##// END OF EJS Templates
audit-logs: added action logs for repository groups.
marcink -
r1799:e51d88d8 default
parent child Browse files
Show More
@@ -34,6 +34,7 b' from pylons.i18n.translation import _, u'
34 34
35 35 from rhodecode.lib import auth
36 36 from rhodecode.lib import helpers as h
37 from rhodecode.lib import audit_logger
37 38 from rhodecode.lib.ext_json import json
38 39 from rhodecode.lib.auth import (
39 40 LoginRequired, NotAnonymous, HasPermissionAll,
@@ -153,9 +154,6 b' class RepoGroupsController(BaseControlle'
153 154
154 155 @NotAnonymous()
155 156 def index(self):
156 """GET /repo_groups: All items in the collection"""
157 # url('repo_groups')
158
159 157 repo_group_list = RepoGroup.get_all_repo_groups()
160 158 _perms = ['group.admin']
161 159 repo_group_list_acl = RepoGroupList(repo_group_list, perm_set=_perms)
@@ -168,8 +166,6 b' class RepoGroupsController(BaseControlle'
168 166 @NotAnonymous()
169 167 @auth.CSRFRequired()
170 168 def create(self):
171 """POST /repo_groups: Create a new item"""
172 # url('repo_groups')
173 169
174 170 parent_group_id = safe_int(request.POST.get('group_parent_id'))
175 171 can_create = self._can_create_repo_group(parent_group_id)
@@ -183,20 +179,27 b' class RepoGroupsController(BaseControlle'
183 179 try:
184 180 owner = c.rhodecode_user
185 181 form_result = repo_group_form.to_python(dict(request.POST))
186 RepoGroupModel().create(
182 repo_group = RepoGroupModel().create(
187 183 group_name=form_result['group_name_full'],
188 184 group_description=form_result['group_description'],
189 185 owner=owner.user_id,
190 186 copy_permissions=form_result['group_copy_permissions']
191 187 )
192 188 Session().commit()
189 repo_group_data = repo_group.get_api_data()
193 190 _new_group_name = form_result['group_name_full']
191
192 audit_logger.store(
193 action='repo_group.create',
194 action_data={'repo_group_data': repo_group_data},
195 user=c.rhodecode_user, commit=True)
196
194 197 repo_group_url = h.link_to(
195 198 _new_group_name,
196 199 h.route_path('repo_group_home', repo_group_name=_new_group_name))
197 200 h.flash(h.literal(_('Created repository group %s')
198 201 % repo_group_url), category='success')
199 # TODO: in future action_logger(, '', '', '', self.sa)
202
200 203 except formencode.Invalid as errors:
201 204 return htmlfill.render(
202 205 render('admin/repo_groups/repo_group_add.mako'),
@@ -216,8 +219,6 b' class RepoGroupsController(BaseControlle'
216 219 # perm checks inside
217 220 @NotAnonymous()
218 221 def new(self):
219 """GET /repo_groups/new: Form to create a new item"""
220 # url('new_repo_group')
221 222 # perm check for admin, create_group perm or admin of parent_group
222 223 parent_group_id = safe_int(request.GET.get('parent_group'))
223 224 if not self._can_create_repo_group(parent_group_id):
@@ -229,11 +230,6 b' class RepoGroupsController(BaseControlle'
229 230 @HasRepoGroupPermissionAnyDecorator('group.admin')
230 231 @auth.CSRFRequired()
231 232 def update(self, group_name):
232 """PUT /repo_groups/group_name: Update an existing item"""
233 # Forms posted to this method should contain a hidden field:
234 # <input type="hidden" name="_method" value="PUT" />
235 # Or using helpers:
236 # h.form(url('repos_group', group_name=GROUP_NAME), method='put')
237 233
238 234 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
239 235 can_create_in_root = self._can_create_repo_group()
@@ -249,16 +245,21 b' class RepoGroupsController(BaseControlle'
249 245 available_groups=c.repo_groups_choices,
250 246 can_create_in_root=can_create_in_root, allow_disabled=True)()
251 247
248 old_values = c.repo_group.get_api_data()
252 249 try:
253 250 form_result = repo_group_form.to_python(dict(request.POST))
254 251 gr_name = form_result['group_name']
255 252 new_gr = RepoGroupModel().update(group_name, form_result)
253
254 audit_logger.store(
255 'repo_group.edit', action_data={'old_data': old_values},
256 user=c.rhodecode_user)
257
256 258 Session().commit()
257 259 h.flash(_('Updated repository group %s') % (gr_name,),
258 260 category='success')
259 261 # we now have new name !
260 262 group_name = new_gr.group_name
261 # TODO: in future action_logger(, '', '', '', self.sa)
262 263 except formencode.Invalid as errors:
263 264 c.active = 'settings'
264 265 return htmlfill.render(
@@ -278,12 +279,6 b' class RepoGroupsController(BaseControlle'
278 279 @HasRepoGroupPermissionAnyDecorator('group.admin')
279 280 @auth.CSRFRequired()
280 281 def delete(self, group_name):
281 """DELETE /repo_groups/group_name: Delete an existing item"""
282 # Forms posted to this method should contain a hidden field:
283 # <input type="hidden" name="_method" value="DELETE" />
284 # Or using helpers:
285 # h.form(url('repos_group', group_name=GROUP_NAME), method='delete')
286
287 282 gr = c.repo_group = RepoGroupModel()._get_repo_group(group_name)
288 283 repos = gr.repositories.all()
289 284 if repos:
@@ -305,11 +300,18 b' class RepoGroupsController(BaseControlle'
305 300 return redirect(url('repo_groups'))
306 301
307 302 try:
303 old_values = gr.get_api_data()
308 304 RepoGroupModel().delete(group_name)
305
306 audit_logger.store(
307 'repo_group.delete',
308 action_data={'old_data': old_values,
309 'source': audit_logger.SOURCE_WEB},
310 user=c.rhodecode_user)
311
309 312 Session().commit()
310 313 h.flash(_('Removed repository group %s') % group_name,
311 314 category='success')
312 # TODO: in future action_logger(, '', '', '', self.sa)
313 315 except Exception:
314 316 log.exception("Exception during deletion of repository group")
315 317 h.flash(_('Error occurred during deletion of repository group %s')
@@ -319,8 +321,7 b' class RepoGroupsController(BaseControlle'
319 321
320 322 @HasRepoGroupPermissionAnyDecorator('group.admin')
321 323 def edit(self, group_name):
322 """GET /repo_groups/group_name/edit: Form to edit an existing item"""
323 # url('edit_repo_group', group_name=GROUP_NAME)
324
324 325 c.active = 'settings'
325 326
326 327 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
@@ -344,8 +345,6 b' class RepoGroupsController(BaseControlle'
344 345
345 346 @HasRepoGroupPermissionAnyDecorator('group.admin')
346 347 def edit_repo_group_advanced(self, group_name):
347 """GET /repo_groups/group_name/edit: Form to edit an existing item"""
348 # url('edit_repo_group', group_name=GROUP_NAME)
349 348 c.active = 'advanced'
350 349 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
351 350
@@ -353,8 +352,6 b' class RepoGroupsController(BaseControlle'
353 352
354 353 @HasRepoGroupPermissionAnyDecorator('group.admin')
355 354 def edit_repo_group_perms(self, group_name):
356 """GET /repo_groups/group_name/edit: Form to edit an existing item"""
357 # url('edit_repo_group', group_name=GROUP_NAME)
358 355 c.active = 'perms'
359 356 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
360 357 self.__load_defaults()
@@ -372,8 +369,6 b' class RepoGroupsController(BaseControlle'
372 369 def update_perms(self, group_name):
373 370 """
374 371 Update permissions for given repository group
375
376 :param group_name:
377 372 """
378 373
379 374 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
@@ -391,14 +386,21 b' class RepoGroupsController(BaseControlle'
391 386 # iterate over all members(if in recursive mode) of this groups and
392 387 # set the permissions !
393 388 # this can be potentially heavy operation
394 RepoGroupModel().update_permissions(
389 changes = RepoGroupModel().update_permissions(
395 390 c.repo_group,
396 form['perm_additions'], form['perm_updates'],
397 form['perm_deletions'], form['recursive'])
391 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
392 form['recursive'])
398 393
399 # TODO: implement this
400 # action_logger(c.rhodecode_user, 'admin_changed_repo_permissions',
401 # repo_name, self.ip_addr, self.sa)
394 action_data = {
395 'added': changes['added'],
396 'updated': changes['updated'],
397 'deleted': changes['deleted'],
398 'source': audit_logger.SOURCE_WEB
399 }
400 audit_logger.store(
401 'repo_group.edit.permissions', action_data=action_data,
402 user=c.rhodecode_user)
403
402 404 Session().commit()
403 405 h.flash(_('Repository Group permissions updated'), category='success')
404 406 return redirect(url('edit_repo_group_perms', group_name=group_name))
@@ -42,6 +42,11 b' ACTIONS = {'
42 42 'repo.delete': {},
43 43 'repo.commit.strip': {},
44 44 'repo.archive.download': {},
45
46 'repo_group.create': {},
47 'repo_group.edit': {},
48 'repo_group.edit.permissions': {},
49 'repo_group.delete': {},
45 50 }
46 51
47 52 SOURCE_WEB = 'source_web'
@@ -340,6 +340,12 b' class RepoGroupModel(BaseModel):'
340 340
341 341 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
342 342
343 changes = {
344 'added': [],
345 'updated': [],
346 'deleted': []
347 }
348
343 349 def _set_perm_user(obj, user, perm):
344 350 if isinstance(obj, RepoGroup):
345 351 self.grant_user_permission(
@@ -382,7 +388,6 b' class RepoGroupModel(BaseModel):'
382 388 repo=obj, group_name=user_group)
383 389
384 390 # start updates
385 updates = []
386 391 log.debug('Now updating permissions for %s in recursive mode:%s',
387 392 repo_group, recursive)
388 393
@@ -408,10 +413,13 b' class RepoGroupModel(BaseModel):'
408 413 # in recursive mode
409 414 obj = repo_group
410 415
416 change_obj = obj.get_api_data()
417
411 418 # update permissions
412 419 for member_id, perm, member_type in perm_updates:
413 420 member_id = int(member_id)
414 421 if member_type == 'user':
422 member_name = User.get(member_id).username
415 423 # this updates also current one if found
416 424 _set_perm_user(obj, user=member_id, perm=perm)
417 425 else: # set for user group
@@ -420,10 +428,15 b' class RepoGroupModel(BaseModel):'
420 428 user=cur_user):
421 429 _set_perm_group(obj, users_group=member_id, perm=perm)
422 430
431 changes['updated'].append(
432 {'change_obj': change_obj, 'type': member_type,
433 'id': member_id, 'name': member_name, 'new_perm': perm})
434
423 435 # set new permissions
424 436 for member_id, perm, member_type in perm_additions:
425 437 member_id = int(member_id)
426 438 if member_type == 'user':
439 member_name = User.get(member_id).username
427 440 _set_perm_user(obj, user=member_id, perm=perm)
428 441 else: # set for user group
429 442 # check if we have permissions to alter this usergroup
@@ -432,10 +445,15 b' class RepoGroupModel(BaseModel):'
432 445 user=cur_user):
433 446 _set_perm_group(obj, users_group=member_id, perm=perm)
434 447
448 changes['added'].append(
449 {'change_obj': change_obj, 'type': member_type,
450 'id': member_id, 'name': member_name, 'new_perm': perm})
451
435 452 # delete permissions
436 453 for member_id, perm, member_type in perm_deletions:
437 454 member_id = int(member_id)
438 455 if member_type == 'user':
456 member_name = User.get(member_id).username
439 457 _revoke_perm_user(obj, user=member_id)
440 458 else: # set for user group
441 459 # check if we have permissions to alter this usergroup
@@ -444,13 +462,16 b' class RepoGroupModel(BaseModel):'
444 462 user=cur_user):
445 463 _revoke_perm_group(obj, user_group=member_id)
446 464
447 updates.append(obj)
465 changes['deleted'].append(
466 {'change_obj': change_obj, 'type': member_type,
467 'id': member_id, 'name': member_name, 'new_perm': perm})
468
448 469 # if it's not recursive call for all,repos,groups
449 470 # break the loop and don't proceed with other changes
450 471 if recursive not in ['all', 'repos', 'groups']:
451 472 break
452 473
453 return updates
474 return changes
454 475
455 476 def update(self, repo_group, form_data):
456 477 try:
General Comments 0
You need to be logged in to leave comments. Login now