Show More
| @@ -34,6 +34,7 b' from pylons.i18n.translation import _, u' | |||||
| 34 |
|
34 | |||
| 35 | from rhodecode.lib import auth |
|
35 | from rhodecode.lib import auth | |
| 36 | from rhodecode.lib import helpers as h |
|
36 | from rhodecode.lib import helpers as h | |
|
|
37 | from rhodecode.lib import audit_logger | |||
| 37 | from rhodecode.lib.ext_json import json |
|
38 | from rhodecode.lib.ext_json import json | |
| 38 | from rhodecode.lib.auth import ( |
|
39 | from rhodecode.lib.auth import ( | |
| 39 | LoginRequired, NotAnonymous, HasPermissionAll, |
|
40 | LoginRequired, NotAnonymous, HasPermissionAll, | |
| @@ -153,9 +154,6 b' class RepoGroupsController(BaseControlle' | |||||
| 153 |
|
154 | |||
| 154 | @NotAnonymous() |
|
155 | @NotAnonymous() | |
| 155 | def index(self): |
|
156 | def index(self): | |
| 156 | """GET /repo_groups: All items in the collection""" |
|
|||
| 157 | # url('repo_groups') |
|
|||
| 158 |
|
||||
| 159 | repo_group_list = RepoGroup.get_all_repo_groups() |
|
157 | repo_group_list = RepoGroup.get_all_repo_groups() | |
| 160 | _perms = ['group.admin'] |
|
158 | _perms = ['group.admin'] | |
| 161 | repo_group_list_acl = RepoGroupList(repo_group_list, perm_set=_perms) |
|
159 | repo_group_list_acl = RepoGroupList(repo_group_list, perm_set=_perms) | |
| @@ -168,8 +166,6 b' class RepoGroupsController(BaseControlle' | |||||
| 168 | @NotAnonymous() |
|
166 | @NotAnonymous() | |
| 169 | @auth.CSRFRequired() |
|
167 | @auth.CSRFRequired() | |
| 170 | def create(self): |
|
168 | def create(self): | |
| 171 | """POST /repo_groups: Create a new item""" |
|
|||
| 172 | # url('repo_groups') |
|
|||
| 173 |
|
169 | |||
| 174 | parent_group_id = safe_int(request.POST.get('group_parent_id')) |
|
170 | parent_group_id = safe_int(request.POST.get('group_parent_id')) | |
| 175 | can_create = self._can_create_repo_group(parent_group_id) |
|
171 | can_create = self._can_create_repo_group(parent_group_id) | |
| @@ -183,20 +179,27 b' class RepoGroupsController(BaseControlle' | |||||
| 183 | try: |
|
179 | try: | |
| 184 | owner = c.rhodecode_user |
|
180 | owner = c.rhodecode_user | |
| 185 | form_result = repo_group_form.to_python(dict(request.POST)) |
|
181 | form_result = repo_group_form.to_python(dict(request.POST)) | |
| 186 | RepoGroupModel().create( |
|
182 | repo_group = RepoGroupModel().create( | |
| 187 | group_name=form_result['group_name_full'], |
|
183 | group_name=form_result['group_name_full'], | |
| 188 | group_description=form_result['group_description'], |
|
184 | group_description=form_result['group_description'], | |
| 189 | owner=owner.user_id, |
|
185 | owner=owner.user_id, | |
| 190 | copy_permissions=form_result['group_copy_permissions'] |
|
186 | copy_permissions=form_result['group_copy_permissions'] | |
| 191 | ) |
|
187 | ) | |
| 192 | Session().commit() |
|
188 | Session().commit() | |
|
|
189 | repo_group_data = repo_group.get_api_data() | |||
| 193 | _new_group_name = form_result['group_name_full'] |
|
190 | _new_group_name = form_result['group_name_full'] | |
|
|
191 | ||||
|
|
192 | audit_logger.store( | |||
|
|
193 | action='repo_group.create', | |||
|
|
194 | action_data={'repo_group_data': repo_group_data}, | |||
|
|
195 | user=c.rhodecode_user, commit=True) | |||
|
|
196 | ||||
| 194 | repo_group_url = h.link_to( |
|
197 | repo_group_url = h.link_to( | |
| 195 | _new_group_name, |
|
198 | _new_group_name, | |
| 196 | h.route_path('repo_group_home', repo_group_name=_new_group_name)) |
|
199 | h.route_path('repo_group_home', repo_group_name=_new_group_name)) | |
| 197 | h.flash(h.literal(_('Created repository group %s') |
|
200 | h.flash(h.literal(_('Created repository group %s') | |
| 198 | % repo_group_url), category='success') |
|
201 | % repo_group_url), category='success') | |
| 199 | # TODO: in future action_logger(, '', '', '', self.sa) |
|
202 | ||
| 200 | except formencode.Invalid as errors: |
|
203 | except formencode.Invalid as errors: | |
| 201 | return htmlfill.render( |
|
204 | return htmlfill.render( | |
| 202 | render('admin/repo_groups/repo_group_add.mako'), |
|
205 | render('admin/repo_groups/repo_group_add.mako'), | |
| @@ -216,8 +219,6 b' class RepoGroupsController(BaseControlle' | |||||
| 216 | # perm checks inside |
|
219 | # perm checks inside | |
| 217 | @NotAnonymous() |
|
220 | @NotAnonymous() | |
| 218 | def new(self): |
|
221 | def new(self): | |
| 219 | """GET /repo_groups/new: Form to create a new item""" |
|
|||
| 220 | # url('new_repo_group') |
|
|||
| 221 | # perm check for admin, create_group perm or admin of parent_group |
|
222 | # perm check for admin, create_group perm or admin of parent_group | |
| 222 | parent_group_id = safe_int(request.GET.get('parent_group')) |
|
223 | parent_group_id = safe_int(request.GET.get('parent_group')) | |
| 223 | if not self._can_create_repo_group(parent_group_id): |
|
224 | if not self._can_create_repo_group(parent_group_id): | |
| @@ -229,11 +230,6 b' class RepoGroupsController(BaseControlle' | |||||
| 229 | @HasRepoGroupPermissionAnyDecorator('group.admin') |
|
230 | @HasRepoGroupPermissionAnyDecorator('group.admin') | |
| 230 | @auth.CSRFRequired() |
|
231 | @auth.CSRFRequired() | |
| 231 | def update(self, group_name): |
|
232 | def update(self, group_name): | |
| 232 | """PUT /repo_groups/group_name: Update an existing item""" |
|
|||
| 233 | # Forms posted to this method should contain a hidden field: |
|
|||
| 234 | # <input type="hidden" name="_method" value="PUT" /> |
|
|||
| 235 | # Or using helpers: |
|
|||
| 236 | # h.form(url('repos_group', group_name=GROUP_NAME), method='put') |
|
|||
| 237 |
|
233 | |||
| 238 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) |
|
234 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) | |
| 239 | can_create_in_root = self._can_create_repo_group() |
|
235 | can_create_in_root = self._can_create_repo_group() | |
| @@ -249,16 +245,21 b' class RepoGroupsController(BaseControlle' | |||||
| 249 | available_groups=c.repo_groups_choices, |
|
245 | available_groups=c.repo_groups_choices, | |
| 250 | can_create_in_root=can_create_in_root, allow_disabled=True)() |
|
246 | can_create_in_root=can_create_in_root, allow_disabled=True)() | |
| 251 |
|
247 | |||
|
|
248 | old_values = c.repo_group.get_api_data() | |||
| 252 | try: |
|
249 | try: | |
| 253 | form_result = repo_group_form.to_python(dict(request.POST)) |
|
250 | form_result = repo_group_form.to_python(dict(request.POST)) | |
| 254 | gr_name = form_result['group_name'] |
|
251 | gr_name = form_result['group_name'] | |
| 255 | new_gr = RepoGroupModel().update(group_name, form_result) |
|
252 | new_gr = RepoGroupModel().update(group_name, form_result) | |
|
|
253 | ||||
|
|
254 | audit_logger.store( | |||
|
|
255 | 'repo_group.edit', action_data={'old_data': old_values}, | |||
|
|
256 | user=c.rhodecode_user) | |||
|
|
257 | ||||
| 256 | Session().commit() |
|
258 | Session().commit() | |
| 257 | h.flash(_('Updated repository group %s') % (gr_name,), |
|
259 | h.flash(_('Updated repository group %s') % (gr_name,), | |
| 258 | category='success') |
|
260 | category='success') | |
| 259 | # we now have new name ! |
|
261 | # we now have new name ! | |
| 260 | group_name = new_gr.group_name |
|
262 | group_name = new_gr.group_name | |
| 261 | # TODO: in future action_logger(, '', '', '', self.sa) |
|
|||
| 262 | except formencode.Invalid as errors: |
|
263 | except formencode.Invalid as errors: | |
| 263 | c.active = 'settings' |
|
264 | c.active = 'settings' | |
| 264 | return htmlfill.render( |
|
265 | return htmlfill.render( | |
| @@ -278,12 +279,6 b' class RepoGroupsController(BaseControlle' | |||||
| 278 | @HasRepoGroupPermissionAnyDecorator('group.admin') |
|
279 | @HasRepoGroupPermissionAnyDecorator('group.admin') | |
| 279 | @auth.CSRFRequired() |
|
280 | @auth.CSRFRequired() | |
| 280 | def delete(self, group_name): |
|
281 | def delete(self, group_name): | |
| 281 | """DELETE /repo_groups/group_name: Delete an existing item""" |
|
|||
| 282 | # Forms posted to this method should contain a hidden field: |
|
|||
| 283 | # <input type="hidden" name="_method" value="DELETE" /> |
|
|||
| 284 | # Or using helpers: |
|
|||
| 285 | # h.form(url('repos_group', group_name=GROUP_NAME), method='delete') |
|
|||
| 286 |
|
||||
| 287 | gr = c.repo_group = RepoGroupModel()._get_repo_group(group_name) |
|
282 | gr = c.repo_group = RepoGroupModel()._get_repo_group(group_name) | |
| 288 | repos = gr.repositories.all() |
|
283 | repos = gr.repositories.all() | |
| 289 | if repos: |
|
284 | if repos: | |
| @@ -305,11 +300,18 b' class RepoGroupsController(BaseControlle' | |||||
| 305 | return redirect(url('repo_groups')) |
|
300 | return redirect(url('repo_groups')) | |
| 306 |
|
301 | |||
| 307 | try: |
|
302 | try: | |
|
|
303 | old_values = gr.get_api_data() | |||
| 308 | RepoGroupModel().delete(group_name) |
|
304 | RepoGroupModel().delete(group_name) | |
|
|
305 | ||||
|
|
306 | audit_logger.store( | |||
|
|
307 | 'repo_group.delete', | |||
|
|
308 | action_data={'old_data': old_values, | |||
|
|
309 | 'source': audit_logger.SOURCE_WEB}, | |||
|
|
310 | user=c.rhodecode_user) | |||
|
|
311 | ||||
| 309 | Session().commit() |
|
312 | Session().commit() | |
| 310 | h.flash(_('Removed repository group %s') % group_name, |
|
313 | h.flash(_('Removed repository group %s') % group_name, | |
| 311 | category='success') |
|
314 | category='success') | |
| 312 | # TODO: in future action_logger(, '', '', '', self.sa) |
|
|||
| 313 | except Exception: |
|
315 | except Exception: | |
| 314 | log.exception("Exception during deletion of repository group") |
|
316 | log.exception("Exception during deletion of repository group") | |
| 315 | h.flash(_('Error occurred during deletion of repository group %s') |
|
317 | h.flash(_('Error occurred during deletion of repository group %s') | |
| @@ -319,8 +321,7 b' class RepoGroupsController(BaseControlle' | |||||
| 319 |
|
321 | |||
| 320 | @HasRepoGroupPermissionAnyDecorator('group.admin') |
|
322 | @HasRepoGroupPermissionAnyDecorator('group.admin') | |
| 321 | def edit(self, group_name): |
|
323 | def edit(self, group_name): | |
| 322 | """GET /repo_groups/group_name/edit: Form to edit an existing item""" |
|
324 | ||
| 323 | # url('edit_repo_group', group_name=GROUP_NAME) |
|
|||
| 324 | c.active = 'settings' |
|
325 | c.active = 'settings' | |
| 325 |
|
326 | |||
| 326 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) |
|
327 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) | |
| @@ -344,8 +345,6 b' class RepoGroupsController(BaseControlle' | |||||
| 344 |
|
345 | |||
| 345 | @HasRepoGroupPermissionAnyDecorator('group.admin') |
|
346 | @HasRepoGroupPermissionAnyDecorator('group.admin') | |
| 346 | def edit_repo_group_advanced(self, group_name): |
|
347 | def edit_repo_group_advanced(self, group_name): | |
| 347 | """GET /repo_groups/group_name/edit: Form to edit an existing item""" |
|
|||
| 348 | # url('edit_repo_group', group_name=GROUP_NAME) |
|
|||
| 349 | c.active = 'advanced' |
|
348 | c.active = 'advanced' | |
| 350 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) |
|
349 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) | |
| 351 |
|
350 | |||
| @@ -353,8 +352,6 b' class RepoGroupsController(BaseControlle' | |||||
| 353 |
|
352 | |||
| 354 | @HasRepoGroupPermissionAnyDecorator('group.admin') |
|
353 | @HasRepoGroupPermissionAnyDecorator('group.admin') | |
| 355 | def edit_repo_group_perms(self, group_name): |
|
354 | def edit_repo_group_perms(self, group_name): | |
| 356 | """GET /repo_groups/group_name/edit: Form to edit an existing item""" |
|
|||
| 357 | # url('edit_repo_group', group_name=GROUP_NAME) |
|
|||
| 358 | c.active = 'perms' |
|
355 | c.active = 'perms' | |
| 359 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) |
|
356 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) | |
| 360 | self.__load_defaults() |
|
357 | self.__load_defaults() | |
| @@ -372,8 +369,6 b' class RepoGroupsController(BaseControlle' | |||||
| 372 | def update_perms(self, group_name): |
|
369 | def update_perms(self, group_name): | |
| 373 | """ |
|
370 | """ | |
| 374 | Update permissions for given repository group |
|
371 | Update permissions for given repository group | |
| 375 |
|
||||
| 376 | :param group_name: |
|
|||
| 377 | """ |
|
372 | """ | |
| 378 |
|
373 | |||
| 379 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) |
|
374 | c.repo_group = RepoGroupModel()._get_repo_group(group_name) | |
| @@ -391,14 +386,21 b' class RepoGroupsController(BaseControlle' | |||||
| 391 | # iterate over all members(if in recursive mode) of this groups and |
|
386 | # iterate over all members(if in recursive mode) of this groups and | |
| 392 | # set the permissions ! |
|
387 | # set the permissions ! | |
| 393 | # this can be potentially heavy operation |
|
388 | # this can be potentially heavy operation | |
| 394 | RepoGroupModel().update_permissions( |
|
389 | changes = RepoGroupModel().update_permissions( | |
| 395 | c.repo_group, |
|
390 | c.repo_group, | |
| 396 | form['perm_additions'], form['perm_updates'], |
|
391 | form['perm_additions'], form['perm_updates'], form['perm_deletions'], | |
| 397 |
|
|
392 | form['recursive']) | |
| 398 |
|
393 | |||
| 399 | # TODO: implement this |
|
394 | action_data = { | |
| 400 | # action_logger(c.rhodecode_user, 'admin_changed_repo_permissions', |
|
395 | 'added': changes['added'], | |
| 401 | # repo_name, self.ip_addr, self.sa) |
|
396 | 'updated': changes['updated'], | |
|
|
397 | 'deleted': changes['deleted'], | |||
|
|
398 | 'source': audit_logger.SOURCE_WEB | |||
|
|
399 | } | |||
|
|
400 | audit_logger.store( | |||
|
|
401 | 'repo_group.edit.permissions', action_data=action_data, | |||
|
|
402 | user=c.rhodecode_user) | |||
|
|
403 | ||||
| 402 | Session().commit() |
|
404 | Session().commit() | |
| 403 | h.flash(_('Repository Group permissions updated'), category='success') |
|
405 | h.flash(_('Repository Group permissions updated'), category='success') | |
| 404 | return redirect(url('edit_repo_group_perms', group_name=group_name)) |
|
406 | return redirect(url('edit_repo_group_perms', group_name=group_name)) | |
| @@ -42,6 +42,11 b' ACTIONS = {' | |||||
| 42 | 'repo.delete': {}, |
|
42 | 'repo.delete': {}, | |
| 43 | 'repo.commit.strip': {}, |
|
43 | 'repo.commit.strip': {}, | |
| 44 | 'repo.archive.download': {}, |
|
44 | 'repo.archive.download': {}, | |
|
|
45 | ||||
|
|
46 | 'repo_group.create': {}, | |||
|
|
47 | 'repo_group.edit': {}, | |||
|
|
48 | 'repo_group.edit.permissions': {}, | |||
|
|
49 | 'repo_group.delete': {}, | |||
| 45 | } |
|
50 | } | |
| 46 |
|
51 | |||
| 47 | SOURCE_WEB = 'source_web' |
|
52 | SOURCE_WEB = 'source_web' | |
| @@ -340,6 +340,12 b' class RepoGroupModel(BaseModel):' | |||||
| 340 |
|
340 | |||
| 341 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
341 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') | |
| 342 |
|
342 | |||
|
|
343 | changes = { | |||
|
|
344 | 'added': [], | |||
|
|
345 | 'updated': [], | |||
|
|
346 | 'deleted': [] | |||
|
|
347 | } | |||
|
|
348 | ||||
| 343 | def _set_perm_user(obj, user, perm): |
|
349 | def _set_perm_user(obj, user, perm): | |
| 344 | if isinstance(obj, RepoGroup): |
|
350 | if isinstance(obj, RepoGroup): | |
| 345 | self.grant_user_permission( |
|
351 | self.grant_user_permission( | |
| @@ -382,7 +388,6 b' class RepoGroupModel(BaseModel):' | |||||
| 382 | repo=obj, group_name=user_group) |
|
388 | repo=obj, group_name=user_group) | |
| 383 |
|
389 | |||
| 384 | # start updates |
|
390 | # start updates | |
| 385 | updates = [] |
|
|||
| 386 | log.debug('Now updating permissions for %s in recursive mode:%s', |
|
391 | log.debug('Now updating permissions for %s in recursive mode:%s', | |
| 387 | repo_group, recursive) |
|
392 | repo_group, recursive) | |
| 388 |
|
393 | |||
| @@ -408,10 +413,13 b' class RepoGroupModel(BaseModel):' | |||||
| 408 | # in recursive mode |
|
413 | # in recursive mode | |
| 409 | obj = repo_group |
|
414 | obj = repo_group | |
| 410 |
|
415 | |||
|
|
416 | change_obj = obj.get_api_data() | |||
|
|
417 | ||||
| 411 | # update permissions |
|
418 | # update permissions | |
| 412 | for member_id, perm, member_type in perm_updates: |
|
419 | for member_id, perm, member_type in perm_updates: | |
| 413 | member_id = int(member_id) |
|
420 | member_id = int(member_id) | |
| 414 | if member_type == 'user': |
|
421 | if member_type == 'user': | |
|
|
422 | member_name = User.get(member_id).username | |||
| 415 | # this updates also current one if found |
|
423 | # this updates also current one if found | |
| 416 | _set_perm_user(obj, user=member_id, perm=perm) |
|
424 | _set_perm_user(obj, user=member_id, perm=perm) | |
| 417 | else: # set for user group |
|
425 | else: # set for user group | |
| @@ -420,10 +428,15 b' class RepoGroupModel(BaseModel):' | |||||
| 420 | user=cur_user): |
|
428 | user=cur_user): | |
| 421 | _set_perm_group(obj, users_group=member_id, perm=perm) |
|
429 | _set_perm_group(obj, users_group=member_id, perm=perm) | |
| 422 |
|
430 | |||
|
|
431 | changes['updated'].append( | |||
|
|
432 | {'change_obj': change_obj, 'type': member_type, | |||
|
|
433 | 'id': member_id, 'name': member_name, 'new_perm': perm}) | |||
|
|
434 | ||||
| 423 | # set new permissions |
|
435 | # set new permissions | |
| 424 | for member_id, perm, member_type in perm_additions: |
|
436 | for member_id, perm, member_type in perm_additions: | |
| 425 | member_id = int(member_id) |
|
437 | member_id = int(member_id) | |
| 426 | if member_type == 'user': |
|
438 | if member_type == 'user': | |
|
|
439 | member_name = User.get(member_id).username | |||
| 427 | _set_perm_user(obj, user=member_id, perm=perm) |
|
440 | _set_perm_user(obj, user=member_id, perm=perm) | |
| 428 | else: # set for user group |
|
441 | else: # set for user group | |
| 429 | # check if we have permissions to alter this usergroup |
|
442 | # check if we have permissions to alter this usergroup | |
| @@ -432,10 +445,15 b' class RepoGroupModel(BaseModel):' | |||||
| 432 | user=cur_user): |
|
445 | user=cur_user): | |
| 433 | _set_perm_group(obj, users_group=member_id, perm=perm) |
|
446 | _set_perm_group(obj, users_group=member_id, perm=perm) | |
| 434 |
|
447 | |||
|
|
448 | changes['added'].append( | |||
|
|
449 | {'change_obj': change_obj, 'type': member_type, | |||
|
|
450 | 'id': member_id, 'name': member_name, 'new_perm': perm}) | |||
|
|
451 | ||||
| 435 | # delete permissions |
|
452 | # delete permissions | |
| 436 | for member_id, perm, member_type in perm_deletions: |
|
453 | for member_id, perm, member_type in perm_deletions: | |
| 437 | member_id = int(member_id) |
|
454 | member_id = int(member_id) | |
| 438 | if member_type == 'user': |
|
455 | if member_type == 'user': | |
|
|
456 | member_name = User.get(member_id).username | |||
| 439 | _revoke_perm_user(obj, user=member_id) |
|
457 | _revoke_perm_user(obj, user=member_id) | |
| 440 | else: # set for user group |
|
458 | else: # set for user group | |
| 441 | # check if we have permissions to alter this usergroup |
|
459 | # check if we have permissions to alter this usergroup | |
| @@ -444,13 +462,16 b' class RepoGroupModel(BaseModel):' | |||||
| 444 | user=cur_user): |
|
462 | user=cur_user): | |
| 445 | _revoke_perm_group(obj, user_group=member_id) |
|
463 | _revoke_perm_group(obj, user_group=member_id) | |
| 446 |
|
464 | |||
| 447 |
|
|
465 | changes['deleted'].append( | |
|
|
466 | {'change_obj': change_obj, 'type': member_type, | |||
|
|
467 | 'id': member_id, 'name': member_name, 'new_perm': perm}) | |||
|
|
468 | ||||
| 448 | # if it's not recursive call for all,repos,groups |
|
469 | # if it's not recursive call for all,repos,groups | |
| 449 | # break the loop and don't proceed with other changes |
|
470 | # break the loop and don't proceed with other changes | |
| 450 | if recursive not in ['all', 'repos', 'groups']: |
|
471 | if recursive not in ['all', 'repos', 'groups']: | |
| 451 | break |
|
472 | break | |
| 452 |
|
473 | |||
| 453 |
return |
|
474 | return changes | |
| 454 |
|
475 | |||
| 455 | def update(self, repo_group, form_data): |
|
476 | def update(self, repo_group, form_data): | |
| 456 | try: |
|
477 | try: | |
General Comments 0
You need to be logged in to leave comments.
Login now