##// END OF EJS Templates
permissions: explicitly register all permissions set for user. Fixes #4217...
marcink -
r2063:8a6e9139 default
parent child Browse files
Show More
@@ -311,17 +311,20 b' class PermOrigin(object):'
311 REPO_USERGROUP = 'usergroup:%s'
311 REPO_USERGROUP = 'usergroup:%s'
312 REPO_OWNER = 'repo.owner'
312 REPO_OWNER = 'repo.owner'
313 REPO_DEFAULT = 'repo.default'
313 REPO_DEFAULT = 'repo.default'
314 REPO_DEFAULT_NO_INHERIT = 'repo.default.no.inherit'
314 REPO_PRIVATE = 'repo.private'
315 REPO_PRIVATE = 'repo.private'
315
316
316 REPOGROUP_USER = 'user:%s'
317 REPOGROUP_USER = 'user:%s'
317 REPOGROUP_USERGROUP = 'usergroup:%s'
318 REPOGROUP_USERGROUP = 'usergroup:%s'
318 REPOGROUP_OWNER = 'group.owner'
319 REPOGROUP_OWNER = 'group.owner'
319 REPOGROUP_DEFAULT = 'group.default'
320 REPOGROUP_DEFAULT = 'group.default'
321 REPOGROUP_DEFAULT_NO_INHERIT = 'group.default.no.inherit'
320
322
321 USERGROUP_USER = 'user:%s'
323 USERGROUP_USER = 'user:%s'
322 USERGROUP_USERGROUP = 'usergroup:%s'
324 USERGROUP_USERGROUP = 'usergroup:%s'
323 USERGROUP_OWNER = 'usergroup.owner'
325 USERGROUP_OWNER = 'usergroup.owner'
324 USERGROUP_DEFAULT = 'usergroup.default'
326 USERGROUP_DEFAULT = 'usergroup.default'
327 USERGROUP_DEFAULT_NO_INHERIT = 'usergroup.default.no.inherit'
325
328
326
329
327 class PermOriginDict(dict):
330 class PermOriginDict(dict):
@@ -345,7 +348,7 b' class PermOriginDict(dict):'
345
348
346 def __init__(self, *args, **kw):
349 def __init__(self, *args, **kw):
347 dict.__init__(self, *args, **kw)
350 dict.__init__(self, *args, **kw)
348 self.perm_origin_stack = {}
351 self.perm_origin_stack = collections.OrderedDict()
349
352
350 def __setitem__(self, key, (perm, origin)):
353 def __setitem__(self, key, (perm, origin)):
351 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
354 self.perm_origin_stack.setdefault(key, []).append((perm, origin))
@@ -529,60 +532,73 b' class PermissionCalculator(object):'
529 # on given repo
532 # on given repo
530 for perm in self.default_repo_perms:
533 for perm in self.default_repo_perms:
531 r_k = perm.UserRepoToPerm.repository.repo_name
534 r_k = perm.UserRepoToPerm.repository.repo_name
535 p = perm.Permission.permission_name
532 o = PermOrigin.REPO_DEFAULT
536 o = PermOrigin.REPO_DEFAULT
537 self.permissions_repositories[r_k] = p, o
538
539 # if we decide this user isn't inheriting permissions from
540 # default user we set him to .none so only explicit
541 # permissions work
542 if not user_inherit_object_permissions:
543 p = 'repository.none'
544 o = PermOrigin.REPO_DEFAULT_NO_INHERIT
545
546 self.permissions_repositories[r_k] = p, o
547
533 if perm.Repository.private and not (
548 if perm.Repository.private and not (
534 perm.Repository.user_id == self.user_id):
549 perm.Repository.user_id == self.user_id):
535 # disable defaults for private repos,
550 # disable defaults for private repos,
536 p = 'repository.none'
551 p = 'repository.none'
537 o = PermOrigin.REPO_PRIVATE
552 o = PermOrigin.REPO_PRIVATE
553 self.permissions_repositories[r_k] = p, o
554
538 elif perm.Repository.user_id == self.user_id:
555 elif perm.Repository.user_id == self.user_id:
539 # set admin if owner
556 # set admin if owner
540 p = 'repository.admin'
557 p = 'repository.admin'
541 o = PermOrigin.REPO_OWNER
558 o = PermOrigin.REPO_OWNER
542 else:
559 self.permissions_repositories[r_k] = p, o
543 p = perm.Permission.permission_name
544 # if we decide this user isn't inheriting permissions from
545 # default user we set him to .none so only explicit
546 # permissions work
547 if not user_inherit_object_permissions:
548 p = 'repository.none'
549 self.permissions_repositories[r_k] = p, o
550
560
551 # defaults for repository groups taken from `default` user permission
561 # defaults for repository groups taken from `default` user permission
552 # on given group
562 # on given group
553 for perm in self.default_repo_groups_perms:
563 for perm in self.default_repo_groups_perms:
554 rg_k = perm.UserRepoGroupToPerm.group.group_name
564 rg_k = perm.UserRepoGroupToPerm.group.group_name
565 p = perm.Permission.permission_name
555 o = PermOrigin.REPOGROUP_DEFAULT
566 o = PermOrigin.REPOGROUP_DEFAULT
556 if perm.RepoGroup.user_id == self.user_id:
567 self.permissions_repository_groups[rg_k] = p, o
557 # set admin if owner
558 p = 'group.admin'
559 o = PermOrigin.REPOGROUP_OWNER
560 else:
561 p = perm.Permission.permission_name
562
568
563 # if we decide this user isn't inheriting permissions from default
569 # if we decide this user isn't inheriting permissions from default
564 # user we set him to .none so only explicit permissions work
570 # user we set him to .none so only explicit permissions work
565 if not user_inherit_object_permissions:
571 if not user_inherit_object_permissions:
566 p = 'group.none'
572 p = 'group.none'
567 self.permissions_repository_groups[rg_k] = p, o
573 o = PermOrigin.REPOGROUP_DEFAULT_NO_INHERIT
574 self.permissions_repository_groups[rg_k] = p, o
575
576 if perm.RepoGroup.user_id == self.user_id:
577 # set admin if owner
578 p = 'group.admin'
579 o = PermOrigin.REPOGROUP_OWNER
580 self.permissions_repository_groups[rg_k] = p, o
568
581
569 # defaults for user groups taken from `default` user permission
582 # defaults for user groups taken from `default` user permission
570 # on given user group
583 # on given user group
571 for perm in self.default_user_group_perms:
584 for perm in self.default_user_group_perms:
572 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
585 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
586 p = perm.Permission.permission_name
573 o = PermOrigin.USERGROUP_DEFAULT
587 o = PermOrigin.USERGROUP_DEFAULT
574 if perm.UserGroup.user_id == self.user_id:
588 self.permissions_user_groups[u_k] = p, o
575 # set admin if owner
576 p = 'usergroup.admin'
577 o = PermOrigin.USERGROUP_OWNER
578 else:
579 p = perm.Permission.permission_name
580
589
581 # if we decide this user isn't inheriting permissions from default
590 # if we decide this user isn't inheriting permissions from default
582 # user we set him to .none so only explicit permissions work
591 # user we set him to .none so only explicit permissions work
583 if not user_inherit_object_permissions:
592 if not user_inherit_object_permissions:
584 p = 'usergroup.none'
593 p = 'usergroup.none'
585 self.permissions_user_groups[u_k] = p, o
594 o = PermOrigin.USERGROUP_DEFAULT_NO_INHERIT
595 self.permissions_user_groups[u_k] = p, o
596
597 if perm.UserGroup.user_id == self.user_id:
598 # set admin if owner
599 p = 'usergroup.admin'
600 o = PermOrigin.USERGROUP_OWNER
601 self.permissions_user_groups[u_k] = p, o
586
602
587 def _calculate_repository_permissions(self):
603 def _calculate_repository_permissions(self):
588 """
604 """
@@ -603,18 +619,20 b' class PermissionCalculator(object):'
603 r_k = perm.UserGroupRepoToPerm.repository.repo_name
619 r_k = perm.UserGroupRepoToPerm.repository.repo_name
604 ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name
620 ug_k = perm.UserGroupRepoToPerm.users_group.users_group_name
605 multiple_counter[r_k] += 1
621 multiple_counter[r_k] += 1
622
606 p = perm.Permission.permission_name
623 p = perm.Permission.permission_name
607 o = PermOrigin.REPO_USERGROUP % ug_k
624 o = PermOrigin.REPO_USERGROUP % ug_k
625 if multiple_counter[r_k] > 1:
626 cur_perm = self.permissions_repositories[r_k]
627 p = self._choose_permission(p, cur_perm)
628
629 self.permissions_repositories[r_k] = p, o
608
630
609 if perm.Repository.user_id == self.user_id:
631 if perm.Repository.user_id == self.user_id:
610 # set admin if owner
632 # set admin if owner
611 p = 'repository.admin'
633 p = 'repository.admin'
612 o = PermOrigin.REPO_OWNER
634 o = PermOrigin.REPO_OWNER
613 else:
635 self.permissions_repositories[r_k] = p, o
614 if multiple_counter[r_k] > 1:
615 cur_perm = self.permissions_repositories[r_k]
616 p = self._choose_permission(p, cur_perm)
617 self.permissions_repositories[r_k] = p, o
618
636
619 # user explicit permissions for repositories, overrides any specified
637 # user explicit permissions for repositories, overrides any specified
620 # by the group permission
638 # by the group permission
@@ -622,25 +640,28 b' class PermissionCalculator(object):'
622 self.user_id, self.scope_repo_id)
640 self.user_id, self.scope_repo_id)
623 for perm in user_repo_perms:
641 for perm in user_repo_perms:
624 r_k = perm.UserRepoToPerm.repository.repo_name
642 r_k = perm.UserRepoToPerm.repository.repo_name
643 p = perm.Permission.permission_name
625 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
644 o = PermOrigin.REPO_USER % perm.UserRepoToPerm.user.username
626 # set admin if owner
645
646 if not self.explicit:
647 cur_perm = self.permissions_repositories.get(
648 r_k, 'repository.none')
649 p = self._choose_permission(p, cur_perm)
650
651 self.permissions_repositories[r_k] = p, o
652
627 if perm.Repository.user_id == self.user_id:
653 if perm.Repository.user_id == self.user_id:
654 # set admin if owner
628 p = 'repository.admin'
655 p = 'repository.admin'
629 o = PermOrigin.REPO_OWNER
656 o = PermOrigin.REPO_OWNER
630 else:
657 self.permissions_repositories[r_k] = p, o
631 p = perm.Permission.permission_name
632 if not self.explicit:
633 cur_perm = self.permissions_repositories.get(
634 r_k, 'repository.none')
635 p = self._choose_permission(p, cur_perm)
636 self.permissions_repositories[r_k] = p, o
637
658
638 def _calculate_repository_group_permissions(self):
659 def _calculate_repository_group_permissions(self):
639 """
660 """
640 Repository group permissions for the current user.
661 Repository group permissions for the current user.
641
662
642 Check if the user is part of user groups for repository groups and
663 Check if the user is part of user groups for repository groups and
643 fill in the permissions from it. `_choose_permmission` decides of which
664 fill in the permissions from it. `_choose_permission` decides of which
644 permission should be selected based on selected method.
665 permission should be selected based on selected method.
645 """
666 """
646 # user group for repo groups permissions
667 # user group for repo groups permissions
@@ -652,18 +673,20 b' class PermissionCalculator(object):'
652 for perm in user_repo_group_perms_from_user_group:
673 for perm in user_repo_group_perms_from_user_group:
653 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
674 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
654 ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name
675 ug_k = perm.UserGroupRepoGroupToPerm.users_group.users_group_name
676 multiple_counter[g_k] += 1
655 o = PermOrigin.REPOGROUP_USERGROUP % ug_k
677 o = PermOrigin.REPOGROUP_USERGROUP % ug_k
656 multiple_counter[g_k] += 1
657 p = perm.Permission.permission_name
678 p = perm.Permission.permission_name
679
680 if multiple_counter[g_k] > 1:
681 cur_perm = self.permissions_repository_groups[g_k]
682 p = self._choose_permission(p, cur_perm)
683 self.permissions_repository_groups[g_k] = p, o
684
658 if perm.RepoGroup.user_id == self.user_id:
685 if perm.RepoGroup.user_id == self.user_id:
659 # set admin if owner, even for member of other user group
686 # set admin if owner, even for member of other user group
660 p = 'group.admin'
687 p = 'group.admin'
661 o = PermOrigin.REPOGROUP_OWNER
688 o = PermOrigin.REPOGROUP_OWNER
662 else:
689 self.permissions_repository_groups[g_k] = p, o
663 if multiple_counter[g_k] > 1:
664 cur_perm = self.permissions_repository_groups[g_k]
665 p = self._choose_permission(p, cur_perm)
666 self.permissions_repository_groups[g_k] = p, o
667
690
668 # user explicit permissions for repository groups
691 # user explicit permissions for repository groups
669 user_repo_groups_perms = Permission.get_default_group_perms(
692 user_repo_groups_perms = Permission.get_default_group_perms(
@@ -672,18 +695,20 b' class PermissionCalculator(object):'
672 rg_k = perm.UserRepoGroupToPerm.group.group_name
695 rg_k = perm.UserRepoGroupToPerm.group.group_name
673 u_k = perm.UserRepoGroupToPerm.user.username
696 u_k = perm.UserRepoGroupToPerm.user.username
674 o = PermOrigin.REPOGROUP_USER % u_k
697 o = PermOrigin.REPOGROUP_USER % u_k
698 p = perm.Permission.permission_name
699
700 if not self.explicit:
701 cur_perm = self.permissions_repository_groups.get(
702 rg_k, 'group.none')
703 p = self._choose_permission(p, cur_perm)
704
705 self.permissions_repository_groups[rg_k] = p, o
675
706
676 if perm.RepoGroup.user_id == self.user_id:
707 if perm.RepoGroup.user_id == self.user_id:
677 # set admin if owner
708 # set admin if owner
678 p = 'group.admin'
709 p = 'group.admin'
679 o = PermOrigin.REPOGROUP_OWNER
710 o = PermOrigin.REPOGROUP_OWNER
680 else:
711 self.permissions_repository_groups[rg_k] = p, o
681 p = perm.Permission.permission_name
682 if not self.explicit:
683 cur_perm = self.permissions_repository_groups.get(
684 rg_k, 'group.none')
685 p = self._choose_permission(p, cur_perm)
686 self.permissions_repository_groups[rg_k] = p, o
687
712
688 def _calculate_user_group_permissions(self):
713 def _calculate_user_group_permissions(self):
689 """
714 """
@@ -700,19 +725,21 b' class PermissionCalculator(object):'
700 .target_user_group.users_group_name
725 .target_user_group.users_group_name
701 u_k = perm.UserGroupUserGroupToPerm\
726 u_k = perm.UserGroupUserGroupToPerm\
702 .user_group.users_group_name
727 .user_group.users_group_name
728 multiple_counter[g_k] += 1
703 o = PermOrigin.USERGROUP_USERGROUP % u_k
729 o = PermOrigin.USERGROUP_USERGROUP % u_k
704 multiple_counter[g_k] += 1
705 p = perm.Permission.permission_name
730 p = perm.Permission.permission_name
706
731
732 if multiple_counter[g_k] > 1:
733 cur_perm = self.permissions_user_groups[g_k]
734 p = self._choose_permission(p, cur_perm)
735
736 self.permissions_user_groups[g_k] = p, o
737
707 if perm.UserGroup.user_id == self.user_id:
738 if perm.UserGroup.user_id == self.user_id:
708 # set admin if owner, even for member of other user group
739 # set admin if owner, even for member of other user group
709 p = 'usergroup.admin'
740 p = 'usergroup.admin'
710 o = PermOrigin.USERGROUP_OWNER
741 o = PermOrigin.USERGROUP_OWNER
711 else:
742 self.permissions_user_groups[g_k] = p, o
712 if multiple_counter[g_k] > 1:
713 cur_perm = self.permissions_user_groups[g_k]
714 p = self._choose_permission(p, cur_perm)
715 self.permissions_user_groups[g_k] = p, o
716
743
717 # user explicit permission for user groups
744 # user explicit permission for user groups
718 user_user_groups_perms = Permission.get_default_user_group_perms(
745 user_user_groups_perms = Permission.get_default_user_group_perms(
@@ -721,18 +748,20 b' class PermissionCalculator(object):'
721 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
748 ug_k = perm.UserUserGroupToPerm.user_group.users_group_name
722 u_k = perm.UserUserGroupToPerm.user.username
749 u_k = perm.UserUserGroupToPerm.user.username
723 o = PermOrigin.USERGROUP_USER % u_k
750 o = PermOrigin.USERGROUP_USER % u_k
751 p = perm.Permission.permission_name
752
753 if not self.explicit:
754 cur_perm = self.permissions_user_groups.get(
755 ug_k, 'usergroup.none')
756 p = self._choose_permission(p, cur_perm)
757
758 self.permissions_user_groups[ug_k] = p, o
724
759
725 if perm.UserGroup.user_id == self.user_id:
760 if perm.UserGroup.user_id == self.user_id:
726 # set admin if owner
761 # set admin if owner
727 p = 'usergroup.admin'
762 p = 'usergroup.admin'
728 o = PermOrigin.USERGROUP_OWNER
763 o = PermOrigin.USERGROUP_OWNER
729 else:
764 self.permissions_user_groups[ug_k] = p, o
730 p = perm.Permission.permission_name
731 if not self.explicit:
732 cur_perm = self.permissions_user_groups.get(
733 ug_k, 'usergroup.none')
734 p = self._choose_permission(p, cur_perm)
735 self.permissions_user_groups[ug_k] = p, o
736
765
737 def _choose_permission(self, new_perm, cur_perm):
766 def _choose_permission(self, new_perm, cur_perm):
738 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
767 new_perm_val = Permission.PERM_WEIGHTS[new_perm]
@@ -181,11 +181,25 b''
181 </td>
181 </td>
182 <td class="td-tags">
182 <td class="td-tags">
183 %if hasattr(permissions[section], 'perm_origin_stack'):
183 %if hasattr(permissions[section], 'perm_origin_stack'):
184 <div>
184 %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
185 %for i, (perm, origin) in enumerate(reversed(permissions[section].perm_origin_stack[k])):
185 <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}">
186
186 ${perm} (${origin})
187 % if i > 0:
187 </span>
188 <div style="color: #979797">
189 <i class="icon-arrow_up"></i>
190 ${_('overridden by')}
191 <i class="icon-arrow_up"></i>
192 </div>
193 % endif
194
195 <div>
196 <span class="${i > 0 and 'perm_overriden' or ''} perm_tag ${perm.split('.')[-1]}">
197 ${perm} (${origin})
198 </span>
199 </div>
200
188 %endfor
201 %endfor
202 </div>
189 %else:
203 %else:
190 <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>
204 <span class="perm_tag ${section_perm.split('.')[-1]}">${section_perm}</span>
191 %endif
205 %endif
General Comments 0
You need to be logged in to leave comments. Login now