'user_group', user_group, obj_perms, force)
371 370
372 371 def update_application_permissions(self, form_result):
373 372 if 'perm_user_id' in form_result:
374 373 perm_user = User.get(safe_int(form_result['perm_user_id']))
375 374 else:
376 375 # used mostly to do lookup for default user
377 376 perm_user = User.get_by_username(form_result['perm_user_name'])
378 377
379 378 try:
380 379 # stage 1 set anonymous access
381 380 if perm_user.username == User.DEFAULT_USER:
382 381 perm_user.active = str2bool(form_result['anonymous'])
383 382 self.sa.add(perm_user)
384 383
385 384 # stage 2 reset defaults and set them from form data
386 385 self._set_new_user_perms(perm_user, form_result, preserve=[
387 386 'default_repo_perm',
388 387 'default_group_perm',
389 388 'default_user_group_perm',
390 389 'default_branch_perm',
391 390
392 391 'default_repo_group_create',
393 392 'default_user_group_create',
394 393 'default_repo_create_on_write',
395 394 'default_repo_create',
396 395 'default_fork_create',
397 396 'default_inherit_default_permissions',])
398 397
399 398 self.sa.commit()
400 399 except (DatabaseError,):
401 400 log.error(traceback.format_exc())
402 401 self.sa.rollback()
403 402 raise
404 403
405 404 def update_user_permissions(self, form_result):
406 405 if 'perm_user_id' in form_result:
407 406 perm_user = User.get(safe_int(form_result['perm_user_id']))
408 407 else:
409 408 # used mostly to do lookup for default user
410 409 perm_user = User.get_by_username(form_result['perm_user_name'])
411 410 try:
412 411 # stage 2 reset defaults and set them from form data
413 412 self._set_new_user_perms(perm_user, form_result, preserve=[
414 413 'default_repo_perm',
415 414 'default_group_perm',
416 415 'default_user_group_perm',
417 416 'default_branch_perm',
418 417
419 418 'default_register',
420 419 'default_password_reset',
421 420 'default_extern_activate'])
422 421 self.sa.commit()
423 422 except (DatabaseError,):
424 423 log.error(traceback.format_exc())
425 424 self.sa.rollback()
426 425 raise
427 426
428 427 def update_user_group_permissions(self, form_result):
429 428 if 'perm_user_group_id' in form_result:
430 429 perm_user_group = UserGroup.get(safe_int(form_result['perm_user_group_id']))
431 430 else:
432 431 # used mostly to do lookup for default user
433 432 perm_user_group = UserGroup.get_by_group_name(form_result['perm_user_group_name'])
434 433 try:
435 434 # stage 2 reset defaults and set them from form data
436 435 self._set_new_user_group_perms(perm_user_group, form_result, preserve=[
437 436 'default_repo_perm',
438 437 'default_group_perm',
439 438 'default_user_group_perm',
440 439 'default_branch_perm',
441 440
442 441 'default_register',
443 442 'default_password_reset',
444 443 'default_extern_activate'])
445 444 self.sa.commit()
446 445 except (DatabaseError,):
447 446 log.error(traceback.format_exc())
448 447 self.sa.rollback()
449 448 raise
450 449
451 450 def update_object_permissions(self, form_result):
452 451 if 'perm_user_id' in form_result:
453 452 perm_user = User.get(safe_int(form_result['perm_user_id']))
454 453 else:
455 454 # used mostly to do lookup for default user
456 455 perm_user = User.get_by_username(form_result['perm_user_name'])
457 456 try:
458 457
459 458 # stage 2 reset defaults and set them from form data
460 459 self._set_new_user_perms(perm_user, form_result, preserve=[
461 460 'default_repo_group_create',
462 461 'default_user_group_create',
463 462 'default_repo_create_on_write',
464 463 'default_repo_create',
465 464 'default_fork_create',
466 465 'default_inherit_default_permissions',
467 466 'default_branch_perm',
468 467
469 468 'default_register',
470 469 'default_password_reset',
471 470 'default_extern_activate'])
472 471
473 472 # overwrite default repo permissions
474 473 if form_result['overwrite_default_repo']:
475 474 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
476 475 _def = Permission.get_by_key('repository.' + _def_name)
477 476 for r2p in self.sa.query(UserRepoToPerm)\
478 477 .filter(UserRepoToPerm.user == perm_user)\
479 478 .all():
480 479 # don't reset PRIVATE repositories
481 480 if not r2p.repository.private:
482 481 r2p.permission = _def
483 482 self.sa.add(r2p)
484 483
485 484 # overwrite default repo group permissions
486 485 if form_result['overwrite_default_group']:
487 486 _def_name = form_result['default_group_perm'].split('group.')[-1]
488 487 _def = Permission.get_by_key('group.' + _def_name)
489 488 for g2p in self.sa.query(UserRepoGroupToPerm)\
490 489 .filter(UserRepoGroupToPerm.user == perm_user)\
491 490 .all():
492 491 g2p.permission = _def
493 492 self.sa.add(g2p)
494 493
495 494 # overwrite default user group permissions
496 495 if form_result['overwrite_default_user_group']:
497 496 _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
498 497 # user groups
499 498 _def = Permission.get_by_key('usergroup.' + _def_name)
500 499 for g2p in self.sa.query(UserUserGroupToPerm)\
501 500 .filter(UserUserGroupToPerm.user == perm_user)\
502 501 .all():
503 502 g2p.permission = _def
504 503 self.sa.add(g2p)
505 504
506 505 # COMMIT
507 506 self.sa.commit()
508 507 except (DatabaseError,):
509 508 log.exception('Failed to set default object permissions')
510 509 self.sa.rollback()
511 510 raise
512 511
513 512 def update_branch_permissions(self, form_result):
514 513 if 'perm_user_id' in form_result:
515 514 perm_user = User.get(safe_int(form_result['perm_user_id']))
516 515 else:
517 516 # used mostly to do lookup for default user
518 517 perm_user = User.get_by_username(form_result['perm_user_name'])
519 518 try:
520 519
521 520 # stage 2 reset defaults and set them from form data
522 521 self._set_new_user_perms(perm_user, form_result, preserve=[
523 522 'default_repo_perm',
524 523 'default_group_perm',
525 524 'default_user_group_perm',
526 525
527 526 'default_repo_group_create',
528 527 'default_user_group_create',
529 528 'default_repo_create_on_write',
530 529 'default_repo_create',
531 530 'default_fork_create',
532 531 'default_inherit_default_permissions',
533 532
534 533 'default_register',
535 534 'default_password_reset',
536 535 'default_extern_activate'])
537 536
538 537 # overwrite default branch permissions
539 538 if form_result['overwrite_default_branch']:
540 539 _def_name = \
541 540 form_result['default_branch_perm'].split('branch.')[-1]
542 541
543 542 _def = Permission.get_by_key('branch.' + _def_name)
544 543
545 544 user_perms = UserToRepoBranchPermission.query()\
546 545 .join(UserToRepoBranchPermission.user_repo_to_perm)\
547 546 .filter(UserRepoToPerm.user == perm_user).all()
548 547
549 548 for g2p in user_perms:
550 549 g2p.permission = _def
551 550 self.sa.add(g2p)
552 551
553 552 # COMMIT
554 553 self.sa.commit()
555 554 except (DatabaseError,):
556 555 log.exception('Failed to set default branch permissions')
557 556 self.sa.rollback()
558 557 raise
559 558
559 def get_users_with_repo_write(self, db_repo):
560 write_plus = ['repository.write', 'repository.admin']
561 default_user_id = User.get_default_user().user_id
562 user_write_permissions = collections.OrderedDict()
563
564 # write+ and DEFAULT user for inheritance
565 for perm in db_repo.permissions():
566 if perm.permission in write_plus or perm.user_id == default_user_id:
567 user_write_permissions[perm.user_id] = perm
568 return user_write_permissions
569
570 def get_user_groups_with_repo_write(self, db_repo):
571 write_plus = ['repository.write', 'repository.admin']
572 user_group_write_permissions = collections.OrderedDict()
573
574 # write+ and DEFAULT user for inheritance
575 for p in db_repo.permission_user_groups():
576 if p.permission in write_plus:
577 user_group_write_permissions[p.users_group_id] = p
578 return user_group_write_permissions
579
560 580 def trigger_permission_flush(self, affected_user_ids):
561 581 events.trigger(events.UserPermissionsChange(affected_user_ids))
562 582
563 583 def flush_user_permission_caches(self, changes, affected_user_ids=None):
564 584 affected_user_ids = affected_user_ids or []
565 585
566 586 for change in changes['added'] + changes['updated'] + changes['deleted']:
567 587 if change['type'] == 'user':
568 588 affected_user_ids.append(change['id'])
569 589 if change['type'] == 'user_group':
570 590 user_group = UserGroup.get(safe_int(change['id']))
571 591 if user_group:
572 592 group_members_ids = [x.user_id for x in user_group.members]
573 593 affected_user_ids.extend(group_members_ids)
574 594
575 595 self.trigger_permission_flush(affected_user_ids)
576 596
577 597 return affected_user_ids
General Comments 0
You need to be logged in to leave comments. Login now