##// END OF EJS Templates
audit-logs: added action logs for repository groups.
marcink -
r1799:e51d88d8 default
parent child Browse files
Show More
@@ -34,6 +34,7 b' from pylons.i18n.translation import _, u'
34
34
35 from rhodecode.lib import auth
35 from rhodecode.lib import auth
36 from rhodecode.lib import helpers as h
36 from rhodecode.lib import helpers as h
37 from rhodecode.lib import audit_logger
37 from rhodecode.lib.ext_json import json
38 from rhodecode.lib.ext_json import json
38 from rhodecode.lib.auth import (
39 from rhodecode.lib.auth import (
39 LoginRequired, NotAnonymous, HasPermissionAll,
40 LoginRequired, NotAnonymous, HasPermissionAll,
@@ -153,9 +154,6 b' class RepoGroupsController(BaseControlle'
153
154
154 @NotAnonymous()
155 @NotAnonymous()
155 def index(self):
156 def index(self):
156 """GET /repo_groups: All items in the collection"""
157 # url('repo_groups')
158
159 repo_group_list = RepoGroup.get_all_repo_groups()
157 repo_group_list = RepoGroup.get_all_repo_groups()
160 _perms = ['group.admin']
158 _perms = ['group.admin']
161 repo_group_list_acl = RepoGroupList(repo_group_list, perm_set=_perms)
159 repo_group_list_acl = RepoGroupList(repo_group_list, perm_set=_perms)
@@ -168,8 +166,6 b' class RepoGroupsController(BaseControlle'
168 @NotAnonymous()
166 @NotAnonymous()
169 @auth.CSRFRequired()
167 @auth.CSRFRequired()
170 def create(self):
168 def create(self):
171 """POST /repo_groups: Create a new item"""
172 # url('repo_groups')
173
169
174 parent_group_id = safe_int(request.POST.get('group_parent_id'))
170 parent_group_id = safe_int(request.POST.get('group_parent_id'))
175 can_create = self._can_create_repo_group(parent_group_id)
171 can_create = self._can_create_repo_group(parent_group_id)
@@ -183,20 +179,27 b' class RepoGroupsController(BaseControlle'
183 try:
179 try:
184 owner = c.rhodecode_user
180 owner = c.rhodecode_user
185 form_result = repo_group_form.to_python(dict(request.POST))
181 form_result = repo_group_form.to_python(dict(request.POST))
186 RepoGroupModel().create(
182 repo_group = RepoGroupModel().create(
187 group_name=form_result['group_name_full'],
183 group_name=form_result['group_name_full'],
188 group_description=form_result['group_description'],
184 group_description=form_result['group_description'],
189 owner=owner.user_id,
185 owner=owner.user_id,
190 copy_permissions=form_result['group_copy_permissions']
186 copy_permissions=form_result['group_copy_permissions']
191 )
187 )
192 Session().commit()
188 Session().commit()
189 repo_group_data = repo_group.get_api_data()
193 _new_group_name = form_result['group_name_full']
190 _new_group_name = form_result['group_name_full']
191
192 audit_logger.store(
193 action='repo_group.create',
194 action_data={'repo_group_data': repo_group_data},
195 user=c.rhodecode_user, commit=True)
196
194 repo_group_url = h.link_to(
197 repo_group_url = h.link_to(
195 _new_group_name,
198 _new_group_name,
196 h.route_path('repo_group_home', repo_group_name=_new_group_name))
199 h.route_path('repo_group_home', repo_group_name=_new_group_name))
197 h.flash(h.literal(_('Created repository group %s')
200 h.flash(h.literal(_('Created repository group %s')
198 % repo_group_url), category='success')
201 % repo_group_url), category='success')
199 # TODO: in future action_logger(, '', '', '', self.sa)
202
200 except formencode.Invalid as errors:
203 except formencode.Invalid as errors:
201 return htmlfill.render(
204 return htmlfill.render(
202 render('admin/repo_groups/repo_group_add.mako'),
205 render('admin/repo_groups/repo_group_add.mako'),
@@ -216,8 +219,6 b' class RepoGroupsController(BaseControlle'
216 # perm checks inside
219 # perm checks inside
217 @NotAnonymous()
220 @NotAnonymous()
218 def new(self):
221 def new(self):
219 """GET /repo_groups/new: Form to create a new item"""
220 # url('new_repo_group')
221 # perm check for admin, create_group perm or admin of parent_group
222 # perm check for admin, create_group perm or admin of parent_group
222 parent_group_id = safe_int(request.GET.get('parent_group'))
223 parent_group_id = safe_int(request.GET.get('parent_group'))
223 if not self._can_create_repo_group(parent_group_id):
224 if not self._can_create_repo_group(parent_group_id):
@@ -229,11 +230,6 b' class RepoGroupsController(BaseControlle'
229 @HasRepoGroupPermissionAnyDecorator('group.admin')
230 @HasRepoGroupPermissionAnyDecorator('group.admin')
230 @auth.CSRFRequired()
231 @auth.CSRFRequired()
231 def update(self, group_name):
232 def update(self, group_name):
232 """PUT /repo_groups/group_name: Update an existing item"""
233 # Forms posted to this method should contain a hidden field:
234 # <input type="hidden" name="_method" value="PUT" />
235 # Or using helpers:
236 # h.form(url('repos_group', group_name=GROUP_NAME), method='put')
237
233
238 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
234 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
239 can_create_in_root = self._can_create_repo_group()
235 can_create_in_root = self._can_create_repo_group()
@@ -249,16 +245,21 b' class RepoGroupsController(BaseControlle'
249 available_groups=c.repo_groups_choices,
245 available_groups=c.repo_groups_choices,
250 can_create_in_root=can_create_in_root, allow_disabled=True)()
246 can_create_in_root=can_create_in_root, allow_disabled=True)()
251
247
248 old_values = c.repo_group.get_api_data()
252 try:
249 try:
253 form_result = repo_group_form.to_python(dict(request.POST))
250 form_result = repo_group_form.to_python(dict(request.POST))
254 gr_name = form_result['group_name']
251 gr_name = form_result['group_name']
255 new_gr = RepoGroupModel().update(group_name, form_result)
252 new_gr = RepoGroupModel().update(group_name, form_result)
253
254 audit_logger.store(
255 'repo_group.edit', action_data={'old_data': old_values},
256 user=c.rhodecode_user)
257
256 Session().commit()
258 Session().commit()
257 h.flash(_('Updated repository group %s') % (gr_name,),
259 h.flash(_('Updated repository group %s') % (gr_name,),
258 category='success')
260 category='success')
259 # we now have new name !
261 # we now have new name !
260 group_name = new_gr.group_name
262 group_name = new_gr.group_name
261 # TODO: in future action_logger(, '', '', '', self.sa)
262 except formencode.Invalid as errors:
263 except formencode.Invalid as errors:
263 c.active = 'settings'
264 c.active = 'settings'
264 return htmlfill.render(
265 return htmlfill.render(
@@ -278,12 +279,6 b' class RepoGroupsController(BaseControlle'
278 @HasRepoGroupPermissionAnyDecorator('group.admin')
279 @HasRepoGroupPermissionAnyDecorator('group.admin')
279 @auth.CSRFRequired()
280 @auth.CSRFRequired()
280 def delete(self, group_name):
281 def delete(self, group_name):
281 """DELETE /repo_groups/group_name: Delete an existing item"""
282 # Forms posted to this method should contain a hidden field:
283 # <input type="hidden" name="_method" value="DELETE" />
284 # Or using helpers:
285 # h.form(url('repos_group', group_name=GROUP_NAME), method='delete')
286
287 gr = c.repo_group = RepoGroupModel()._get_repo_group(group_name)
282 gr = c.repo_group = RepoGroupModel()._get_repo_group(group_name)
288 repos = gr.repositories.all()
283 repos = gr.repositories.all()
289 if repos:
284 if repos:
@@ -305,11 +300,18 b' class RepoGroupsController(BaseControlle'
305 return redirect(url('repo_groups'))
300 return redirect(url('repo_groups'))
306
301
307 try:
302 try:
303 old_values = gr.get_api_data()
308 RepoGroupModel().delete(group_name)
304 RepoGroupModel().delete(group_name)
305
306 audit_logger.store(
307 'repo_group.delete',
308 action_data={'old_data': old_values,
309 'source': audit_logger.SOURCE_WEB},
310 user=c.rhodecode_user)
311
309 Session().commit()
312 Session().commit()
310 h.flash(_('Removed repository group %s') % group_name,
313 h.flash(_('Removed repository group %s') % group_name,
311 category='success')
314 category='success')
312 # TODO: in future action_logger(, '', '', '', self.sa)
313 except Exception:
315 except Exception:
314 log.exception("Exception during deletion of repository group")
316 log.exception("Exception during deletion of repository group")
315 h.flash(_('Error occurred during deletion of repository group %s')
317 h.flash(_('Error occurred during deletion of repository group %s')
@@ -319,8 +321,7 b' class RepoGroupsController(BaseControlle'
319
321
320 @HasRepoGroupPermissionAnyDecorator('group.admin')
322 @HasRepoGroupPermissionAnyDecorator('group.admin')
321 def edit(self, group_name):
323 def edit(self, group_name):
322 """GET /repo_groups/group_name/edit: Form to edit an existing item"""
324
323 # url('edit_repo_group', group_name=GROUP_NAME)
324 c.active = 'settings'
325 c.active = 'settings'
325
326
326 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
327 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
@@ -344,8 +345,6 b' class RepoGroupsController(BaseControlle'
344
345
345 @HasRepoGroupPermissionAnyDecorator('group.admin')
346 @HasRepoGroupPermissionAnyDecorator('group.admin')
346 def edit_repo_group_advanced(self, group_name):
347 def edit_repo_group_advanced(self, group_name):
347 """GET /repo_groups/group_name/edit: Form to edit an existing item"""
348 # url('edit_repo_group', group_name=GROUP_NAME)
349 c.active = 'advanced'
348 c.active = 'advanced'
350 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
349 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
351
350
@@ -353,8 +352,6 b' class RepoGroupsController(BaseControlle'
353
352
354 @HasRepoGroupPermissionAnyDecorator('group.admin')
353 @HasRepoGroupPermissionAnyDecorator('group.admin')
355 def edit_repo_group_perms(self, group_name):
354 def edit_repo_group_perms(self, group_name):
356 """GET /repo_groups/group_name/edit: Form to edit an existing item"""
357 # url('edit_repo_group', group_name=GROUP_NAME)
358 c.active = 'perms'
355 c.active = 'perms'
359 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
356 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
360 self.__load_defaults()
357 self.__load_defaults()
@@ -372,8 +369,6 b' class RepoGroupsController(BaseControlle'
372 def update_perms(self, group_name):
369 def update_perms(self, group_name):
373 """
370 """
374 Update permissions for given repository group
371 Update permissions for given repository group
375
376 :param group_name:
377 """
372 """
378
373
379 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
374 c.repo_group = RepoGroupModel()._get_repo_group(group_name)
@@ -391,14 +386,21 b' class RepoGroupsController(BaseControlle'
391 # iterate over all members(if in recursive mode) of this groups and
386 # iterate over all members(if in recursive mode) of this groups and
392 # set the permissions !
387 # set the permissions !
393 # this can be potentially heavy operation
388 # this can be potentially heavy operation
394 RepoGroupModel().update_permissions(
389 changes = RepoGroupModel().update_permissions(
395 c.repo_group,
390 c.repo_group,
396 form['perm_additions'], form['perm_updates'],
391 form['perm_additions'], form['perm_updates'], form['perm_deletions'],
397 form['perm_deletions'], form['recursive'])
392 form['recursive'])
398
393
399 # TODO: implement this
394 action_data = {
400 # action_logger(c.rhodecode_user, 'admin_changed_repo_permissions',
395 'added': changes['added'],
401 # repo_name, self.ip_addr, self.sa)
396 'updated': changes['updated'],
397 'deleted': changes['deleted'],
398 'source': audit_logger.SOURCE_WEB
399 }
400 audit_logger.store(
401 'repo_group.edit.permissions', action_data=action_data,
402 user=c.rhodecode_user)
403
402 Session().commit()
404 Session().commit()
403 h.flash(_('Repository Group permissions updated'), category='success')
405 h.flash(_('Repository Group permissions updated'), category='success')
404 return redirect(url('edit_repo_group_perms', group_name=group_name))
406 return redirect(url('edit_repo_group_perms', group_name=group_name))
@@ -42,6 +42,11 b' ACTIONS = {'
42 'repo.delete': {},
42 'repo.delete': {},
43 'repo.commit.strip': {},
43 'repo.commit.strip': {},
44 'repo.archive.download': {},
44 'repo.archive.download': {},
45
46 'repo_group.create': {},
47 'repo_group.edit': {},
48 'repo_group.edit.permissions': {},
49 'repo_group.delete': {},
45 }
50 }
46
51
47 SOURCE_WEB = 'source_web'
52 SOURCE_WEB = 'source_web'
@@ -340,6 +340,12 b' class RepoGroupModel(BaseModel):'
340
340
341 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
341 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
342
342
343 changes = {
344 'added': [],
345 'updated': [],
346 'deleted': []
347 }
348
343 def _set_perm_user(obj, user, perm):
349 def _set_perm_user(obj, user, perm):
344 if isinstance(obj, RepoGroup):
350 if isinstance(obj, RepoGroup):
345 self.grant_user_permission(
351 self.grant_user_permission(
@@ -382,7 +388,6 b' class RepoGroupModel(BaseModel):'
382 repo=obj, group_name=user_group)
388 repo=obj, group_name=user_group)
383
389
384 # start updates
390 # start updates
385 updates = []
386 log.debug('Now updating permissions for %s in recursive mode:%s',
391 log.debug('Now updating permissions for %s in recursive mode:%s',
387 repo_group, recursive)
392 repo_group, recursive)
388
393
@@ -408,10 +413,13 b' class RepoGroupModel(BaseModel):'
408 # in recursive mode
413 # in recursive mode
409 obj = repo_group
414 obj = repo_group
410
415
416 change_obj = obj.get_api_data()
417
411 # update permissions
418 # update permissions
412 for member_id, perm, member_type in perm_updates:
419 for member_id, perm, member_type in perm_updates:
413 member_id = int(member_id)
420 member_id = int(member_id)
414 if member_type == 'user':
421 if member_type == 'user':
422 member_name = User.get(member_id).username
415 # this updates also current one if found
423 # this updates also current one if found
416 _set_perm_user(obj, user=member_id, perm=perm)
424 _set_perm_user(obj, user=member_id, perm=perm)
417 else: # set for user group
425 else: # set for user group
@@ -420,10 +428,15 b' class RepoGroupModel(BaseModel):'
420 user=cur_user):
428 user=cur_user):
421 _set_perm_group(obj, users_group=member_id, perm=perm)
429 _set_perm_group(obj, users_group=member_id, perm=perm)
422
430
431 changes['updated'].append(
432 {'change_obj': change_obj, 'type': member_type,
433 'id': member_id, 'name': member_name, 'new_perm': perm})
434
423 # set new permissions
435 # set new permissions
424 for member_id, perm, member_type in perm_additions:
436 for member_id, perm, member_type in perm_additions:
425 member_id = int(member_id)
437 member_id = int(member_id)
426 if member_type == 'user':
438 if member_type == 'user':
439 member_name = User.get(member_id).username
427 _set_perm_user(obj, user=member_id, perm=perm)
440 _set_perm_user(obj, user=member_id, perm=perm)
428 else: # set for user group
441 else: # set for user group
429 # check if we have permissions to alter this usergroup
442 # check if we have permissions to alter this usergroup
@@ -432,10 +445,15 b' class RepoGroupModel(BaseModel):'
432 user=cur_user):
445 user=cur_user):
433 _set_perm_group(obj, users_group=member_id, perm=perm)
446 _set_perm_group(obj, users_group=member_id, perm=perm)
434
447
448 changes['added'].append(
449 {'change_obj': change_obj, 'type': member_type,
450 'id': member_id, 'name': member_name, 'new_perm': perm})
451
435 # delete permissions
452 # delete permissions
436 for member_id, perm, member_type in perm_deletions:
453 for member_id, perm, member_type in perm_deletions:
437 member_id = int(member_id)
454 member_id = int(member_id)
438 if member_type == 'user':
455 if member_type == 'user':
456 member_name = User.get(member_id).username
439 _revoke_perm_user(obj, user=member_id)
457 _revoke_perm_user(obj, user=member_id)
440 else: # set for user group
458 else: # set for user group
441 # check if we have permissions to alter this usergroup
459 # check if we have permissions to alter this usergroup
@@ -444,13 +462,16 b' class RepoGroupModel(BaseModel):'
444 user=cur_user):
462 user=cur_user):
445 _revoke_perm_group(obj, user_group=member_id)
463 _revoke_perm_group(obj, user_group=member_id)
446
464
447 updates.append(obj)
465 changes['deleted'].append(
466 {'change_obj': change_obj, 'type': member_type,
467 'id': member_id, 'name': member_name, 'new_perm': perm})
468
448 # if it's not recursive call for all,repos,groups
469 # if it's not recursive call for all,repos,groups
449 # break the loop and don't proceed with other changes
470 # break the loop and don't proceed with other changes
450 if recursive not in ['all', 'repos', 'groups']:
471 if recursive not in ['all', 'repos', 'groups']:
451 break
472 break
452
473
453 return updates
474 return changes
454
475
455 def update(self, repo_group, form_data):
476 def update(self, repo_group, form_data):
456 try:
477 try:
General Comments 0
You need to be logged in to leave comments. Login now