rhodecode-enterprise-ce Files · rhodecode/apps/repo_group/views/repo_group_permissions.py

permissions: flush all user permissions in case of default user permission changes....

permissions: flush all user permissions in case of default user permission changes. - this is a special case that due to inheritance we need to flush ALL users permissions - before the default permission changes didn't flush the caches result in cached values beeing present until the cache expires

dan - - Load All Authors

File last commit:

r4187:0268c0ee stable


                r4187:0268c0ee

stable

Download file

             repo_group_permissions.py
        
                    110 lines
            
             | 4.3 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / rhodecode / apps / repo_group / views / repo_group_permissions.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # -*- coding: utf-8 -*-

      # Copyright (C) 2011-2019 RhodeCode GmbH

      #

      # This program is free software: you can redistribute it and/or modify

      # it under the terms of the GNU Affero General Public License, version 3

      # (only), as published by the Free Software Foundation.

      #

      # This program is distributed in the hope that it will be useful,

      # but WITHOUT ANY WARRANTY; without even the implied warranty of

      # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

      # GNU General Public License for more details.

      #

      # You should have received a copy of the GNU Affero General Public License

      # along with this program.  If not, see <http://www.gnu.org/licenses/>.

      #

      # This program is dual-licensed. If you wish to learn more about the

      # RhodeCode Enterprise Edition, including its added features, Support services,

      # and proprietary license terms, please see https://rhodecode.com/licenses/

      import logging

      from pyramid.view import view_config

      from pyramid.httpexceptions import HTTPFound

      from rhodecode.apps._base import RepoGroupAppView

      from rhodecode.lib import helpers as h

      from rhodecode.lib import audit_logger

      from rhodecode.lib.auth import (

          LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)

      from rhodecode.model.db import User

      from rhodecode.model.permission import PermissionModel

      from rhodecode.model.repo_group import RepoGroupModel

      from rhodecode.model.forms import RepoGroupPermsForm

      from rhodecode.model.meta import Session

      log = logging.getLogger(__name__)

      class RepoGroupPermissionsView(RepoGroupAppView):

          def load_default_context(self):

              c = self._get_local_tmpl_context()

              return c

          @LoginRequired()

          @HasRepoGroupPermissionAnyDecorator('group.admin')

          @view_config(

              route_name='edit_repo_group_perms', request_method='GET',

              renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')

          def edit_repo_group_permissions(self):

              c = self.load_default_context()

              c.active = 'permissions'

              c.repo_group = self.db_repo_group

              return self._get_template_context(c)

          @LoginRequired()

          @HasRepoGroupPermissionAnyDecorator('group.admin')

          @CSRFRequired()

          @view_config(

              route_name='edit_repo_group_perms_update', request_method='POST',

              renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')

          def edit_repo_groups_permissions_update(self):

              _ = self.request.translate

              c = self.load_default_context()

              c.active = 'perms'

              c.repo_group = self.db_repo_group

              valid_recursive_choices = ['none', 'repos', 'groups', 'all']

              form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\

                  .to_python(self.request.POST)

              if not c.rhodecode_user.is_admin:

                  if self._revoke_perms_on_yourself(form):

                      msg = _('Cannot change permission for yourself as admin')

                      h.flash(msg, category='warning')

                      raise HTTPFound(

                          h.route_path('edit_repo_group_perms',

                                       repo_group_name=self.db_repo_group_name))

              # iterate over all members(if in recursive mode) of this groups and

              # set the permissions !

              # this can be potentially heavy operation

              changes = RepoGroupModel().update_permissions(

                  c.repo_group,

                  form['perm_additions'], form['perm_updates'], form['perm_deletions'],

                  form['recursive'])

              action_data = {

                  'added': changes['added'],

                  'updated': changes['updated'],

                  'deleted': changes['deleted'],

              }

              audit_logger.store_web(

                  'repo_group.edit.permissions', action_data=action_data,

                  user=c.rhodecode_user)

              Session().commit()

              h.flash(_('Repository Group permissions updated'), category='success')

              affected_user_ids = None

              if changes.get('default_user_changed', False):

                  # if we change the default user, we need to flush everyone permissions

                  affected_user_ids = [x.user_id for x in User.get_all()]

              PermissionModel().flush_user_permission_caches(

                  changes, affected_user_ids=affected_user_ids)

              raise HTTPFound(

                  h.route_path('edit_repo_group_perms',

                               repo_group_name=self.db_repo_group_name))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# -- coding: utf-8 --

				# Copyright (C) 2011-2019 RhodeCode GmbH
				#
				# This program is free software: you can redistribute it and/or modify
				# it under the terms of the GNU Affero General Public License, version 3
				# (only), as published by the Free Software Foundation.
				#
				# This program is distributed in the hope that it will be useful,
				# but WITHOUT ANY WARRANTY; without even the implied warranty of
				# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				# GNU General Public License for more details.
				#
				# You should have received a copy of the GNU Affero General Public License
				# along with this program. If not, see <http://www.gnu.org/licenses/>.
				#
				# This program is dual-licensed. If you wish to learn more about the
				# RhodeCode Enterprise Edition, including its added features, Support services,
				# and proprietary license terms, please see https://rhodecode.com/licenses/

				import logging

				from pyramid.view import view_config
				from pyramid.httpexceptions import HTTPFound

				from rhodecode.apps._base import RepoGroupAppView
				from rhodecode.lib import helpers as h
				from rhodecode.lib import audit_logger
				from rhodecode.lib.auth import (
				LoginRequired, HasRepoGroupPermissionAnyDecorator, CSRFRequired)
				from rhodecode.model.db import User
				from rhodecode.model.permission import PermissionModel
				from rhodecode.model.repo_group import RepoGroupModel
				from rhodecode.model.forms import RepoGroupPermsForm
				from rhodecode.model.meta import Session

				log = logging.getLogger(__name__)


				class RepoGroupPermissionsView(RepoGroupAppView):
				def load_default_context(self):
				c = self._get_local_tmpl_context()

				return c

				@LoginRequired()
				@HasRepoGroupPermissionAnyDecorator('group.admin')
				@view_config(
				route_name='edit_repo_group_perms', request_method='GET',
				renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
				def edit_repo_group_permissions(self):
				c = self.load_default_context()
				c.active = 'permissions'
				c.repo_group = self.db_repo_group
				return self._get_template_context(c)

				@LoginRequired()
				@HasRepoGroupPermissionAnyDecorator('group.admin')
				@CSRFRequired()
				@view_config(
				route_name='edit_repo_group_perms_update', request_method='POST',
				renderer='rhodecode:templates/admin/repo_groups/repo_group_edit.mako')
				def edit_repo_groups_permissions_update(self):
				_ = self.request.translate
				c = self.load_default_context()
				c.active = 'perms'
				c.repo_group = self.db_repo_group

				valid_recursive_choices = ['none', 'repos', 'groups', 'all']
				form = RepoGroupPermsForm(self.request.translate, valid_recursive_choices)()\
				.to_python(self.request.POST)

				if not c.rhodecode_user.is_admin:
				if self._revoke_perms_on_yourself(form):
				msg = _('Cannot change permission for yourself as admin')
				h.flash(msg, category='warning')
				raise HTTPFound(
				h.route_path('edit_repo_group_perms',
				repo_group_name=self.db_repo_group_name))

				# iterate over all members(if in recursive mode) of this groups and
				# set the permissions !
				# this can be potentially heavy operation
				changes = RepoGroupModel().update_permissions(
				c.repo_group,
				form['perm_additions'], form['perm_updates'], form['perm_deletions'],
				form['recursive'])

				action_data = {
				'added': changes['added'],
				'updated': changes['updated'],
				'deleted': changes['deleted'],
				}
				audit_logger.store_web(
				'repo_group.edit.permissions', action_data=action_data,
				user=c.rhodecode_user)

				Session().commit()
				h.flash(_('Repository Group permissions updated'), category='success')

				affected_user_ids = None
				if changes.get('default_user_changed', False):
				# if we change the default user, we need to flush everyone permissions
				affected_user_ids = [x.user_id for x in User.get_all()]
				PermissionModel().flush_user_permission_caches(
				changes, affected_user_ids=affected_user_ids)

				raise HTTPFound(
				h.route_path('edit_repo_group_perms',
				repo_group_name=self.db_repo_group_name))