u/ewong/rhodecode-enterprise-ce-fork Commit - r2852:3d46d13d

caches: flush cache when adding new objects so we can access them right away.

marcink -

r2852:3d46d13d default

parent child

rhodecode/apps/admin/views/repo_groups.py

0 +2 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import formencode
             import formencode.htmlfill
             from pyramid.httpexceptions import HTTPFound, HTTPForbidden
             from pyramid.view import view_config
             from pyramid.renderers import render
             from pyramid.response import Response
+            from rhodecode import events
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import (
                 LoginRequired, CSRFRequired, NotAnonymous,
                 HasPermissionAny, HasRepoGroupPermissionAny)
             from rhodecode.lib import helpers as h, audit_logger
             from rhodecode.lib.utils2 import safe_int, safe_unicode
             from rhodecode.model.forms import RepoGroupForm
             from rhodecode.model.repo_group import RepoGroupModel
             from rhodecode.model.scm import RepoGroupList
             from rhodecode.model.db import Session, RepoGroup
             log = logging.getLogger(__name__)
             class AdminRepoGroupsView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 def _load_form_data(self, c):
                     allow_empty_group = False
                     if self._can_create_repo_group():
                         # we're global admin, we're ok and we can create TOP level groups
                         allow_empty_group = True
                     # override the choices for this form, we need to filter choices
                     # and display only those we have ADMIN right
                     groups_with_admin_rights = RepoGroupList(
                         RepoGroup.query().all(),
                         perm_set=['group.admin'])
                     c.repo_groups = RepoGroup.groups_choices(
                         groups=groups_with_admin_rights,
                         show_empty_group=allow_empty_group)
                 def _can_create_repo_group(self, parent_group_id=None):
                     is_admin = HasPermissionAny('hg.admin')('group create controller')
                     create_repo_group = HasPermissionAny(
                         'hg.repogroup.create.true')('group create controller')
                     if is_admin or (create_repo_group and not parent_group_id):
                         # we're global admin, or we have global repo group create
                         # permission
                         # we're ok and we can create TOP level groups
                         return True
                     elif parent_group_id:
                         # we check the permission if we can write to parent group
                         group = RepoGroup.get(parent_group_id)
                         group_name = group.group_name if group else None
                         if HasRepoGroupPermissionAny('group.admin')(
                                 group_name, 'check if user is an admin of group'):
                             # we're an admin of passed in group, we're ok.
                             return True
                         else:
                             return False
                     return False
                 @LoginRequired()
                 @NotAnonymous()
                 # perms check inside
                 @view_config(
                     route_name='repo_groups', request_method='GET',
                     renderer='rhodecode:templates/admin/repo_groups/repo_groups.mako')
                 def repo_group_list(self):
                     c = self.load_default_context()
                     repo_group_list = RepoGroup.get_all_repo_groups()
                     repo_group_list_acl = RepoGroupList(
                         repo_group_list, perm_set=['group.admin'])
                     repo_group_data = RepoGroupModel().get_repo_groups_as_dict(
                         repo_group_list=repo_group_list_acl, admin=True)
                     c.data = json.dumps(repo_group_data)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 # perm checks inside
                 @view_config(
                     route_name='repo_group_new', request_method='GET',
                     renderer='rhodecode:templates/admin/repo_groups/repo_group_add.mako')
                 def repo_group_new(self):
                     c = self.load_default_context()
                     # perm check for admin, create_group perm or admin of parent_group
                     parent_group_id = safe_int(self.request.GET.get('parent_group'))
                     if not self._can_create_repo_group(parent_group_id):
                         raise HTTPForbidden()
                     self._load_form_data(c)
                     defaults = {}  # Future proof for default of repo group
                     data = render(
                         'rhodecode:templates/admin/repo_groups/repo_group_add.mako',
                         self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 # perm checks inside
                 @view_config(
                     route_name='repo_group_create', request_method='POST',
                     renderer='rhodecode:templates/admin/repo_groups/repo_group_add.mako')
                 def repo_group_create(self):
                     c = self.load_default_context()
                     _ = self.request.translate
                     parent_group_id = safe_int(self.request.POST.get('group_parent_id'))
                     can_create = self._can_create_repo_group(parent_group_id)
                     self._load_form_data(c)
                     # permissions for can create group based on parent_id are checked
                     # here in the Form
                     available_groups = map(lambda k: safe_unicode(k[0]), c.repo_groups)
                     repo_group_form = RepoGroupForm(
                         self.request.translate, available_groups=available_groups,
                         can_create_in_root=can_create)()
                     repo_group_name = self.request.POST.get('group_name')
                     try:
                         owner = self._rhodecode_user
                         form_result = repo_group_form.to_python(dict(self.request.POST))
                         repo_group = RepoGroupModel().create(
                             group_name=form_result['group_name_full'],
                             group_description=form_result['group_description'],
                             owner=owner.user_id,
                             copy_permissions=form_result['group_copy_permissions']
                         )
                         Session().flush()
                         repo_group_data = repo_group.get_api_data()
                         audit_logger.store_web(
                             'repo_group.create', action_data={'data': repo_group_data},
                             user=self._rhodecode_user)
                         Session().commit()
                         _new_group_name = form_result['group_name_full']
                         repo_group_url = h.link_to(
                             _new_group_name,
                             h.route_path('repo_group_home', repo_group_name=_new_group_name))
                         h.flash(h.literal(_('Created repository group %s')
                                 % repo_group_url), category='success')
                     except formencode.Invalid as errors:
                         data = render(
                             'rhodecode:templates/admin/repo_groups/repo_group_add.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception during creation of repository group")
                         h.flash(_('Error occurred during creation of repository group %s')
                                 % repo_group_name, category='error')
                         raise HTTPFound(h.route_path('home'))
+                    events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
                     raise HTTPFound(
                         h.route_path('repo_group_home',
                                      repo_group_name=form_result['group_name_full']))

rhodecode/apps/admin/views/repositories.py

0 +3 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import formencode
             import formencode.htmlfill
             from pyramid.httpexceptions import HTTPFound, HTTPForbidden
             from pyramid.view import view_config
             from pyramid.renderers import render
             from pyramid.response import Response
+            from rhodecode import events
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.lib.celerylib.utils import get_task_id
             from rhodecode.lib.ext_json import json
             from rhodecode.lib.auth import (
                 LoginRequired, CSRFRequired, NotAnonymous,
                 HasPermissionAny, HasRepoGroupPermissionAny)
             from rhodecode.lib import helpers as h
             from rhodecode.lib.utils import repo_name_slug
             from rhodecode.lib.utils2 import safe_int, safe_unicode
             from rhodecode.model.forms import RepoForm
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.scm import RepoList, RepoGroupList, ScmModel
             from rhodecode.model.settings import SettingsModel
             from rhodecode.model.db import Repository, RepoGroup
             log = logging.getLogger(__name__)
             class AdminReposView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 def _load_form_data(self, c):
                     acl_groups = RepoGroupList(RepoGroup.query().all(),
                                                perm_set=['group.write', 'group.admin'])
                     c.repo_groups = RepoGroup.groups_choices(groups=acl_groups)
                     c.repo_groups_choices = map(lambda k: safe_unicode(k[0]), c.repo_groups)
                     c.landing_revs_choices, c.landing_revs = \
                         ScmModel().get_repo_landing_revs(self.request.translate)
                     c.personal_repo_group = self._rhodecode_user.personal_repo_group
                 @LoginRequired()
                 @NotAnonymous()
                 # perms check inside
                 @view_config(
                     route_name='repos', request_method='GET',
                     renderer='rhodecode:templates/admin/repos/repos.mako')
                 def repository_list(self):
                     c = self.load_default_context()
                     repo_list = Repository.get_all_repos()
                     c.repo_list = RepoList(repo_list, perm_set=['repository.admin'])
                     repos_data = RepoModel().get_repos_as_dict(
                         repo_list=c.repo_list, admin=True, super_user_actions=True)
                     # json used to render the grid
                     c.data = json.dumps(repos_data)
                     return self._get_template_context(c)
                 @LoginRequired()
                 @NotAnonymous()
                 # perms check inside
                 @view_config(
                     route_name='repo_new', request_method='GET',
                     renderer='rhodecode:templates/admin/repos/repo_add.mako')
                 def repository_new(self):
                     c = self.load_default_context()
                     new_repo = self.request.GET.get('repo', '')
                     parent_group = safe_int(self.request.GET.get('parent_group'))
                     _gr = RepoGroup.get(parent_group)
                     if not HasPermissionAny('hg.admin', 'hg.create.repository')():
                         # you're not super admin nor have global create permissions,
                         # but maybe you have at least write permission to a parent group ?
                         gr_name = _gr.group_name if _gr else None
                         # create repositories with write permission on group is set to true
                         create_on_write = HasPermissionAny('hg.create.write_on_repogroup.true')()
                         group_admin = HasRepoGroupPermissionAny('group.admin')(group_name=gr_name)
                         group_write = HasRepoGroupPermissionAny('group.write')(group_name=gr_name)
                         if not (group_admin or (group_write and create_on_write)):
                             raise HTTPForbidden()
                     self._load_form_data(c)
                     c.new_repo = repo_name_slug(new_repo)
                     # apply the defaults from defaults page
                     defaults = SettingsModel().get_default_repo_settings(strip_prefix=True)
                     # set checkbox to autochecked
                     defaults['repo_copy_permissions'] = True
                     parent_group_choice = '-1'
                     if not self._rhodecode_user.is_admin and self._rhodecode_user.personal_repo_group:
                         parent_group_choice = self._rhodecode_user.personal_repo_group
                     if parent_group and _gr:
                         if parent_group in [x[0] for x in c.repo_groups]:
                             parent_group_choice = safe_unicode(parent_group)
                     defaults.update({'repo_group': parent_group_choice})
                     data = render('rhodecode:templates/admin/repos/repo_add.mako',
                                   self._get_template_context(c), self.request)
                     html = formencode.htmlfill.render(
                         data,
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                     return Response(html)
                 @LoginRequired()
                 @NotAnonymous()
                 @CSRFRequired()
                 # perms check inside
                 @view_config(
                     route_name='repo_create', request_method='POST',
                     renderer='rhodecode:templates/admin/repos/repos.mako')
                 def repository_create(self):
                     c = self.load_default_context()
                     form_result = {}
                     self._load_form_data(c)
                     task_id = None
                     try:
                         # CanWriteToGroup validators checks permissions of this POST
                         form = RepoForm(
                             self.request.translate, repo_groups=c.repo_groups_choices,
                             landing_revs=c.landing_revs_choices)()
                         form_result = form.to_python(dict(self.request.POST))
                         # create is done sometimes async on celery, db transaction
                         # management is handled there.
                         task = RepoModel().create(form_result, self._rhodecode_user.user_id)
                         task_id = get_task_id(task)
                     except formencode.Invalid as errors:
                         data = render('rhodecode:templates/admin/repos/repo_add.mako',
                                       self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception as e:
                         msg = self._log_creation_exception(e, form_result.get('repo_name'))
                         h.flash(msg, category='error')
                         raise HTTPFound(h.route_path('home'))
+                    events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
                     raise HTTPFound(
                         h.route_path('repo_creating',
                                      repo_name=form_result['repo_name_full'],
                                      _query=dict(task_id=task_id)))

rhodecode/apps/admin/views/user_groups.py

0 +2 0

             # -*- coding: utf-8 -*-
             # Copyright (C) 2016-2018 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             import formencode
             import formencode.htmlfill
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from pyramid.response import Response
             from pyramid.renderers import render
+            from rhodecode import events
             from rhodecode.apps._base import BaseAppView, DataGridAppView
             from rhodecode.lib.auth import (
                 LoginRequired, NotAnonymous, CSRFRequired, HasPermissionAnyDecorator)
             from rhodecode.lib import helpers as h, audit_logger
             from rhodecode.lib.utils2 import safe_unicode
             from rhodecode.model.forms import UserGroupForm
             from rhodecode.model.permission import PermissionModel
             from rhodecode.model.scm import UserGroupList
             from rhodecode.model.db import (
                 or_, count, User, UserGroup, UserGroupMember)
             from rhodecode.model.meta import Session
             from rhodecode.model.user_group import UserGroupModel
             from rhodecode.model.db import true
             log = logging.getLogger(__name__)
             class AdminUserGroupsView(BaseAppView, DataGridAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     PermissionModel().set_global_permission_choices(
                         c, gettext_translator=self.request.translate)
                     return c
                 # permission check in data loading of
                 # `user_groups_list_data` via UserGroupList
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='user_groups', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_groups.mako')
                 def user_groups_list(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 # permission check inside
                 @LoginRequired()
                 @NotAnonymous()
                 @view_config(
                     route_name='user_groups_data', request_method='GET',
                     renderer='json_ext', xhr=True)
                 def user_groups_list_data(self):
                     self.load_default_context()
                     column_map = {
                         'active': 'users_group_active',
                         'description': 'user_group_description',
                         'members': 'members_total',
                         'owner': 'user_username',
                         'sync': 'group_data'
                     }
                     draw, start, limit = self._extract_chunk(self.request)
                     search_q, order_by, order_dir = self._extract_ordering(
                         self.request, column_map=column_map)
                     _render = self.request.get_partial_renderer(
                         'rhodecode:templates/data_table/_dt_elements.mako')
                     def user_group_name(user_group_name):
                         return _render("user_group_name", user_group_name)
                     def user_group_actions(user_group_id, user_group_name):
                         return _render("user_group_actions", user_group_id, user_group_name)
                     def user_profile(username):
                         return _render('user_profile', username)
                     auth_user_group_list = UserGroupList(
                         UserGroup.query().all(), perm_set=['usergroup.admin'])
                     allowed_ids = [-1]
                     for user_group in auth_user_group_list:
                             allowed_ids.append(user_group.users_group_id)
                     user_groups_data_total_count = UserGroup.query()\
                         .filter(UserGroup.users_group_id.in_(allowed_ids))\
                         .count()
                     user_groups_data_total_inactive_count = UserGroup.query()\
                         .filter(UserGroup.users_group_id.in_(allowed_ids))\
                         .filter(UserGroup.users_group_active != true()).count()
                     member_count = count(UserGroupMember.user_id)
                     base_q = Session.query(
                         UserGroup.users_group_name,
                         UserGroup.user_group_description,
                         UserGroup.users_group_active,
                         UserGroup.users_group_id,
                         UserGroup.group_data,
                         User,
                         member_count.label('member_count')
                     ) \
                     .filter(UserGroup.users_group_id.in_(allowed_ids)) \
                     .outerjoin(UserGroupMember) \
                     .join(User, User.user_id == UserGroup.user_id) \
                     .group_by(UserGroup, User)
                     base_q_inactive = base_q.filter(UserGroup.users_group_active != true())
                     if search_q:
                         like_expression = u'%{}%'.format(safe_unicode(search_q))
                         base_q = base_q.filter(or_(
                             UserGroup.users_group_name.ilike(like_expression),
                         ))
                         base_q_inactive = base_q.filter(UserGroup.users_group_active != true())
                     user_groups_data_total_filtered_count = base_q.count()
                     user_groups_data_total_filtered_inactive_count = base_q_inactive.count()
                     if order_by == 'members_total':
                         sort_col = member_count
                     elif order_by == 'user_username':
                         sort_col = User.username
                     else:
                         sort_col = getattr(UserGroup, order_by, None)
                     if isinstance(sort_col, count) or sort_col:
                         if order_dir == 'asc':
                             sort_col = sort_col.asc()
                         else:
                             sort_col = sort_col.desc()
                     base_q = base_q.order_by(sort_col)
                     base_q = base_q.offset(start).limit(limit)
                     # authenticated access to user groups
                     auth_user_group_list = base_q.all()
                     user_groups_data = []
                     for user_gr in auth_user_group_list:
                         user_groups_data.append({
                             "users_group_name": user_group_name(user_gr.users_group_name),
                             "name_raw": h.escape(user_gr.users_group_name),
                             "description": h.escape(user_gr.user_group_description),
                             "members": user_gr.member_count,
                             # NOTE(marcink): because of advanced query we
                             # need to load it like that
                             "sync": UserGroup._load_sync(
                                 UserGroup._load_group_data(user_gr.group_data)),
                             "active": h.bool2icon(user_gr.users_group_active),
                             "owner": user_profile(user_gr.User.username),
                             "action": user_group_actions(
                                 user_gr.users_group_id, user_gr.users_group_name)
                         })
                     data = ({
                         'draw': draw,
                         'data': user_groups_data,
                         'recordsTotal': user_groups_data_total_count,
                         'recordsTotalInactive': user_groups_data_total_inactive_count,
                         'recordsFiltered': user_groups_data_total_filtered_count,
                         'recordsFilteredInactive': user_groups_data_total_filtered_inactive_count,
                     })
                     return data
                 @LoginRequired()
                 @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
                 @view_config(
                     route_name='user_groups_new', request_method='GET',
                     renderer='rhodecode:templates/admin/user_groups/user_group_add.mako')
                 def user_groups_new(self):
                     c = self.load_default_context()
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
                 @CSRFRequired()
                 @view_config(
                     route_name='user_groups_create', request_method='POST',
                     renderer='rhodecode:templates/admin/user_groups/user_group_add.mako')
                 def user_groups_create(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     users_group_form = UserGroupForm(self.request.translate)()
                     user_group_name = self.request.POST.get('users_group_name')
                     try:
                         form_result = users_group_form.to_python(dict(self.request.POST))
                         user_group = UserGroupModel().create(
                             name=form_result['users_group_name'],
                             description=form_result['user_group_description'],
                             owner=self._rhodecode_user.user_id,
                             active=form_result['users_group_active'])
                         Session().flush()
                         creation_data = user_group.get_api_data()
                         user_group_name = form_result['users_group_name']
                         audit_logger.store_web(
                             'user_group.create', action_data={'data': creation_data},
                             user=self._rhodecode_user)
                         user_group_link = h.link_to(
                             h.escape(user_group_name),
                             h.route_path(
                                 'edit_user_group', user_group_id=user_group.users_group_id))
                         h.flash(h.literal(_('Created user group %(user_group_link)s')
                                           % {'user_group_link': user_group_link}),
                                 category='success')
                         Session().commit()
                         user_group_id = user_group.users_group_id
                     except formencode.Invalid as errors:
                         data = render(
                             'rhodecode:templates/admin/user_groups/user_group_add.mako',
                             self._get_template_context(c), self.request)
                         html = formencode.htmlfill.render(
                             data,
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8",
                             force_defaults=False
                         )
                         return Response(html)
                     except Exception:
                         log.exception("Exception creating user group")
                         h.flash(_('Error occurred during creation of user group %s') \
                                 % user_group_name, category='error')
                         raise HTTPFound(h.route_path('user_groups_new'))
+                    events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
                     raise HTTPFound(
                         h.route_path('edit_user_group', user_group_id=user_group_id))

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages