##// END OF EJS Templates
permissions: handle more cases for invalidating permission caches...
marcink -
r3411:2e06ebce stable
parent child
Show More
@@ -159,6 +159,7 class AdminRepoGroupsView(BaseAppView, D
159 try:
159 try:
160 owner = self._rhodecode_user
160 owner = self._rhodecode_user
161 form_result = repo_group_form.to_python(dict(self.request.POST))
161 form_result = repo_group_form.to_python(dict(self.request.POST))
162 copy_permissions = form_result.get('group_copy_permissions')
162 repo_group = RepoGroupModel().create(
163 repo_group = RepoGroupModel().create(
163 group_name=form_result['group_name_full'],
164 group_name=form_result['group_name_full'],
164 group_description=form_result['group_description'],
165 group_description=form_result['group_description'],
@@ -201,7 +202,14 class AdminRepoGroupsView(BaseAppView, D
201 % repo_group_name, category='error')
202 % repo_group_name, category='error')
202 raise HTTPFound(h.route_path('home'))
203 raise HTTPFound(h.route_path('home'))
203
204
204 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
205 affected_user_ids = [self._rhodecode_user.user_id]
206 if copy_permissions:
207 user_group_perms = repo_group.permissions(expand_from_user_groups=True)
208 copy_perms = [perm['user_id'] for perm in user_group_perms]
209 # also include those newly created by copy
210 affected_user_ids.extend(copy_perms)
211 events.trigger(events.UserPermissionsChange(affected_user_ids))
212
205 raise HTTPFound(
213 raise HTTPFound(
206 h.route_path('repo_group_home',
214 h.route_path('repo_group_home',
207 repo_group_name=form_result['group_name_full']))
215 repo_group_name=form_result['group_name_full']))
@@ -146,14 +146,14 class AdminReposView(BaseAppView, DataGr
146
146
147 form_result = {}
147 form_result = {}
148 self._load_form_data(c)
148 self._load_form_data(c)
149 task_id = None
149
150 try:
150 try:
151 # CanWriteToGroup validators checks permissions of this POST
151 # CanWriteToGroup validators checks permissions of this POST
152 form = RepoForm(
152 form = RepoForm(
153 self.request.translate, repo_groups=c.repo_groups_choices,
153 self.request.translate, repo_groups=c.repo_groups_choices,
154 landing_revs=c.landing_revs_choices)()
154 landing_revs=c.landing_revs_choices)()
155 form_result = form.to_python(dict(self.request.POST))
155 form_result = form.to_python(dict(self.request.POST))
156
156 copy_permissions = form_result.get('repo_copy_permissions')
157 # create is done sometimes async on celery, db transaction
157 # create is done sometimes async on celery, db transaction
158 # management is handled there.
158 # management is handled there.
159 task = RepoModel().create(form_result, self._rhodecode_user.user_id)
159 task = RepoModel().create(form_result, self._rhodecode_user.user_id)
@@ -176,9 +176,19 class AdminReposView(BaseAppView, DataGr
176 h.flash(msg, category='error')
176 h.flash(msg, category='error')
177 raise HTTPFound(h.route_path('home'))
177 raise HTTPFound(h.route_path('home'))
178
178
179 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
179 repo_name = form_result.get('repo_name_full')
180
181 affected_user_ids = [self._rhodecode_user.user_id]
182 if copy_permissions:
183 repository = Repository.get_by_repo_name(repo_name)
184 # also include those newly created by copy
185 user_group_perms = repository.permissions(expand_from_user_groups=True)
186 copy_perms = [perm['user_id'] for perm in user_group_perms]
187 # also include those newly created by copy
188 affected_user_ids.extend(copy_perms)
189
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
180
191
181 raise HTTPFound(
192 raise HTTPFound(
182 h.route_path('repo_creating',
193 h.route_path('repo_creating', repo_name=repo_name,
183 repo_name=form_result['repo_name_full'],
184 _query=dict(task_id=task_id)))
194 _query=dict(task_id=task_id)))
@@ -28,6 +28,7 from pyramid.view import view_config
28 from pyramid.renderers import render
28 from pyramid.renderers import render
29 from pyramid.response import Response
29 from pyramid.response import Response
30
30
31 from rhodecode import events
31 from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
32 from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
32 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
33 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
33 from rhodecode.authentication.plugins import auth_rhodecode
34 from rhodecode.authentication.plugins import auth_rhodecode
@@ -573,6 +574,7 class UsersView(UserAppView):
573 # audit_log.store_web('user.edit.permissions')
574 # audit_log.store_web('user.edit.permissions')
574
575
575 Session().commit()
576 Session().commit()
577
576 h.flash(_('User global permissions updated successfully'),
578 h.flash(_('User global permissions updated successfully'),
577 category='success')
579 category='success')
578
580
@@ -593,6 +595,9 class UsersView(UserAppView):
593 log.exception("Exception during permissions saving")
595 log.exception("Exception during permissions saving")
594 h.flash(_('An error occurred during permissions saving'),
596 h.flash(_('An error occurred during permissions saving'),
595 category='error')
597 category='error')
598
599 affected_user_ids = [user_id]
600 events.trigger(events.UserPermissionsChange(affected_user_ids))
596 raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
601 raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
597
602
598 @LoginRequired()
603 @LoginRequired()
@@ -180,10 +180,14 class RepoGroupSettingsView(RepoGroupApp
180
180
181 name_changed = old_repo_group_name != new_repo_group_name
181 name_changed = old_repo_group_name != new_repo_group_name
182 if name_changed:
182 if name_changed:
183 current_perms = self.db_repo_group.permissions(expand_from_user_groups=True)
184 affected_user_ids = [perm['user_id'] for perm in current_perms]
185
186 # NOTE(marcink): also add owner maybe it has changed
183 owner = User.get_by_username(schema_data['repo_group_owner'])
187 owner = User.get_by_username(schema_data['repo_group_owner'])
184 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
188 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
185 events.trigger(events.UserPermissionsChange([
189 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
186 self._rhodecode_user.user_id, owner_id]))
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
187
191
188 raise HTTPFound(
192 raise HTTPFound(
189 h.route_path('edit_repo_group', repo_group_name=new_repo_group_name))
193 h.route_path('edit_repo_group', repo_group_name=new_repo_group_name))
@@ -224,6 +224,7 class RepoForksView(RepoAppView, DataGri
224 task_id = None
224 task_id = None
225 try:
225 try:
226 form_result = _form.to_python(post_data)
226 form_result = _form.to_python(post_data)
227 copy_permissions = form_result.get('copy_permissions')
227 # create fork is done sometimes async on celery, db transaction
228 # create fork is done sometimes async on celery, db transaction
228 # management is handled there.
229 # management is handled there.
229 task = RepoModel().create_fork(
230 task = RepoModel().create_fork(
@@ -246,18 +247,24 class RepoForksView(RepoAppView, DataGri
246 return Response(html)
247 return Response(html)
247 except Exception:
248 except Exception:
248 log.exception(
249 log.exception(
249 u'Exception while trying to fork the repository %s',
250 u'Exception while trying to fork the repository %s', self.db_repo_name)
250 self.db_repo_name)
251 msg = _('An error occurred during repository forking %s') % (self.db_repo_name, )
251 msg = (
252 _('An error occurred during repository forking %s') % (
253 self.db_repo_name, ))
254 h.flash(msg, category='error')
252 h.flash(msg, category='error')
253 raise HTTPFound(h.route_path('home'))
255
254
256 repo_name = form_result.get('repo_name_full', self.db_repo_name)
255 repo_name = form_result.get('repo_name_full', self.db_repo_name)
257
256
258 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
257 affected_user_ids = [self._rhodecode_user.user_id]
258 if copy_permissions:
259 repository = Repository.get_by_repo_name(repo_name)
260 # also include those newly created by copy
261 user_group_perms = repository.permissions(expand_from_user_groups=True)
262 copy_perms = [perm['user_id'] for perm in user_group_perms]
263 # also include those newly created by copy
264 affected_user_ids.extend(copy_perms)
265
266 events.trigger(events.UserPermissionsChange(affected_user_ids))
259
267
260 raise HTTPFound(
268 raise HTTPFound(
261 h.route_path('repo_creating',
269 h.route_path('repo_creating', repo_name=repo_name,
262 repo_name=repo_name,
263 _query=dict(task_id=task_id)))
270 _query=dict(task_id=task_id)))
@@ -168,8 +168,8 class RepoSettingsView(RepoAppView):
168
168
169 Session().commit()
169 Session().commit()
170
170
171 h.flash(_('Repository `{}` updated successfully').format(
171 h.flash(_('Repository `{}` updated successfully').format(old_repo_name),
172 old_repo_name), category='success')
172 category='success')
173 except Exception:
173 except Exception:
174 log.exception("Exception during update of repository")
174 log.exception("Exception during update of repository")
175 h.flash(_('Error occurred during update of repository {}').format(
175 h.flash(_('Error occurred during update of repository {}').format(
@@ -177,10 +177,14 class RepoSettingsView(RepoAppView):
177
177
178 name_changed = old_repo_name != new_repo_name
178 name_changed = old_repo_name != new_repo_name
179 if name_changed:
179 if name_changed:
180 current_perms = self.db_repo.permissions(expand_from_user_groups=True)
181 affected_user_ids = [perm['user_id'] for perm in current_perms]
182
183 # NOTE(marcink): also add owner maybe it has changed
180 owner = User.get_by_username(schema_data['repo_owner'])
184 owner = User.get_by_username(schema_data['repo_owner'])
181 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
185 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
182 events.trigger(events.UserPermissionsChange([
186 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
183 self._rhodecode_user.user_id, owner_id]))
187 events.trigger(events.UserPermissionsChange(affected_user_ids))
184
188
185 raise HTTPFound(
189 raise HTTPFound(
186 h.route_path('edit_repo', repo_name=new_repo_name))
190 h.route_path('edit_repo', repo_name=new_repo_name))
@@ -959,12 +959,14 class User(Base, BaseModel):
959 return user
959 return user
960
960
961 @classmethod
961 @classmethod
962 def get_all_super_admins(cls):
962 def get_all_super_admins(cls, only_active=False):
963 """
963 """
964 Returns all admin accounts sorted by username
964 Returns all admin accounts sorted by username
965 """
965 """
966 return User.query().filter(User.admin == true())\
966 qry = User.query().filter(User.admin == true()).order_by(User.username.asc())
967 .order_by(User.username.asc()).all()
967 if only_active:
968 qry = qry.filter(User.active == true())
969 return qry.all()
968
970
969 @classmethod
971 @classmethod
970 def get_default_user(cls, cache=False, refresh=False):
972 def get_default_user(cls, cache=False, refresh=False):
@@ -1390,7 +1392,8 class UserGroup(Base, BaseModel):
1390 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1392 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1391 return user_group.get(user_group_id)
1393 return user_group.get(user_group_id)
1392
1394
1393 def permissions(self, with_admins=True, with_owner=True):
1395 def permissions(self, with_admins=True, with_owner=True,
1396 expand_from_user_groups=False):
1394 """
1397 """
1395 Permissions for user groups
1398 Permissions for user groups
1396 """
1399 """
@@ -1441,19 +1444,29 class UserGroup(Base, BaseModel):
1441 # each group
1444 # each group
1442 perm_rows = sorted(perm_rows, key=display_user_sort)
1445 perm_rows = sorted(perm_rows, key=display_user_sort)
1443
1446
1444 return super_admin_rows + owner_row + perm_rows
1447 user_groups_rows = []
1445
1448 if expand_from_user_groups:
1446 def permission_user_groups(self):
1449 for ug in self.permission_user_groups(with_members=True):
1447 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1450 for user_data in ug.members:
1451 user_groups_rows.append(user_data)
1452
1453 return super_admin_rows + owner_row + perm_rows + user_groups_rows
1454
1455 def permission_user_groups(self, with_members=False):
1456 q = UserGroupUserGroupToPerm.query()\
1457 .filter(UserGroupUserGroupToPerm.target_user_group == self)
1448 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1458 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1449 joinedload(UserGroupUserGroupToPerm.target_user_group),
1459 joinedload(UserGroupUserGroupToPerm.target_user_group),
1450 joinedload(UserGroupUserGroupToPerm.permission),)
1460 joinedload(UserGroupUserGroupToPerm.permission),)
1451
1461
1452 perm_rows = []
1462 perm_rows = []
1453 for _user_group in q.all():
1463 for _user_group in q.all():
1454 usr = AttributeDict(_user_group.user_group.get_dict())
1464 entry = AttributeDict(_user_group.user_group.get_dict())
1455 usr.permission = _user_group.permission.permission_name
1465 entry.permission = _user_group.permission.permission_name
1456 perm_rows.append(usr)
1466 if with_members:
1467 entry.members = [x.user.get_dict()
1468 for x in _user_group.users_group.members]
1469 perm_rows.append(entry)
1457
1470
1458 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1471 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1459 return perm_rows
1472 return perm_rows
@@ -1928,7 +1941,8 class Repository(Base, BaseModel):
1928 from rhodecode.lib.utils import make_db_config
1941 from rhodecode.lib.utils import make_db_config
1929 return make_db_config(clear_session=False, repo=self)
1942 return make_db_config(clear_session=False, repo=self)
1930
1943
1931 def permissions(self, with_admins=True, with_owner=True):
1944 def permissions(self, with_admins=True, with_owner=True,
1945 expand_from_user_groups=False):
1932 """
1946 """
1933 Permissions for repositories
1947 Permissions for repositories
1934 """
1948 """
@@ -1986,20 +2000,29 class Repository(Base, BaseModel):
1986 # each group
2000 # each group
1987 perm_rows = sorted(perm_rows, key=display_user_sort)
2001 perm_rows = sorted(perm_rows, key=display_user_sort)
1988
2002
1989 return super_admin_rows + owner_row + perm_rows
2003 user_groups_rows = []
1990
2004 if expand_from_user_groups:
1991 def permission_user_groups(self):
2005 for ug in self.permission_user_groups(with_members=True):
1992 q = UserGroupRepoToPerm.query().filter(
2006 for user_data in ug.members:
1993 UserGroupRepoToPerm.repository == self)
2007 user_groups_rows.append(user_data)
2008
2009 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2010
2011 def permission_user_groups(self, with_members=True):
2012 q = UserGroupRepoToPerm.query()\
2013 .filter(UserGroupRepoToPerm.repository == self)
1994 q = q.options(joinedload(UserGroupRepoToPerm.repository),
2014 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1995 joinedload(UserGroupRepoToPerm.users_group),
2015 joinedload(UserGroupRepoToPerm.users_group),
1996 joinedload(UserGroupRepoToPerm.permission),)
2016 joinedload(UserGroupRepoToPerm.permission),)
1997
2017
1998 perm_rows = []
2018 perm_rows = []
1999 for _user_group in q.all():
2019 for _user_group in q.all():
2000 usr = AttributeDict(_user_group.users_group.get_dict())
2020 entry = AttributeDict(_user_group.users_group.get_dict())
2001 usr.permission = _user_group.permission.permission_name
2021 entry.permission = _user_group.permission.permission_name
2002 perm_rows.append(usr)
2022 if with_members:
2023 entry.members = [x.user.get_dict()
2024 for x in _user_group.users_group.members]
2025 perm_rows.append(entry)
2003
2026
2004 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2027 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2005 return perm_rows
2028 return perm_rows
@@ -2641,7 +2664,8 class RepoGroup(Base, BaseModel):
2641 self.parent_group else [])
2664 self.parent_group else [])
2642 return RepoGroup.url_sep().join(path_prefix + [group_name])
2665 return RepoGroup.url_sep().join(path_prefix + [group_name])
2643
2666
2644 def permissions(self, with_admins=True, with_owner=True):
2667 def permissions(self, with_admins=True, with_owner=True,
2668 expand_from_user_groups=False):
2645 """
2669 """
2646 Permissions for repository groups
2670 Permissions for repository groups
2647 """
2671 """
@@ -2692,20 +2716,29 class RepoGroup(Base, BaseModel):
2692 # each group
2716 # each group
2693 perm_rows = sorted(perm_rows, key=display_user_sort)
2717 perm_rows = sorted(perm_rows, key=display_user_sort)
2694
2718
2695 return super_admin_rows + owner_row + perm_rows
2719 user_groups_rows = []
2696
2720 if expand_from_user_groups:
2697 def permission_user_groups(self):
2721 for ug in self.permission_user_groups(with_members=True):
2698 q = UserGroupRepoGroupToPerm.query().filter(
2722 for user_data in ug.members:
2699 UserGroupRepoGroupToPerm.group == self)
2723 user_groups_rows.append(user_data)
2724
2725 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2726
2727 def permission_user_groups(self, with_members=False):
2728 q = UserGroupRepoGroupToPerm.query()\
2729 .filter(UserGroupRepoGroupToPerm.group == self)
2700 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2730 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2701 joinedload(UserGroupRepoGroupToPerm.users_group),
2731 joinedload(UserGroupRepoGroupToPerm.users_group),
2702 joinedload(UserGroupRepoGroupToPerm.permission),)
2732 joinedload(UserGroupRepoGroupToPerm.permission),)
2703
2733
2704 perm_rows = []
2734 perm_rows = []
2705 for _user_group in q.all():
2735 for _user_group in q.all():
2706 usr = AttributeDict(_user_group.users_group.get_dict())
2736 entry = AttributeDict(_user_group.users_group.get_dict())
2707 usr.permission = _user_group.permission.permission_name
2737 entry.permission = _user_group.permission.permission_name
2708 perm_rows.append(usr)
2738 if with_members:
2739 entry.members = [x.user.get_dict()
2740 for x in _user_group.users_group.members]
2741 perm_rows.append(entry)
2709
2742
2710 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2743 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2711 return perm_rows
2744 return perm_rows
General Comments 0
You need to be logged in to leave comments. Login now