##// END OF EJS Templates
permissions: flush default user permissions on global app permission changes.
marcink -
r3384:e6231c06 default
parent child Browse files
Show More
@@ -1,509 +1,518 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2016-2019 RhodeCode GmbH
3 # Copyright (C) 2016-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import re
21 import re
22 import logging
22 import logging
23 import formencode
23 import formencode
24 import formencode.htmlfill
24 import formencode.htmlfill
25 import datetime
25 import datetime
26 from pyramid.interfaces import IRoutesMapper
26 from pyramid.interfaces import IRoutesMapper
27
27
28 from pyramid.view import view_config
28 from pyramid.view import view_config
29 from pyramid.httpexceptions import HTTPFound
29 from pyramid.httpexceptions import HTTPFound
30 from pyramid.renderers import render
30 from pyramid.renderers import render
31 from pyramid.response import Response
31 from pyramid.response import Response
32
32
33 from rhodecode.apps._base import BaseAppView, DataGridAppView
33 from rhodecode.apps._base import BaseAppView, DataGridAppView
34 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
34 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
35 from rhodecode.events import trigger
35 from rhodecode import events
36
36
37 from rhodecode.lib import helpers as h
37 from rhodecode.lib import helpers as h
38 from rhodecode.lib.auth import (
38 from rhodecode.lib.auth import (
39 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
39 LoginRequired, HasPermissionAllDecorator, CSRFRequired)
40 from rhodecode.lib.utils2 import aslist, safe_unicode
40 from rhodecode.lib.utils2 import aslist, safe_unicode
41 from rhodecode.model.db import (
41 from rhodecode.model.db import (
42 or_, coalesce, User, UserIpMap, UserSshKeys)
42 or_, coalesce, User, UserIpMap, UserSshKeys)
43 from rhodecode.model.forms import (
43 from rhodecode.model.forms import (
44 ApplicationPermissionsForm, ObjectPermissionsForm, UserPermissionsForm)
44 ApplicationPermissionsForm, ObjectPermissionsForm, UserPermissionsForm)
45 from rhodecode.model.meta import Session
45 from rhodecode.model.meta import Session
46 from rhodecode.model.permission import PermissionModel
46 from rhodecode.model.permission import PermissionModel
47 from rhodecode.model.settings import SettingsModel
47 from rhodecode.model.settings import SettingsModel
48
48
49
49
50 log = logging.getLogger(__name__)
50 log = logging.getLogger(__name__)
51
51
52
52
53 class AdminPermissionsView(BaseAppView, DataGridAppView):
53 class AdminPermissionsView(BaseAppView, DataGridAppView):
54 def load_default_context(self):
54 def load_default_context(self):
55 c = self._get_local_tmpl_context()
55 c = self._get_local_tmpl_context()
56 PermissionModel().set_global_permission_choices(
56 PermissionModel().set_global_permission_choices(
57 c, gettext_translator=self.request.translate)
57 c, gettext_translator=self.request.translate)
58 return c
58 return c
59
59
60 @LoginRequired()
60 @LoginRequired()
61 @HasPermissionAllDecorator('hg.admin')
61 @HasPermissionAllDecorator('hg.admin')
62 @view_config(
62 @view_config(
63 route_name='admin_permissions_application', request_method='GET',
63 route_name='admin_permissions_application', request_method='GET',
64 renderer='rhodecode:templates/admin/permissions/permissions.mako')
64 renderer='rhodecode:templates/admin/permissions/permissions.mako')
65 def permissions_application(self):
65 def permissions_application(self):
66 c = self.load_default_context()
66 c = self.load_default_context()
67 c.active = 'application'
67 c.active = 'application'
68
68
69 c.user = User.get_default_user(refresh=True)
69 c.user = User.get_default_user(refresh=True)
70
70
71 app_settings = SettingsModel().get_all_settings()
71 app_settings = SettingsModel().get_all_settings()
72 defaults = {
72 defaults = {
73 'anonymous': c.user.active,
73 'anonymous': c.user.active,
74 'default_register_message': app_settings.get(
74 'default_register_message': app_settings.get(
75 'rhodecode_register_message')
75 'rhodecode_register_message')
76 }
76 }
77 defaults.update(c.user.get_default_perms())
77 defaults.update(c.user.get_default_perms())
78
78
79 data = render('rhodecode:templates/admin/permissions/permissions.mako',
79 data = render('rhodecode:templates/admin/permissions/permissions.mako',
80 self._get_template_context(c), self.request)
80 self._get_template_context(c), self.request)
81 html = formencode.htmlfill.render(
81 html = formencode.htmlfill.render(
82 data,
82 data,
83 defaults=defaults,
83 defaults=defaults,
84 encoding="UTF-8",
84 encoding="UTF-8",
85 force_defaults=False
85 force_defaults=False
86 )
86 )
87 return Response(html)
87 return Response(html)
88
88
89 @LoginRequired()
89 @LoginRequired()
90 @HasPermissionAllDecorator('hg.admin')
90 @HasPermissionAllDecorator('hg.admin')
91 @CSRFRequired()
91 @CSRFRequired()
92 @view_config(
92 @view_config(
93 route_name='admin_permissions_application_update', request_method='POST',
93 route_name='admin_permissions_application_update', request_method='POST',
94 renderer='rhodecode:templates/admin/permissions/permissions.mako')
94 renderer='rhodecode:templates/admin/permissions/permissions.mako')
95 def permissions_application_update(self):
95 def permissions_application_update(self):
96 _ = self.request.translate
96 _ = self.request.translate
97 c = self.load_default_context()
97 c = self.load_default_context()
98 c.active = 'application'
98 c.active = 'application'
99
99
100 _form = ApplicationPermissionsForm(
100 _form = ApplicationPermissionsForm(
101 self.request.translate,
101 self.request.translate,
102 [x[0] for x in c.register_choices],
102 [x[0] for x in c.register_choices],
103 [x[0] for x in c.password_reset_choices],
103 [x[0] for x in c.password_reset_choices],
104 [x[0] for x in c.extern_activate_choices])()
104 [x[0] for x in c.extern_activate_choices])()
105
105
106 try:
106 try:
107 form_result = _form.to_python(dict(self.request.POST))
107 form_result = _form.to_python(dict(self.request.POST))
108 form_result.update({'perm_user_name': User.DEFAULT_USER})
108 form_result.update({'perm_user_name': User.DEFAULT_USER})
109 PermissionModel().update_application_permissions(form_result)
109 PermissionModel().update_application_permissions(form_result)
110
110
111 settings = [
111 settings = [
112 ('register_message', 'default_register_message'),
112 ('register_message', 'default_register_message'),
113 ]
113 ]
114 for setting, form_key in settings:
114 for setting, form_key in settings:
115 sett = SettingsModel().create_or_update_setting(
115 sett = SettingsModel().create_or_update_setting(
116 setting, form_result[form_key])
116 setting, form_result[form_key])
117 Session().add(sett)
117 Session().add(sett)
118
118
119 Session().commit()
119 Session().commit()
120 h.flash(_('Application permissions updated successfully'),
120 h.flash(_('Application permissions updated successfully'),
121 category='success')
121 category='success')
122
122
123 except formencode.Invalid as errors:
123 except formencode.Invalid as errors:
124 defaults = errors.value
124 defaults = errors.value
125
125
126 data = render(
126 data = render(
127 'rhodecode:templates/admin/permissions/permissions.mako',
127 'rhodecode:templates/admin/permissions/permissions.mako',
128 self._get_template_context(c), self.request)
128 self._get_template_context(c), self.request)
129 html = formencode.htmlfill.render(
129 html = formencode.htmlfill.render(
130 data,
130 data,
131 defaults=defaults,
131 defaults=defaults,
132 errors=errors.error_dict or {},
132 errors=errors.error_dict or {},
133 prefix_error=False,
133 prefix_error=False,
134 encoding="UTF-8",
134 encoding="UTF-8",
135 force_defaults=False
135 force_defaults=False
136 )
136 )
137 return Response(html)
137 return Response(html)
138
138
139 except Exception:
139 except Exception:
140 log.exception("Exception during update of permissions")
140 log.exception("Exception during update of permissions")
141 h.flash(_('Error occurred during update of permissions'),
141 h.flash(_('Error occurred during update of permissions'),
142 category='error')
142 category='error')
143
143
144 affected_user_ids = [User.get_default_user().user_id]
145 events.trigger(events.UserPermissionsChange(affected_user_ids))
146
144 raise HTTPFound(h.route_path('admin_permissions_application'))
147 raise HTTPFound(h.route_path('admin_permissions_application'))
145
148
146 @LoginRequired()
149 @LoginRequired()
147 @HasPermissionAllDecorator('hg.admin')
150 @HasPermissionAllDecorator('hg.admin')
148 @view_config(
151 @view_config(
149 route_name='admin_permissions_object', request_method='GET',
152 route_name='admin_permissions_object', request_method='GET',
150 renderer='rhodecode:templates/admin/permissions/permissions.mako')
153 renderer='rhodecode:templates/admin/permissions/permissions.mako')
151 def permissions_objects(self):
154 def permissions_objects(self):
152 c = self.load_default_context()
155 c = self.load_default_context()
153 c.active = 'objects'
156 c.active = 'objects'
154
157
155 c.user = User.get_default_user(refresh=True)
158 c.user = User.get_default_user(refresh=True)
156 defaults = {}
159 defaults = {}
157 defaults.update(c.user.get_default_perms())
160 defaults.update(c.user.get_default_perms())
158
161
159 data = render(
162 data = render(
160 'rhodecode:templates/admin/permissions/permissions.mako',
163 'rhodecode:templates/admin/permissions/permissions.mako',
161 self._get_template_context(c), self.request)
164 self._get_template_context(c), self.request)
162 html = formencode.htmlfill.render(
165 html = formencode.htmlfill.render(
163 data,
166 data,
164 defaults=defaults,
167 defaults=defaults,
165 encoding="UTF-8",
168 encoding="UTF-8",
166 force_defaults=False
169 force_defaults=False
167 )
170 )
168 return Response(html)
171 return Response(html)
169
172
170 @LoginRequired()
173 @LoginRequired()
171 @HasPermissionAllDecorator('hg.admin')
174 @HasPermissionAllDecorator('hg.admin')
172 @CSRFRequired()
175 @CSRFRequired()
173 @view_config(
176 @view_config(
174 route_name='admin_permissions_object_update', request_method='POST',
177 route_name='admin_permissions_object_update', request_method='POST',
175 renderer='rhodecode:templates/admin/permissions/permissions.mako')
178 renderer='rhodecode:templates/admin/permissions/permissions.mako')
176 def permissions_objects_update(self):
179 def permissions_objects_update(self):
177 _ = self.request.translate
180 _ = self.request.translate
178 c = self.load_default_context()
181 c = self.load_default_context()
179 c.active = 'objects'
182 c.active = 'objects'
180
183
181 _form = ObjectPermissionsForm(
184 _form = ObjectPermissionsForm(
182 self.request.translate,
185 self.request.translate,
183 [x[0] for x in c.repo_perms_choices],
186 [x[0] for x in c.repo_perms_choices],
184 [x[0] for x in c.group_perms_choices],
187 [x[0] for x in c.group_perms_choices],
185 [x[0] for x in c.user_group_perms_choices],
188 [x[0] for x in c.user_group_perms_choices],
186 )()
189 )()
187
190
188 try:
191 try:
189 form_result = _form.to_python(dict(self.request.POST))
192 form_result = _form.to_python(dict(self.request.POST))
190 form_result.update({'perm_user_name': User.DEFAULT_USER})
193 form_result.update({'perm_user_name': User.DEFAULT_USER})
191 PermissionModel().update_object_permissions(form_result)
194 PermissionModel().update_object_permissions(form_result)
192
195
193 Session().commit()
196 Session().commit()
194 h.flash(_('Object permissions updated successfully'),
197 h.flash(_('Object permissions updated successfully'),
195 category='success')
198 category='success')
196
199
197 except formencode.Invalid as errors:
200 except formencode.Invalid as errors:
198 defaults = errors.value
201 defaults = errors.value
199
202
200 data = render(
203 data = render(
201 'rhodecode:templates/admin/permissions/permissions.mako',
204 'rhodecode:templates/admin/permissions/permissions.mako',
202 self._get_template_context(c), self.request)
205 self._get_template_context(c), self.request)
203 html = formencode.htmlfill.render(
206 html = formencode.htmlfill.render(
204 data,
207 data,
205 defaults=defaults,
208 defaults=defaults,
206 errors=errors.error_dict or {},
209 errors=errors.error_dict or {},
207 prefix_error=False,
210 prefix_error=False,
208 encoding="UTF-8",
211 encoding="UTF-8",
209 force_defaults=False
212 force_defaults=False
210 )
213 )
211 return Response(html)
214 return Response(html)
212 except Exception:
215 except Exception:
213 log.exception("Exception during update of permissions")
216 log.exception("Exception during update of permissions")
214 h.flash(_('Error occurred during update of permissions'),
217 h.flash(_('Error occurred during update of permissions'),
215 category='error')
218 category='error')
216
219
220 affected_user_ids = [User.get_default_user().user_id]
221 events.trigger(events.UserPermissionsChange(affected_user_ids))
222
217 raise HTTPFound(h.route_path('admin_permissions_object'))
223 raise HTTPFound(h.route_path('admin_permissions_object'))
218
224
219 @LoginRequired()
225 @LoginRequired()
220 @HasPermissionAllDecorator('hg.admin')
226 @HasPermissionAllDecorator('hg.admin')
221 @view_config(
227 @view_config(
222 route_name='admin_permissions_branch', request_method='GET',
228 route_name='admin_permissions_branch', request_method='GET',
223 renderer='rhodecode:templates/admin/permissions/permissions.mako')
229 renderer='rhodecode:templates/admin/permissions/permissions.mako')
224 def permissions_branch(self):
230 def permissions_branch(self):
225 c = self.load_default_context()
231 c = self.load_default_context()
226 c.active = 'branch'
232 c.active = 'branch'
227
233
228 c.user = User.get_default_user(refresh=True)
234 c.user = User.get_default_user(refresh=True)
229 defaults = {}
235 defaults = {}
230 defaults.update(c.user.get_default_perms())
236 defaults.update(c.user.get_default_perms())
231
237
232 data = render(
238 data = render(
233 'rhodecode:templates/admin/permissions/permissions.mako',
239 'rhodecode:templates/admin/permissions/permissions.mako',
234 self._get_template_context(c), self.request)
240 self._get_template_context(c), self.request)
235 html = formencode.htmlfill.render(
241 html = formencode.htmlfill.render(
236 data,
242 data,
237 defaults=defaults,
243 defaults=defaults,
238 encoding="UTF-8",
244 encoding="UTF-8",
239 force_defaults=False
245 force_defaults=False
240 )
246 )
241 return Response(html)
247 return Response(html)
242
248
243 @LoginRequired()
249 @LoginRequired()
244 @HasPermissionAllDecorator('hg.admin')
250 @HasPermissionAllDecorator('hg.admin')
245 @view_config(
251 @view_config(
246 route_name='admin_permissions_global', request_method='GET',
252 route_name='admin_permissions_global', request_method='GET',
247 renderer='rhodecode:templates/admin/permissions/permissions.mako')
253 renderer='rhodecode:templates/admin/permissions/permissions.mako')
248 def permissions_global(self):
254 def permissions_global(self):
249 c = self.load_default_context()
255 c = self.load_default_context()
250 c.active = 'global'
256 c.active = 'global'
251
257
252 c.user = User.get_default_user(refresh=True)
258 c.user = User.get_default_user(refresh=True)
253 defaults = {}
259 defaults = {}
254 defaults.update(c.user.get_default_perms())
260 defaults.update(c.user.get_default_perms())
255
261
256 data = render(
262 data = render(
257 'rhodecode:templates/admin/permissions/permissions.mako',
263 'rhodecode:templates/admin/permissions/permissions.mako',
258 self._get_template_context(c), self.request)
264 self._get_template_context(c), self.request)
259 html = formencode.htmlfill.render(
265 html = formencode.htmlfill.render(
260 data,
266 data,
261 defaults=defaults,
267 defaults=defaults,
262 encoding="UTF-8",
268 encoding="UTF-8",
263 force_defaults=False
269 force_defaults=False
264 )
270 )
265 return Response(html)
271 return Response(html)
266
272
267 @LoginRequired()
273 @LoginRequired()
268 @HasPermissionAllDecorator('hg.admin')
274 @HasPermissionAllDecorator('hg.admin')
269 @CSRFRequired()
275 @CSRFRequired()
270 @view_config(
276 @view_config(
271 route_name='admin_permissions_global_update', request_method='POST',
277 route_name='admin_permissions_global_update', request_method='POST',
272 renderer='rhodecode:templates/admin/permissions/permissions.mako')
278 renderer='rhodecode:templates/admin/permissions/permissions.mako')
273 def permissions_global_update(self):
279 def permissions_global_update(self):
274 _ = self.request.translate
280 _ = self.request.translate
275 c = self.load_default_context()
281 c = self.load_default_context()
276 c.active = 'global'
282 c.active = 'global'
277
283
278 _form = UserPermissionsForm(
284 _form = UserPermissionsForm(
279 self.request.translate,
285 self.request.translate,
280 [x[0] for x in c.repo_create_choices],
286 [x[0] for x in c.repo_create_choices],
281 [x[0] for x in c.repo_create_on_write_choices],
287 [x[0] for x in c.repo_create_on_write_choices],
282 [x[0] for x in c.repo_group_create_choices],
288 [x[0] for x in c.repo_group_create_choices],
283 [x[0] for x in c.user_group_create_choices],
289 [x[0] for x in c.user_group_create_choices],
284 [x[0] for x in c.fork_choices],
290 [x[0] for x in c.fork_choices],
285 [x[0] for x in c.inherit_default_permission_choices])()
291 [x[0] for x in c.inherit_default_permission_choices])()
286
292
287 try:
293 try:
288 form_result = _form.to_python(dict(self.request.POST))
294 form_result = _form.to_python(dict(self.request.POST))
289 form_result.update({'perm_user_name': User.DEFAULT_USER})
295 form_result.update({'perm_user_name': User.DEFAULT_USER})
290 PermissionModel().update_user_permissions(form_result)
296 PermissionModel().update_user_permissions(form_result)
291
297
292 Session().commit()
298 Session().commit()
293 h.flash(_('Global permissions updated successfully'),
299 h.flash(_('Global permissions updated successfully'),
294 category='success')
300 category='success')
295
301
296 except formencode.Invalid as errors:
302 except formencode.Invalid as errors:
297 defaults = errors.value
303 defaults = errors.value
298
304
299 data = render(
305 data = render(
300 'rhodecode:templates/admin/permissions/permissions.mako',
306 'rhodecode:templates/admin/permissions/permissions.mako',
301 self._get_template_context(c), self.request)
307 self._get_template_context(c), self.request)
302 html = formencode.htmlfill.render(
308 html = formencode.htmlfill.render(
303 data,
309 data,
304 defaults=defaults,
310 defaults=defaults,
305 errors=errors.error_dict or {},
311 errors=errors.error_dict or {},
306 prefix_error=False,
312 prefix_error=False,
307 encoding="UTF-8",
313 encoding="UTF-8",
308 force_defaults=False
314 force_defaults=False
309 )
315 )
310 return Response(html)
316 return Response(html)
311 except Exception:
317 except Exception:
312 log.exception("Exception during update of permissions")
318 log.exception("Exception during update of permissions")
313 h.flash(_('Error occurred during update of permissions'),
319 h.flash(_('Error occurred during update of permissions'),
314 category='error')
320 category='error')
315
321
322 affected_user_ids = [User.get_default_user().user_id]
323 events.trigger(events.UserPermissionsChange(affected_user_ids))
324
316 raise HTTPFound(h.route_path('admin_permissions_global'))
325 raise HTTPFound(h.route_path('admin_permissions_global'))
317
326
318 @LoginRequired()
327 @LoginRequired()
319 @HasPermissionAllDecorator('hg.admin')
328 @HasPermissionAllDecorator('hg.admin')
320 @view_config(
329 @view_config(
321 route_name='admin_permissions_ips', request_method='GET',
330 route_name='admin_permissions_ips', request_method='GET',
322 renderer='rhodecode:templates/admin/permissions/permissions.mako')
331 renderer='rhodecode:templates/admin/permissions/permissions.mako')
323 def permissions_ips(self):
332 def permissions_ips(self):
324 c = self.load_default_context()
333 c = self.load_default_context()
325 c.active = 'ips'
334 c.active = 'ips'
326
335
327 c.user = User.get_default_user(refresh=True)
336 c.user = User.get_default_user(refresh=True)
328 c.user_ip_map = (
337 c.user_ip_map = (
329 UserIpMap.query().filter(UserIpMap.user == c.user).all())
338 UserIpMap.query().filter(UserIpMap.user == c.user).all())
330
339
331 return self._get_template_context(c)
340 return self._get_template_context(c)
332
341
333 @LoginRequired()
342 @LoginRequired()
334 @HasPermissionAllDecorator('hg.admin')
343 @HasPermissionAllDecorator('hg.admin')
335 @view_config(
344 @view_config(
336 route_name='admin_permissions_overview', request_method='GET',
345 route_name='admin_permissions_overview', request_method='GET',
337 renderer='rhodecode:templates/admin/permissions/permissions.mako')
346 renderer='rhodecode:templates/admin/permissions/permissions.mako')
338 def permissions_overview(self):
347 def permissions_overview(self):
339 c = self.load_default_context()
348 c = self.load_default_context()
340 c.active = 'perms'
349 c.active = 'perms'
341
350
342 c.user = User.get_default_user(refresh=True)
351 c.user = User.get_default_user(refresh=True)
343 c.perm_user = c.user.AuthUser()
352 c.perm_user = c.user.AuthUser()
344 return self._get_template_context(c)
353 return self._get_template_context(c)
345
354
346 @LoginRequired()
355 @LoginRequired()
347 @HasPermissionAllDecorator('hg.admin')
356 @HasPermissionAllDecorator('hg.admin')
348 @view_config(
357 @view_config(
349 route_name='admin_permissions_auth_token_access', request_method='GET',
358 route_name='admin_permissions_auth_token_access', request_method='GET',
350 renderer='rhodecode:templates/admin/permissions/permissions.mako')
359 renderer='rhodecode:templates/admin/permissions/permissions.mako')
351 def auth_token_access(self):
360 def auth_token_access(self):
352 from rhodecode import CONFIG
361 from rhodecode import CONFIG
353
362
354 c = self.load_default_context()
363 c = self.load_default_context()
355 c.active = 'auth_token_access'
364 c.active = 'auth_token_access'
356
365
357 c.user = User.get_default_user(refresh=True)
366 c.user = User.get_default_user(refresh=True)
358 c.perm_user = c.user.AuthUser()
367 c.perm_user = c.user.AuthUser()
359
368
360 mapper = self.request.registry.queryUtility(IRoutesMapper)
369 mapper = self.request.registry.queryUtility(IRoutesMapper)
361 c.view_data = []
370 c.view_data = []
362
371
363 _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
372 _argument_prog = re.compile('\{(.*?)\}|:\((.*)\)')
364 introspector = self.request.registry.introspector
373 introspector = self.request.registry.introspector
365
374
366 view_intr = {}
375 view_intr = {}
367 for view_data in introspector.get_category('views'):
376 for view_data in introspector.get_category('views'):
368 intr = view_data['introspectable']
377 intr = view_data['introspectable']
369
378
370 if 'route_name' in intr and intr['attr']:
379 if 'route_name' in intr and intr['attr']:
371 view_intr[intr['route_name']] = '{}:{}'.format(
380 view_intr[intr['route_name']] = '{}:{}'.format(
372 str(intr['derived_callable'].func_name), intr['attr']
381 str(intr['derived_callable'].func_name), intr['attr']
373 )
382 )
374
383
375 c.whitelist_key = 'api_access_controllers_whitelist'
384 c.whitelist_key = 'api_access_controllers_whitelist'
376 c.whitelist_file = CONFIG.get('__file__')
385 c.whitelist_file = CONFIG.get('__file__')
377 whitelist_views = aslist(
386 whitelist_views = aslist(
378 CONFIG.get(c.whitelist_key), sep=',')
387 CONFIG.get(c.whitelist_key), sep=',')
379
388
380 for route_info in mapper.get_routes():
389 for route_info in mapper.get_routes():
381 if not route_info.name.startswith('__'):
390 if not route_info.name.startswith('__'):
382 routepath = route_info.pattern
391 routepath = route_info.pattern
383
392
384 def replace(matchobj):
393 def replace(matchobj):
385 if matchobj.group(1):
394 if matchobj.group(1):
386 return "{%s}" % matchobj.group(1).split(':')[0]
395 return "{%s}" % matchobj.group(1).split(':')[0]
387 else:
396 else:
388 return "{%s}" % matchobj.group(2)
397 return "{%s}" % matchobj.group(2)
389
398
390 routepath = _argument_prog.sub(replace, routepath)
399 routepath = _argument_prog.sub(replace, routepath)
391
400
392 if not routepath.startswith('/'):
401 if not routepath.startswith('/'):
393 routepath = '/' + routepath
402 routepath = '/' + routepath
394
403
395 view_fqn = view_intr.get(route_info.name, 'NOT AVAILABLE')
404 view_fqn = view_intr.get(route_info.name, 'NOT AVAILABLE')
396 active = view_fqn in whitelist_views
405 active = view_fqn in whitelist_views
397 c.view_data.append((route_info.name, view_fqn, routepath, active))
406 c.view_data.append((route_info.name, view_fqn, routepath, active))
398
407
399 c.whitelist_views = whitelist_views
408 c.whitelist_views = whitelist_views
400 return self._get_template_context(c)
409 return self._get_template_context(c)
401
410
402 def ssh_enabled(self):
411 def ssh_enabled(self):
403 return self.request.registry.settings.get(
412 return self.request.registry.settings.get(
404 'ssh.generate_authorized_keyfile')
413 'ssh.generate_authorized_keyfile')
405
414
406 @LoginRequired()
415 @LoginRequired()
407 @HasPermissionAllDecorator('hg.admin')
416 @HasPermissionAllDecorator('hg.admin')
408 @view_config(
417 @view_config(
409 route_name='admin_permissions_ssh_keys', request_method='GET',
418 route_name='admin_permissions_ssh_keys', request_method='GET',
410 renderer='rhodecode:templates/admin/permissions/permissions.mako')
419 renderer='rhodecode:templates/admin/permissions/permissions.mako')
411 def ssh_keys(self):
420 def ssh_keys(self):
412 c = self.load_default_context()
421 c = self.load_default_context()
413 c.active = 'ssh_keys'
422 c.active = 'ssh_keys'
414 c.ssh_enabled = self.ssh_enabled()
423 c.ssh_enabled = self.ssh_enabled()
415 return self._get_template_context(c)
424 return self._get_template_context(c)
416
425
417 @LoginRequired()
426 @LoginRequired()
418 @HasPermissionAllDecorator('hg.admin')
427 @HasPermissionAllDecorator('hg.admin')
419 @view_config(
428 @view_config(
420 route_name='admin_permissions_ssh_keys_data', request_method='GET',
429 route_name='admin_permissions_ssh_keys_data', request_method='GET',
421 renderer='json_ext', xhr=True)
430 renderer='json_ext', xhr=True)
422 def ssh_keys_data(self):
431 def ssh_keys_data(self):
423 _ = self.request.translate
432 _ = self.request.translate
424 self.load_default_context()
433 self.load_default_context()
425 column_map = {
434 column_map = {
426 'fingerprint': 'ssh_key_fingerprint',
435 'fingerprint': 'ssh_key_fingerprint',
427 'username': User.username
436 'username': User.username
428 }
437 }
429 draw, start, limit = self._extract_chunk(self.request)
438 draw, start, limit = self._extract_chunk(self.request)
430 search_q, order_by, order_dir = self._extract_ordering(
439 search_q, order_by, order_dir = self._extract_ordering(
431 self.request, column_map=column_map)
440 self.request, column_map=column_map)
432
441
433 ssh_keys_data_total_count = UserSshKeys.query()\
442 ssh_keys_data_total_count = UserSshKeys.query()\
434 .count()
443 .count()
435
444
436 # json generate
445 # json generate
437 base_q = UserSshKeys.query().join(UserSshKeys.user)
446 base_q = UserSshKeys.query().join(UserSshKeys.user)
438
447
439 if search_q:
448 if search_q:
440 like_expression = u'%{}%'.format(safe_unicode(search_q))
449 like_expression = u'%{}%'.format(safe_unicode(search_q))
441 base_q = base_q.filter(or_(
450 base_q = base_q.filter(or_(
442 User.username.ilike(like_expression),
451 User.username.ilike(like_expression),
443 UserSshKeys.ssh_key_fingerprint.ilike(like_expression),
452 UserSshKeys.ssh_key_fingerprint.ilike(like_expression),
444 ))
453 ))
445
454
446 users_data_total_filtered_count = base_q.count()
455 users_data_total_filtered_count = base_q.count()
447
456
448 sort_col = self._get_order_col(order_by, UserSshKeys)
457 sort_col = self._get_order_col(order_by, UserSshKeys)
449 if sort_col:
458 if sort_col:
450 if order_dir == 'asc':
459 if order_dir == 'asc':
451 # handle null values properly to order by NULL last
460 # handle null values properly to order by NULL last
452 if order_by in ['created_on']:
461 if order_by in ['created_on']:
453 sort_col = coalesce(sort_col, datetime.date.max)
462 sort_col = coalesce(sort_col, datetime.date.max)
454 sort_col = sort_col.asc()
463 sort_col = sort_col.asc()
455 else:
464 else:
456 # handle null values properly to order by NULL last
465 # handle null values properly to order by NULL last
457 if order_by in ['created_on']:
466 if order_by in ['created_on']:
458 sort_col = coalesce(sort_col, datetime.date.min)
467 sort_col = coalesce(sort_col, datetime.date.min)
459 sort_col = sort_col.desc()
468 sort_col = sort_col.desc()
460
469
461 base_q = base_q.order_by(sort_col)
470 base_q = base_q.order_by(sort_col)
462 base_q = base_q.offset(start).limit(limit)
471 base_q = base_q.offset(start).limit(limit)
463
472
464 ssh_keys = base_q.all()
473 ssh_keys = base_q.all()
465
474
466 ssh_keys_data = []
475 ssh_keys_data = []
467 for ssh_key in ssh_keys:
476 for ssh_key in ssh_keys:
468 ssh_keys_data.append({
477 ssh_keys_data.append({
469 "username": h.gravatar_with_user(self.request, ssh_key.user.username),
478 "username": h.gravatar_with_user(self.request, ssh_key.user.username),
470 "fingerprint": ssh_key.ssh_key_fingerprint,
479 "fingerprint": ssh_key.ssh_key_fingerprint,
471 "description": ssh_key.description,
480 "description": ssh_key.description,
472 "created_on": h.format_date(ssh_key.created_on),
481 "created_on": h.format_date(ssh_key.created_on),
473 "accessed_on": h.format_date(ssh_key.accessed_on),
482 "accessed_on": h.format_date(ssh_key.accessed_on),
474 "action": h.link_to(
483 "action": h.link_to(
475 _('Edit'), h.route_path('edit_user_ssh_keys',
484 _('Edit'), h.route_path('edit_user_ssh_keys',
476 user_id=ssh_key.user.user_id))
485 user_id=ssh_key.user.user_id))
477 })
486 })
478
487
479 data = ({
488 data = ({
480 'draw': draw,
489 'draw': draw,
481 'data': ssh_keys_data,
490 'data': ssh_keys_data,
482 'recordsTotal': ssh_keys_data_total_count,
491 'recordsTotal': ssh_keys_data_total_count,
483 'recordsFiltered': users_data_total_filtered_count,
492 'recordsFiltered': users_data_total_filtered_count,
484 })
493 })
485
494
486 return data
495 return data
487
496
488 @LoginRequired()
497 @LoginRequired()
489 @HasPermissionAllDecorator('hg.admin')
498 @HasPermissionAllDecorator('hg.admin')
490 @CSRFRequired()
499 @CSRFRequired()
491 @view_config(
500 @view_config(
492 route_name='admin_permissions_ssh_keys_update', request_method='POST',
501 route_name='admin_permissions_ssh_keys_update', request_method='POST',
493 renderer='rhodecode:templates/admin/permissions/permissions.mako')
502 renderer='rhodecode:templates/admin/permissions/permissions.mako')
494 def ssh_keys_update(self):
503 def ssh_keys_update(self):
495 _ = self.request.translate
504 _ = self.request.translate
496 self.load_default_context()
505 self.load_default_context()
497
506
498 ssh_enabled = self.ssh_enabled()
507 ssh_enabled = self.ssh_enabled()
499 key_file = self.request.registry.settings.get(
508 key_file = self.request.registry.settings.get(
500 'ssh.authorized_keys_file_path')
509 'ssh.authorized_keys_file_path')
501 if ssh_enabled:
510 if ssh_enabled:
502 trigger(SshKeyFileChangeEvent(), self.request.registry)
511 events.trigger(SshKeyFileChangeEvent(), self.request.registry)
503 h.flash(_('Updated SSH keys file: {}').format(key_file),
512 h.flash(_('Updated SSH keys file: {}').format(key_file),
504 category='success')
513 category='success')
505 else:
514 else:
506 h.flash(_('SSH key support is disabled in .ini file'),
515 h.flash(_('SSH key support is disabled in .ini file'),
507 category='warning')
516 category='warning')
508
517
509 raise HTTPFound(h.route_path('admin_permissions_ssh_keys'))
518 raise HTTPFound(h.route_path('admin_permissions_ssh_keys'))
General Comments 0
You need to be logged in to leave comments. Login now