##// END OF EJS Templates
auth: added helpers to fetch IDs of repos/repo groups/user groups that...
marcink -
r2036:56c66719 default
parent child Browse files
Show More
@@ -34,6 +34,7 b' import traceback'
34 from functools import wraps
34 from functools import wraps
35
35
36 import ipaddress
36 import ipaddress
37 from beaker.cache import cache_region
37 from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
38 from pyramid.httpexceptions import HTTPForbidden, HTTPFound, HTTPNotFound
38 from pylons.i18n.translation import _
39 from pylons.i18n.translation import _
39 # NOTE(marcink): this has to be removed only after pyramid migration,
40 # NOTE(marcink): this has to be removed only after pyramid migration,
@@ -48,7 +49,7 b' from rhodecode.model.meta import Session'
48 from rhodecode.model.user import UserModel
49 from rhodecode.model.user import UserModel
49 from rhodecode.model.db import (
50 from rhodecode.model.db import (
50 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
51 User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
51 UserIpMap, UserApiKeys, RepoGroup)
52 UserIpMap, UserApiKeys, RepoGroup, UserGroup)
52 from rhodecode.lib import caches
53 from rhodecode.lib import caches
53 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
54 from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5
54 from rhodecode.lib.utils import (
55 from rhodecode.lib.utils import (
@@ -1003,6 +1004,66 b' class AuthUser(object):'
1003 x[0] for x in self.permissions['user_groups'].iteritems()
1004 x[0] for x in self.permissions['user_groups'].iteritems()
1004 if x[1] == 'usergroup.admin']
1005 if x[1] == 'usergroup.admin']
1005
1006
1007 def repo_acl_ids(self, perms=None, cache=False):
1008 """
1009 Returns list of repository ids that user have access to based on given
1010 perms. The cache flag should be only used in cases that are used for
1011 display purposes, NOT IN ANY CASE for permission checks.
1012 """
1013 from rhodecode.model.scm import RepoList
1014 if not perms:
1015 perms = [
1016 'repository.read', 'repository.write', 'repository.admin']
1017
1018 def _cached_repo_acl(user_id, perm_def):
1019 return [x.repo_id for x in RepoList(
1020 Repository.query().all(), perm_set=perm_def)]
1021
1022 compute = caches.conditional_cache(
1023 'long_term', 'repo_acl_ids',
1024 condition=cache, func=_cached_repo_acl)
1025 return compute(self.user_id, perms)
1026
1027 def repo_group_acl_ids(self, perms=None, cache=False):
1028 """
1029 Returns list of repository group ids that user have access to based on given
1030 perms. The cache flag should be only used in cases that are used for
1031 display purposes, NOT IN ANY CASE for permission checks.
1032 """
1033 from rhodecode.model.scm import RepoGroupList
1034 if not perms:
1035 perms = [
1036 'group.read', 'group.write', 'group.admin']
1037
1038 def _cached_repo_group_acl(user_id, perm_def):
1039 return [x.group_id for x in RepoGroupList(
1040 RepoGroup.query().all(), perm_set=perm_def)]
1041
1042 compute = caches.conditional_cache(
1043 'long_term', 'repo_group_acl_ids',
1044 condition=cache, func=_cached_repo_group_acl)
1045 return compute(self.user_id, perms)
1046
1047 def user_group_acl_ids(self, perms=None, cache=False):
1048 """
1049 Returns list of user group ids that user have access to based on given
1050 perms. The cache flag should be only used in cases that are used for
1051 display purposes, NOT IN ANY CASE for permission checks.
1052 """
1053 from rhodecode.model.scm import UserGroupList
1054 if not perms:
1055 perms = [
1056 'usergroup.read', 'usergroup.write', 'usergroup.admin']
1057
1058 def _cached_user_group_acl(user_id, perm_def):
1059 return [x.users_group_id for x in UserGroupList(
1060 UserGroup.query().all(), perm_set=perm_def)]
1061
1062 compute = caches.conditional_cache(
1063 'long_term', 'user_group_acl_ids',
1064 condition=cache, func=_cached_user_group_acl)
1065 return compute(self.user_id, perms)
1066
1006 @property
1067 @property
1007 def ip_allowed(self):
1068 def ip_allowed(self):
1008 """
1069 """
General Comments 0
You need to be logged in to leave comments. Login now