# HG changeset patch # User Marcin Kuzminski # Date 2017-12-05 22:12:06 # Node ID 31460ef84bb18226dad3653e4d0db88635478fd7 # Parent 6d80a582ef31a61a15dd01fb71fcc16ae001cf18 api: add consistent permissions_summary data for both user and user_groups that expose the summary of permissions for each object. - deprecates the 'permissions' data key for get_user - adds a consistent way of fetching permissions summary for both objects. diff --git a/rhodecode/api/views/user_api.py b/rhodecode/api/views/user_api.py --- a/rhodecode/api/views/user_api.py +++ b/rhodecode/api/views/user_api.py @@ -115,7 +115,9 @@ def get_user(request, apiuser, userid=Op user = get_user_or_error(userid) data = user.get_api_data(include_secrets=True) - data['permissions'] = AuthUser(user_id=user.user_id).permissions + permissions = AuthUser(user_id=user.user_id).permissions + data['permissions'] = permissions # TODO(marcink): should be deprecated + data['permissions_summary'] = permissions return data diff --git a/rhodecode/api/views/user_group_api.py b/rhodecode/api/views/user_group_api.py --- a/rhodecode/api/views/user_group_api.py +++ b/rhodecode/api/views/user_group_api.py @@ -120,7 +120,8 @@ def get_user_group(request, apiuser, use data = user_group.get_api_data() data["permissions"] = permissions - + data["Permissions_summary"] = UserGroupModel().get_perms_summary( + user_group.users_group_id) return data diff --git a/rhodecode/apps/user_group/views/__init__.py b/rhodecode/apps/user_group/views/__init__.py --- a/rhodecode/apps/user_group/views/__init__.py +++ b/rhodecode/apps/user_group/views/__init__.py @@ -40,8 +40,7 @@ from rhodecode.lib.auth import ( LoginRequired, HasUserGroupPermissionAnyDecorator, CSRFRequired) from rhodecode.lib import helpers as h, audit_logger from rhodecode.lib.utils2 import str2bool -from rhodecode.model.db import ( - joinedload, User, UserGroupRepoToPerm, UserGroupRepoGroupToPerm) +from rhodecode.model.db import User from rhodecode.model.meta import Session from rhodecode.model.user_group import UserGroupModel @@ -56,35 +55,8 @@ class UserGroupsView(UserGroupAppView): PermissionModel().set_global_permission_choices( c, gettext_translator=self.request.translate) - return c - def _get_perms_summary(self, user_group_id): - permissions = { - 'repositories': {}, - 'repositories_groups': {}, - } - ugroup_repo_perms = UserGroupRepoToPerm.query()\ - .options(joinedload(UserGroupRepoToPerm.permission))\ - .options(joinedload(UserGroupRepoToPerm.repository))\ - .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\ - .all() - - for gr in ugroup_repo_perms: - permissions['repositories'][gr.repository.repo_name] \ - = gr.permission.permission_name - - ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ - .options(joinedload(UserGroupRepoGroupToPerm.permission))\ - .options(joinedload(UserGroupRepoGroupToPerm.group))\ - .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\ - .all() - - for gr in ugroup_group_perms: - permissions['repositories_groups'][gr.group.group_name] \ - = gr.permission.permission_name - return permissions - @LoginRequired() @HasUserGroupPermissionAnyDecorator('usergroup.admin') @view_config( @@ -127,7 +99,8 @@ class UserGroupsView(UserGroupAppView): c = self.load_default_context() c.user_group = self.db_user_group c.active = 'perms_summary' - c.permissions = self._get_perms_summary(c.user_group.users_group_id) + c.permissions = UserGroupModel().get_perms_summary( + c.user_group.users_group_id) return self._get_template_context(c) @LoginRequired() @@ -138,7 +111,7 @@ class UserGroupsView(UserGroupAppView): def user_group_perms_summary_json(self): self.load_default_context() user_group = self.db_user_group - return self._get_perms_summary(user_group.users_group_id) + return UserGroupModel().get_perms_summary(user_group.users_group_id) def _revoke_perms_on_yourself(self, form_result): _updates = filter(lambda u: self._rhodecode_user.user_id == int(u[0]), diff --git a/rhodecode/model/user_group.py b/rhodecode/model/user_group.py --- a/rhodecode/model/user_group.py +++ b/rhodecode/model/user_group.py @@ -29,7 +29,7 @@ from rhodecode.lib.utils2 import ( from rhodecode.model import BaseModel from rhodecode.model.scm import UserGroupList from rhodecode.model.db import ( - true, func, User, UserGroupMember, UserGroup, + joinedload, true, func, User, UserGroupMember, UserGroup, UserGroupRepoToPerm, Permission, UserGroupToPerm, UserUserGroupToPerm, UserGroupUserGroupToPerm, UserGroupRepoGroupToPerm) @@ -502,6 +502,32 @@ class UserGroupModel(BaseModel): user_group, target_user_group), namespace='security.repogroup') + def get_perms_summary(self, user_group_id): + permissions = { + 'repositories': {}, + 'repositories_groups': {}, + } + ugroup_repo_perms = UserGroupRepoToPerm.query()\ + .options(joinedload(UserGroupRepoToPerm.permission))\ + .options(joinedload(UserGroupRepoToPerm.repository))\ + .filter(UserGroupRepoToPerm.users_group_id == user_group_id)\ + .all() + + for gr in ugroup_repo_perms: + permissions['repositories'][gr.repository.repo_name] \ + = gr.permission.permission_name + + ugroup_group_perms = UserGroupRepoGroupToPerm.query()\ + .options(joinedload(UserGroupRepoGroupToPerm.permission))\ + .options(joinedload(UserGroupRepoGroupToPerm.group))\ + .filter(UserGroupRepoGroupToPerm.users_group_id == user_group_id)\ + .all() + + for gr in ugroup_group_perms: + permissions['repositories_groups'][gr.group.group_name] \ + = gr.permission.permission_name + return permissions + def enforce_groups(self, user, groups, extern_type=None): user = self._get_user(user) current_groups = user.group_member