Show More
@@ -311,17 +311,20 b' class PermOrigin(object):' | |||||
311 | REPO_USERGROUP = 'usergroup:%s' |
|
311 | REPO_USERGROUP = 'usergroup:%s' | |
312 | REPO_OWNER = 'repo.owner' |
|
312 | REPO_OWNER = 'repo.owner' | |
313 | REPO_DEFAULT = 'repo.default' |
|
313 | REPO_DEFAULT = 'repo.default' | |
|
314 | REPO_DEFAULT_NO_INHERIT = 'repo.default.no.inherit' | |||
314 | REPO_PRIVATE = 'repo.private' |
|
315 | REPO_PRIVATE = 'repo.private' | |
315 |
|
316 | |||
316 | REPOGROUP_USER = 'user:%s' |
|
317 | REPOGROUP_USER = 'user:%s' | |
317 | REPOGROUP_USERGROUP = 'usergroup:%s' |
|
318 | REPOGROUP_USERGROUP = 'usergroup:%s' | |
318 | REPOGROUP_OWNER = 'group.owner' |
|
319 | REPOGROUP_OWNER = 'group.owner' | |
319 | REPOGROUP_DEFAULT = 'group.default' |
|
320 | REPOGROUP_DEFAULT = 'group.default' | |
|
321 | REPOGROUP_DEFAULT_NO_INHERIT = 'group.default.no.inherit' | |||
320 |
|
322 | |||
321 | USERGROUP_USER = 'user:%s' |
|
323 | USERGROUP_USER = 'user:%s' | |
322 | USERGROUP_USERGROUP = 'usergroup:%s' |
|
324 | USERGROUP_USERGROUP = 'usergroup:%s' | |
323 | USERGROUP_OWNER = 'usergroup.owner' |
|
325 | USERGROUP_OWNER = 'usergroup.owner' | |
324 | USERGROUP_DEFAULT = 'usergroup.default' |
|
326 | USERGROUP_DEFAULT = 'usergroup.default' | |
|
327 | USERGROUP_DEFAULT_NO_INHERIT = 'usergroup.default.no.inherit' | |||
325 |
|
328 | |||
326 |
|
329 | |||
327 | class PermOriginDict(dict): |
|
330 | class PermOriginDict(dict): | |
@@ -345,7 +348,7 b' class PermOriginDict(dict):' | |||||
345 |
|
348 | |||
346 | def __init__(self, *args, **kw): |
|
349 | def __init__(self, *args, **kw): | |
347 | dict.__init__(self, *args, **kw) |
|
350 | dict.__init__(self, *args, **kw) | |
348 |
self.perm_origin_stack = |
|
351 | self.perm_origin_stack = collections.OrderedDict() | |
349 |
|
352 | |||
350 | def __setitem__(self, key, (perm, origin)): |
|
353 | def __setitem__(self, key, (perm, origin)): | |
351 | self.perm_origin_stack.setdefault(key, []).append((perm, origin)) |
|
354 | self.perm_origin_stack.setdefault(key, []).append((perm, origin)) | |
@@ -529,60 +532,73 b' class PermissionCalculator(object):' | |||||
529 | # on given repo |
|
532 | # on given repo | |
530 | for perm in self.default_repo_perms: |
|
533 | for perm in self.default_repo_perms: | |
531 | r_k = perm.UserRepoToPerm.repository.repo_name |
|
534 | r_k = perm.UserRepoToPerm.repository.repo_name | |
|
535 | p = perm.Permission.permission_name | |||
532 | o = PermOrigin.REPO_DEFAULT |
|
536 | o = PermOrigin.REPO_DEFAULT | |
|
537 | self.permissions_repositories[r_k] = p, o | |||
|
538 | ||||
|
539 | # if we decide this user isn't inheriting permissions from | |||
|
540 | # default user we set him to .none so only explicit | |||
|
541 | # permissions work | |||
|
542 | if not user_inherit_object_permissions: | |||
|
543 | p = 'repository.none' | |||
|
544 | o = PermOrigin.REPO_DEFAULT_NO_INHERIT | |||
|
545 | ||||
|
546 | self.permissions_repositories[r_k] = p, o | |||
|
547 | ||||
533 | if perm.Repository.private and not ( |
|
548 | if perm.Repository.private and not ( | |
534 | perm.Repository.user_id == self.user_id): |
|
549 | perm.Repository.user_id == self.user_id): | |
535 | # disable defaults for private repos, |
|
550 | # disable defaults for private repos, | |
536 | p = 'repository.none' |
|
551 | p = 'repository.none' | |
537 | o = PermOrigin.REPO_PRIVATE |
|
552 | o = PermOrigin.REPO_PRIVATE | |
|
553 | self.permissions_repositories[r_k] = p, o | |||
|
554 | ||||
538 | elif perm.Repository.user_id == self.user_id: |
|
555 | elif perm.Repository.user_id == self.user_id: | |
539 | # set admin if owner |
|
556 | # set admin if owner | |
540 | p = 'repository.admin' |
|
557 | p = 'repository.admin' | |
541 | o = PermOrigin.REPO_OWNER |
|
558 | o = PermOrigin.REPO_OWNER | |
542 | else: |
|
559 | self.permissions_repositories[r_k] = p, o | |
543 | p = perm.Permission.permission_name |
|
|||
544 | # if we decide this user isn't inheriting permissions from |
|
|||
545 | # default user we set him to .none so only explicit |
|
|||
546 | # permissions work |
|
|||
547 | if not user_inherit_object_permissions: |
|
|||
548 | p = 'repository.none' |
|
|||
549 | self.permissions_repositories[r_k] = p, o |
|
|||
550 |
|
560 | |||
551 | # defaults for repository groups taken from `default` user permission |
|
561 | # defaults for repository groups taken from `default` user permission | |
552 | # on given group |
|
562 | # on given group | |
553 | for perm in self.default_repo_groups_perms: |
|
563 | for perm in self.default_repo_groups_perms: | |
554 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
564 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
|
565 | p = perm.Permission.permission_name | |||
555 | o = PermOrigin.REPOGROUP_DEFAULT |
|
566 | o = PermOrigin.REPOGROUP_DEFAULT | |
556 | if perm.RepoGroup.user_id == self.user_id: |
|
567 | self.permissions_repository_groups[rg_k] = p, o | |
557 | # set admin if owner |
|
|||
558 | p = 'group.admin' |
|
|||
559 | o = PermOrigin.REPOGROUP_OWNER |
|
|||
560 | else: |
|
|||
561 | p = perm.Permission.permission_name |
|
|||
562 |
|
568 | |||
563 | # if we decide this user isn't inheriting permissions from default |
|
569 | # if we decide this user isn't inheriting permissions from default | |
564 | # user we set him to .none so only explicit permissions work |
|
570 | # user we set him to .none so only explicit permissions work | |
565 | if not user_inherit_object_permissions: |
|
571 | if not user_inherit_object_permissions: | |
566 | p = 'group.none' |
|
572 | p = 'group.none' | |
567 | self.permissions_repository_groups[rg_k] = p, o |
|
573 | o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT | |
|
574 | self.permissions_repository_groups[rg_k] = p, o | |||
|
575 | ||||
|
576 | if perm.RepoGroup.user_id == self.user_id: | |||
|
577 | # set admin if owner | |||
|
578 | p = 'group.admin' | |||
|
579 | o = PermOrigin.REPOGROUP_OWNER | |||
|
580 | self.permissions_repository_groups[rg_k] = p, o | |||
568 |
|
581 | |||
569 | # defaults for user groups taken from `default` user permission |
|
582 | # defaults for user groups taken from `default` user permission | |
570 | # on given user group |
|
583 | # on given user group | |
571 | for perm in self.default_user_group_perms: |
|
584 | for perm in self.default_user_group_perms: | |
572 | u_k = perm.UserUserGroupToPerm.user_group.users_group_name |
|
585 | u_k = perm.UserUserGroupToPerm.user_group.users_group_name | |
|
586 | p = perm.Permission.permission_name | |||
573 | o = PermOrigin.USERGROUP_DEFAULT |
|
587 | o = PermOrigin.USERGROUP_DEFAULT | |
574 | if perm.UserGroup.user_id == self.user_id: |
|
588 | self.permissions_user_groups[u_k] = p, o | |
575 | # set admin if owner |
|
|||
576 | p = 'usergroup.admin' |
|
|||
577 | o = PermOrigin.USERGROUP_OWNER |
|
|||
578 | else: |
|
|||
579 | p = perm.Permission.permission_name |
|
|||
580 |
|
589 | |||
581 | # if we decide this user isn't inheriting permissions from default |
|
590 | # if we decide this user isn't inheriting permissions from default | |
582 | # user we set him to .none so only explicit permissions work |
|
591 | # user we set him to .none so only explicit permissions work | |
583 | if not user_inherit_object_permissions: |
|
592 | if not user_inherit_object_permissions: | |
584 | p = 'usergroup.none' |
|
593 | p = 'usergroup.none' | |
585 | self.permissions_user_groups[u_k] = p, o |
|
594 | o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT | |
|
595 | self.permissions_user_groups[u_k] = p, o | |||
|
596 | ||||
|
597 | if perm.UserGroup.user_id == self.user_id: | |||
|
598 | # set admin if owner | |||
|
599 | p = 'usergroup.admin' | |||
|
600 | o = PermOrigin.USERGROUP_OWNER | |||
|
601 | self.permissions_user_groups[u_k] = p, o | |||
586 |
|
602 | |||
587 | def _calculate_repository_permissions(self): |
|
603 | def _calculate_repository_permissions(self): | |
588 | """ |
|
604 | """ | |
@@ -603,18 +619,20 b' class PermissionCalculator(object):' | |||||
603 | r_k = perm.UserGroupRepoToPerm.repository.repo_name |
|
619 | r_k = perm.UserGroupRepoToPerm.repository.repo_name | |
604 | ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name |
|
620 | ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name | |
605 | multiple_counter[r_k] += 1 |
|
621 | multiple_counter[r_k] += 1 | |
|
622 | ||||
606 | p = perm.Permission.permission_name |
|
623 | p = perm.Permission.permission_name | |
607 | o = PermOrigin.REPO_USERGROUP % ug_k |
|
624 | o = PermOrigin.REPO_USERGROUP % ug_k | |
|
625 | if multiple_counter[r_k] > 1: | |||
|
626 | cur_perm = self.permissions_repositories[r_k] | |||
|
627 | p = self._choose_permission(p, cur_perm) | |||
|
628 | ||||
|
629 | self.permissions_repositories[r_k] = p, o | |||
608 |
|
630 | |||
609 | if perm.Repository.user_id == self.user_id: |
|
631 | if perm.Repository.user_id == self.user_id: | |
610 | # set admin if owner |
|
632 | # set admin if owner | |
611 | p = 'repository.admin' |
|
633 | p = 'repository.admin' | |
612 | o = PermOrigin.REPO_OWNER |
|
634 | o = PermOrigin.REPO_OWNER | |
613 | else: |
|
635 | self.permissions_repositories[r_k] = p, o | |
614 | if multiple_counter[r_k] > 1: |
|
|||
615 | cur_perm = self.permissions_repositories[r_k] |
|
|||
616 | p = self._choose_permission(p, cur_perm) |
|
|||
617 | self.permissions_repositories[r_k] = p, o |
|
|||
618 |
|
636 | |||
619 | # user explicit permissions for repositories, overrides any specified |
|
637 | # user explicit permissions for repositories, overrides any specified | |
620 | # by the group permission |
|
638 | # by the group permission | |
@@ -622,25 +640,28 b' class PermissionCalculator(object):' | |||||
622 | self.user_id, self.scope_repo_id) |
|
640 | self.user_id, self.scope_repo_id) | |
623 | for perm in user_repo_perms: |
|
641 | for perm in user_repo_perms: | |
624 | r_k = perm.UserRepoToPerm.repository.repo_name |
|
642 | r_k = perm.UserRepoToPerm.repository.repo_name | |
|
643 | p = perm.Permission.permission_name | |||
625 | o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username |
|
644 | o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username | |
626 | # set admin if owner |
|
645 | ||
|
646 | if not self.explicit: | |||
|
647 | cur_perm = self.permissions_repositories.get( | |||
|
648 | r_k, 'repository.none') | |||
|
649 | p = self._choose_permission(p, cur_perm) | |||
|
650 | ||||
|
651 | self.permissions_repositories[r_k] = p, o | |||
|
652 | ||||
627 | if perm.Repository.user_id == self.user_id: |
|
653 | if perm.Repository.user_id == self.user_id: | |
|
654 | # set admin if owner | |||
628 | p = 'repository.admin' |
|
655 | p = 'repository.admin' | |
629 | o = PermOrigin.REPO_OWNER |
|
656 | o = PermOrigin.REPO_OWNER | |
630 | else: |
|
657 | self.permissions_repositories[r_k] = p, o | |
631 | p = perm.Permission.permission_name |
|
|||
632 | if not self.explicit: |
|
|||
633 | cur_perm = self.permissions_repositories.get( |
|
|||
634 | r_k, 'repository.none') |
|
|||
635 | p = self._choose_permission(p, cur_perm) |
|
|||
636 | self.permissions_repositories[r_k] = p, o |
|
|||
637 |
|
658 | |||
638 | def _calculate_repository_group_permissions(self): |
|
659 | def _calculate_repository_group_permissions(self): | |
639 | """ |
|
660 | """ | |
640 | Repository group permissions for the current user. |
|
661 | Repository group permissions for the current user. | |
641 |
|
662 | |||
642 | Check if the user is part of user groups for repository groups and |
|
663 | Check if the user is part of user groups for repository groups and | |
643 |
fill in the permissions from it. `_choose_perm |
|
664 | fill in the permissions from it. `_choose_permission` decides of which | |
644 | permission should be selected based on selected method. |
|
665 | permission should be selected based on selected method. | |
645 | """ |
|
666 | """ | |
646 | # user group for repo groups permissions |
|
667 | # user group for repo groups permissions | |
@@ -652,18 +673,20 b' class PermissionCalculator(object):' | |||||
652 | for perm in user_repo_group_perms_from_user_group: |
|
673 | for perm in user_repo_group_perms_from_user_group: | |
653 | g_k = perm.UserGroupRepoGroupToPerm.group.group_name |
|
674 | g_k = perm.UserGroupRepoGroupToPerm.group.group_name | |
654 | ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name |
|
675 | ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name | |
|
676 | multiple_counter[g_k] += 1 | |||
655 | o = PermOrigin.REPOGROUP_USERGROUP % ug_k |
|
677 | o = PermOrigin.REPOGROUP_USERGROUP % ug_k | |
656 | multiple_counter[g_k] += 1 |
|
|||
657 | p = perm.Permission.permission_name |
|
678 | p = perm.Permission.permission_name | |
|
679 | ||||
|
680 | if multiple_counter[g_k] > 1: | |||
|
681 | cur_perm = self.permissions_repository_groups[g_k] | |||
|
682 | p = self._choose_permission(p, cur_perm) | |||
|
683 | self.permissions_repository_groups[g_k] = p, o | |||
|
684 | ||||
658 | if perm.RepoGroup.user_id == self.user_id: |
|
685 | if perm.RepoGroup.user_id == self.user_id: | |
659 | # set admin if owner, even for member of other user group |
|
686 | # set admin if owner, even for member of other user group | |
660 | p = 'group.admin' |
|
687 | p = 'group.admin' | |
661 | o = PermOrigin.REPOGROUP_OWNER |
|
688 | o = PermOrigin.REPOGROUP_OWNER | |
662 | else: |
|
689 | self.permissions_repository_groups[g_k] = p, o | |
663 | if multiple_counter[g_k] > 1: |
|
|||
664 | cur_perm = self.permissions_repository_groups[g_k] |
|
|||
665 | p = self._choose_permission(p, cur_perm) |
|
|||
666 | self.permissions_repository_groups[g_k] = p, o |
|
|||
667 |
|
690 | |||
668 | # user explicit permissions for repository groups |
|
691 | # user explicit permissions for repository groups | |
669 | user_repo_groups_perms = Permission.get_default_group_perms( |
|
692 | user_repo_groups_perms = Permission.get_default_group_perms( | |
@@ -672,18 +695,20 b' class PermissionCalculator(object):' | |||||
672 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
695 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
673 | u_k = perm.UserRepoGroupToPerm.user.username |
|
696 | u_k = perm.UserRepoGroupToPerm.user.username | |
674 | o = PermOrigin.REPOGROUP_USER % u_k |
|
697 | o = PermOrigin.REPOGROUP_USER % u_k | |
|
698 | p = perm.Permission.permission_name | |||
|
699 | ||||
|
700 | if not self.explicit: | |||
|
701 | cur_perm = self.permissions_repository_groups.get( | |||
|
702 | rg_k, 'group.none') | |||
|
703 | p = self._choose_permission(p, cur_perm) | |||
|
704 | ||||
|
705 | self.permissions_repository_groups[rg_k] = p, o | |||
675 |
|
706 | |||
676 | if perm.RepoGroup.user_id == self.user_id: |
|
707 | if perm.RepoGroup.user_id == self.user_id: | |
677 | # set admin if owner |
|
708 | # set admin if owner | |
678 | p = 'group.admin' |
|
709 | p = 'group.admin' | |
679 | o = PermOrigin.REPOGROUP_OWNER |
|
710 | o = PermOrigin.REPOGROUP_OWNER | |
680 | else: |
|
711 | self.permissions_repository_groups[rg_k] = p, o | |
681 | p = perm.Permission.permission_name |
|
|||
682 | if not self.explicit: |
|
|||
683 | cur_perm = self.permissions_repository_groups.get( |
|
|||
684 | rg_k, 'group.none') |
|
|||
685 | p = self._choose_permission(p, cur_perm) |
|
|||
686 | self.permissions_repository_groups[rg_k] = p, o |
|
|||
687 |
|
712 | |||
688 | def _calculate_user_group_permissions(self): |
|
713 | def _calculate_user_group_permissions(self): | |
689 | """ |
|
714 | """ | |
@@ -700,19 +725,21 b' class PermissionCalculator(object):' | |||||
700 | .target_user_group.users_group_name |
|
725 | .target_user_group.users_group_name | |
701 | u_k = perm.UserGroupUserGroupToPerm\ |
|
726 | u_k = perm.UserGroupUserGroupToPerm\ | |
702 | .user_group.users_group_name |
|
727 | .user_group.users_group_name | |
|
728 | multiple_counter[g_k] += 1 | |||
703 | o = PermOrigin.USERGROUP_USERGROUP % u_k |
|
729 | o = PermOrigin.USERGROUP_USERGROUP % u_k | |
704 | multiple_counter[g_k] += 1 |
|
|||
705 | p = perm.Permission.permission_name |
|
730 | p = perm.Permission.permission_name | |
706 |
|
731 | |||
|
732 | if multiple_counter[g_k] > 1: | |||
|
733 | cur_perm = self.permissions_user_groups[g_k] | |||
|
734 | p = self._choose_permission(p, cur_perm) | |||
|
735 | ||||
|
736 | self.permissions_user_groups[g_k] = p, o | |||
|
737 | ||||
707 | if perm.UserGroup.user_id == self.user_id: |
|
738 | if perm.UserGroup.user_id == self.user_id: | |
708 | # set admin if owner, even for member of other user group |
|
739 | # set admin if owner, even for member of other user group | |
709 | p = 'usergroup.admin' |
|
740 | p = 'usergroup.admin' | |
710 | o = PermOrigin.USERGROUP_OWNER |
|
741 | o = PermOrigin.USERGROUP_OWNER | |
711 | else: |
|
742 | self.permissions_user_groups[g_k] = p, o | |
712 | if multiple_counter[g_k] > 1: |
|
|||
713 | cur_perm = self.permissions_user_groups[g_k] |
|
|||
714 | p = self._choose_permission(p, cur_perm) |
|
|||
715 | self.permissions_user_groups[g_k] = p, o |
|
|||
716 |
|
743 | |||
717 | # user explicit permission for user groups |
|
744 | # user explicit permission for user groups | |
718 | user_user_groups_perms = Permission.get_default_user_group_perms( |
|
745 | user_user_groups_perms = Permission.get_default_user_group_perms( | |
@@ -721,18 +748,20 b' class PermissionCalculator(object):' | |||||
721 | ug_k = perm.UserUserGroupToPerm.user_group.users_group_name |
|
748 | ug_k = perm.UserUserGroupToPerm.user_group.users_group_name | |
722 | u_k = perm.UserUserGroupToPerm.user.username |
|
749 | u_k = perm.UserUserGroupToPerm.user.username | |
723 | o = PermOrigin.USERGROUP_USER % u_k |
|
750 | o = PermOrigin.USERGROUP_USER % u_k | |
|
751 | p = perm.Permission.permission_name | |||
|
752 | ||||
|
753 | if not self.explicit: | |||
|
754 | cur_perm = self.permissions_user_groups.get( | |||
|
755 | ug_k, 'usergroup.none') | |||
|
756 | p = self._choose_permission(p, cur_perm) | |||
|
757 | ||||
|
758 | self.permissions_user_groups[ug_k] = p, o | |||
724 |
|
759 | |||
725 | if perm.UserGroup.user_id == self.user_id: |
|
760 | if perm.UserGroup.user_id == self.user_id: | |
726 | # set admin if owner |
|
761 | # set admin if owner | |
727 | p = 'usergroup.admin' |
|
762 | p = 'usergroup.admin' | |
728 | o = PermOrigin.USERGROUP_OWNER |
|
763 | o = PermOrigin.USERGROUP_OWNER | |
729 | else: |
|
764 | self.permissions_user_groups[ug_k] = p, o | |
730 | p = perm.Permission.permission_name |
|
|||
731 | if not self.explicit: |
|
|||
732 | cur_perm = self.permissions_user_groups.get( |
|
|||
733 | ug_k, 'usergroup.none') |
|
|||
734 | p = self._choose_permission(p, cur_perm) |
|
|||
735 | self.permissions_user_groups[ug_k] = p, o |
|
|||
736 |
|
765 | |||
737 | def _choose_permission(self, new_perm, cur_perm): |
|
766 | def _choose_permission(self, new_perm, cur_perm): | |
738 | new_perm_val = Permission.PERM_WEIGHTS[new_perm] |
|
767 | new_perm_val = Permission.PERM_WEIGHTS[new_perm] |
@@ -181,11 +181,25 b'' | |||||
181 | </td> |
|
181 | </td> | |
182 | <td class="td-tags"> |
|
182 | <td class="td-tags"> | |
183 | %if hasattr(permissions[section], 'perm_origin_stack'): |
|
183 | %if hasattr(permissions[section], 'perm_origin_stack'): | |
|
184 | <div> | |||
184 | %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])): |
|
185 | %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])): | |
185 | <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}"> |
|
186 | ||
186 |
|
|
187 | % if i > 0: | |
187 |
< |
|
188 | <div style="color: #979797"> | |
|
189 | <i class="icon-arrow_up"></i> | |||
|
190 | ${_('overridden by')} | |||
|
191 | <i class="icon-arrow_up"></i> | |||
|
192 | </div> | |||
|
193 | % endif | |||
|
194 | ||||
|
195 | <div> | |||
|
196 | <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}"> | |||
|
197 | ${perm} (${origin}) | |||
|
198 | </span> | |||
|
199 | </div> | |||
|
200 | ||||
188 |
|
|
201 | %endfor | |
|
202 | </div> | |||
189 | %else: |
|
203 | %else: | |
190 | <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span> |
|
204 | <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span> | |
191 | %endif |
|
205 | %endif |
General Comments 0
You need to be logged in to leave comments.
Login now