##// END OF EJS Templates
users: personal repo-group shouldn't be available for default user.
marcink -
r1690:5e538546 default
parent child Browse files
Show More
@@ -1,3979 +1,3982 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 Database Models for RhodeCode Enterprise
23 23 """
24 24
25 25 import re
26 26 import os
27 27 import time
28 28 import hashlib
29 29 import logging
30 30 import datetime
31 31 import warnings
32 32 import ipaddress
33 33 import functools
34 34 import traceback
35 35 import collections
36 36
37 37
38 38 from sqlalchemy import *
39 39 from sqlalchemy.ext.declarative import declared_attr
40 40 from sqlalchemy.ext.hybrid import hybrid_property
41 41 from sqlalchemy.orm import (
42 42 relationship, joinedload, class_mapper, validates, aliased)
43 43 from sqlalchemy.sql.expression import true
44 44 from beaker.cache import cache_region
45 45 from zope.cachedescriptors.property import Lazy as LazyProperty
46 46
47 47 from pylons import url
48 48 from pylons.i18n.translation import lazy_ugettext as _
49 49
50 50 from rhodecode.lib.vcs import get_vcs_instance
51 51 from rhodecode.lib.vcs.backends.base import EmptyCommit, Reference
52 52 from rhodecode.lib.utils2 import (
53 53 str2bool, safe_str, get_commit_safe, safe_unicode, md5_safe,
54 54 time_to_datetime, aslist, Optional, safe_int, get_clone_url, AttributeDict,
55 55 glob2re, StrictAttributeDict, cleaned_uri)
56 56 from rhodecode.lib.jsonalchemy import MutationObj, MutationList, JsonType
57 57 from rhodecode.lib.ext_json import json
58 58 from rhodecode.lib.caching_query import FromCache
59 59 from rhodecode.lib.encrypt import AESCipher
60 60
61 61 from rhodecode.model.meta import Base, Session
62 62
63 63 URL_SEP = '/'
64 64 log = logging.getLogger(__name__)
65 65
66 66 # =============================================================================
67 67 # BASE CLASSES
68 68 # =============================================================================
69 69
70 70 # this is propagated from .ini file rhodecode.encrypted_values.secret or
71 71 # beaker.session.secret if first is not set.
72 72 # and initialized at environment.py
73 73 ENCRYPTION_KEY = None
74 74
75 75 # used to sort permissions by types, '#' used here is not allowed to be in
76 76 # usernames, and it's very early in sorted string.printable table.
77 77 PERMISSION_TYPE_SORT = {
78 78 'admin': '####',
79 79 'write': '###',
80 80 'read': '##',
81 81 'none': '#',
82 82 }
83 83
84 84
85 85 def display_sort(obj):
86 86 """
87 87 Sort function used to sort permissions in .permissions() function of
88 88 Repository, RepoGroup, UserGroup. Also it put the default user in front
89 89 of all other resources
90 90 """
91 91
92 92 if obj.username == User.DEFAULT_USER:
93 93 return '#####'
94 94 prefix = PERMISSION_TYPE_SORT.get(obj.permission.split('.')[-1], '')
95 95 return prefix + obj.username
96 96
97 97
98 98 def _hash_key(k):
99 99 return md5_safe(k)
100 100
101 101
102 102 class EncryptedTextValue(TypeDecorator):
103 103 """
104 104 Special column for encrypted long text data, use like::
105 105
106 106 value = Column("encrypted_value", EncryptedValue(), nullable=False)
107 107
108 108 This column is intelligent so if value is in unencrypted form it return
109 109 unencrypted form, but on save it always encrypts
110 110 """
111 111 impl = Text
112 112
113 113 def process_bind_param(self, value, dialect):
114 114 if not value:
115 115 return value
116 116 if value.startswith('enc$aes$') or value.startswith('enc$aes_hmac$'):
117 117 # protect against double encrypting if someone manually starts
118 118 # doing
119 119 raise ValueError('value needs to be in unencrypted format, ie. '
120 120 'not starting with enc$aes')
121 121 return 'enc$aes_hmac$%s' % AESCipher(
122 122 ENCRYPTION_KEY, hmac=True).encrypt(value)
123 123
124 124 def process_result_value(self, value, dialect):
125 125 import rhodecode
126 126
127 127 if not value:
128 128 return value
129 129
130 130 parts = value.split('$', 3)
131 131 if not len(parts) == 3:
132 132 # probably not encrypted values
133 133 return value
134 134 else:
135 135 if parts[0] != 'enc':
136 136 # parts ok but without our header ?
137 137 return value
138 138 enc_strict_mode = str2bool(rhodecode.CONFIG.get(
139 139 'rhodecode.encrypted_values.strict') or True)
140 140 # at that stage we know it's our encryption
141 141 if parts[1] == 'aes':
142 142 decrypted_data = AESCipher(ENCRYPTION_KEY).decrypt(parts[2])
143 143 elif parts[1] == 'aes_hmac':
144 144 decrypted_data = AESCipher(
145 145 ENCRYPTION_KEY, hmac=True,
146 146 strict_verification=enc_strict_mode).decrypt(parts[2])
147 147 else:
148 148 raise ValueError(
149 149 'Encryption type part is wrong, must be `aes` '
150 150 'or `aes_hmac`, got `%s` instead' % (parts[1]))
151 151 return decrypted_data
152 152
153 153
154 154 class BaseModel(object):
155 155 """
156 156 Base Model for all classes
157 157 """
158 158
159 159 @classmethod
160 160 def _get_keys(cls):
161 161 """return column names for this model """
162 162 return class_mapper(cls).c.keys()
163 163
164 164 def get_dict(self):
165 165 """
166 166 return dict with keys and values corresponding
167 167 to this model data """
168 168
169 169 d = {}
170 170 for k in self._get_keys():
171 171 d[k] = getattr(self, k)
172 172
173 173 # also use __json__() if present to get additional fields
174 174 _json_attr = getattr(self, '__json__', None)
175 175 if _json_attr:
176 176 # update with attributes from __json__
177 177 if callable(_json_attr):
178 178 _json_attr = _json_attr()
179 179 for k, val in _json_attr.iteritems():
180 180 d[k] = val
181 181 return d
182 182
183 183 def get_appstruct(self):
184 184 """return list with keys and values tuples corresponding
185 185 to this model data """
186 186
187 187 l = []
188 188 for k in self._get_keys():
189 189 l.append((k, getattr(self, k),))
190 190 return l
191 191
192 192 def populate_obj(self, populate_dict):
193 193 """populate model with data from given populate_dict"""
194 194
195 195 for k in self._get_keys():
196 196 if k in populate_dict:
197 197 setattr(self, k, populate_dict[k])
198 198
199 199 @classmethod
200 200 def query(cls):
201 201 return Session().query(cls)
202 202
203 203 @classmethod
204 204 def get(cls, id_):
205 205 if id_:
206 206 return cls.query().get(id_)
207 207
208 208 @classmethod
209 209 def get_or_404(cls, id_, pyramid_exc=False):
210 210 if pyramid_exc:
211 211 # NOTE(marcink): backward compat, once migration to pyramid
212 212 # this should only use pyramid exceptions
213 213 from pyramid.httpexceptions import HTTPNotFound
214 214 else:
215 215 from webob.exc import HTTPNotFound
216 216
217 217 try:
218 218 id_ = int(id_)
219 219 except (TypeError, ValueError):
220 220 raise HTTPNotFound
221 221
222 222 res = cls.query().get(id_)
223 223 if not res:
224 224 raise HTTPNotFound
225 225 return res
226 226
227 227 @classmethod
228 228 def getAll(cls):
229 229 # deprecated and left for backward compatibility
230 230 return cls.get_all()
231 231
232 232 @classmethod
233 233 def get_all(cls):
234 234 return cls.query().all()
235 235
236 236 @classmethod
237 237 def delete(cls, id_):
238 238 obj = cls.query().get(id_)
239 239 Session().delete(obj)
240 240
241 241 @classmethod
242 242 def identity_cache(cls, session, attr_name, value):
243 243 exist_in_session = []
244 244 for (item_cls, pkey), instance in session.identity_map.items():
245 245 if cls == item_cls and getattr(instance, attr_name) == value:
246 246 exist_in_session.append(instance)
247 247 if exist_in_session:
248 248 if len(exist_in_session) == 1:
249 249 return exist_in_session[0]
250 250 log.exception(
251 251 'multiple objects with attr %s and '
252 252 'value %s found with same name: %r',
253 253 attr_name, value, exist_in_session)
254 254
255 255 def __repr__(self):
256 256 if hasattr(self, '__unicode__'):
257 257 # python repr needs to return str
258 258 try:
259 259 return safe_str(self.__unicode__())
260 260 except UnicodeDecodeError:
261 261 pass
262 262 return '<DB:%s>' % (self.__class__.__name__)
263 263
264 264
265 265 class RhodeCodeSetting(Base, BaseModel):
266 266 __tablename__ = 'rhodecode_settings'
267 267 __table_args__ = (
268 268 UniqueConstraint('app_settings_name'),
269 269 {'extend_existing': True, 'mysql_engine': 'InnoDB',
270 270 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
271 271 )
272 272
273 273 SETTINGS_TYPES = {
274 274 'str': safe_str,
275 275 'int': safe_int,
276 276 'unicode': safe_unicode,
277 277 'bool': str2bool,
278 278 'list': functools.partial(aslist, sep=',')
279 279 }
280 280 DEFAULT_UPDATE_URL = 'https://rhodecode.com/api/v1/info/versions'
281 281 GLOBAL_CONF_KEY = 'app_settings'
282 282
283 283 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
284 284 app_settings_name = Column("app_settings_name", String(255), nullable=True, unique=None, default=None)
285 285 _app_settings_value = Column("app_settings_value", String(4096), nullable=True, unique=None, default=None)
286 286 _app_settings_type = Column("app_settings_type", String(255), nullable=True, unique=None, default=None)
287 287
288 288 def __init__(self, key='', val='', type='unicode'):
289 289 self.app_settings_name = key
290 290 self.app_settings_type = type
291 291 self.app_settings_value = val
292 292
293 293 @validates('_app_settings_value')
294 294 def validate_settings_value(self, key, val):
295 295 assert type(val) == unicode
296 296 return val
297 297
298 298 @hybrid_property
299 299 def app_settings_value(self):
300 300 v = self._app_settings_value
301 301 _type = self.app_settings_type
302 302 if _type:
303 303 _type = self.app_settings_type.split('.')[0]
304 304 # decode the encrypted value
305 305 if 'encrypted' in self.app_settings_type:
306 306 cipher = EncryptedTextValue()
307 307 v = safe_unicode(cipher.process_result_value(v, None))
308 308
309 309 converter = self.SETTINGS_TYPES.get(_type) or \
310 310 self.SETTINGS_TYPES['unicode']
311 311 return converter(v)
312 312
313 313 @app_settings_value.setter
314 314 def app_settings_value(self, val):
315 315 """
316 316 Setter that will always make sure we use unicode in app_settings_value
317 317
318 318 :param val:
319 319 """
320 320 val = safe_unicode(val)
321 321 # encode the encrypted value
322 322 if 'encrypted' in self.app_settings_type:
323 323 cipher = EncryptedTextValue()
324 324 val = safe_unicode(cipher.process_bind_param(val, None))
325 325 self._app_settings_value = val
326 326
327 327 @hybrid_property
328 328 def app_settings_type(self):
329 329 return self._app_settings_type
330 330
331 331 @app_settings_type.setter
332 332 def app_settings_type(self, val):
333 333 if val.split('.')[0] not in self.SETTINGS_TYPES:
334 334 raise Exception('type must be one of %s got %s'
335 335 % (self.SETTINGS_TYPES.keys(), val))
336 336 self._app_settings_type = val
337 337
338 338 def __unicode__(self):
339 339 return u"<%s('%s:%s[%s]')>" % (
340 340 self.__class__.__name__,
341 341 self.app_settings_name, self.app_settings_value,
342 342 self.app_settings_type
343 343 )
344 344
345 345
346 346 class RhodeCodeUi(Base, BaseModel):
347 347 __tablename__ = 'rhodecode_ui'
348 348 __table_args__ = (
349 349 UniqueConstraint('ui_key'),
350 350 {'extend_existing': True, 'mysql_engine': 'InnoDB',
351 351 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
352 352 )
353 353
354 354 HOOK_REPO_SIZE = 'changegroup.repo_size'
355 355 # HG
356 356 HOOK_PRE_PULL = 'preoutgoing.pre_pull'
357 357 HOOK_PULL = 'outgoing.pull_logger'
358 358 HOOK_PRE_PUSH = 'prechangegroup.pre_push'
359 359 HOOK_PRETX_PUSH = 'pretxnchangegroup.pre_push'
360 360 HOOK_PUSH = 'changegroup.push_logger'
361 361
362 362 # TODO: johbo: Unify way how hooks are configured for git and hg,
363 363 # git part is currently hardcoded.
364 364
365 365 # SVN PATTERNS
366 366 SVN_BRANCH_ID = 'vcs_svn_branch'
367 367 SVN_TAG_ID = 'vcs_svn_tag'
368 368
369 369 ui_id = Column(
370 370 "ui_id", Integer(), nullable=False, unique=True, default=None,
371 371 primary_key=True)
372 372 ui_section = Column(
373 373 "ui_section", String(255), nullable=True, unique=None, default=None)
374 374 ui_key = Column(
375 375 "ui_key", String(255), nullable=True, unique=None, default=None)
376 376 ui_value = Column(
377 377 "ui_value", String(255), nullable=True, unique=None, default=None)
378 378 ui_active = Column(
379 379 "ui_active", Boolean(), nullable=True, unique=None, default=True)
380 380
381 381 def __repr__(self):
382 382 return '<%s[%s]%s=>%s]>' % (self.__class__.__name__, self.ui_section,
383 383 self.ui_key, self.ui_value)
384 384
385 385
386 386 class RepoRhodeCodeSetting(Base, BaseModel):
387 387 __tablename__ = 'repo_rhodecode_settings'
388 388 __table_args__ = (
389 389 UniqueConstraint(
390 390 'app_settings_name', 'repository_id',
391 391 name='uq_repo_rhodecode_setting_name_repo_id'),
392 392 {'extend_existing': True, 'mysql_engine': 'InnoDB',
393 393 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
394 394 )
395 395
396 396 repository_id = Column(
397 397 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
398 398 nullable=False)
399 399 app_settings_id = Column(
400 400 "app_settings_id", Integer(), nullable=False, unique=True,
401 401 default=None, primary_key=True)
402 402 app_settings_name = Column(
403 403 "app_settings_name", String(255), nullable=True, unique=None,
404 404 default=None)
405 405 _app_settings_value = Column(
406 406 "app_settings_value", String(4096), nullable=True, unique=None,
407 407 default=None)
408 408 _app_settings_type = Column(
409 409 "app_settings_type", String(255), nullable=True, unique=None,
410 410 default=None)
411 411
412 412 repository = relationship('Repository')
413 413
414 414 def __init__(self, repository_id, key='', val='', type='unicode'):
415 415 self.repository_id = repository_id
416 416 self.app_settings_name = key
417 417 self.app_settings_type = type
418 418 self.app_settings_value = val
419 419
420 420 @validates('_app_settings_value')
421 421 def validate_settings_value(self, key, val):
422 422 assert type(val) == unicode
423 423 return val
424 424
425 425 @hybrid_property
426 426 def app_settings_value(self):
427 427 v = self._app_settings_value
428 428 type_ = self.app_settings_type
429 429 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
430 430 converter = SETTINGS_TYPES.get(type_) or SETTINGS_TYPES['unicode']
431 431 return converter(v)
432 432
433 433 @app_settings_value.setter
434 434 def app_settings_value(self, val):
435 435 """
436 436 Setter that will always make sure we use unicode in app_settings_value
437 437
438 438 :param val:
439 439 """
440 440 self._app_settings_value = safe_unicode(val)
441 441
442 442 @hybrid_property
443 443 def app_settings_type(self):
444 444 return self._app_settings_type
445 445
446 446 @app_settings_type.setter
447 447 def app_settings_type(self, val):
448 448 SETTINGS_TYPES = RhodeCodeSetting.SETTINGS_TYPES
449 449 if val not in SETTINGS_TYPES:
450 450 raise Exception('type must be one of %s got %s'
451 451 % (SETTINGS_TYPES.keys(), val))
452 452 self._app_settings_type = val
453 453
454 454 def __unicode__(self):
455 455 return u"<%s('%s:%s:%s[%s]')>" % (
456 456 self.__class__.__name__, self.repository.repo_name,
457 457 self.app_settings_name, self.app_settings_value,
458 458 self.app_settings_type
459 459 )
460 460
461 461
462 462 class RepoRhodeCodeUi(Base, BaseModel):
463 463 __tablename__ = 'repo_rhodecode_ui'
464 464 __table_args__ = (
465 465 UniqueConstraint(
466 466 'repository_id', 'ui_section', 'ui_key',
467 467 name='uq_repo_rhodecode_ui_repository_id_section_key'),
468 468 {'extend_existing': True, 'mysql_engine': 'InnoDB',
469 469 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
470 470 )
471 471
472 472 repository_id = Column(
473 473 "repository_id", Integer(), ForeignKey('repositories.repo_id'),
474 474 nullable=False)
475 475 ui_id = Column(
476 476 "ui_id", Integer(), nullable=False, unique=True, default=None,
477 477 primary_key=True)
478 478 ui_section = Column(
479 479 "ui_section", String(255), nullable=True, unique=None, default=None)
480 480 ui_key = Column(
481 481 "ui_key", String(255), nullable=True, unique=None, default=None)
482 482 ui_value = Column(
483 483 "ui_value", String(255), nullable=True, unique=None, default=None)
484 484 ui_active = Column(
485 485 "ui_active", Boolean(), nullable=True, unique=None, default=True)
486 486
487 487 repository = relationship('Repository')
488 488
489 489 def __repr__(self):
490 490 return '<%s[%s:%s]%s=>%s]>' % (
491 491 self.__class__.__name__, self.repository.repo_name,
492 492 self.ui_section, self.ui_key, self.ui_value)
493 493
494 494
495 495 class User(Base, BaseModel):
496 496 __tablename__ = 'users'
497 497 __table_args__ = (
498 498 UniqueConstraint('username'), UniqueConstraint('email'),
499 499 Index('u_username_idx', 'username'),
500 500 Index('u_email_idx', 'email'),
501 501 {'extend_existing': True, 'mysql_engine': 'InnoDB',
502 502 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
503 503 )
504 504 DEFAULT_USER = 'default'
505 505 DEFAULT_USER_EMAIL = 'anonymous@rhodecode.org'
506 506 DEFAULT_GRAVATAR_URL = 'https://secure.gravatar.com/avatar/{md5email}?d=identicon&s={size}'
507 507
508 508 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
509 509 username = Column("username", String(255), nullable=True, unique=None, default=None)
510 510 password = Column("password", String(255), nullable=True, unique=None, default=None)
511 511 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
512 512 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
513 513 name = Column("firstname", String(255), nullable=True, unique=None, default=None)
514 514 lastname = Column("lastname", String(255), nullable=True, unique=None, default=None)
515 515 _email = Column("email", String(255), nullable=True, unique=None, default=None)
516 516 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
517 517 last_activity = Column('last_activity', DateTime(timezone=False), nullable=True, unique=None, default=None)
518 518
519 519 extern_type = Column("extern_type", String(255), nullable=True, unique=None, default=None)
520 520 extern_name = Column("extern_name", String(255), nullable=True, unique=None, default=None)
521 521 _api_key = Column("api_key", String(255), nullable=True, unique=None, default=None)
522 522 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
523 523 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
524 524 _user_data = Column("user_data", LargeBinary(), nullable=True) # JSON data
525 525
526 526 user_log = relationship('UserLog')
527 527 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
528 528
529 529 repositories = relationship('Repository')
530 530 repository_groups = relationship('RepoGroup')
531 531 user_groups = relationship('UserGroup')
532 532
533 533 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
534 534 followings = relationship('UserFollowing', primaryjoin='UserFollowing.user_id==User.user_id', cascade='all')
535 535
536 536 repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all')
537 537 repo_group_to_perm = relationship('UserRepoGroupToPerm', primaryjoin='UserRepoGroupToPerm.user_id==User.user_id', cascade='all')
538 538 user_group_to_perm = relationship('UserUserGroupToPerm', primaryjoin='UserUserGroupToPerm.user_id==User.user_id', cascade='all')
539 539
540 540 group_member = relationship('UserGroupMember', cascade='all')
541 541
542 542 notifications = relationship('UserNotification', cascade='all')
543 543 # notifications assigned to this user
544 544 user_created_notifications = relationship('Notification', cascade='all')
545 545 # comments created by this user
546 546 user_comments = relationship('ChangesetComment', cascade='all')
547 547 # user profile extra info
548 548 user_emails = relationship('UserEmailMap', cascade='all')
549 549 user_ip_map = relationship('UserIpMap', cascade='all')
550 550 user_auth_tokens = relationship('UserApiKeys', cascade='all')
551 551 # gists
552 552 user_gists = relationship('Gist', cascade='all')
553 553 # user pull requests
554 554 user_pull_requests = relationship('PullRequest', cascade='all')
555 555 # external identities
556 556 extenal_identities = relationship(
557 557 'ExternalIdentity',
558 558 primaryjoin="User.user_id==ExternalIdentity.local_user_id",
559 559 cascade='all')
560 560
561 561 def __unicode__(self):
562 562 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
563 563 self.user_id, self.username)
564 564
565 565 @hybrid_property
566 566 def email(self):
567 567 return self._email
568 568
569 569 @email.setter
570 570 def email(self, val):
571 571 self._email = val.lower() if val else None
572 572
573 573 @hybrid_property
574 574 def api_key(self):
575 575 """
576 576 Fetch if exist an auth-token with role ALL connected to this user
577 577 """
578 578 user_auth_token = UserApiKeys.query()\
579 579 .filter(UserApiKeys.user_id == self.user_id)\
580 580 .filter(or_(UserApiKeys.expires == -1,
581 581 UserApiKeys.expires >= time.time()))\
582 582 .filter(UserApiKeys.role == UserApiKeys.ROLE_ALL).first()
583 583 if user_auth_token:
584 584 user_auth_token = user_auth_token.api_key
585 585
586 586 return user_auth_token
587 587
588 588 @api_key.setter
589 589 def api_key(self, val):
590 590 # don't allow to set API key this is deprecated for now
591 591 self._api_key = None
592 592
593 593 @property
594 594 def firstname(self):
595 595 # alias for future
596 596 return self.name
597 597
598 598 @property
599 599 def emails(self):
600 600 other = UserEmailMap.query().filter(UserEmailMap.user==self).all()
601 601 return [self.email] + [x.email for x in other]
602 602
603 603 @property
604 604 def auth_tokens(self):
605 605 return [x.api_key for x in self.extra_auth_tokens]
606 606
607 607 @property
608 608 def extra_auth_tokens(self):
609 609 return UserApiKeys.query().filter(UserApiKeys.user == self).all()
610 610
611 611 @property
612 612 def feed_token(self):
613 613 return self.get_feed_token()
614 614
615 615 def get_feed_token(self):
616 616 feed_tokens = UserApiKeys.query()\
617 617 .filter(UserApiKeys.user == self)\
618 618 .filter(UserApiKeys.role == UserApiKeys.ROLE_FEED)\
619 619 .all()
620 620 if feed_tokens:
621 621 return feed_tokens[0].api_key
622 622 return 'NO_FEED_TOKEN_AVAILABLE'
623 623
624 624 @classmethod
625 625 def extra_valid_auth_tokens(cls, user, role=None):
626 626 tokens = UserApiKeys.query().filter(UserApiKeys.user == user)\
627 627 .filter(or_(UserApiKeys.expires == -1,
628 628 UserApiKeys.expires >= time.time()))
629 629 if role:
630 630 tokens = tokens.filter(or_(UserApiKeys.role == role,
631 631 UserApiKeys.role == UserApiKeys.ROLE_ALL))
632 632 return tokens.all()
633 633
634 634 def authenticate_by_token(self, auth_token, roles=None, scope_repo_id=None):
635 635 from rhodecode.lib import auth
636 636
637 637 log.debug('Trying to authenticate user: %s via auth-token, '
638 638 'and roles: %s', self, roles)
639 639
640 640 if not auth_token:
641 641 return False
642 642
643 643 crypto_backend = auth.crypto_backend()
644 644
645 645 roles = (roles or []) + [UserApiKeys.ROLE_ALL]
646 646 tokens_q = UserApiKeys.query()\
647 647 .filter(UserApiKeys.user_id == self.user_id)\
648 648 .filter(or_(UserApiKeys.expires == -1,
649 649 UserApiKeys.expires >= time.time()))
650 650
651 651 tokens_q = tokens_q.filter(UserApiKeys.role.in_(roles))
652 652
653 653 plain_tokens = []
654 654 hash_tokens = []
655 655
656 656 for token in tokens_q.all():
657 657 # verify scope first
658 658 if token.repo_id:
659 659 # token has a scope, we need to verify it
660 660 if scope_repo_id != token.repo_id:
661 661 log.debug(
662 662 'Scope mismatch: token has a set repo scope: %s, '
663 663 'and calling scope is:%s, skipping further checks',
664 664 token.repo, scope_repo_id)
665 665 # token has a scope, and it doesn't match, skip token
666 666 continue
667 667
668 668 if token.api_key.startswith(crypto_backend.ENC_PREF):
669 669 hash_tokens.append(token.api_key)
670 670 else:
671 671 plain_tokens.append(token.api_key)
672 672
673 673 is_plain_match = auth_token in plain_tokens
674 674 if is_plain_match:
675 675 return True
676 676
677 677 for hashed in hash_tokens:
678 678 # TODO(marcink): this is expensive to calculate, but most secure
679 679 match = crypto_backend.hash_check(auth_token, hashed)
680 680 if match:
681 681 return True
682 682
683 683 return False
684 684
685 685 @property
686 686 def ip_addresses(self):
687 687 ret = UserIpMap.query().filter(UserIpMap.user == self).all()
688 688 return [x.ip_addr for x in ret]
689 689
690 690 @property
691 691 def username_and_name(self):
692 692 return '%s (%s %s)' % (self.username, self.firstname, self.lastname)
693 693
694 694 @property
695 695 def username_or_name_or_email(self):
696 696 full_name = self.full_name if self.full_name is not ' ' else None
697 697 return self.username or full_name or self.email
698 698
699 699 @property
700 700 def full_name(self):
701 701 return '%s %s' % (self.firstname, self.lastname)
702 702
703 703 @property
704 704 def full_name_or_username(self):
705 705 return ('%s %s' % (self.firstname, self.lastname)
706 706 if (self.firstname and self.lastname) else self.username)
707 707
708 708 @property
709 709 def full_contact(self):
710 710 return '%s %s <%s>' % (self.firstname, self.lastname, self.email)
711 711
712 712 @property
713 713 def short_contact(self):
714 714 return '%s %s' % (self.firstname, self.lastname)
715 715
716 716 @property
717 717 def is_admin(self):
718 718 return self.admin
719 719
720 720 @property
721 721 def AuthUser(self):
722 722 """
723 723 Returns instance of AuthUser for this user
724 724 """
725 725 from rhodecode.lib.auth import AuthUser
726 726 return AuthUser(user_id=self.user_id, username=self.username)
727 727
728 728 @hybrid_property
729 729 def user_data(self):
730 730 if not self._user_data:
731 731 return {}
732 732
733 733 try:
734 734 return json.loads(self._user_data)
735 735 except TypeError:
736 736 return {}
737 737
738 738 @user_data.setter
739 739 def user_data(self, val):
740 740 if not isinstance(val, dict):
741 741 raise Exception('user_data must be dict, got %s' % type(val))
742 742 try:
743 743 self._user_data = json.dumps(val)
744 744 except Exception:
745 745 log.error(traceback.format_exc())
746 746
747 747 @classmethod
748 748 def get_by_username(cls, username, case_insensitive=False,
749 749 cache=False, identity_cache=False):
750 750 session = Session()
751 751
752 752 if case_insensitive:
753 753 q = cls.query().filter(
754 754 func.lower(cls.username) == func.lower(username))
755 755 else:
756 756 q = cls.query().filter(cls.username == username)
757 757
758 758 if cache:
759 759 if identity_cache:
760 760 val = cls.identity_cache(session, 'username', username)
761 761 if val:
762 762 return val
763 763 else:
764 764 q = q.options(
765 765 FromCache("sql_cache_short",
766 766 "get_user_by_name_%s" % _hash_key(username)))
767 767
768 768 return q.scalar()
769 769
770 770 @classmethod
771 771 def get_by_auth_token(cls, auth_token, cache=False):
772 772 q = UserApiKeys.query()\
773 773 .filter(UserApiKeys.api_key == auth_token)\
774 774 .filter(or_(UserApiKeys.expires == -1,
775 775 UserApiKeys.expires >= time.time()))
776 776 if cache:
777 777 q = q.options(FromCache("sql_cache_short",
778 778 "get_auth_token_%s" % auth_token))
779 779
780 780 match = q.first()
781 781 if match:
782 782 return match.user
783 783
784 784 @classmethod
785 785 def get_by_email(cls, email, case_insensitive=False, cache=False):
786 786
787 787 if case_insensitive:
788 788 q = cls.query().filter(func.lower(cls.email) == func.lower(email))
789 789
790 790 else:
791 791 q = cls.query().filter(cls.email == email)
792 792
793 793 if cache:
794 794 q = q.options(FromCache("sql_cache_short",
795 795 "get_email_key_%s" % _hash_key(email)))
796 796
797 797 ret = q.scalar()
798 798 if ret is None:
799 799 q = UserEmailMap.query()
800 800 # try fetching in alternate email map
801 801 if case_insensitive:
802 802 q = q.filter(func.lower(UserEmailMap.email) == func.lower(email))
803 803 else:
804 804 q = q.filter(UserEmailMap.email == email)
805 805 q = q.options(joinedload(UserEmailMap.user))
806 806 if cache:
807 807 q = q.options(FromCache("sql_cache_short",
808 808 "get_email_map_key_%s" % email))
809 809 ret = getattr(q.scalar(), 'user', None)
810 810
811 811 return ret
812 812
813 813 @classmethod
814 814 def get_from_cs_author(cls, author):
815 815 """
816 816 Tries to get User objects out of commit author string
817 817
818 818 :param author:
819 819 """
820 820 from rhodecode.lib.helpers import email, author_name
821 821 # Valid email in the attribute passed, see if they're in the system
822 822 _email = email(author)
823 823 if _email:
824 824 user = cls.get_by_email(_email, case_insensitive=True)
825 825 if user:
826 826 return user
827 827 # Maybe we can match by username?
828 828 _author = author_name(author)
829 829 user = cls.get_by_username(_author, case_insensitive=True)
830 830 if user:
831 831 return user
832 832
833 833 def update_userdata(self, **kwargs):
834 834 usr = self
835 835 old = usr.user_data
836 836 old.update(**kwargs)
837 837 usr.user_data = old
838 838 Session().add(usr)
839 839 log.debug('updated userdata with ', kwargs)
840 840
841 841 def update_lastlogin(self):
842 842 """Update user lastlogin"""
843 843 self.last_login = datetime.datetime.now()
844 844 Session().add(self)
845 845 log.debug('updated user %s lastlogin', self.username)
846 846
847 847 def update_lastactivity(self):
848 848 """Update user lastactivity"""
849 849 self.last_activity = datetime.datetime.now()
850 850 Session().add(self)
851 851 log.debug('updated user %s lastactivity', self.username)
852 852
853 853 def update_password(self, new_password):
854 854 from rhodecode.lib.auth import get_crypt_password
855 855
856 856 self.password = get_crypt_password(new_password)
857 857 Session().add(self)
858 858
859 859 @classmethod
860 860 def get_first_super_admin(cls):
861 861 user = User.query().filter(User.admin == true()).first()
862 862 if user is None:
863 863 raise Exception('FATAL: Missing administrative account!')
864 864 return user
865 865
866 866 @classmethod
867 867 def get_all_super_admins(cls):
868 868 """
869 869 Returns all admin accounts sorted by username
870 870 """
871 871 return User.query().filter(User.admin == true())\
872 872 .order_by(User.username.asc()).all()
873 873
874 874 @classmethod
875 875 def get_default_user(cls, cache=False):
876 876 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
877 877 if user is None:
878 878 raise Exception('FATAL: Missing default account!')
879 879 return user
880 880
881 881 def _get_default_perms(self, user, suffix=''):
882 882 from rhodecode.model.permission import PermissionModel
883 883 return PermissionModel().get_default_perms(user.user_perms, suffix)
884 884
885 885 def get_default_perms(self, suffix=''):
886 886 return self._get_default_perms(self, suffix)
887 887
888 888 def get_api_data(self, include_secrets=False, details='full'):
889 889 """
890 890 Common function for generating user related data for API
891 891
892 892 :param include_secrets: By default secrets in the API data will be replaced
893 893 by a placeholder value to prevent exposing this data by accident. In case
894 894 this data shall be exposed, set this flag to ``True``.
895 895
896 896 :param details: details can be 'basic|full' basic gives only a subset of
897 897 the available user information that includes user_id, name and emails.
898 898 """
899 899 user = self
900 900 user_data = self.user_data
901 901 data = {
902 902 'user_id': user.user_id,
903 903 'username': user.username,
904 904 'firstname': user.name,
905 905 'lastname': user.lastname,
906 906 'email': user.email,
907 907 'emails': user.emails,
908 908 }
909 909 if details == 'basic':
910 910 return data
911 911
912 912 api_key_length = 40
913 913 api_key_replacement = '*' * api_key_length
914 914
915 915 extras = {
916 916 'api_keys': [api_key_replacement],
917 917 'auth_tokens': [api_key_replacement],
918 918 'active': user.active,
919 919 'admin': user.admin,
920 920 'extern_type': user.extern_type,
921 921 'extern_name': user.extern_name,
922 922 'last_login': user.last_login,
923 923 'last_activity': user.last_activity,
924 924 'ip_addresses': user.ip_addresses,
925 925 'language': user_data.get('language')
926 926 }
927 927 data.update(extras)
928 928
929 929 if include_secrets:
930 930 data['api_keys'] = user.auth_tokens
931 931 data['auth_tokens'] = user.extra_auth_tokens
932 932 return data
933 933
934 934 def __json__(self):
935 935 data = {
936 936 'full_name': self.full_name,
937 937 'full_name_or_username': self.full_name_or_username,
938 938 'short_contact': self.short_contact,
939 939 'full_contact': self.full_contact,
940 940 }
941 941 data.update(self.get_api_data())
942 942 return data
943 943
944 944
945 945 class UserApiKeys(Base, BaseModel):
946 946 __tablename__ = 'user_api_keys'
947 947 __table_args__ = (
948 948 Index('uak_api_key_idx', 'api_key'),
949 949 Index('uak_api_key_expires_idx', 'api_key', 'expires'),
950 950 UniqueConstraint('api_key'),
951 951 {'extend_existing': True, 'mysql_engine': 'InnoDB',
952 952 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
953 953 )
954 954 __mapper_args__ = {}
955 955
956 956 # ApiKey role
957 957 ROLE_ALL = 'token_role_all'
958 958 ROLE_HTTP = 'token_role_http'
959 959 ROLE_VCS = 'token_role_vcs'
960 960 ROLE_API = 'token_role_api'
961 961 ROLE_FEED = 'token_role_feed'
962 962 ROLE_PASSWORD_RESET = 'token_password_reset'
963 963
964 964 ROLES = [ROLE_ALL, ROLE_HTTP, ROLE_VCS, ROLE_API, ROLE_FEED]
965 965
966 966 user_api_key_id = Column("user_api_key_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
967 967 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
968 968 api_key = Column("api_key", String(255), nullable=False, unique=True)
969 969 description = Column('description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
970 970 expires = Column('expires', Float(53), nullable=False)
971 971 role = Column('role', String(255), nullable=True)
972 972 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
973 973
974 974 # scope columns
975 975 repo_id = Column(
976 976 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
977 977 nullable=True, unique=None, default=None)
978 978 repo = relationship('Repository', lazy='joined')
979 979
980 980 repo_group_id = Column(
981 981 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
982 982 nullable=True, unique=None, default=None)
983 983 repo_group = relationship('RepoGroup', lazy='joined')
984 984
985 985 user = relationship('User', lazy='joined')
986 986
987 987 def __unicode__(self):
988 988 return u"<%s('%s')>" % (self.__class__.__name__, self.role)
989 989
990 990 def __json__(self):
991 991 data = {
992 992 'auth_token': self.api_key,
993 993 'role': self.role,
994 994 'scope': self.scope_humanized,
995 995 'expired': self.expired
996 996 }
997 997 return data
998 998
999 999 @property
1000 1000 def expired(self):
1001 1001 if self.expires == -1:
1002 1002 return False
1003 1003 return time.time() > self.expires
1004 1004
1005 1005 @classmethod
1006 1006 def _get_role_name(cls, role):
1007 1007 return {
1008 1008 cls.ROLE_ALL: _('all'),
1009 1009 cls.ROLE_HTTP: _('http/web interface'),
1010 1010 cls.ROLE_VCS: _('vcs (git/hg/svn protocol)'),
1011 1011 cls.ROLE_API: _('api calls'),
1012 1012 cls.ROLE_FEED: _('feed access'),
1013 1013 }.get(role, role)
1014 1014
1015 1015 @property
1016 1016 def role_humanized(self):
1017 1017 return self._get_role_name(self.role)
1018 1018
1019 1019 def _get_scope(self):
1020 1020 if self.repo:
1021 1021 return repr(self.repo)
1022 1022 if self.repo_group:
1023 1023 return repr(self.repo_group) + ' (recursive)'
1024 1024 return 'global'
1025 1025
1026 1026 @property
1027 1027 def scope_humanized(self):
1028 1028 return self._get_scope()
1029 1029
1030 1030
1031 1031 class UserEmailMap(Base, BaseModel):
1032 1032 __tablename__ = 'user_email_map'
1033 1033 __table_args__ = (
1034 1034 Index('uem_email_idx', 'email'),
1035 1035 UniqueConstraint('email'),
1036 1036 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1037 1037 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1038 1038 )
1039 1039 __mapper_args__ = {}
1040 1040
1041 1041 email_id = Column("email_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1042 1042 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1043 1043 _email = Column("email", String(255), nullable=True, unique=False, default=None)
1044 1044 user = relationship('User', lazy='joined')
1045 1045
1046 1046 @validates('_email')
1047 1047 def validate_email(self, key, email):
1048 1048 # check if this email is not main one
1049 1049 main_email = Session().query(User).filter(User.email == email).scalar()
1050 1050 if main_email is not None:
1051 1051 raise AttributeError('email %s is present is user table' % email)
1052 1052 return email
1053 1053
1054 1054 @hybrid_property
1055 1055 def email(self):
1056 1056 return self._email
1057 1057
1058 1058 @email.setter
1059 1059 def email(self, val):
1060 1060 self._email = val.lower() if val else None
1061 1061
1062 1062
1063 1063 class UserIpMap(Base, BaseModel):
1064 1064 __tablename__ = 'user_ip_map'
1065 1065 __table_args__ = (
1066 1066 UniqueConstraint('user_id', 'ip_addr'),
1067 1067 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1068 1068 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
1069 1069 )
1070 1070 __mapper_args__ = {}
1071 1071
1072 1072 ip_id = Column("ip_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1073 1073 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1074 1074 ip_addr = Column("ip_addr", String(255), nullable=True, unique=False, default=None)
1075 1075 active = Column("active", Boolean(), nullable=True, unique=None, default=True)
1076 1076 description = Column("description", String(10000), nullable=True, unique=None, default=None)
1077 1077 user = relationship('User', lazy='joined')
1078 1078
1079 1079 @classmethod
1080 1080 def _get_ip_range(cls, ip_addr):
1081 1081 net = ipaddress.ip_network(ip_addr, strict=False)
1082 1082 return [str(net.network_address), str(net.broadcast_address)]
1083 1083
1084 1084 def __json__(self):
1085 1085 return {
1086 1086 'ip_addr': self.ip_addr,
1087 1087 'ip_range': self._get_ip_range(self.ip_addr),
1088 1088 }
1089 1089
1090 1090 def __unicode__(self):
1091 1091 return u"<%s('user_id:%s=>%s')>" % (self.__class__.__name__,
1092 1092 self.user_id, self.ip_addr)
1093 1093
1094 1094
1095 1095 class UserLog(Base, BaseModel):
1096 1096 __tablename__ = 'user_logs'
1097 1097 __table_args__ = (
1098 1098 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1099 1099 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1100 1100 )
1101 1101 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1102 1102 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
1103 1103 username = Column("username", String(255), nullable=True, unique=None, default=None)
1104 1104 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True)
1105 1105 repository_name = Column("repository_name", String(255), nullable=True, unique=None, default=None)
1106 1106 user_ip = Column("user_ip", String(255), nullable=True, unique=None, default=None)
1107 1107 action = Column("action", Text().with_variant(Text(1200000), 'mysql'), nullable=True, unique=None, default=None)
1108 1108 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
1109 1109
1110 1110 version = Column("version", String(255), nullable=True, default='v1')
1111 1111 user_data = Column('user_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
1112 1112 action_data = Column('action_data_json', MutationObj.as_mutable(JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
1113 1113
1114 1114 def __unicode__(self):
1115 1115 return u"<%s('id:%s:%s')>" % (
1116 1116 self.__class__.__name__, self.repository_name, self.action)
1117 1117
1118 1118 def __json__(self):
1119 1119 return {
1120 1120 'user_id': self.user_id,
1121 1121 'username': self.username,
1122 1122 'repository_id': self.repository_id,
1123 1123 'repository_name': self.repository_name,
1124 1124 'user_ip': self.user_ip,
1125 1125 'action_date': self.action_date,
1126 1126 'action': self.action,
1127 1127 }
1128 1128
1129 1129 @property
1130 1130 def action_as_day(self):
1131 1131 return datetime.date(*self.action_date.timetuple()[:3])
1132 1132
1133 1133 user = relationship('User')
1134 1134 repository = relationship('Repository', cascade='')
1135 1135
1136 1136
1137 1137 class UserGroup(Base, BaseModel):
1138 1138 __tablename__ = 'users_groups'
1139 1139 __table_args__ = (
1140 1140 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1141 1141 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1142 1142 )
1143 1143
1144 1144 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1145 1145 users_group_name = Column("users_group_name", String(255), nullable=False, unique=True, default=None)
1146 1146 user_group_description = Column("user_group_description", String(10000), nullable=True, unique=None, default=None)
1147 1147 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
1148 1148 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
1149 1149 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
1150 1150 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1151 1151 _group_data = Column("group_data", LargeBinary(), nullable=True) # JSON data
1152 1152
1153 1153 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
1154 1154 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
1155 1155 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1156 1156 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
1157 1157 user_user_group_to_perm = relationship('UserUserGroupToPerm', cascade='all')
1158 1158 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
1159 1159
1160 1160 user = relationship('User')
1161 1161
1162 1162 @hybrid_property
1163 1163 def group_data(self):
1164 1164 if not self._group_data:
1165 1165 return {}
1166 1166
1167 1167 try:
1168 1168 return json.loads(self._group_data)
1169 1169 except TypeError:
1170 1170 return {}
1171 1171
1172 1172 @group_data.setter
1173 1173 def group_data(self, val):
1174 1174 try:
1175 1175 self._group_data = json.dumps(val)
1176 1176 except Exception:
1177 1177 log.error(traceback.format_exc())
1178 1178
1179 1179 def __unicode__(self):
1180 1180 return u"<%s('id:%s:%s')>" % (self.__class__.__name__,
1181 1181 self.users_group_id,
1182 1182 self.users_group_name)
1183 1183
1184 1184 @classmethod
1185 1185 def get_by_group_name(cls, group_name, cache=False,
1186 1186 case_insensitive=False):
1187 1187 if case_insensitive:
1188 1188 q = cls.query().filter(func.lower(cls.users_group_name) ==
1189 1189 func.lower(group_name))
1190 1190
1191 1191 else:
1192 1192 q = cls.query().filter(cls.users_group_name == group_name)
1193 1193 if cache:
1194 1194 q = q.options(FromCache(
1195 1195 "sql_cache_short",
1196 1196 "get_group_%s" % _hash_key(group_name)))
1197 1197 return q.scalar()
1198 1198
1199 1199 @classmethod
1200 1200 def get(cls, user_group_id, cache=False):
1201 1201 user_group = cls.query()
1202 1202 if cache:
1203 1203 user_group = user_group.options(FromCache("sql_cache_short",
1204 1204 "get_users_group_%s" % user_group_id))
1205 1205 return user_group.get(user_group_id)
1206 1206
1207 1207 def permissions(self, with_admins=True, with_owner=True):
1208 1208 q = UserUserGroupToPerm.query().filter(UserUserGroupToPerm.user_group == self)
1209 1209 q = q.options(joinedload(UserUserGroupToPerm.user_group),
1210 1210 joinedload(UserUserGroupToPerm.user),
1211 1211 joinedload(UserUserGroupToPerm.permission),)
1212 1212
1213 1213 # get owners and admins and permissions. We do a trick of re-writing
1214 1214 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1215 1215 # has a global reference and changing one object propagates to all
1216 1216 # others. This means if admin is also an owner admin_row that change
1217 1217 # would propagate to both objects
1218 1218 perm_rows = []
1219 1219 for _usr in q.all():
1220 1220 usr = AttributeDict(_usr.user.get_dict())
1221 1221 usr.permission = _usr.permission.permission_name
1222 1222 perm_rows.append(usr)
1223 1223
1224 1224 # filter the perm rows by 'default' first and then sort them by
1225 1225 # admin,write,read,none permissions sorted again alphabetically in
1226 1226 # each group
1227 1227 perm_rows = sorted(perm_rows, key=display_sort)
1228 1228
1229 1229 _admin_perm = 'usergroup.admin'
1230 1230 owner_row = []
1231 1231 if with_owner:
1232 1232 usr = AttributeDict(self.user.get_dict())
1233 1233 usr.owner_row = True
1234 1234 usr.permission = _admin_perm
1235 1235 owner_row.append(usr)
1236 1236
1237 1237 super_admin_rows = []
1238 1238 if with_admins:
1239 1239 for usr in User.get_all_super_admins():
1240 1240 # if this admin is also owner, don't double the record
1241 1241 if usr.user_id == owner_row[0].user_id:
1242 1242 owner_row[0].admin_row = True
1243 1243 else:
1244 1244 usr = AttributeDict(usr.get_dict())
1245 1245 usr.admin_row = True
1246 1246 usr.permission = _admin_perm
1247 1247 super_admin_rows.append(usr)
1248 1248
1249 1249 return super_admin_rows + owner_row + perm_rows
1250 1250
1251 1251 def permission_user_groups(self):
1252 1252 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1253 1253 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1254 1254 joinedload(UserGroupUserGroupToPerm.target_user_group),
1255 1255 joinedload(UserGroupUserGroupToPerm.permission),)
1256 1256
1257 1257 perm_rows = []
1258 1258 for _user_group in q.all():
1259 1259 usr = AttributeDict(_user_group.user_group.get_dict())
1260 1260 usr.permission = _user_group.permission.permission_name
1261 1261 perm_rows.append(usr)
1262 1262
1263 1263 return perm_rows
1264 1264
1265 1265 def _get_default_perms(self, user_group, suffix=''):
1266 1266 from rhodecode.model.permission import PermissionModel
1267 1267 return PermissionModel().get_default_perms(user_group.users_group_to_perm, suffix)
1268 1268
1269 1269 def get_default_perms(self, suffix=''):
1270 1270 return self._get_default_perms(self, suffix)
1271 1271
1272 1272 def get_api_data(self, with_group_members=True, include_secrets=False):
1273 1273 """
1274 1274 :param include_secrets: See :meth:`User.get_api_data`, this parameter is
1275 1275 basically forwarded.
1276 1276
1277 1277 """
1278 1278 user_group = self
1279 1279 data = {
1280 1280 'users_group_id': user_group.users_group_id,
1281 1281 'group_name': user_group.users_group_name,
1282 1282 'group_description': user_group.user_group_description,
1283 1283 'active': user_group.users_group_active,
1284 1284 'owner': user_group.user.username,
1285 1285 'owner_email': user_group.user.email,
1286 1286 }
1287 1287
1288 1288 if with_group_members:
1289 1289 users = []
1290 1290 for user in user_group.members:
1291 1291 user = user.user
1292 1292 users.append(user.get_api_data(include_secrets=include_secrets))
1293 1293 data['users'] = users
1294 1294
1295 1295 return data
1296 1296
1297 1297
1298 1298 class UserGroupMember(Base, BaseModel):
1299 1299 __tablename__ = 'users_groups_members'
1300 1300 __table_args__ = (
1301 1301 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1302 1302 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1303 1303 )
1304 1304
1305 1305 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1306 1306 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1307 1307 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
1308 1308
1309 1309 user = relationship('User', lazy='joined')
1310 1310 users_group = relationship('UserGroup')
1311 1311
1312 1312 def __init__(self, gr_id='', u_id=''):
1313 1313 self.users_group_id = gr_id
1314 1314 self.user_id = u_id
1315 1315
1316 1316
1317 1317 class RepositoryField(Base, BaseModel):
1318 1318 __tablename__ = 'repositories_fields'
1319 1319 __table_args__ = (
1320 1320 UniqueConstraint('repository_id', 'field_key'), # no-multi field
1321 1321 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1322 1322 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1323 1323 )
1324 1324 PREFIX = 'ex_' # prefix used in form to not conflict with already existing fields
1325 1325
1326 1326 repo_field_id = Column("repo_field_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1327 1327 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
1328 1328 field_key = Column("field_key", String(250))
1329 1329 field_label = Column("field_label", String(1024), nullable=False)
1330 1330 field_value = Column("field_value", String(10000), nullable=False)
1331 1331 field_desc = Column("field_desc", String(1024), nullable=False)
1332 1332 field_type = Column("field_type", String(255), nullable=False, unique=None)
1333 1333 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
1334 1334
1335 1335 repository = relationship('Repository')
1336 1336
1337 1337 @property
1338 1338 def field_key_prefixed(self):
1339 1339 return 'ex_%s' % self.field_key
1340 1340
1341 1341 @classmethod
1342 1342 def un_prefix_key(cls, key):
1343 1343 if key.startswith(cls.PREFIX):
1344 1344 return key[len(cls.PREFIX):]
1345 1345 return key
1346 1346
1347 1347 @classmethod
1348 1348 def get_by_key_name(cls, key, repo):
1349 1349 row = cls.query()\
1350 1350 .filter(cls.repository == repo)\
1351 1351 .filter(cls.field_key == key).scalar()
1352 1352 return row
1353 1353
1354 1354
1355 1355 class Repository(Base, BaseModel):
1356 1356 __tablename__ = 'repositories'
1357 1357 __table_args__ = (
1358 1358 Index('r_repo_name_idx', 'repo_name', mysql_length=255),
1359 1359 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1360 1360 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
1361 1361 )
1362 1362 DEFAULT_CLONE_URI = '{scheme}://{user}@{netloc}/{repo}'
1363 1363 DEFAULT_CLONE_URI_ID = '{scheme}://{user}@{netloc}/_{repoid}'
1364 1364
1365 1365 STATE_CREATED = 'repo_state_created'
1366 1366 STATE_PENDING = 'repo_state_pending'
1367 1367 STATE_ERROR = 'repo_state_error'
1368 1368
1369 1369 LOCK_AUTOMATIC = 'lock_auto'
1370 1370 LOCK_API = 'lock_api'
1371 1371 LOCK_WEB = 'lock_web'
1372 1372 LOCK_PULL = 'lock_pull'
1373 1373
1374 1374 NAME_SEP = URL_SEP
1375 1375
1376 1376 repo_id = Column(
1377 1377 "repo_id", Integer(), nullable=False, unique=True, default=None,
1378 1378 primary_key=True)
1379 1379 _repo_name = Column(
1380 1380 "repo_name", Text(), nullable=False, default=None)
1381 1381 _repo_name_hash = Column(
1382 1382 "repo_name_hash", String(255), nullable=False, unique=True)
1383 1383 repo_state = Column("repo_state", String(255), nullable=True)
1384 1384
1385 1385 clone_uri = Column(
1386 1386 "clone_uri", EncryptedTextValue(), nullable=True, unique=False,
1387 1387 default=None)
1388 1388 repo_type = Column(
1389 1389 "repo_type", String(255), nullable=False, unique=False, default=None)
1390 1390 user_id = Column(
1391 1391 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
1392 1392 unique=False, default=None)
1393 1393 private = Column(
1394 1394 "private", Boolean(), nullable=True, unique=None, default=None)
1395 1395 enable_statistics = Column(
1396 1396 "statistics", Boolean(), nullable=True, unique=None, default=True)
1397 1397 enable_downloads = Column(
1398 1398 "downloads", Boolean(), nullable=True, unique=None, default=True)
1399 1399 description = Column(
1400 1400 "description", String(10000), nullable=True, unique=None, default=None)
1401 1401 created_on = Column(
1402 1402 'created_on', DateTime(timezone=False), nullable=True, unique=None,
1403 1403 default=datetime.datetime.now)
1404 1404 updated_on = Column(
1405 1405 'updated_on', DateTime(timezone=False), nullable=True, unique=None,
1406 1406 default=datetime.datetime.now)
1407 1407 _landing_revision = Column(
1408 1408 "landing_revision", String(255), nullable=False, unique=False,
1409 1409 default=None)
1410 1410 enable_locking = Column(
1411 1411 "enable_locking", Boolean(), nullable=False, unique=None,
1412 1412 default=False)
1413 1413 _locked = Column(
1414 1414 "locked", String(255), nullable=True, unique=False, default=None)
1415 1415 _changeset_cache = Column(
1416 1416 "changeset_cache", LargeBinary(), nullable=True) # JSON data
1417 1417
1418 1418 fork_id = Column(
1419 1419 "fork_id", Integer(), ForeignKey('repositories.repo_id'),
1420 1420 nullable=True, unique=False, default=None)
1421 1421 group_id = Column(
1422 1422 "group_id", Integer(), ForeignKey('groups.group_id'), nullable=True,
1423 1423 unique=False, default=None)
1424 1424
1425 1425 user = relationship('User', lazy='joined')
1426 1426 fork = relationship('Repository', remote_side=repo_id, lazy='joined')
1427 1427 group = relationship('RepoGroup', lazy='joined')
1428 1428 repo_to_perm = relationship(
1429 1429 'UserRepoToPerm', cascade='all',
1430 1430 order_by='UserRepoToPerm.repo_to_perm_id')
1431 1431 users_group_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
1432 1432 stats = relationship('Statistics', cascade='all', uselist=False)
1433 1433
1434 1434 followers = relationship(
1435 1435 'UserFollowing',
1436 1436 primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id',
1437 1437 cascade='all')
1438 1438 extra_fields = relationship(
1439 1439 'RepositoryField', cascade="all, delete, delete-orphan")
1440 1440 logs = relationship('UserLog')
1441 1441 comments = relationship(
1442 1442 'ChangesetComment', cascade="all, delete, delete-orphan")
1443 1443 pull_requests_source = relationship(
1444 1444 'PullRequest',
1445 1445 primaryjoin='PullRequest.source_repo_id==Repository.repo_id',
1446 1446 cascade="all, delete, delete-orphan")
1447 1447 pull_requests_target = relationship(
1448 1448 'PullRequest',
1449 1449 primaryjoin='PullRequest.target_repo_id==Repository.repo_id',
1450 1450 cascade="all, delete, delete-orphan")
1451 1451 ui = relationship('RepoRhodeCodeUi', cascade="all")
1452 1452 settings = relationship('RepoRhodeCodeSetting', cascade="all")
1453 1453 integrations = relationship('Integration',
1454 1454 cascade="all, delete, delete-orphan")
1455 1455
1456 1456 def __unicode__(self):
1457 1457 return u"<%s('%s:%s')>" % (self.__class__.__name__, self.repo_id,
1458 1458 safe_unicode(self.repo_name))
1459 1459
1460 1460 @hybrid_property
1461 1461 def landing_rev(self):
1462 1462 # always should return [rev_type, rev]
1463 1463 if self._landing_revision:
1464 1464 _rev_info = self._landing_revision.split(':')
1465 1465 if len(_rev_info) < 2:
1466 1466 _rev_info.insert(0, 'rev')
1467 1467 return [_rev_info[0], _rev_info[1]]
1468 1468 return [None, None]
1469 1469
1470 1470 @landing_rev.setter
1471 1471 def landing_rev(self, val):
1472 1472 if ':' not in val:
1473 1473 raise ValueError('value must be delimited with `:` and consist '
1474 1474 'of <rev_type>:<rev>, got %s instead' % val)
1475 1475 self._landing_revision = val
1476 1476
1477 1477 @hybrid_property
1478 1478 def locked(self):
1479 1479 if self._locked:
1480 1480 user_id, timelocked, reason = self._locked.split(':')
1481 1481 lock_values = int(user_id), timelocked, reason
1482 1482 else:
1483 1483 lock_values = [None, None, None]
1484 1484 return lock_values
1485 1485
1486 1486 @locked.setter
1487 1487 def locked(self, val):
1488 1488 if val and isinstance(val, (list, tuple)):
1489 1489 self._locked = ':'.join(map(str, val))
1490 1490 else:
1491 1491 self._locked = None
1492 1492
1493 1493 @hybrid_property
1494 1494 def changeset_cache(self):
1495 1495 from rhodecode.lib.vcs.backends.base import EmptyCommit
1496 1496 dummy = EmptyCommit().__json__()
1497 1497 if not self._changeset_cache:
1498 1498 return dummy
1499 1499 try:
1500 1500 return json.loads(self._changeset_cache)
1501 1501 except TypeError:
1502 1502 return dummy
1503 1503 except Exception:
1504 1504 log.error(traceback.format_exc())
1505 1505 return dummy
1506 1506
1507 1507 @changeset_cache.setter
1508 1508 def changeset_cache(self, val):
1509 1509 try:
1510 1510 self._changeset_cache = json.dumps(val)
1511 1511 except Exception:
1512 1512 log.error(traceback.format_exc())
1513 1513
1514 1514 @hybrid_property
1515 1515 def repo_name(self):
1516 1516 return self._repo_name
1517 1517
1518 1518 @repo_name.setter
1519 1519 def repo_name(self, value):
1520 1520 self._repo_name = value
1521 1521 self._repo_name_hash = hashlib.sha1(safe_str(value)).hexdigest()
1522 1522
1523 1523 @classmethod
1524 1524 def normalize_repo_name(cls, repo_name):
1525 1525 """
1526 1526 Normalizes os specific repo_name to the format internally stored inside
1527 1527 database using URL_SEP
1528 1528
1529 1529 :param cls:
1530 1530 :param repo_name:
1531 1531 """
1532 1532 return cls.NAME_SEP.join(repo_name.split(os.sep))
1533 1533
1534 1534 @classmethod
1535 1535 def get_by_repo_name(cls, repo_name, cache=False, identity_cache=False):
1536 1536 session = Session()
1537 1537 q = session.query(cls).filter(cls.repo_name == repo_name)
1538 1538
1539 1539 if cache:
1540 1540 if identity_cache:
1541 1541 val = cls.identity_cache(session, 'repo_name', repo_name)
1542 1542 if val:
1543 1543 return val
1544 1544 else:
1545 1545 q = q.options(
1546 1546 FromCache("sql_cache_short",
1547 1547 "get_repo_by_name_%s" % _hash_key(repo_name)))
1548 1548
1549 1549 return q.scalar()
1550 1550
1551 1551 @classmethod
1552 1552 def get_by_full_path(cls, repo_full_path):
1553 1553 repo_name = repo_full_path.split(cls.base_path(), 1)[-1]
1554 1554 repo_name = cls.normalize_repo_name(repo_name)
1555 1555 return cls.get_by_repo_name(repo_name.strip(URL_SEP))
1556 1556
1557 1557 @classmethod
1558 1558 def get_repo_forks(cls, repo_id):
1559 1559 return cls.query().filter(Repository.fork_id == repo_id)
1560 1560
1561 1561 @classmethod
1562 1562 def base_path(cls):
1563 1563 """
1564 1564 Returns base path when all repos are stored
1565 1565
1566 1566 :param cls:
1567 1567 """
1568 1568 q = Session().query(RhodeCodeUi)\
1569 1569 .filter(RhodeCodeUi.ui_key == cls.NAME_SEP)
1570 1570 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1571 1571 return q.one().ui_value
1572 1572
1573 1573 @classmethod
1574 1574 def is_valid(cls, repo_name):
1575 1575 """
1576 1576 returns True if given repo name is a valid filesystem repository
1577 1577
1578 1578 :param cls:
1579 1579 :param repo_name:
1580 1580 """
1581 1581 from rhodecode.lib.utils import is_valid_repo
1582 1582
1583 1583 return is_valid_repo(repo_name, cls.base_path())
1584 1584
1585 1585 @classmethod
1586 1586 def get_all_repos(cls, user_id=Optional(None), group_id=Optional(None),
1587 1587 case_insensitive=True):
1588 1588 q = Repository.query()
1589 1589
1590 1590 if not isinstance(user_id, Optional):
1591 1591 q = q.filter(Repository.user_id == user_id)
1592 1592
1593 1593 if not isinstance(group_id, Optional):
1594 1594 q = q.filter(Repository.group_id == group_id)
1595 1595
1596 1596 if case_insensitive:
1597 1597 q = q.order_by(func.lower(Repository.repo_name))
1598 1598 else:
1599 1599 q = q.order_by(Repository.repo_name)
1600 1600 return q.all()
1601 1601
1602 1602 @property
1603 1603 def forks(self):
1604 1604 """
1605 1605 Return forks of this repo
1606 1606 """
1607 1607 return Repository.get_repo_forks(self.repo_id)
1608 1608
1609 1609 @property
1610 1610 def parent(self):
1611 1611 """
1612 1612 Returns fork parent
1613 1613 """
1614 1614 return self.fork
1615 1615
1616 1616 @property
1617 1617 def just_name(self):
1618 1618 return self.repo_name.split(self.NAME_SEP)[-1]
1619 1619
1620 1620 @property
1621 1621 def groups_with_parents(self):
1622 1622 groups = []
1623 1623 if self.group is None:
1624 1624 return groups
1625 1625
1626 1626 cur_gr = self.group
1627 1627 groups.insert(0, cur_gr)
1628 1628 while 1:
1629 1629 gr = getattr(cur_gr, 'parent_group', None)
1630 1630 cur_gr = cur_gr.parent_group
1631 1631 if gr is None:
1632 1632 break
1633 1633 groups.insert(0, gr)
1634 1634
1635 1635 return groups
1636 1636
1637 1637 @property
1638 1638 def groups_and_repo(self):
1639 1639 return self.groups_with_parents, self
1640 1640
1641 1641 @LazyProperty
1642 1642 def repo_path(self):
1643 1643 """
1644 1644 Returns base full path for that repository means where it actually
1645 1645 exists on a filesystem
1646 1646 """
1647 1647 q = Session().query(RhodeCodeUi).filter(
1648 1648 RhodeCodeUi.ui_key == self.NAME_SEP)
1649 1649 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
1650 1650 return q.one().ui_value
1651 1651
1652 1652 @property
1653 1653 def repo_full_path(self):
1654 1654 p = [self.repo_path]
1655 1655 # we need to split the name by / since this is how we store the
1656 1656 # names in the database, but that eventually needs to be converted
1657 1657 # into a valid system path
1658 1658 p += self.repo_name.split(self.NAME_SEP)
1659 1659 return os.path.join(*map(safe_unicode, p))
1660 1660
1661 1661 @property
1662 1662 def cache_keys(self):
1663 1663 """
1664 1664 Returns associated cache keys for that repo
1665 1665 """
1666 1666 return CacheKey.query()\
1667 1667 .filter(CacheKey.cache_args == self.repo_name)\
1668 1668 .order_by(CacheKey.cache_key)\
1669 1669 .all()
1670 1670
1671 1671 def get_new_name(self, repo_name):
1672 1672 """
1673 1673 returns new full repository name based on assigned group and new new
1674 1674
1675 1675 :param group_name:
1676 1676 """
1677 1677 path_prefix = self.group.full_path_splitted if self.group else []
1678 1678 return self.NAME_SEP.join(path_prefix + [repo_name])
1679 1679
1680 1680 @property
1681 1681 def _config(self):
1682 1682 """
1683 1683 Returns db based config object.
1684 1684 """
1685 1685 from rhodecode.lib.utils import make_db_config
1686 1686 return make_db_config(clear_session=False, repo=self)
1687 1687
1688 1688 def permissions(self, with_admins=True, with_owner=True):
1689 1689 q = UserRepoToPerm.query().filter(UserRepoToPerm.repository == self)
1690 1690 q = q.options(joinedload(UserRepoToPerm.repository),
1691 1691 joinedload(UserRepoToPerm.user),
1692 1692 joinedload(UserRepoToPerm.permission),)
1693 1693
1694 1694 # get owners and admins and permissions. We do a trick of re-writing
1695 1695 # objects from sqlalchemy to named-tuples due to sqlalchemy session
1696 1696 # has a global reference and changing one object propagates to all
1697 1697 # others. This means if admin is also an owner admin_row that change
1698 1698 # would propagate to both objects
1699 1699 perm_rows = []
1700 1700 for _usr in q.all():
1701 1701 usr = AttributeDict(_usr.user.get_dict())
1702 1702 usr.permission = _usr.permission.permission_name
1703 1703 perm_rows.append(usr)
1704 1704
1705 1705 # filter the perm rows by 'default' first and then sort them by
1706 1706 # admin,write,read,none permissions sorted again alphabetically in
1707 1707 # each group
1708 1708 perm_rows = sorted(perm_rows, key=display_sort)
1709 1709
1710 1710 _admin_perm = 'repository.admin'
1711 1711 owner_row = []
1712 1712 if with_owner:
1713 1713 usr = AttributeDict(self.user.get_dict())
1714 1714 usr.owner_row = True
1715 1715 usr.permission = _admin_perm
1716 1716 owner_row.append(usr)
1717 1717
1718 1718 super_admin_rows = []
1719 1719 if with_admins:
1720 1720 for usr in User.get_all_super_admins():
1721 1721 # if this admin is also owner, don't double the record
1722 1722 if usr.user_id == owner_row[0].user_id:
1723 1723 owner_row[0].admin_row = True
1724 1724 else:
1725 1725 usr = AttributeDict(usr.get_dict())
1726 1726 usr.admin_row = True
1727 1727 usr.permission = _admin_perm
1728 1728 super_admin_rows.append(usr)
1729 1729
1730 1730 return super_admin_rows + owner_row + perm_rows
1731 1731
1732 1732 def permission_user_groups(self):
1733 1733 q = UserGroupRepoToPerm.query().filter(
1734 1734 UserGroupRepoToPerm.repository == self)
1735 1735 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1736 1736 joinedload(UserGroupRepoToPerm.users_group),
1737 1737 joinedload(UserGroupRepoToPerm.permission),)
1738 1738
1739 1739 perm_rows = []
1740 1740 for _user_group in q.all():
1741 1741 usr = AttributeDict(_user_group.users_group.get_dict())
1742 1742 usr.permission = _user_group.permission.permission_name
1743 1743 perm_rows.append(usr)
1744 1744
1745 1745 return perm_rows
1746 1746
1747 1747 def get_api_data(self, include_secrets=False):
1748 1748 """
1749 1749 Common function for generating repo api data
1750 1750
1751 1751 :param include_secrets: See :meth:`User.get_api_data`.
1752 1752
1753 1753 """
1754 1754 # TODO: mikhail: Here there is an anti-pattern, we probably need to
1755 1755 # move this methods on models level.
1756 1756 from rhodecode.model.settings import SettingsModel
1757 1757
1758 1758 repo = self
1759 1759 _user_id, _time, _reason = self.locked
1760 1760
1761 1761 data = {
1762 1762 'repo_id': repo.repo_id,
1763 1763 'repo_name': repo.repo_name,
1764 1764 'repo_type': repo.repo_type,
1765 1765 'clone_uri': repo.clone_uri or '',
1766 1766 'url': url('summary_home', repo_name=self.repo_name, qualified=True),
1767 1767 'private': repo.private,
1768 1768 'created_on': repo.created_on,
1769 1769 'description': repo.description,
1770 1770 'landing_rev': repo.landing_rev,
1771 1771 'owner': repo.user.username,
1772 1772 'fork_of': repo.fork.repo_name if repo.fork else None,
1773 1773 'enable_statistics': repo.enable_statistics,
1774 1774 'enable_locking': repo.enable_locking,
1775 1775 'enable_downloads': repo.enable_downloads,
1776 1776 'last_changeset': repo.changeset_cache,
1777 1777 'locked_by': User.get(_user_id).get_api_data(
1778 1778 include_secrets=include_secrets) if _user_id else None,
1779 1779 'locked_date': time_to_datetime(_time) if _time else None,
1780 1780 'lock_reason': _reason if _reason else None,
1781 1781 }
1782 1782
1783 1783 # TODO: mikhail: should be per-repo settings here
1784 1784 rc_config = SettingsModel().get_all_settings()
1785 1785 repository_fields = str2bool(
1786 1786 rc_config.get('rhodecode_repository_fields'))
1787 1787 if repository_fields:
1788 1788 for f in self.extra_fields:
1789 1789 data[f.field_key_prefixed] = f.field_value
1790 1790
1791 1791 return data
1792 1792
1793 1793 @classmethod
1794 1794 def lock(cls, repo, user_id, lock_time=None, lock_reason=None):
1795 1795 if not lock_time:
1796 1796 lock_time = time.time()
1797 1797 if not lock_reason:
1798 1798 lock_reason = cls.LOCK_AUTOMATIC
1799 1799 repo.locked = [user_id, lock_time, lock_reason]
1800 1800 Session().add(repo)
1801 1801 Session().commit()
1802 1802
1803 1803 @classmethod
1804 1804 def unlock(cls, repo):
1805 1805 repo.locked = None
1806 1806 Session().add(repo)
1807 1807 Session().commit()
1808 1808
1809 1809 @classmethod
1810 1810 def getlock(cls, repo):
1811 1811 return repo.locked
1812 1812
1813 1813 def is_user_lock(self, user_id):
1814 1814 if self.lock[0]:
1815 1815 lock_user_id = safe_int(self.lock[0])
1816 1816 user_id = safe_int(user_id)
1817 1817 # both are ints, and they are equal
1818 1818 return all([lock_user_id, user_id]) and lock_user_id == user_id
1819 1819
1820 1820 return False
1821 1821
1822 1822 def get_locking_state(self, action, user_id, only_when_enabled=True):
1823 1823 """
1824 1824 Checks locking on this repository, if locking is enabled and lock is
1825 1825 present returns a tuple of make_lock, locked, locked_by.
1826 1826 make_lock can have 3 states None (do nothing) True, make lock
1827 1827 False release lock, This value is later propagated to hooks, which
1828 1828 do the locking. Think about this as signals passed to hooks what to do.
1829 1829
1830 1830 """
1831 1831 # TODO: johbo: This is part of the business logic and should be moved
1832 1832 # into the RepositoryModel.
1833 1833
1834 1834 if action not in ('push', 'pull'):
1835 1835 raise ValueError("Invalid action value: %s" % repr(action))
1836 1836
1837 1837 # defines if locked error should be thrown to user
1838 1838 currently_locked = False
1839 1839 # defines if new lock should be made, tri-state
1840 1840 make_lock = None
1841 1841 repo = self
1842 1842 user = User.get(user_id)
1843 1843
1844 1844 lock_info = repo.locked
1845 1845
1846 1846 if repo and (repo.enable_locking or not only_when_enabled):
1847 1847 if action == 'push':
1848 1848 # check if it's already locked !, if it is compare users
1849 1849 locked_by_user_id = lock_info[0]
1850 1850 if user.user_id == locked_by_user_id:
1851 1851 log.debug(
1852 1852 'Got `push` action from user %s, now unlocking', user)
1853 1853 # unlock if we have push from user who locked
1854 1854 make_lock = False
1855 1855 else:
1856 1856 # we're not the same user who locked, ban with
1857 1857 # code defined in settings (default is 423 HTTP Locked) !
1858 1858 log.debug('Repo %s is currently locked by %s', repo, user)
1859 1859 currently_locked = True
1860 1860 elif action == 'pull':
1861 1861 # [0] user [1] date
1862 1862 if lock_info[0] and lock_info[1]:
1863 1863 log.debug('Repo %s is currently locked by %s', repo, user)
1864 1864 currently_locked = True
1865 1865 else:
1866 1866 log.debug('Setting lock on repo %s by %s', repo, user)
1867 1867 make_lock = True
1868 1868
1869 1869 else:
1870 1870 log.debug('Repository %s do not have locking enabled', repo)
1871 1871
1872 1872 log.debug('FINAL locking values make_lock:%s,locked:%s,locked_by:%s',
1873 1873 make_lock, currently_locked, lock_info)
1874 1874
1875 1875 from rhodecode.lib.auth import HasRepoPermissionAny
1876 1876 perm_check = HasRepoPermissionAny('repository.write', 'repository.admin')
1877 1877 if make_lock and not perm_check(repo_name=repo.repo_name, user=user):
1878 1878 # if we don't have at least write permission we cannot make a lock
1879 1879 log.debug('lock state reset back to FALSE due to lack '
1880 1880 'of at least read permission')
1881 1881 make_lock = False
1882 1882
1883 1883 return make_lock, currently_locked, lock_info
1884 1884
1885 1885 @property
1886 1886 def last_db_change(self):
1887 1887 return self.updated_on
1888 1888
1889 1889 @property
1890 1890 def clone_uri_hidden(self):
1891 1891 clone_uri = self.clone_uri
1892 1892 if clone_uri:
1893 1893 import urlobject
1894 1894 url_obj = urlobject.URLObject(cleaned_uri(clone_uri))
1895 1895 if url_obj.password:
1896 1896 clone_uri = url_obj.with_password('*****')
1897 1897 return clone_uri
1898 1898
1899 1899 def clone_url(self, **override):
1900 1900 qualified_home_url = url('home', qualified=True)
1901 1901
1902 1902 uri_tmpl = None
1903 1903 if 'with_id' in override:
1904 1904 uri_tmpl = self.DEFAULT_CLONE_URI_ID
1905 1905 del override['with_id']
1906 1906
1907 1907 if 'uri_tmpl' in override:
1908 1908 uri_tmpl = override['uri_tmpl']
1909 1909 del override['uri_tmpl']
1910 1910
1911 1911 # we didn't override our tmpl from **overrides
1912 1912 if not uri_tmpl:
1913 1913 uri_tmpl = self.DEFAULT_CLONE_URI
1914 1914 try:
1915 1915 from pylons import tmpl_context as c
1916 1916 uri_tmpl = c.clone_uri_tmpl
1917 1917 except Exception:
1918 1918 # in any case if we call this outside of request context,
1919 1919 # ie, not having tmpl_context set up
1920 1920 pass
1921 1921
1922 1922 return get_clone_url(uri_tmpl=uri_tmpl,
1923 1923 qualifed_home_url=qualified_home_url,
1924 1924 repo_name=self.repo_name,
1925 1925 repo_id=self.repo_id, **override)
1926 1926
1927 1927 def set_state(self, state):
1928 1928 self.repo_state = state
1929 1929 Session().add(self)
1930 1930 #==========================================================================
1931 1931 # SCM PROPERTIES
1932 1932 #==========================================================================
1933 1933
1934 1934 def get_commit(self, commit_id=None, commit_idx=None, pre_load=None):
1935 1935 return get_commit_safe(
1936 1936 self.scm_instance(), commit_id, commit_idx, pre_load=pre_load)
1937 1937
1938 1938 def get_changeset(self, rev=None, pre_load=None):
1939 1939 warnings.warn("Use get_commit", DeprecationWarning)
1940 1940 commit_id = None
1941 1941 commit_idx = None
1942 1942 if isinstance(rev, basestring):
1943 1943 commit_id = rev
1944 1944 else:
1945 1945 commit_idx = rev
1946 1946 return self.get_commit(commit_id=commit_id, commit_idx=commit_idx,
1947 1947 pre_load=pre_load)
1948 1948
1949 1949 def get_landing_commit(self):
1950 1950 """
1951 1951 Returns landing commit, or if that doesn't exist returns the tip
1952 1952 """
1953 1953 _rev_type, _rev = self.landing_rev
1954 1954 commit = self.get_commit(_rev)
1955 1955 if isinstance(commit, EmptyCommit):
1956 1956 return self.get_commit()
1957 1957 return commit
1958 1958
1959 1959 def update_commit_cache(self, cs_cache=None, config=None):
1960 1960 """
1961 1961 Update cache of last changeset for repository, keys should be::
1962 1962
1963 1963 short_id
1964 1964 raw_id
1965 1965 revision
1966 1966 parents
1967 1967 message
1968 1968 date
1969 1969 author
1970 1970
1971 1971 :param cs_cache:
1972 1972 """
1973 1973 from rhodecode.lib.vcs.backends.base import BaseChangeset
1974 1974 if cs_cache is None:
1975 1975 # use no-cache version here
1976 1976 scm_repo = self.scm_instance(cache=False, config=config)
1977 1977 if scm_repo:
1978 1978 cs_cache = scm_repo.get_commit(
1979 1979 pre_load=["author", "date", "message", "parents"])
1980 1980 else:
1981 1981 cs_cache = EmptyCommit()
1982 1982
1983 1983 if isinstance(cs_cache, BaseChangeset):
1984 1984 cs_cache = cs_cache.__json__()
1985 1985
1986 1986 def is_outdated(new_cs_cache):
1987 1987 if (new_cs_cache['raw_id'] != self.changeset_cache['raw_id'] or
1988 1988 new_cs_cache['revision'] != self.changeset_cache['revision']):
1989 1989 return True
1990 1990 return False
1991 1991
1992 1992 # check if we have maybe already latest cached revision
1993 1993 if is_outdated(cs_cache) or not self.changeset_cache:
1994 1994 _default = datetime.datetime.fromtimestamp(0)
1995 1995 last_change = cs_cache.get('date') or _default
1996 1996 log.debug('updated repo %s with new cs cache %s',
1997 1997 self.repo_name, cs_cache)
1998 1998 self.updated_on = last_change
1999 1999 self.changeset_cache = cs_cache
2000 2000 Session().add(self)
2001 2001 Session().commit()
2002 2002 else:
2003 2003 log.debug('Skipping update_commit_cache for repo:`%s` '
2004 2004 'commit already with latest changes', self.repo_name)
2005 2005
2006 2006 @property
2007 2007 def tip(self):
2008 2008 return self.get_commit('tip')
2009 2009
2010 2010 @property
2011 2011 def author(self):
2012 2012 return self.tip.author
2013 2013
2014 2014 @property
2015 2015 def last_change(self):
2016 2016 return self.scm_instance().last_change
2017 2017
2018 2018 def get_comments(self, revisions=None):
2019 2019 """
2020 2020 Returns comments for this repository grouped by revisions
2021 2021
2022 2022 :param revisions: filter query by revisions only
2023 2023 """
2024 2024 cmts = ChangesetComment.query()\
2025 2025 .filter(ChangesetComment.repo == self)
2026 2026 if revisions:
2027 2027 cmts = cmts.filter(ChangesetComment.revision.in_(revisions))
2028 2028 grouped = collections.defaultdict(list)
2029 2029 for cmt in cmts.all():
2030 2030 grouped[cmt.revision].append(cmt)
2031 2031 return grouped
2032 2032
2033 2033 def statuses(self, revisions=None):
2034 2034 """
2035 2035 Returns statuses for this repository
2036 2036
2037 2037 :param revisions: list of revisions to get statuses for
2038 2038 """
2039 2039 statuses = ChangesetStatus.query()\
2040 2040 .filter(ChangesetStatus.repo == self)\
2041 2041 .filter(ChangesetStatus.version == 0)
2042 2042
2043 2043 if revisions:
2044 2044 # Try doing the filtering in chunks to avoid hitting limits
2045 2045 size = 500
2046 2046 status_results = []
2047 2047 for chunk in xrange(0, len(revisions), size):
2048 2048 status_results += statuses.filter(
2049 2049 ChangesetStatus.revision.in_(
2050 2050 revisions[chunk: chunk+size])
2051 2051 ).all()
2052 2052 else:
2053 2053 status_results = statuses.all()
2054 2054
2055 2055 grouped = {}
2056 2056
2057 2057 # maybe we have open new pullrequest without a status?
2058 2058 stat = ChangesetStatus.STATUS_UNDER_REVIEW
2059 2059 status_lbl = ChangesetStatus.get_status_lbl(stat)
2060 2060 for pr in PullRequest.query().filter(PullRequest.source_repo == self).all():
2061 2061 for rev in pr.revisions:
2062 2062 pr_id = pr.pull_request_id
2063 2063 pr_repo = pr.target_repo.repo_name
2064 2064 grouped[rev] = [stat, status_lbl, pr_id, pr_repo]
2065 2065
2066 2066 for stat in status_results:
2067 2067 pr_id = pr_repo = None
2068 2068 if stat.pull_request:
2069 2069 pr_id = stat.pull_request.pull_request_id
2070 2070 pr_repo = stat.pull_request.target_repo.repo_name
2071 2071 grouped[stat.revision] = [str(stat.status), stat.status_lbl,
2072 2072 pr_id, pr_repo]
2073 2073 return grouped
2074 2074
2075 2075 # ==========================================================================
2076 2076 # SCM CACHE INSTANCE
2077 2077 # ==========================================================================
2078 2078
2079 2079 def scm_instance(self, **kwargs):
2080 2080 import rhodecode
2081 2081
2082 2082 # Passing a config will not hit the cache currently only used
2083 2083 # for repo2dbmapper
2084 2084 config = kwargs.pop('config', None)
2085 2085 cache = kwargs.pop('cache', None)
2086 2086 full_cache = str2bool(rhodecode.CONFIG.get('vcs_full_cache'))
2087 2087 # if cache is NOT defined use default global, else we have a full
2088 2088 # control over cache behaviour
2089 2089 if cache is None and full_cache and not config:
2090 2090 return self._get_instance_cached()
2091 2091 return self._get_instance(cache=bool(cache), config=config)
2092 2092
2093 2093 def _get_instance_cached(self):
2094 2094 @cache_region('long_term')
2095 2095 def _get_repo(cache_key):
2096 2096 return self._get_instance()
2097 2097
2098 2098 invalidator_context = CacheKey.repo_context_cache(
2099 2099 _get_repo, self.repo_name, None, thread_scoped=True)
2100 2100
2101 2101 with invalidator_context as context:
2102 2102 context.invalidate()
2103 2103 repo = context.compute()
2104 2104
2105 2105 return repo
2106 2106
2107 2107 def _get_instance(self, cache=True, config=None):
2108 2108 config = config or self._config
2109 2109 custom_wire = {
2110 2110 'cache': cache # controls the vcs.remote cache
2111 2111 }
2112 2112 repo = get_vcs_instance(
2113 2113 repo_path=safe_str(self.repo_full_path),
2114 2114 config=config,
2115 2115 with_wire=custom_wire,
2116 2116 create=False,
2117 2117 _vcs_alias=self.repo_type)
2118 2118
2119 2119 return repo
2120 2120
2121 2121 def __json__(self):
2122 2122 return {'landing_rev': self.landing_rev}
2123 2123
2124 2124 def get_dict(self):
2125 2125
2126 2126 # Since we transformed `repo_name` to a hybrid property, we need to
2127 2127 # keep compatibility with the code which uses `repo_name` field.
2128 2128
2129 2129 result = super(Repository, self).get_dict()
2130 2130 result['repo_name'] = result.pop('_repo_name', None)
2131 2131 return result
2132 2132
2133 2133
2134 2134 class RepoGroup(Base, BaseModel):
2135 2135 __tablename__ = 'groups'
2136 2136 __table_args__ = (
2137 2137 UniqueConstraint('group_name', 'group_parent_id'),
2138 2138 CheckConstraint('group_id != group_parent_id'),
2139 2139 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2140 2140 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2141 2141 )
2142 2142 __mapper_args__ = {'order_by': 'group_name'}
2143 2143
2144 2144 CHOICES_SEPARATOR = '/' # used to generate select2 choices for nested groups
2145 2145
2146 2146 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2147 2147 group_name = Column("group_name", String(255), nullable=False, unique=True, default=None)
2148 2148 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
2149 2149 group_description = Column("group_description", String(10000), nullable=True, unique=None, default=None)
2150 2150 enable_locking = Column("enable_locking", Boolean(), nullable=False, unique=None, default=False)
2151 2151 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
2152 2152 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
2153 2153 personal = Column('personal', Boolean(), nullable=True, unique=None, default=None)
2154 2154
2155 2155 repo_group_to_perm = relationship('UserRepoGroupToPerm', cascade='all', order_by='UserRepoGroupToPerm.group_to_perm_id')
2156 2156 users_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
2157 2157 parent_group = relationship('RepoGroup', remote_side=group_id)
2158 2158 user = relationship('User')
2159 2159 integrations = relationship('Integration',
2160 2160 cascade="all, delete, delete-orphan")
2161 2161
2162 2162 def __init__(self, group_name='', parent_group=None):
2163 2163 self.group_name = group_name
2164 2164 self.parent_group = parent_group
2165 2165
2166 2166 def __unicode__(self):
2167 2167 return u"<%s('id:%s:%s')>" % (self.__class__.__name__, self.group_id,
2168 2168 self.group_name)
2169 2169
2170 2170 @classmethod
2171 2171 def _generate_choice(cls, repo_group):
2172 2172 from webhelpers.html import literal as _literal
2173 2173 _name = lambda k: _literal(cls.CHOICES_SEPARATOR.join(k))
2174 2174 return repo_group.group_id, _name(repo_group.full_path_splitted)
2175 2175
2176 2176 @classmethod
2177 2177 def groups_choices(cls, groups=None, show_empty_group=True):
2178 2178 if not groups:
2179 2179 groups = cls.query().all()
2180 2180
2181 2181 repo_groups = []
2182 2182 if show_empty_group:
2183 2183 repo_groups = [('-1', u'-- %s --' % _('No parent'))]
2184 2184
2185 2185 repo_groups.extend([cls._generate_choice(x) for x in groups])
2186 2186
2187 2187 repo_groups = sorted(
2188 2188 repo_groups, key=lambda t: t[1].split(cls.CHOICES_SEPARATOR)[0])
2189 2189 return repo_groups
2190 2190
2191 2191 @classmethod
2192 2192 def url_sep(cls):
2193 2193 return URL_SEP
2194 2194
2195 2195 @classmethod
2196 2196 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
2197 2197 if case_insensitive:
2198 2198 gr = cls.query().filter(func.lower(cls.group_name)
2199 2199 == func.lower(group_name))
2200 2200 else:
2201 2201 gr = cls.query().filter(cls.group_name == group_name)
2202 2202 if cache:
2203 2203 gr = gr.options(FromCache(
2204 2204 "sql_cache_short",
2205 2205 "get_group_%s" % _hash_key(group_name)))
2206 2206 return gr.scalar()
2207 2207
2208 2208 @classmethod
2209 2209 def get_user_personal_repo_group(cls, user_id):
2210 2210 user = User.get(user_id)
2211 if user.username == User.DEFAULT_USER:
2212 return None
2213
2211 2214 return cls.query()\
2212 .filter(cls.personal == true())\
2215 .filter(cls.personal == true()) \
2213 2216 .filter(cls.user == user).scalar()
2214 2217
2215 2218 @classmethod
2216 2219 def get_all_repo_groups(cls, user_id=Optional(None), group_id=Optional(None),
2217 2220 case_insensitive=True):
2218 2221 q = RepoGroup.query()
2219 2222
2220 2223 if not isinstance(user_id, Optional):
2221 2224 q = q.filter(RepoGroup.user_id == user_id)
2222 2225
2223 2226 if not isinstance(group_id, Optional):
2224 2227 q = q.filter(RepoGroup.group_parent_id == group_id)
2225 2228
2226 2229 if case_insensitive:
2227 2230 q = q.order_by(func.lower(RepoGroup.group_name))
2228 2231 else:
2229 2232 q = q.order_by(RepoGroup.group_name)
2230 2233 return q.all()
2231 2234
2232 2235 @property
2233 2236 def parents(self):
2234 2237 parents_recursion_limit = 10
2235 2238 groups = []
2236 2239 if self.parent_group is None:
2237 2240 return groups
2238 2241 cur_gr = self.parent_group
2239 2242 groups.insert(0, cur_gr)
2240 2243 cnt = 0
2241 2244 while 1:
2242 2245 cnt += 1
2243 2246 gr = getattr(cur_gr, 'parent_group', None)
2244 2247 cur_gr = cur_gr.parent_group
2245 2248 if gr is None:
2246 2249 break
2247 2250 if cnt == parents_recursion_limit:
2248 2251 # this will prevent accidental infinit loops
2249 2252 log.error(('more than %s parents found for group %s, stopping '
2250 2253 'recursive parent fetching' % (parents_recursion_limit, self)))
2251 2254 break
2252 2255
2253 2256 groups.insert(0, gr)
2254 2257 return groups
2255 2258
2256 2259 @property
2257 2260 def children(self):
2258 2261 return RepoGroup.query().filter(RepoGroup.parent_group == self)
2259 2262
2260 2263 @property
2261 2264 def name(self):
2262 2265 return self.group_name.split(RepoGroup.url_sep())[-1]
2263 2266
2264 2267 @property
2265 2268 def full_path(self):
2266 2269 return self.group_name
2267 2270
2268 2271 @property
2269 2272 def full_path_splitted(self):
2270 2273 return self.group_name.split(RepoGroup.url_sep())
2271 2274
2272 2275 @property
2273 2276 def repositories(self):
2274 2277 return Repository.query()\
2275 2278 .filter(Repository.group == self)\
2276 2279 .order_by(Repository.repo_name)
2277 2280
2278 2281 @property
2279 2282 def repositories_recursive_count(self):
2280 2283 cnt = self.repositories.count()
2281 2284
2282 2285 def children_count(group):
2283 2286 cnt = 0
2284 2287 for child in group.children:
2285 2288 cnt += child.repositories.count()
2286 2289 cnt += children_count(child)
2287 2290 return cnt
2288 2291
2289 2292 return cnt + children_count(self)
2290 2293
2291 2294 def _recursive_objects(self, include_repos=True):
2292 2295 all_ = []
2293 2296
2294 2297 def _get_members(root_gr):
2295 2298 if include_repos:
2296 2299 for r in root_gr.repositories:
2297 2300 all_.append(r)
2298 2301 childs = root_gr.children.all()
2299 2302 if childs:
2300 2303 for gr in childs:
2301 2304 all_.append(gr)
2302 2305 _get_members(gr)
2303 2306
2304 2307 _get_members(self)
2305 2308 return [self] + all_
2306 2309
2307 2310 def recursive_groups_and_repos(self):
2308 2311 """
2309 2312 Recursive return all groups, with repositories in those groups
2310 2313 """
2311 2314 return self._recursive_objects()
2312 2315
2313 2316 def recursive_groups(self):
2314 2317 """
2315 2318 Returns all children groups for this group including children of children
2316 2319 """
2317 2320 return self._recursive_objects(include_repos=False)
2318 2321
2319 2322 def get_new_name(self, group_name):
2320 2323 """
2321 2324 returns new full group name based on parent and new name
2322 2325
2323 2326 :param group_name:
2324 2327 """
2325 2328 path_prefix = (self.parent_group.full_path_splitted if
2326 2329 self.parent_group else [])
2327 2330 return RepoGroup.url_sep().join(path_prefix + [group_name])
2328 2331
2329 2332 def permissions(self, with_admins=True, with_owner=True):
2330 2333 q = UserRepoGroupToPerm.query().filter(UserRepoGroupToPerm.group == self)
2331 2334 q = q.options(joinedload(UserRepoGroupToPerm.group),
2332 2335 joinedload(UserRepoGroupToPerm.user),
2333 2336 joinedload(UserRepoGroupToPerm.permission),)
2334 2337
2335 2338 # get owners and admins and permissions. We do a trick of re-writing
2336 2339 # objects from sqlalchemy to named-tuples due to sqlalchemy session
2337 2340 # has a global reference and changing one object propagates to all
2338 2341 # others. This means if admin is also an owner admin_row that change
2339 2342 # would propagate to both objects
2340 2343 perm_rows = []
2341 2344 for _usr in q.all():
2342 2345 usr = AttributeDict(_usr.user.get_dict())
2343 2346 usr.permission = _usr.permission.permission_name
2344 2347 perm_rows.append(usr)
2345 2348
2346 2349 # filter the perm rows by 'default' first and then sort them by
2347 2350 # admin,write,read,none permissions sorted again alphabetically in
2348 2351 # each group
2349 2352 perm_rows = sorted(perm_rows, key=display_sort)
2350 2353
2351 2354 _admin_perm = 'group.admin'
2352 2355 owner_row = []
2353 2356 if with_owner:
2354 2357 usr = AttributeDict(self.user.get_dict())
2355 2358 usr.owner_row = True
2356 2359 usr.permission = _admin_perm
2357 2360 owner_row.append(usr)
2358 2361
2359 2362 super_admin_rows = []
2360 2363 if with_admins:
2361 2364 for usr in User.get_all_super_admins():
2362 2365 # if this admin is also owner, don't double the record
2363 2366 if usr.user_id == owner_row[0].user_id:
2364 2367 owner_row[0].admin_row = True
2365 2368 else:
2366 2369 usr = AttributeDict(usr.get_dict())
2367 2370 usr.admin_row = True
2368 2371 usr.permission = _admin_perm
2369 2372 super_admin_rows.append(usr)
2370 2373
2371 2374 return super_admin_rows + owner_row + perm_rows
2372 2375
2373 2376 def permission_user_groups(self):
2374 2377 q = UserGroupRepoGroupToPerm.query().filter(UserGroupRepoGroupToPerm.group == self)
2375 2378 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2376 2379 joinedload(UserGroupRepoGroupToPerm.users_group),
2377 2380 joinedload(UserGroupRepoGroupToPerm.permission),)
2378 2381
2379 2382 perm_rows = []
2380 2383 for _user_group in q.all():
2381 2384 usr = AttributeDict(_user_group.users_group.get_dict())
2382 2385 usr.permission = _user_group.permission.permission_name
2383 2386 perm_rows.append(usr)
2384 2387
2385 2388 return perm_rows
2386 2389
2387 2390 def get_api_data(self):
2388 2391 """
2389 2392 Common function for generating api data
2390 2393
2391 2394 """
2392 2395 group = self
2393 2396 data = {
2394 2397 'group_id': group.group_id,
2395 2398 'group_name': group.group_name,
2396 2399 'group_description': group.group_description,
2397 2400 'parent_group': group.parent_group.group_name if group.parent_group else None,
2398 2401 'repositories': [x.repo_name for x in group.repositories],
2399 2402 'owner': group.user.username,
2400 2403 }
2401 2404 return data
2402 2405
2403 2406
2404 2407 class Permission(Base, BaseModel):
2405 2408 __tablename__ = 'permissions'
2406 2409 __table_args__ = (
2407 2410 Index('p_perm_name_idx', 'permission_name'),
2408 2411 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2409 2412 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2410 2413 )
2411 2414 PERMS = [
2412 2415 ('hg.admin', _('RhodeCode Super Administrator')),
2413 2416
2414 2417 ('repository.none', _('Repository no access')),
2415 2418 ('repository.read', _('Repository read access')),
2416 2419 ('repository.write', _('Repository write access')),
2417 2420 ('repository.admin', _('Repository admin access')),
2418 2421
2419 2422 ('group.none', _('Repository group no access')),
2420 2423 ('group.read', _('Repository group read access')),
2421 2424 ('group.write', _('Repository group write access')),
2422 2425 ('group.admin', _('Repository group admin access')),
2423 2426
2424 2427 ('usergroup.none', _('User group no access')),
2425 2428 ('usergroup.read', _('User group read access')),
2426 2429 ('usergroup.write', _('User group write access')),
2427 2430 ('usergroup.admin', _('User group admin access')),
2428 2431
2429 2432 ('hg.repogroup.create.false', _('Repository Group creation disabled')),
2430 2433 ('hg.repogroup.create.true', _('Repository Group creation enabled')),
2431 2434
2432 2435 ('hg.usergroup.create.false', _('User Group creation disabled')),
2433 2436 ('hg.usergroup.create.true', _('User Group creation enabled')),
2434 2437
2435 2438 ('hg.create.none', _('Repository creation disabled')),
2436 2439 ('hg.create.repository', _('Repository creation enabled')),
2437 2440 ('hg.create.write_on_repogroup.true', _('Repository creation enabled with write permission to a repository group')),
2438 2441 ('hg.create.write_on_repogroup.false', _('Repository creation disabled with write permission to a repository group')),
2439 2442
2440 2443 ('hg.fork.none', _('Repository forking disabled')),
2441 2444 ('hg.fork.repository', _('Repository forking enabled')),
2442 2445
2443 2446 ('hg.register.none', _('Registration disabled')),
2444 2447 ('hg.register.manual_activate', _('User Registration with manual account activation')),
2445 2448 ('hg.register.auto_activate', _('User Registration with automatic account activation')),
2446 2449
2447 2450 ('hg.password_reset.enabled', _('Password reset enabled')),
2448 2451 ('hg.password_reset.hidden', _('Password reset hidden')),
2449 2452 ('hg.password_reset.disabled', _('Password reset disabled')),
2450 2453
2451 2454 ('hg.extern_activate.manual', _('Manual activation of external account')),
2452 2455 ('hg.extern_activate.auto', _('Automatic activation of external account')),
2453 2456
2454 2457 ('hg.inherit_default_perms.false', _('Inherit object permissions from default user disabled')),
2455 2458 ('hg.inherit_default_perms.true', _('Inherit object permissions from default user enabled')),
2456 2459 ]
2457 2460
2458 2461 # definition of system default permissions for DEFAULT user
2459 2462 DEFAULT_USER_PERMISSIONS = [
2460 2463 'repository.read',
2461 2464 'group.read',
2462 2465 'usergroup.read',
2463 2466 'hg.create.repository',
2464 2467 'hg.repogroup.create.false',
2465 2468 'hg.usergroup.create.false',
2466 2469 'hg.create.write_on_repogroup.true',
2467 2470 'hg.fork.repository',
2468 2471 'hg.register.manual_activate',
2469 2472 'hg.password_reset.enabled',
2470 2473 'hg.extern_activate.auto',
2471 2474 'hg.inherit_default_perms.true',
2472 2475 ]
2473 2476
2474 2477 # defines which permissions are more important higher the more important
2475 2478 # Weight defines which permissions are more important.
2476 2479 # The higher number the more important.
2477 2480 PERM_WEIGHTS = {
2478 2481 'repository.none': 0,
2479 2482 'repository.read': 1,
2480 2483 'repository.write': 3,
2481 2484 'repository.admin': 4,
2482 2485
2483 2486 'group.none': 0,
2484 2487 'group.read': 1,
2485 2488 'group.write': 3,
2486 2489 'group.admin': 4,
2487 2490
2488 2491 'usergroup.none': 0,
2489 2492 'usergroup.read': 1,
2490 2493 'usergroup.write': 3,
2491 2494 'usergroup.admin': 4,
2492 2495
2493 2496 'hg.repogroup.create.false': 0,
2494 2497 'hg.repogroup.create.true': 1,
2495 2498
2496 2499 'hg.usergroup.create.false': 0,
2497 2500 'hg.usergroup.create.true': 1,
2498 2501
2499 2502 'hg.fork.none': 0,
2500 2503 'hg.fork.repository': 1,
2501 2504 'hg.create.none': 0,
2502 2505 'hg.create.repository': 1
2503 2506 }
2504 2507
2505 2508 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2506 2509 permission_name = Column("permission_name", String(255), nullable=True, unique=None, default=None)
2507 2510 permission_longname = Column("permission_longname", String(255), nullable=True, unique=None, default=None)
2508 2511
2509 2512 def __unicode__(self):
2510 2513 return u"<%s('%s:%s')>" % (
2511 2514 self.__class__.__name__, self.permission_id, self.permission_name
2512 2515 )
2513 2516
2514 2517 @classmethod
2515 2518 def get_by_key(cls, key):
2516 2519 return cls.query().filter(cls.permission_name == key).scalar()
2517 2520
2518 2521 @classmethod
2519 2522 def get_default_repo_perms(cls, user_id, repo_id=None):
2520 2523 q = Session().query(UserRepoToPerm, Repository, Permission)\
2521 2524 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
2522 2525 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
2523 2526 .filter(UserRepoToPerm.user_id == user_id)
2524 2527 if repo_id:
2525 2528 q = q.filter(UserRepoToPerm.repository_id == repo_id)
2526 2529 return q.all()
2527 2530
2528 2531 @classmethod
2529 2532 def get_default_repo_perms_from_user_group(cls, user_id, repo_id=None):
2530 2533 q = Session().query(UserGroupRepoToPerm, Repository, Permission)\
2531 2534 .join(
2532 2535 Permission,
2533 2536 UserGroupRepoToPerm.permission_id == Permission.permission_id)\
2534 2537 .join(
2535 2538 Repository,
2536 2539 UserGroupRepoToPerm.repository_id == Repository.repo_id)\
2537 2540 .join(
2538 2541 UserGroup,
2539 2542 UserGroupRepoToPerm.users_group_id ==
2540 2543 UserGroup.users_group_id)\
2541 2544 .join(
2542 2545 UserGroupMember,
2543 2546 UserGroupRepoToPerm.users_group_id ==
2544 2547 UserGroupMember.users_group_id)\
2545 2548 .filter(
2546 2549 UserGroupMember.user_id == user_id,
2547 2550 UserGroup.users_group_active == true())
2548 2551 if repo_id:
2549 2552 q = q.filter(UserGroupRepoToPerm.repository_id == repo_id)
2550 2553 return q.all()
2551 2554
2552 2555 @classmethod
2553 2556 def get_default_group_perms(cls, user_id, repo_group_id=None):
2554 2557 q = Session().query(UserRepoGroupToPerm, RepoGroup, Permission)\
2555 2558 .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
2556 2559 .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
2557 2560 .filter(UserRepoGroupToPerm.user_id == user_id)
2558 2561 if repo_group_id:
2559 2562 q = q.filter(UserRepoGroupToPerm.group_id == repo_group_id)
2560 2563 return q.all()
2561 2564
2562 2565 @classmethod
2563 2566 def get_default_group_perms_from_user_group(
2564 2567 cls, user_id, repo_group_id=None):
2565 2568 q = Session().query(UserGroupRepoGroupToPerm, RepoGroup, Permission)\
2566 2569 .join(
2567 2570 Permission,
2568 2571 UserGroupRepoGroupToPerm.permission_id ==
2569 2572 Permission.permission_id)\
2570 2573 .join(
2571 2574 RepoGroup,
2572 2575 UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id)\
2573 2576 .join(
2574 2577 UserGroup,
2575 2578 UserGroupRepoGroupToPerm.users_group_id ==
2576 2579 UserGroup.users_group_id)\
2577 2580 .join(
2578 2581 UserGroupMember,
2579 2582 UserGroupRepoGroupToPerm.users_group_id ==
2580 2583 UserGroupMember.users_group_id)\
2581 2584 .filter(
2582 2585 UserGroupMember.user_id == user_id,
2583 2586 UserGroup.users_group_active == true())
2584 2587 if repo_group_id:
2585 2588 q = q.filter(UserGroupRepoGroupToPerm.group_id == repo_group_id)
2586 2589 return q.all()
2587 2590
2588 2591 @classmethod
2589 2592 def get_default_user_group_perms(cls, user_id, user_group_id=None):
2590 2593 q = Session().query(UserUserGroupToPerm, UserGroup, Permission)\
2591 2594 .join((Permission, UserUserGroupToPerm.permission_id == Permission.permission_id))\
2592 2595 .join((UserGroup, UserUserGroupToPerm.user_group_id == UserGroup.users_group_id))\
2593 2596 .filter(UserUserGroupToPerm.user_id == user_id)
2594 2597 if user_group_id:
2595 2598 q = q.filter(UserUserGroupToPerm.user_group_id == user_group_id)
2596 2599 return q.all()
2597 2600
2598 2601 @classmethod
2599 2602 def get_default_user_group_perms_from_user_group(
2600 2603 cls, user_id, user_group_id=None):
2601 2604 TargetUserGroup = aliased(UserGroup, name='target_user_group')
2602 2605 q = Session().query(UserGroupUserGroupToPerm, UserGroup, Permission)\
2603 2606 .join(
2604 2607 Permission,
2605 2608 UserGroupUserGroupToPerm.permission_id ==
2606 2609 Permission.permission_id)\
2607 2610 .join(
2608 2611 TargetUserGroup,
2609 2612 UserGroupUserGroupToPerm.target_user_group_id ==
2610 2613 TargetUserGroup.users_group_id)\
2611 2614 .join(
2612 2615 UserGroup,
2613 2616 UserGroupUserGroupToPerm.user_group_id ==
2614 2617 UserGroup.users_group_id)\
2615 2618 .join(
2616 2619 UserGroupMember,
2617 2620 UserGroupUserGroupToPerm.user_group_id ==
2618 2621 UserGroupMember.users_group_id)\
2619 2622 .filter(
2620 2623 UserGroupMember.user_id == user_id,
2621 2624 UserGroup.users_group_active == true())
2622 2625 if user_group_id:
2623 2626 q = q.filter(
2624 2627 UserGroupUserGroupToPerm.user_group_id == user_group_id)
2625 2628
2626 2629 return q.all()
2627 2630
2628 2631
2629 2632 class UserRepoToPerm(Base, BaseModel):
2630 2633 __tablename__ = 'repo_to_perm'
2631 2634 __table_args__ = (
2632 2635 UniqueConstraint('user_id', 'repository_id', 'permission_id'),
2633 2636 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2634 2637 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2635 2638 )
2636 2639 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2637 2640 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2638 2641 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2639 2642 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2640 2643
2641 2644 user = relationship('User')
2642 2645 repository = relationship('Repository')
2643 2646 permission = relationship('Permission')
2644 2647
2645 2648 @classmethod
2646 2649 def create(cls, user, repository, permission):
2647 2650 n = cls()
2648 2651 n.user = user
2649 2652 n.repository = repository
2650 2653 n.permission = permission
2651 2654 Session().add(n)
2652 2655 return n
2653 2656
2654 2657 def __unicode__(self):
2655 2658 return u'<%s => %s >' % (self.user, self.repository)
2656 2659
2657 2660
2658 2661 class UserUserGroupToPerm(Base, BaseModel):
2659 2662 __tablename__ = 'user_user_group_to_perm'
2660 2663 __table_args__ = (
2661 2664 UniqueConstraint('user_id', 'user_group_id', 'permission_id'),
2662 2665 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2663 2666 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2664 2667 )
2665 2668 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2666 2669 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2667 2670 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2668 2671 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2669 2672
2670 2673 user = relationship('User')
2671 2674 user_group = relationship('UserGroup')
2672 2675 permission = relationship('Permission')
2673 2676
2674 2677 @classmethod
2675 2678 def create(cls, user, user_group, permission):
2676 2679 n = cls()
2677 2680 n.user = user
2678 2681 n.user_group = user_group
2679 2682 n.permission = permission
2680 2683 Session().add(n)
2681 2684 return n
2682 2685
2683 2686 def __unicode__(self):
2684 2687 return u'<%s => %s >' % (self.user, self.user_group)
2685 2688
2686 2689
2687 2690 class UserToPerm(Base, BaseModel):
2688 2691 __tablename__ = 'user_to_perm'
2689 2692 __table_args__ = (
2690 2693 UniqueConstraint('user_id', 'permission_id'),
2691 2694 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2692 2695 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2693 2696 )
2694 2697 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2695 2698 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2696 2699 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2697 2700
2698 2701 user = relationship('User')
2699 2702 permission = relationship('Permission', lazy='joined')
2700 2703
2701 2704 def __unicode__(self):
2702 2705 return u'<%s => %s >' % (self.user, self.permission)
2703 2706
2704 2707
2705 2708 class UserGroupRepoToPerm(Base, BaseModel):
2706 2709 __tablename__ = 'users_group_repo_to_perm'
2707 2710 __table_args__ = (
2708 2711 UniqueConstraint('repository_id', 'users_group_id', 'permission_id'),
2709 2712 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2710 2713 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2711 2714 )
2712 2715 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2713 2716 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2714 2717 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2715 2718 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
2716 2719
2717 2720 users_group = relationship('UserGroup')
2718 2721 permission = relationship('Permission')
2719 2722 repository = relationship('Repository')
2720 2723
2721 2724 @classmethod
2722 2725 def create(cls, users_group, repository, permission):
2723 2726 n = cls()
2724 2727 n.users_group = users_group
2725 2728 n.repository = repository
2726 2729 n.permission = permission
2727 2730 Session().add(n)
2728 2731 return n
2729 2732
2730 2733 def __unicode__(self):
2731 2734 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
2732 2735
2733 2736
2734 2737 class UserGroupUserGroupToPerm(Base, BaseModel):
2735 2738 __tablename__ = 'user_group_user_group_to_perm'
2736 2739 __table_args__ = (
2737 2740 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
2738 2741 CheckConstraint('target_user_group_id != user_group_id'),
2739 2742 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2740 2743 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2741 2744 )
2742 2745 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2743 2746 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2744 2747 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2745 2748 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2746 2749
2747 2750 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
2748 2751 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
2749 2752 permission = relationship('Permission')
2750 2753
2751 2754 @classmethod
2752 2755 def create(cls, target_user_group, user_group, permission):
2753 2756 n = cls()
2754 2757 n.target_user_group = target_user_group
2755 2758 n.user_group = user_group
2756 2759 n.permission = permission
2757 2760 Session().add(n)
2758 2761 return n
2759 2762
2760 2763 def __unicode__(self):
2761 2764 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
2762 2765
2763 2766
2764 2767 class UserGroupToPerm(Base, BaseModel):
2765 2768 __tablename__ = 'users_group_to_perm'
2766 2769 __table_args__ = (
2767 2770 UniqueConstraint('users_group_id', 'permission_id',),
2768 2771 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2769 2772 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2770 2773 )
2771 2774 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2772 2775 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2773 2776 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2774 2777
2775 2778 users_group = relationship('UserGroup')
2776 2779 permission = relationship('Permission')
2777 2780
2778 2781
2779 2782 class UserRepoGroupToPerm(Base, BaseModel):
2780 2783 __tablename__ = 'user_repo_group_to_perm'
2781 2784 __table_args__ = (
2782 2785 UniqueConstraint('user_id', 'group_id', 'permission_id'),
2783 2786 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2784 2787 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2785 2788 )
2786 2789
2787 2790 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2788 2791 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2789 2792 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2790 2793 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2791 2794
2792 2795 user = relationship('User')
2793 2796 group = relationship('RepoGroup')
2794 2797 permission = relationship('Permission')
2795 2798
2796 2799 @classmethod
2797 2800 def create(cls, user, repository_group, permission):
2798 2801 n = cls()
2799 2802 n.user = user
2800 2803 n.group = repository_group
2801 2804 n.permission = permission
2802 2805 Session().add(n)
2803 2806 return n
2804 2807
2805 2808
2806 2809 class UserGroupRepoGroupToPerm(Base, BaseModel):
2807 2810 __tablename__ = 'users_group_repo_group_to_perm'
2808 2811 __table_args__ = (
2809 2812 UniqueConstraint('users_group_id', 'group_id'),
2810 2813 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2811 2814 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2812 2815 )
2813 2816
2814 2817 users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2815 2818 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
2816 2819 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
2817 2820 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
2818 2821
2819 2822 users_group = relationship('UserGroup')
2820 2823 permission = relationship('Permission')
2821 2824 group = relationship('RepoGroup')
2822 2825
2823 2826 @classmethod
2824 2827 def create(cls, user_group, repository_group, permission):
2825 2828 n = cls()
2826 2829 n.users_group = user_group
2827 2830 n.group = repository_group
2828 2831 n.permission = permission
2829 2832 Session().add(n)
2830 2833 return n
2831 2834
2832 2835 def __unicode__(self):
2833 2836 return u'<UserGroupRepoGroupToPerm:%s => %s >' % (self.users_group, self.group)
2834 2837
2835 2838
2836 2839 class Statistics(Base, BaseModel):
2837 2840 __tablename__ = 'statistics'
2838 2841 __table_args__ = (
2839 2842 UniqueConstraint('repository_id'),
2840 2843 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2841 2844 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2842 2845 )
2843 2846 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2844 2847 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
2845 2848 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
2846 2849 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
2847 2850 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
2848 2851 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
2849 2852
2850 2853 repository = relationship('Repository', single_parent=True)
2851 2854
2852 2855
2853 2856 class UserFollowing(Base, BaseModel):
2854 2857 __tablename__ = 'user_followings'
2855 2858 __table_args__ = (
2856 2859 UniqueConstraint('user_id', 'follows_repository_id'),
2857 2860 UniqueConstraint('user_id', 'follows_user_id'),
2858 2861 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2859 2862 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
2860 2863 )
2861 2864
2862 2865 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2863 2866 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
2864 2867 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
2865 2868 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
2866 2869 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
2867 2870
2868 2871 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
2869 2872
2870 2873 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
2871 2874 follows_repository = relationship('Repository', order_by='Repository.repo_name')
2872 2875
2873 2876 @classmethod
2874 2877 def get_repo_followers(cls, repo_id):
2875 2878 return cls.query().filter(cls.follows_repo_id == repo_id)
2876 2879
2877 2880
2878 2881 class CacheKey(Base, BaseModel):
2879 2882 __tablename__ = 'cache_invalidation'
2880 2883 __table_args__ = (
2881 2884 UniqueConstraint('cache_key'),
2882 2885 Index('key_idx', 'cache_key'),
2883 2886 {'extend_existing': True, 'mysql_engine': 'InnoDB',
2884 2887 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
2885 2888 )
2886 2889 CACHE_TYPE_ATOM = 'ATOM'
2887 2890 CACHE_TYPE_RSS = 'RSS'
2888 2891 CACHE_TYPE_README = 'README'
2889 2892
2890 2893 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
2891 2894 cache_key = Column("cache_key", String(255), nullable=True, unique=None, default=None)
2892 2895 cache_args = Column("cache_args", String(255), nullable=True, unique=None, default=None)
2893 2896 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
2894 2897
2895 2898 def __init__(self, cache_key, cache_args=''):
2896 2899 self.cache_key = cache_key
2897 2900 self.cache_args = cache_args
2898 2901 self.cache_active = False
2899 2902
2900 2903 def __unicode__(self):
2901 2904 return u"<%s('%s:%s[%s]')>" % (
2902 2905 self.__class__.__name__,
2903 2906 self.cache_id, self.cache_key, self.cache_active)
2904 2907
2905 2908 def _cache_key_partition(self):
2906 2909 prefix, repo_name, suffix = self.cache_key.partition(self.cache_args)
2907 2910 return prefix, repo_name, suffix
2908 2911
2909 2912 def get_prefix(self):
2910 2913 """
2911 2914 Try to extract prefix from existing cache key. The key could consist
2912 2915 of prefix, repo_name, suffix
2913 2916 """
2914 2917 # this returns prefix, repo_name, suffix
2915 2918 return self._cache_key_partition()[0]
2916 2919
2917 2920 def get_suffix(self):
2918 2921 """
2919 2922 get suffix that might have been used in _get_cache_key to
2920 2923 generate self.cache_key. Only used for informational purposes
2921 2924 in repo_edit.mako.
2922 2925 """
2923 2926 # prefix, repo_name, suffix
2924 2927 return self._cache_key_partition()[2]
2925 2928
2926 2929 @classmethod
2927 2930 def delete_all_cache(cls):
2928 2931 """
2929 2932 Delete all cache keys from database.
2930 2933 Should only be run when all instances are down and all entries
2931 2934 thus stale.
2932 2935 """
2933 2936 cls.query().delete()
2934 2937 Session().commit()
2935 2938
2936 2939 @classmethod
2937 2940 def get_cache_key(cls, repo_name, cache_type):
2938 2941 """
2939 2942
2940 2943 Generate a cache key for this process of RhodeCode instance.
2941 2944 Prefix most likely will be process id or maybe explicitly set
2942 2945 instance_id from .ini file.
2943 2946 """
2944 2947 import rhodecode
2945 2948 prefix = safe_unicode(rhodecode.CONFIG.get('instance_id') or '')
2946 2949
2947 2950 repo_as_unicode = safe_unicode(repo_name)
2948 2951 key = u'{}_{}'.format(repo_as_unicode, cache_type) \
2949 2952 if cache_type else repo_as_unicode
2950 2953
2951 2954 return u'{}{}'.format(prefix, key)
2952 2955
2953 2956 @classmethod
2954 2957 def set_invalidate(cls, repo_name, delete=False):
2955 2958 """
2956 2959 Mark all caches of a repo as invalid in the database.
2957 2960 """
2958 2961
2959 2962 try:
2960 2963 qry = Session().query(cls).filter(cls.cache_args == repo_name)
2961 2964 if delete:
2962 2965 log.debug('cache objects deleted for repo %s',
2963 2966 safe_str(repo_name))
2964 2967 qry.delete()
2965 2968 else:
2966 2969 log.debug('cache objects marked as invalid for repo %s',
2967 2970 safe_str(repo_name))
2968 2971 qry.update({"cache_active": False})
2969 2972
2970 2973 Session().commit()
2971 2974 except Exception:
2972 2975 log.exception(
2973 2976 'Cache key invalidation failed for repository %s',
2974 2977 safe_str(repo_name))
2975 2978 Session().rollback()
2976 2979
2977 2980 @classmethod
2978 2981 def get_active_cache(cls, cache_key):
2979 2982 inv_obj = cls.query().filter(cls.cache_key == cache_key).scalar()
2980 2983 if inv_obj:
2981 2984 return inv_obj
2982 2985 return None
2983 2986
2984 2987 @classmethod
2985 2988 def repo_context_cache(cls, compute_func, repo_name, cache_type,
2986 2989 thread_scoped=False):
2987 2990 """
2988 2991 @cache_region('long_term')
2989 2992 def _heavy_calculation(cache_key):
2990 2993 return 'result'
2991 2994
2992 2995 cache_context = CacheKey.repo_context_cache(
2993 2996 _heavy_calculation, repo_name, cache_type)
2994 2997
2995 2998 with cache_context as context:
2996 2999 context.invalidate()
2997 3000 computed = context.compute()
2998 3001
2999 3002 assert computed == 'result'
3000 3003 """
3001 3004 from rhodecode.lib import caches
3002 3005 return caches.InvalidationContext(
3003 3006 compute_func, repo_name, cache_type, thread_scoped=thread_scoped)
3004 3007
3005 3008
3006 3009 class ChangesetComment(Base, BaseModel):
3007 3010 __tablename__ = 'changeset_comments'
3008 3011 __table_args__ = (
3009 3012 Index('cc_revision_idx', 'revision'),
3010 3013 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3011 3014 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3012 3015 )
3013 3016
3014 3017 COMMENT_OUTDATED = u'comment_outdated'
3015 3018 COMMENT_TYPE_NOTE = u'note'
3016 3019 COMMENT_TYPE_TODO = u'todo'
3017 3020 COMMENT_TYPES = [COMMENT_TYPE_NOTE, COMMENT_TYPE_TODO]
3018 3021
3019 3022 comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True)
3020 3023 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3021 3024 revision = Column('revision', String(40), nullable=True)
3022 3025 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3023 3026 pull_request_version_id = Column("pull_request_version_id", Integer(), ForeignKey('pull_request_versions.pull_request_version_id'), nullable=True)
3024 3027 line_no = Column('line_no', Unicode(10), nullable=True)
3025 3028 hl_lines = Column('hl_lines', Unicode(512), nullable=True)
3026 3029 f_path = Column('f_path', Unicode(1000), nullable=True)
3027 3030 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False)
3028 3031 text = Column('text', UnicodeText().with_variant(UnicodeText(25000), 'mysql'), nullable=False)
3029 3032 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3030 3033 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3031 3034 renderer = Column('renderer', Unicode(64), nullable=True)
3032 3035 display_state = Column('display_state', Unicode(128), nullable=True)
3033 3036
3034 3037 comment_type = Column('comment_type', Unicode(128), nullable=True, default=COMMENT_TYPE_NOTE)
3035 3038 resolved_comment_id = Column('resolved_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'), nullable=True)
3036 3039 resolved_comment = relationship('ChangesetComment', remote_side=comment_id, backref='resolved_by')
3037 3040 author = relationship('User', lazy='joined')
3038 3041 repo = relationship('Repository')
3039 3042 status_change = relationship('ChangesetStatus', cascade="all, delete, delete-orphan", lazy='joined')
3040 3043 pull_request = relationship('PullRequest', lazy='joined')
3041 3044 pull_request_version = relationship('PullRequestVersion')
3042 3045
3043 3046 @classmethod
3044 3047 def get_users(cls, revision=None, pull_request_id=None):
3045 3048 """
3046 3049 Returns user associated with this ChangesetComment. ie those
3047 3050 who actually commented
3048 3051
3049 3052 :param cls:
3050 3053 :param revision:
3051 3054 """
3052 3055 q = Session().query(User)\
3053 3056 .join(ChangesetComment.author)
3054 3057 if revision:
3055 3058 q = q.filter(cls.revision == revision)
3056 3059 elif pull_request_id:
3057 3060 q = q.filter(cls.pull_request_id == pull_request_id)
3058 3061 return q.all()
3059 3062
3060 3063 @classmethod
3061 3064 def get_index_from_version(cls, pr_version, versions):
3062 3065 num_versions = [x.pull_request_version_id for x in versions]
3063 3066 try:
3064 3067 return num_versions.index(pr_version) +1
3065 3068 except (IndexError, ValueError):
3066 3069 return
3067 3070
3068 3071 @property
3069 3072 def outdated(self):
3070 3073 return self.display_state == self.COMMENT_OUTDATED
3071 3074
3072 3075 def outdated_at_version(self, version):
3073 3076 """
3074 3077 Checks if comment is outdated for given pull request version
3075 3078 """
3076 3079 return self.outdated and self.pull_request_version_id != version
3077 3080
3078 3081 def older_than_version(self, version):
3079 3082 """
3080 3083 Checks if comment is made from previous version than given
3081 3084 """
3082 3085 if version is None:
3083 3086 return self.pull_request_version_id is not None
3084 3087
3085 3088 return self.pull_request_version_id < version
3086 3089
3087 3090 @property
3088 3091 def resolved(self):
3089 3092 return self.resolved_by[0] if self.resolved_by else None
3090 3093
3091 3094 @property
3092 3095 def is_todo(self):
3093 3096 return self.comment_type == self.COMMENT_TYPE_TODO
3094 3097
3095 3098 def get_index_version(self, versions):
3096 3099 return self.get_index_from_version(
3097 3100 self.pull_request_version_id, versions)
3098 3101
3099 3102 def __repr__(self):
3100 3103 if self.comment_id:
3101 3104 return '<DB:Comment #%s>' % self.comment_id
3102 3105 else:
3103 3106 return '<DB:Comment at %#x>' % id(self)
3104 3107
3105 3108
3106 3109 class ChangesetStatus(Base, BaseModel):
3107 3110 __tablename__ = 'changeset_statuses'
3108 3111 __table_args__ = (
3109 3112 Index('cs_revision_idx', 'revision'),
3110 3113 Index('cs_version_idx', 'version'),
3111 3114 UniqueConstraint('repo_id', 'revision', 'version'),
3112 3115 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3113 3116 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3114 3117 )
3115 3118 STATUS_NOT_REVIEWED = DEFAULT = 'not_reviewed'
3116 3119 STATUS_APPROVED = 'approved'
3117 3120 STATUS_REJECTED = 'rejected'
3118 3121 STATUS_UNDER_REVIEW = 'under_review'
3119 3122
3120 3123 STATUSES = [
3121 3124 (STATUS_NOT_REVIEWED, _("Not Reviewed")), # (no icon) and default
3122 3125 (STATUS_APPROVED, _("Approved")),
3123 3126 (STATUS_REJECTED, _("Rejected")),
3124 3127 (STATUS_UNDER_REVIEW, _("Under Review")),
3125 3128 ]
3126 3129
3127 3130 changeset_status_id = Column('changeset_status_id', Integer(), nullable=False, primary_key=True)
3128 3131 repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False)
3129 3132 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None)
3130 3133 revision = Column('revision', String(40), nullable=False)
3131 3134 status = Column('status', String(128), nullable=False, default=DEFAULT)
3132 3135 changeset_comment_id = Column('changeset_comment_id', Integer(), ForeignKey('changeset_comments.comment_id'))
3133 3136 modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now)
3134 3137 version = Column('version', Integer(), nullable=False, default=0)
3135 3138 pull_request_id = Column("pull_request_id", Integer(), ForeignKey('pull_requests.pull_request_id'), nullable=True)
3136 3139
3137 3140 author = relationship('User', lazy='joined')
3138 3141 repo = relationship('Repository')
3139 3142 comment = relationship('ChangesetComment', lazy='joined')
3140 3143 pull_request = relationship('PullRequest', lazy='joined')
3141 3144
3142 3145 def __unicode__(self):
3143 3146 return u"<%s('%s[v%s]:%s')>" % (
3144 3147 self.__class__.__name__,
3145 3148 self.status, self.version, self.author
3146 3149 )
3147 3150
3148 3151 @classmethod
3149 3152 def get_status_lbl(cls, value):
3150 3153 return dict(cls.STATUSES).get(value)
3151 3154
3152 3155 @property
3153 3156 def status_lbl(self):
3154 3157 return ChangesetStatus.get_status_lbl(self.status)
3155 3158
3156 3159
3157 3160 class _PullRequestBase(BaseModel):
3158 3161 """
3159 3162 Common attributes of pull request and version entries.
3160 3163 """
3161 3164
3162 3165 # .status values
3163 3166 STATUS_NEW = u'new'
3164 3167 STATUS_OPEN = u'open'
3165 3168 STATUS_CLOSED = u'closed'
3166 3169
3167 3170 title = Column('title', Unicode(255), nullable=True)
3168 3171 description = Column(
3169 3172 'description', UnicodeText().with_variant(UnicodeText(10240), 'mysql'),
3170 3173 nullable=True)
3171 3174 # new/open/closed status of pull request (not approve/reject/etc)
3172 3175 status = Column('status', Unicode(255), nullable=False, default=STATUS_NEW)
3173 3176 created_on = Column(
3174 3177 'created_on', DateTime(timezone=False), nullable=False,
3175 3178 default=datetime.datetime.now)
3176 3179 updated_on = Column(
3177 3180 'updated_on', DateTime(timezone=False), nullable=False,
3178 3181 default=datetime.datetime.now)
3179 3182
3180 3183 @declared_attr
3181 3184 def user_id(cls):
3182 3185 return Column(
3183 3186 "user_id", Integer(), ForeignKey('users.user_id'), nullable=False,
3184 3187 unique=None)
3185 3188
3186 3189 # 500 revisions max
3187 3190 _revisions = Column(
3188 3191 'revisions', UnicodeText().with_variant(UnicodeText(20500), 'mysql'))
3189 3192
3190 3193 @declared_attr
3191 3194 def source_repo_id(cls):
3192 3195 # TODO: dan: rename column to source_repo_id
3193 3196 return Column(
3194 3197 'org_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3195 3198 nullable=False)
3196 3199
3197 3200 source_ref = Column('org_ref', Unicode(255), nullable=False)
3198 3201
3199 3202 @declared_attr
3200 3203 def target_repo_id(cls):
3201 3204 # TODO: dan: rename column to target_repo_id
3202 3205 return Column(
3203 3206 'other_repo_id', Integer(), ForeignKey('repositories.repo_id'),
3204 3207 nullable=False)
3205 3208
3206 3209 target_ref = Column('other_ref', Unicode(255), nullable=False)
3207 3210 _shadow_merge_ref = Column('shadow_merge_ref', Unicode(255), nullable=True)
3208 3211
3209 3212 # TODO: dan: rename column to last_merge_source_rev
3210 3213 _last_merge_source_rev = Column(
3211 3214 'last_merge_org_rev', String(40), nullable=True)
3212 3215 # TODO: dan: rename column to last_merge_target_rev
3213 3216 _last_merge_target_rev = Column(
3214 3217 'last_merge_other_rev', String(40), nullable=True)
3215 3218 _last_merge_status = Column('merge_status', Integer(), nullable=True)
3216 3219 merge_rev = Column('merge_rev', String(40), nullable=True)
3217 3220
3218 3221 @hybrid_property
3219 3222 def revisions(self):
3220 3223 return self._revisions.split(':') if self._revisions else []
3221 3224
3222 3225 @revisions.setter
3223 3226 def revisions(self, val):
3224 3227 self._revisions = ':'.join(val)
3225 3228
3226 3229 @declared_attr
3227 3230 def author(cls):
3228 3231 return relationship('User', lazy='joined')
3229 3232
3230 3233 @declared_attr
3231 3234 def source_repo(cls):
3232 3235 return relationship(
3233 3236 'Repository',
3234 3237 primaryjoin='%s.source_repo_id==Repository.repo_id' % cls.__name__)
3235 3238
3236 3239 @property
3237 3240 def source_ref_parts(self):
3238 3241 return self.unicode_to_reference(self.source_ref)
3239 3242
3240 3243 @declared_attr
3241 3244 def target_repo(cls):
3242 3245 return relationship(
3243 3246 'Repository',
3244 3247 primaryjoin='%s.target_repo_id==Repository.repo_id' % cls.__name__)
3245 3248
3246 3249 @property
3247 3250 def target_ref_parts(self):
3248 3251 return self.unicode_to_reference(self.target_ref)
3249 3252
3250 3253 @property
3251 3254 def shadow_merge_ref(self):
3252 3255 return self.unicode_to_reference(self._shadow_merge_ref)
3253 3256
3254 3257 @shadow_merge_ref.setter
3255 3258 def shadow_merge_ref(self, ref):
3256 3259 self._shadow_merge_ref = self.reference_to_unicode(ref)
3257 3260
3258 3261 def unicode_to_reference(self, raw):
3259 3262 """
3260 3263 Convert a unicode (or string) to a reference object.
3261 3264 If unicode evaluates to False it returns None.
3262 3265 """
3263 3266 if raw:
3264 3267 refs = raw.split(':')
3265 3268 return Reference(*refs)
3266 3269 else:
3267 3270 return None
3268 3271
3269 3272 def reference_to_unicode(self, ref):
3270 3273 """
3271 3274 Convert a reference object to unicode.
3272 3275 If reference is None it returns None.
3273 3276 """
3274 3277 if ref:
3275 3278 return u':'.join(ref)
3276 3279 else:
3277 3280 return None
3278 3281
3279 3282 def get_api_data(self):
3280 3283 from rhodecode.model.pull_request import PullRequestModel
3281 3284 pull_request = self
3282 3285 merge_status = PullRequestModel().merge_status(pull_request)
3283 3286
3284 3287 pull_request_url = url(
3285 3288 'pullrequest_show', repo_name=self.target_repo.repo_name,
3286 3289 pull_request_id=self.pull_request_id, qualified=True)
3287 3290
3288 3291 merge_data = {
3289 3292 'clone_url': PullRequestModel().get_shadow_clone_url(pull_request),
3290 3293 'reference': (
3291 3294 pull_request.shadow_merge_ref._asdict()
3292 3295 if pull_request.shadow_merge_ref else None),
3293 3296 }
3294 3297
3295 3298 data = {
3296 3299 'pull_request_id': pull_request.pull_request_id,
3297 3300 'url': pull_request_url,
3298 3301 'title': pull_request.title,
3299 3302 'description': pull_request.description,
3300 3303 'status': pull_request.status,
3301 3304 'created_on': pull_request.created_on,
3302 3305 'updated_on': pull_request.updated_on,
3303 3306 'commit_ids': pull_request.revisions,
3304 3307 'review_status': pull_request.calculated_review_status(),
3305 3308 'mergeable': {
3306 3309 'status': merge_status[0],
3307 3310 'message': unicode(merge_status[1]),
3308 3311 },
3309 3312 'source': {
3310 3313 'clone_url': pull_request.source_repo.clone_url(),
3311 3314 'repository': pull_request.source_repo.repo_name,
3312 3315 'reference': {
3313 3316 'name': pull_request.source_ref_parts.name,
3314 3317 'type': pull_request.source_ref_parts.type,
3315 3318 'commit_id': pull_request.source_ref_parts.commit_id,
3316 3319 },
3317 3320 },
3318 3321 'target': {
3319 3322 'clone_url': pull_request.target_repo.clone_url(),
3320 3323 'repository': pull_request.target_repo.repo_name,
3321 3324 'reference': {
3322 3325 'name': pull_request.target_ref_parts.name,
3323 3326 'type': pull_request.target_ref_parts.type,
3324 3327 'commit_id': pull_request.target_ref_parts.commit_id,
3325 3328 },
3326 3329 },
3327 3330 'merge': merge_data,
3328 3331 'author': pull_request.author.get_api_data(include_secrets=False,
3329 3332 details='basic'),
3330 3333 'reviewers': [
3331 3334 {
3332 3335 'user': reviewer.get_api_data(include_secrets=False,
3333 3336 details='basic'),
3334 3337 'reasons': reasons,
3335 3338 'review_status': st[0][1].status if st else 'not_reviewed',
3336 3339 }
3337 3340 for reviewer, reasons, st in pull_request.reviewers_statuses()
3338 3341 ]
3339 3342 }
3340 3343
3341 3344 return data
3342 3345
3343 3346
3344 3347 class PullRequest(Base, _PullRequestBase):
3345 3348 __tablename__ = 'pull_requests'
3346 3349 __table_args__ = (
3347 3350 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3348 3351 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3349 3352 )
3350 3353
3351 3354 pull_request_id = Column(
3352 3355 'pull_request_id', Integer(), nullable=False, primary_key=True)
3353 3356
3354 3357 def __repr__(self):
3355 3358 if self.pull_request_id:
3356 3359 return '<DB:PullRequest #%s>' % self.pull_request_id
3357 3360 else:
3358 3361 return '<DB:PullRequest at %#x>' % id(self)
3359 3362
3360 3363 reviewers = relationship('PullRequestReviewers',
3361 3364 cascade="all, delete, delete-orphan")
3362 3365 statuses = relationship('ChangesetStatus')
3363 3366 comments = relationship('ChangesetComment',
3364 3367 cascade="all, delete, delete-orphan")
3365 3368 versions = relationship('PullRequestVersion',
3366 3369 cascade="all, delete, delete-orphan",
3367 3370 lazy='dynamic')
3368 3371
3369 3372 @classmethod
3370 3373 def get_pr_display_object(cls, pull_request_obj, org_pull_request_obj,
3371 3374 internal_methods=None):
3372 3375
3373 3376 class PullRequestDisplay(object):
3374 3377 """
3375 3378 Special object wrapper for showing PullRequest data via Versions
3376 3379 It mimics PR object as close as possible. This is read only object
3377 3380 just for display
3378 3381 """
3379 3382
3380 3383 def __init__(self, attrs, internal=None):
3381 3384 self.attrs = attrs
3382 3385 # internal have priority over the given ones via attrs
3383 3386 self.internal = internal or ['versions']
3384 3387
3385 3388 def __getattr__(self, item):
3386 3389 if item in self.internal:
3387 3390 return getattr(self, item)
3388 3391 try:
3389 3392 return self.attrs[item]
3390 3393 except KeyError:
3391 3394 raise AttributeError(
3392 3395 '%s object has no attribute %s' % (self, item))
3393 3396
3394 3397 def __repr__(self):
3395 3398 return '<DB:PullRequestDisplay #%s>' % self.attrs.get('pull_request_id')
3396 3399
3397 3400 def versions(self):
3398 3401 return pull_request_obj.versions.order_by(
3399 3402 PullRequestVersion.pull_request_version_id).all()
3400 3403
3401 3404 def is_closed(self):
3402 3405 return pull_request_obj.is_closed()
3403 3406
3404 3407 @property
3405 3408 def pull_request_version_id(self):
3406 3409 return getattr(pull_request_obj, 'pull_request_version_id', None)
3407 3410
3408 3411 attrs = StrictAttributeDict(pull_request_obj.get_api_data())
3409 3412
3410 3413 attrs.author = StrictAttributeDict(
3411 3414 pull_request_obj.author.get_api_data())
3412 3415 if pull_request_obj.target_repo:
3413 3416 attrs.target_repo = StrictAttributeDict(
3414 3417 pull_request_obj.target_repo.get_api_data())
3415 3418 attrs.target_repo.clone_url = pull_request_obj.target_repo.clone_url
3416 3419
3417 3420 if pull_request_obj.source_repo:
3418 3421 attrs.source_repo = StrictAttributeDict(
3419 3422 pull_request_obj.source_repo.get_api_data())
3420 3423 attrs.source_repo.clone_url = pull_request_obj.source_repo.clone_url
3421 3424
3422 3425 attrs.source_ref_parts = pull_request_obj.source_ref_parts
3423 3426 attrs.target_ref_parts = pull_request_obj.target_ref_parts
3424 3427 attrs.revisions = pull_request_obj.revisions
3425 3428
3426 3429 attrs.shadow_merge_ref = org_pull_request_obj.shadow_merge_ref
3427 3430
3428 3431 return PullRequestDisplay(attrs, internal=internal_methods)
3429 3432
3430 3433 def is_closed(self):
3431 3434 return self.status == self.STATUS_CLOSED
3432 3435
3433 3436 def __json__(self):
3434 3437 return {
3435 3438 'revisions': self.revisions,
3436 3439 }
3437 3440
3438 3441 def calculated_review_status(self):
3439 3442 from rhodecode.model.changeset_status import ChangesetStatusModel
3440 3443 return ChangesetStatusModel().calculated_review_status(self)
3441 3444
3442 3445 def reviewers_statuses(self):
3443 3446 from rhodecode.model.changeset_status import ChangesetStatusModel
3444 3447 return ChangesetStatusModel().reviewers_statuses(self)
3445 3448
3446 3449 @property
3447 3450 def workspace_id(self):
3448 3451 from rhodecode.model.pull_request import PullRequestModel
3449 3452 return PullRequestModel()._workspace_id(self)
3450 3453
3451 3454 def get_shadow_repo(self):
3452 3455 workspace_id = self.workspace_id
3453 3456 vcs_obj = self.target_repo.scm_instance()
3454 3457 shadow_repository_path = vcs_obj._get_shadow_repository_path(
3455 3458 workspace_id)
3456 3459 return vcs_obj._get_shadow_instance(shadow_repository_path)
3457 3460
3458 3461
3459 3462 class PullRequestVersion(Base, _PullRequestBase):
3460 3463 __tablename__ = 'pull_request_versions'
3461 3464 __table_args__ = (
3462 3465 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3463 3466 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3464 3467 )
3465 3468
3466 3469 pull_request_version_id = Column(
3467 3470 'pull_request_version_id', Integer(), nullable=False, primary_key=True)
3468 3471 pull_request_id = Column(
3469 3472 'pull_request_id', Integer(),
3470 3473 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3471 3474 pull_request = relationship('PullRequest')
3472 3475
3473 3476 def __repr__(self):
3474 3477 if self.pull_request_version_id:
3475 3478 return '<DB:PullRequestVersion #%s>' % self.pull_request_version_id
3476 3479 else:
3477 3480 return '<DB:PullRequestVersion at %#x>' % id(self)
3478 3481
3479 3482 @property
3480 3483 def reviewers(self):
3481 3484 return self.pull_request.reviewers
3482 3485
3483 3486 @property
3484 3487 def versions(self):
3485 3488 return self.pull_request.versions
3486 3489
3487 3490 def is_closed(self):
3488 3491 # calculate from original
3489 3492 return self.pull_request.status == self.STATUS_CLOSED
3490 3493
3491 3494 def calculated_review_status(self):
3492 3495 return self.pull_request.calculated_review_status()
3493 3496
3494 3497 def reviewers_statuses(self):
3495 3498 return self.pull_request.reviewers_statuses()
3496 3499
3497 3500
3498 3501 class PullRequestReviewers(Base, BaseModel):
3499 3502 __tablename__ = 'pull_request_reviewers'
3500 3503 __table_args__ = (
3501 3504 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3502 3505 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3503 3506 )
3504 3507
3505 3508 def __init__(self, user=None, pull_request=None, reasons=None):
3506 3509 self.user = user
3507 3510 self.pull_request = pull_request
3508 3511 self.reasons = reasons or []
3509 3512
3510 3513 @hybrid_property
3511 3514 def reasons(self):
3512 3515 if not self._reasons:
3513 3516 return []
3514 3517 return self._reasons
3515 3518
3516 3519 @reasons.setter
3517 3520 def reasons(self, val):
3518 3521 val = val or []
3519 3522 if any(not isinstance(x, basestring) for x in val):
3520 3523 raise Exception('invalid reasons type, must be list of strings')
3521 3524 self._reasons = val
3522 3525
3523 3526 pull_requests_reviewers_id = Column(
3524 3527 'pull_requests_reviewers_id', Integer(), nullable=False,
3525 3528 primary_key=True)
3526 3529 pull_request_id = Column(
3527 3530 "pull_request_id", Integer(),
3528 3531 ForeignKey('pull_requests.pull_request_id'), nullable=False)
3529 3532 user_id = Column(
3530 3533 "user_id", Integer(), ForeignKey('users.user_id'), nullable=True)
3531 3534 _reasons = Column(
3532 3535 'reason', MutationList.as_mutable(
3533 3536 JsonType('list', dialect_map=dict(mysql=UnicodeText(16384)))))
3534 3537
3535 3538 user = relationship('User')
3536 3539 pull_request = relationship('PullRequest')
3537 3540
3538 3541
3539 3542 class Notification(Base, BaseModel):
3540 3543 __tablename__ = 'notifications'
3541 3544 __table_args__ = (
3542 3545 Index('notification_type_idx', 'type'),
3543 3546 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3544 3547 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3545 3548 )
3546 3549
3547 3550 TYPE_CHANGESET_COMMENT = u'cs_comment'
3548 3551 TYPE_MESSAGE = u'message'
3549 3552 TYPE_MENTION = u'mention'
3550 3553 TYPE_REGISTRATION = u'registration'
3551 3554 TYPE_PULL_REQUEST = u'pull_request'
3552 3555 TYPE_PULL_REQUEST_COMMENT = u'pull_request_comment'
3553 3556
3554 3557 notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True)
3555 3558 subject = Column('subject', Unicode(512), nullable=True)
3556 3559 body = Column('body', UnicodeText().with_variant(UnicodeText(50000), 'mysql'), nullable=True)
3557 3560 created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True)
3558 3561 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3559 3562 type_ = Column('type', Unicode(255))
3560 3563
3561 3564 created_by_user = relationship('User')
3562 3565 notifications_to_users = relationship('UserNotification', lazy='joined',
3563 3566 cascade="all, delete, delete-orphan")
3564 3567
3565 3568 @property
3566 3569 def recipients(self):
3567 3570 return [x.user for x in UserNotification.query()\
3568 3571 .filter(UserNotification.notification == self)\
3569 3572 .order_by(UserNotification.user_id.asc()).all()]
3570 3573
3571 3574 @classmethod
3572 3575 def create(cls, created_by, subject, body, recipients, type_=None):
3573 3576 if type_ is None:
3574 3577 type_ = Notification.TYPE_MESSAGE
3575 3578
3576 3579 notification = cls()
3577 3580 notification.created_by_user = created_by
3578 3581 notification.subject = subject
3579 3582 notification.body = body
3580 3583 notification.type_ = type_
3581 3584 notification.created_on = datetime.datetime.now()
3582 3585
3583 3586 for u in recipients:
3584 3587 assoc = UserNotification()
3585 3588 assoc.notification = notification
3586 3589
3587 3590 # if created_by is inside recipients mark his notification
3588 3591 # as read
3589 3592 if u.user_id == created_by.user_id:
3590 3593 assoc.read = True
3591 3594
3592 3595 u.notifications.append(assoc)
3593 3596 Session().add(notification)
3594 3597
3595 3598 return notification
3596 3599
3597 3600 @property
3598 3601 def description(self):
3599 3602 from rhodecode.model.notification import NotificationModel
3600 3603 return NotificationModel().make_description(self)
3601 3604
3602 3605
3603 3606 class UserNotification(Base, BaseModel):
3604 3607 __tablename__ = 'user_to_notification'
3605 3608 __table_args__ = (
3606 3609 UniqueConstraint('user_id', 'notification_id'),
3607 3610 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3608 3611 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3609 3612 )
3610 3613 user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), primary_key=True)
3611 3614 notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True)
3612 3615 read = Column('read', Boolean, default=False)
3613 3616 sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None)
3614 3617
3615 3618 user = relationship('User', lazy="joined")
3616 3619 notification = relationship('Notification', lazy="joined",
3617 3620 order_by=lambda: Notification.created_on.desc(),)
3618 3621
3619 3622 def mark_as_read(self):
3620 3623 self.read = True
3621 3624 Session().add(self)
3622 3625
3623 3626
3624 3627 class Gist(Base, BaseModel):
3625 3628 __tablename__ = 'gists'
3626 3629 __table_args__ = (
3627 3630 Index('g_gist_access_id_idx', 'gist_access_id'),
3628 3631 Index('g_created_on_idx', 'created_on'),
3629 3632 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3630 3633 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3631 3634 )
3632 3635 GIST_PUBLIC = u'public'
3633 3636 GIST_PRIVATE = u'private'
3634 3637 DEFAULT_FILENAME = u'gistfile1.txt'
3635 3638
3636 3639 ACL_LEVEL_PUBLIC = u'acl_public'
3637 3640 ACL_LEVEL_PRIVATE = u'acl_private'
3638 3641
3639 3642 gist_id = Column('gist_id', Integer(), primary_key=True)
3640 3643 gist_access_id = Column('gist_access_id', Unicode(250))
3641 3644 gist_description = Column('gist_description', UnicodeText().with_variant(UnicodeText(1024), 'mysql'))
3642 3645 gist_owner = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=True)
3643 3646 gist_expires = Column('gist_expires', Float(53), nullable=False)
3644 3647 gist_type = Column('gist_type', Unicode(128), nullable=False)
3645 3648 created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3646 3649 modified_at = Column('modified_at', DateTime(timezone=False), nullable=False, default=datetime.datetime.now)
3647 3650 acl_level = Column('acl_level', Unicode(128), nullable=True)
3648 3651
3649 3652 owner = relationship('User')
3650 3653
3651 3654 def __repr__(self):
3652 3655 return '<Gist:[%s]%s>' % (self.gist_type, self.gist_access_id)
3653 3656
3654 3657 @classmethod
3655 3658 def get_or_404(cls, id_, pyramid_exc=False):
3656 3659
3657 3660 if pyramid_exc:
3658 3661 from pyramid.httpexceptions import HTTPNotFound
3659 3662 else:
3660 3663 from webob.exc import HTTPNotFound
3661 3664
3662 3665 res = cls.query().filter(cls.gist_access_id == id_).scalar()
3663 3666 if not res:
3664 3667 raise HTTPNotFound
3665 3668 return res
3666 3669
3667 3670 @classmethod
3668 3671 def get_by_access_id(cls, gist_access_id):
3669 3672 return cls.query().filter(cls.gist_access_id == gist_access_id).scalar()
3670 3673
3671 3674 def gist_url(self):
3672 3675 import rhodecode
3673 3676 alias_url = rhodecode.CONFIG.get('gist_alias_url')
3674 3677 if alias_url:
3675 3678 return alias_url.replace('{gistid}', self.gist_access_id)
3676 3679
3677 3680 return url('gist', gist_id=self.gist_access_id, qualified=True)
3678 3681
3679 3682 @classmethod
3680 3683 def base_path(cls):
3681 3684 """
3682 3685 Returns base path when all gists are stored
3683 3686
3684 3687 :param cls:
3685 3688 """
3686 3689 from rhodecode.model.gist import GIST_STORE_LOC
3687 3690 q = Session().query(RhodeCodeUi)\
3688 3691 .filter(RhodeCodeUi.ui_key == URL_SEP)
3689 3692 q = q.options(FromCache("sql_cache_short", "repository_repo_path"))
3690 3693 return os.path.join(q.one().ui_value, GIST_STORE_LOC)
3691 3694
3692 3695 def get_api_data(self):
3693 3696 """
3694 3697 Common function for generating gist related data for API
3695 3698 """
3696 3699 gist = self
3697 3700 data = {
3698 3701 'gist_id': gist.gist_id,
3699 3702 'type': gist.gist_type,
3700 3703 'access_id': gist.gist_access_id,
3701 3704 'description': gist.gist_description,
3702 3705 'url': gist.gist_url(),
3703 3706 'expires': gist.gist_expires,
3704 3707 'created_on': gist.created_on,
3705 3708 'modified_at': gist.modified_at,
3706 3709 'content': None,
3707 3710 'acl_level': gist.acl_level,
3708 3711 }
3709 3712 return data
3710 3713
3711 3714 def __json__(self):
3712 3715 data = dict(
3713 3716 )
3714 3717 data.update(self.get_api_data())
3715 3718 return data
3716 3719 # SCM functions
3717 3720
3718 3721 def scm_instance(self, **kwargs):
3719 3722 full_repo_path = os.path.join(self.base_path(), self.gist_access_id)
3720 3723 return get_vcs_instance(
3721 3724 repo_path=safe_str(full_repo_path), create=False)
3722 3725
3723 3726
3724 3727 class ExternalIdentity(Base, BaseModel):
3725 3728 __tablename__ = 'external_identities'
3726 3729 __table_args__ = (
3727 3730 Index('local_user_id_idx', 'local_user_id'),
3728 3731 Index('external_id_idx', 'external_id'),
3729 3732 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3730 3733 'mysql_charset': 'utf8'})
3731 3734
3732 3735 external_id = Column('external_id', Unicode(255), default=u'',
3733 3736 primary_key=True)
3734 3737 external_username = Column('external_username', Unicode(1024), default=u'')
3735 3738 local_user_id = Column('local_user_id', Integer(),
3736 3739 ForeignKey('users.user_id'), primary_key=True)
3737 3740 provider_name = Column('provider_name', Unicode(255), default=u'',
3738 3741 primary_key=True)
3739 3742 access_token = Column('access_token', String(1024), default=u'')
3740 3743 alt_token = Column('alt_token', String(1024), default=u'')
3741 3744 token_secret = Column('token_secret', String(1024), default=u'')
3742 3745
3743 3746 @classmethod
3744 3747 def by_external_id_and_provider(cls, external_id, provider_name,
3745 3748 local_user_id=None):
3746 3749 """
3747 3750 Returns ExternalIdentity instance based on search params
3748 3751
3749 3752 :param external_id:
3750 3753 :param provider_name:
3751 3754 :return: ExternalIdentity
3752 3755 """
3753 3756 query = cls.query()
3754 3757 query = query.filter(cls.external_id == external_id)
3755 3758 query = query.filter(cls.provider_name == provider_name)
3756 3759 if local_user_id:
3757 3760 query = query.filter(cls.local_user_id == local_user_id)
3758 3761 return query.first()
3759 3762
3760 3763 @classmethod
3761 3764 def user_by_external_id_and_provider(cls, external_id, provider_name):
3762 3765 """
3763 3766 Returns User instance based on search params
3764 3767
3765 3768 :param external_id:
3766 3769 :param provider_name:
3767 3770 :return: User
3768 3771 """
3769 3772 query = User.query()
3770 3773 query = query.filter(cls.external_id == external_id)
3771 3774 query = query.filter(cls.provider_name == provider_name)
3772 3775 query = query.filter(User.user_id == cls.local_user_id)
3773 3776 return query.first()
3774 3777
3775 3778 @classmethod
3776 3779 def by_local_user_id(cls, local_user_id):
3777 3780 """
3778 3781 Returns all tokens for user
3779 3782
3780 3783 :param local_user_id:
3781 3784 :return: ExternalIdentity
3782 3785 """
3783 3786 query = cls.query()
3784 3787 query = query.filter(cls.local_user_id == local_user_id)
3785 3788 return query
3786 3789
3787 3790
3788 3791 class Integration(Base, BaseModel):
3789 3792 __tablename__ = 'integrations'
3790 3793 __table_args__ = (
3791 3794 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3792 3795 'mysql_charset': 'utf8', 'sqlite_autoincrement': True}
3793 3796 )
3794 3797
3795 3798 integration_id = Column('integration_id', Integer(), primary_key=True)
3796 3799 integration_type = Column('integration_type', String(255))
3797 3800 enabled = Column('enabled', Boolean(), nullable=False)
3798 3801 name = Column('name', String(255), nullable=False)
3799 3802 child_repos_only = Column('child_repos_only', Boolean(), nullable=False,
3800 3803 default=False)
3801 3804
3802 3805 settings = Column(
3803 3806 'settings_json', MutationObj.as_mutable(
3804 3807 JsonType(dialect_map=dict(mysql=UnicodeText(16384)))))
3805 3808 repo_id = Column(
3806 3809 'repo_id', Integer(), ForeignKey('repositories.repo_id'),
3807 3810 nullable=True, unique=None, default=None)
3808 3811 repo = relationship('Repository', lazy='joined')
3809 3812
3810 3813 repo_group_id = Column(
3811 3814 'repo_group_id', Integer(), ForeignKey('groups.group_id'),
3812 3815 nullable=True, unique=None, default=None)
3813 3816 repo_group = relationship('RepoGroup', lazy='joined')
3814 3817
3815 3818 @property
3816 3819 def scope(self):
3817 3820 if self.repo:
3818 3821 return repr(self.repo)
3819 3822 if self.repo_group:
3820 3823 if self.child_repos_only:
3821 3824 return repr(self.repo_group) + ' (child repos only)'
3822 3825 else:
3823 3826 return repr(self.repo_group) + ' (recursive)'
3824 3827 if self.child_repos_only:
3825 3828 return 'root_repos'
3826 3829 return 'global'
3827 3830
3828 3831 def __repr__(self):
3829 3832 return '<Integration(%r, %r)>' % (self.integration_type, self.scope)
3830 3833
3831 3834
3832 3835 class RepoReviewRuleUser(Base, BaseModel):
3833 3836 __tablename__ = 'repo_review_rules_users'
3834 3837 __table_args__ = (
3835 3838 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3836 3839 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3837 3840 )
3838 3841 repo_review_rule_user_id = Column(
3839 3842 'repo_review_rule_user_id', Integer(), primary_key=True)
3840 3843 repo_review_rule_id = Column("repo_review_rule_id",
3841 3844 Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
3842 3845 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'),
3843 3846 nullable=False)
3844 3847 user = relationship('User')
3845 3848
3846 3849
3847 3850 class RepoReviewRuleUserGroup(Base, BaseModel):
3848 3851 __tablename__ = 'repo_review_rules_users_groups'
3849 3852 __table_args__ = (
3850 3853 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3851 3854 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3852 3855 )
3853 3856 repo_review_rule_users_group_id = Column(
3854 3857 'repo_review_rule_users_group_id', Integer(), primary_key=True)
3855 3858 repo_review_rule_id = Column("repo_review_rule_id",
3856 3859 Integer(), ForeignKey('repo_review_rules.repo_review_rule_id'))
3857 3860 users_group_id = Column("users_group_id", Integer(),
3858 3861 ForeignKey('users_groups.users_group_id'), nullable=False)
3859 3862 users_group = relationship('UserGroup')
3860 3863
3861 3864
3862 3865 class RepoReviewRule(Base, BaseModel):
3863 3866 __tablename__ = 'repo_review_rules'
3864 3867 __table_args__ = (
3865 3868 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3866 3869 'mysql_charset': 'utf8', 'sqlite_autoincrement': True,}
3867 3870 )
3868 3871
3869 3872 repo_review_rule_id = Column(
3870 3873 'repo_review_rule_id', Integer(), primary_key=True)
3871 3874 repo_id = Column(
3872 3875 "repo_id", Integer(), ForeignKey('repositories.repo_id'))
3873 3876 repo = relationship('Repository', backref='review_rules')
3874 3877
3875 3878 _branch_pattern = Column("branch_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'),
3876 3879 default=u'*') # glob
3877 3880 _file_pattern = Column("file_pattern", UnicodeText().with_variant(UnicodeText(255), 'mysql'),
3878 3881 default=u'*') # glob
3879 3882
3880 3883 use_authors_for_review = Column("use_authors_for_review", Boolean(),
3881 3884 nullable=False, default=False)
3882 3885 rule_users = relationship('RepoReviewRuleUser')
3883 3886 rule_user_groups = relationship('RepoReviewRuleUserGroup')
3884 3887
3885 3888 @hybrid_property
3886 3889 def branch_pattern(self):
3887 3890 return self._branch_pattern or '*'
3888 3891
3889 3892 def _validate_glob(self, value):
3890 3893 re.compile('^' + glob2re(value) + '$')
3891 3894
3892 3895 @branch_pattern.setter
3893 3896 def branch_pattern(self, value):
3894 3897 self._validate_glob(value)
3895 3898 self._branch_pattern = value or '*'
3896 3899
3897 3900 @hybrid_property
3898 3901 def file_pattern(self):
3899 3902 return self._file_pattern or '*'
3900 3903
3901 3904 @file_pattern.setter
3902 3905 def file_pattern(self, value):
3903 3906 self._validate_glob(value)
3904 3907 self._file_pattern = value or '*'
3905 3908
3906 3909 def matches(self, branch, files_changed):
3907 3910 """
3908 3911 Check if this review rule matches a branch/files in a pull request
3909 3912
3910 3913 :param branch: branch name for the commit
3911 3914 :param files_changed: list of file paths changed in the pull request
3912 3915 """
3913 3916
3914 3917 branch = branch or ''
3915 3918 files_changed = files_changed or []
3916 3919
3917 3920 branch_matches = True
3918 3921 if branch:
3919 3922 branch_regex = re.compile('^' + glob2re(self.branch_pattern) + '$')
3920 3923 branch_matches = bool(branch_regex.search(branch))
3921 3924
3922 3925 files_matches = True
3923 3926 if self.file_pattern != '*':
3924 3927 files_matches = False
3925 3928 file_regex = re.compile(glob2re(self.file_pattern))
3926 3929 for filename in files_changed:
3927 3930 if file_regex.search(filename):
3928 3931 files_matches = True
3929 3932 break
3930 3933
3931 3934 return branch_matches and files_matches
3932 3935
3933 3936 @property
3934 3937 def review_users(self):
3935 3938 """ Returns the users which this rule applies to """
3936 3939
3937 3940 users = set()
3938 3941 users |= set([
3939 3942 rule_user.user for rule_user in self.rule_users
3940 3943 if rule_user.user.active])
3941 3944 users |= set(
3942 3945 member.user
3943 3946 for rule_user_group in self.rule_user_groups
3944 3947 for member in rule_user_group.users_group.members
3945 3948 if member.user.active
3946 3949 )
3947 3950 return users
3948 3951
3949 3952 def __repr__(self):
3950 3953 return '<RepoReviewerRule(id=%r, repo=%r)>' % (
3951 3954 self.repo_review_rule_id, self.repo)
3952 3955
3953 3956
3954 3957 class DbMigrateVersion(Base, BaseModel):
3955 3958 __tablename__ = 'db_migrate_version'
3956 3959 __table_args__ = (
3957 3960 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3958 3961 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3959 3962 )
3960 3963 repository_id = Column('repository_id', String(250), primary_key=True)
3961 3964 repository_path = Column('repository_path', Text)
3962 3965 version = Column('version', Integer)
3963 3966
3964 3967
3965 3968 class DbSession(Base, BaseModel):
3966 3969 __tablename__ = 'db_session'
3967 3970 __table_args__ = (
3968 3971 {'extend_existing': True, 'mysql_engine': 'InnoDB',
3969 3972 'mysql_charset': 'utf8', 'sqlite_autoincrement': True},
3970 3973 )
3971 3974
3972 3975 def __repr__(self):
3973 3976 return '<DB:DbSession({})>'.format(self.id)
3974 3977
3975 3978 id = Column('id', Integer())
3976 3979 namespace = Column('namespace', String(255), primary_key=True)
3977 3980 accessed = Column('accessed', DateTime, nullable=False)
3978 3981 created = Column('created', DateTime, nullable=False)
3979 3982 data = Column('data', PickleType, nullable=False)
@@ -1,900 +1,901 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 """
22 22 users model for RhodeCode
23 23 """
24 24
25 25 import logging
26 26 import traceback
27 27
28 28 import datetime
29 29 from pylons.i18n.translation import _
30 30
31 31 import ipaddress
32 32 from sqlalchemy.exc import DatabaseError
33 33 from sqlalchemy.sql.expression import true, false
34 34
35 35 from rhodecode import events
36 36 from rhodecode.lib.user_log_filter import user_log_filter
37 37 from rhodecode.lib.utils2 import (
38 38 safe_unicode, get_current_rhodecode_user, action_logger_generic,
39 39 AttributeDict, str2bool)
40 40 from rhodecode.lib.caching_query import FromCache
41 41 from rhodecode.model import BaseModel
42 42 from rhodecode.model.auth_token import AuthTokenModel
43 43 from rhodecode.model.db import (
44 44 or_, joinedload, User, UserToPerm, UserEmailMap, UserIpMap, UserLog)
45 45 from rhodecode.lib.exceptions import (
46 46 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
47 47 UserOwnsUserGroupsException, NotAllowedToCreateUserError)
48 48 from rhodecode.model.meta import Session
49 49 from rhodecode.model.repo_group import RepoGroupModel
50 50
51 51
52 52 log = logging.getLogger(__name__)
53 53
54 54
55 55 class UserModel(BaseModel):
56 56 cls = User
57 57
58 58 def get(self, user_id, cache=False):
59 59 user = self.sa.query(User)
60 60 if cache:
61 61 user = user.options(FromCache("sql_cache_short",
62 62 "get_user_%s" % user_id))
63 63 return user.get(user_id)
64 64
65 65 def get_user(self, user):
66 66 return self._get_user(user)
67 67
68 68 def _serialize_user(self, user):
69 69 import rhodecode.lib.helpers as h
70 70
71 71 return {
72 72 'id': user.user_id,
73 73 'first_name': user.name,
74 74 'last_name': user.lastname,
75 75 'username': user.username,
76 76 'email': user.email,
77 77 'icon_link': h.gravatar_url(user.email, 30),
78 78 'value_display': h.person(user),
79 79 'value': user.username,
80 80 'value_type': 'user',
81 81 'active': user.active,
82 82 }
83 83
84 84 def get_users(self, name_contains=None, limit=20, only_active=True):
85 85
86 86 query = self.sa.query(User)
87 87 if only_active:
88 88 query = query.filter(User.active == true())
89 89
90 90 if name_contains:
91 91 ilike_expression = u'%{}%'.format(safe_unicode(name_contains))
92 92 query = query.filter(
93 93 or_(
94 94 User.name.ilike(ilike_expression),
95 95 User.lastname.ilike(ilike_expression),
96 96 User.username.ilike(ilike_expression)
97 97 )
98 98 )
99 99 query = query.limit(limit)
100 100 users = query.all()
101 101
102 102 _users = [
103 103 self._serialize_user(user) for user in users
104 104 ]
105 105 return _users
106 106
107 107 def get_by_username(self, username, cache=False, case_insensitive=False):
108 108
109 109 if case_insensitive:
110 110 user = self.sa.query(User).filter(User.username.ilike(username))
111 111 else:
112 112 user = self.sa.query(User)\
113 113 .filter(User.username == username)
114 114 if cache:
115 115 user = user.options(FromCache("sql_cache_short",
116 116 "get_user_%s" % username))
117 117 return user.scalar()
118 118
119 119 def get_by_email(self, email, cache=False, case_insensitive=False):
120 120 return User.get_by_email(email, case_insensitive, cache)
121 121
122 122 def get_by_auth_token(self, auth_token, cache=False):
123 123 return User.get_by_auth_token(auth_token, cache)
124 124
125 125 def get_active_user_count(self, cache=False):
126 126 return User.query().filter(
127 127 User.active == True).filter(
128 128 User.username != User.DEFAULT_USER).count()
129 129
130 130 def create(self, form_data, cur_user=None):
131 131 if not cur_user:
132 132 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
133 133
134 134 user_data = {
135 135 'username': form_data['username'],
136 136 'password': form_data['password'],
137 137 'email': form_data['email'],
138 138 'firstname': form_data['firstname'],
139 139 'lastname': form_data['lastname'],
140 140 'active': form_data['active'],
141 141 'extern_type': form_data['extern_type'],
142 142 'extern_name': form_data['extern_name'],
143 143 'admin': False,
144 144 'cur_user': cur_user
145 145 }
146 146
147 147 if 'create_repo_group' in form_data:
148 148 user_data['create_repo_group'] = str2bool(
149 149 form_data.get('create_repo_group'))
150 150
151 151 try:
152 152 if form_data.get('password_change'):
153 153 user_data['force_password_change'] = True
154 154 return UserModel().create_or_update(**user_data)
155 155 except Exception:
156 156 log.error(traceback.format_exc())
157 157 raise
158 158
159 159 def update_user(self, user, skip_attrs=None, **kwargs):
160 160 from rhodecode.lib.auth import get_crypt_password
161 161
162 162 user = self._get_user(user)
163 163 if user.username == User.DEFAULT_USER:
164 164 raise DefaultUserException(
165 165 _("You can't Edit this user since it's"
166 166 " crucial for entire application"))
167 167
168 168 # first store only defaults
169 169 user_attrs = {
170 170 'updating_user_id': user.user_id,
171 171 'username': user.username,
172 172 'password': user.password,
173 173 'email': user.email,
174 174 'firstname': user.name,
175 175 'lastname': user.lastname,
176 176 'active': user.active,
177 177 'admin': user.admin,
178 178 'extern_name': user.extern_name,
179 179 'extern_type': user.extern_type,
180 180 'language': user.user_data.get('language')
181 181 }
182 182
183 183 # in case there's new_password, that comes from form, use it to
184 184 # store password
185 185 if kwargs.get('new_password'):
186 186 kwargs['password'] = kwargs['new_password']
187 187
188 188 # cleanups, my_account password change form
189 189 kwargs.pop('current_password', None)
190 190 kwargs.pop('new_password', None)
191 191
192 192 # cleanups, user edit password change form
193 193 kwargs.pop('password_confirmation', None)
194 194 kwargs.pop('password_change', None)
195 195
196 196 # create repo group on user creation
197 197 kwargs.pop('create_repo_group', None)
198 198
199 199 # legacy forms send name, which is the firstname
200 200 firstname = kwargs.pop('name', None)
201 201 if firstname:
202 202 kwargs['firstname'] = firstname
203 203
204 204 for k, v in kwargs.items():
205 205 # skip if we don't want to update this
206 206 if skip_attrs and k in skip_attrs:
207 207 continue
208 208
209 209 user_attrs[k] = v
210 210
211 211 try:
212 212 return self.create_or_update(**user_attrs)
213 213 except Exception:
214 214 log.error(traceback.format_exc())
215 215 raise
216 216
217 217 def create_or_update(
218 218 self, username, password, email, firstname='', lastname='',
219 219 active=True, admin=False, extern_type=None, extern_name=None,
220 220 cur_user=None, plugin=None, force_password_change=False,
221 221 allow_to_create_user=True, create_repo_group=None,
222 222 updating_user_id=None, language=None, strict_creation_check=True):
223 223 """
224 224 Creates a new instance if not found, or updates current one
225 225
226 226 :param username:
227 227 :param password:
228 228 :param email:
229 229 :param firstname:
230 230 :param lastname:
231 231 :param active:
232 232 :param admin:
233 233 :param extern_type:
234 234 :param extern_name:
235 235 :param cur_user:
236 236 :param plugin: optional plugin this method was called from
237 237 :param force_password_change: toggles new or existing user flag
238 238 for password change
239 239 :param allow_to_create_user: Defines if the method can actually create
240 240 new users
241 241 :param create_repo_group: Defines if the method should also
242 242 create an repo group with user name, and owner
243 243 :param updating_user_id: if we set it up this is the user we want to
244 244 update this allows to editing username.
245 245 :param language: language of user from interface.
246 246
247 247 :returns: new User object with injected `is_new_user` attribute.
248 248 """
249 249 if not cur_user:
250 250 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
251 251
252 252 from rhodecode.lib.auth import (
253 253 get_crypt_password, check_password, generate_auth_token)
254 254 from rhodecode.lib.hooks_base import (
255 255 log_create_user, check_allowed_create_user)
256 256
257 257 def _password_change(new_user, password):
258 258 # empty password
259 259 if not new_user.password:
260 260 return False
261 261
262 262 # password check is only needed for RhodeCode internal auth calls
263 263 # in case it's a plugin we don't care
264 264 if not plugin:
265 265
266 266 # first check if we gave crypted password back, and if it
267 267 # matches it's not password change
268 268 if new_user.password == password:
269 269 return False
270 270
271 271 password_match = check_password(password, new_user.password)
272 272 if not password_match:
273 273 return True
274 274
275 275 return False
276 276
277 277 # read settings on default personal repo group creation
278 278 if create_repo_group is None:
279 279 default_create_repo_group = RepoGroupModel()\
280 280 .get_default_create_personal_repo_group()
281 281 create_repo_group = default_create_repo_group
282 282
283 283 user_data = {
284 284 'username': username,
285 285 'password': password,
286 286 'email': email,
287 287 'firstname': firstname,
288 288 'lastname': lastname,
289 289 'active': active,
290 290 'admin': admin
291 291 }
292 292
293 293 if updating_user_id:
294 294 log.debug('Checking for existing account in RhodeCode '
295 295 'database with user_id `%s` ' % (updating_user_id,))
296 296 user = User.get(updating_user_id)
297 297 else:
298 298 log.debug('Checking for existing account in RhodeCode '
299 299 'database with username `%s` ' % (username,))
300 300 user = User.get_by_username(username, case_insensitive=True)
301 301
302 302 if user is None:
303 303 # we check internal flag if this method is actually allowed to
304 304 # create new user
305 305 if not allow_to_create_user:
306 306 msg = ('Method wants to create new user, but it is not '
307 307 'allowed to do so')
308 308 log.warning(msg)
309 309 raise NotAllowedToCreateUserError(msg)
310 310
311 311 log.debug('Creating new user %s', username)
312 312
313 313 # only if we create user that is active
314 314 new_active_user = active
315 315 if new_active_user and strict_creation_check:
316 316 # raises UserCreationError if it's not allowed for any reason to
317 317 # create new active user, this also executes pre-create hooks
318 318 check_allowed_create_user(user_data, cur_user, strict_check=True)
319 319 events.trigger(events.UserPreCreate(user_data))
320 320 new_user = User()
321 321 edit = False
322 322 else:
323 323 log.debug('updating user %s', username)
324 324 events.trigger(events.UserPreUpdate(user, user_data))
325 325 new_user = user
326 326 edit = True
327 327
328 328 # we're not allowed to edit default user
329 329 if user.username == User.DEFAULT_USER:
330 330 raise DefaultUserException(
331 331 _("You can't edit this user (`%(username)s`) since it's "
332 332 "crucial for entire application") % {'username': user.username})
333 333
334 334 # inject special attribute that will tell us if User is new or old
335 335 new_user.is_new_user = not edit
336 336 # for users that didn's specify auth type, we use RhodeCode built in
337 337 from rhodecode.authentication.plugins import auth_rhodecode
338 338 extern_name = extern_name or auth_rhodecode.RhodeCodeAuthPlugin.name
339 339 extern_type = extern_type or auth_rhodecode.RhodeCodeAuthPlugin.name
340 340
341 341 try:
342 342 new_user.username = username
343 343 new_user.admin = admin
344 344 new_user.email = email
345 345 new_user.active = active
346 346 new_user.extern_name = safe_unicode(extern_name)
347 347 new_user.extern_type = safe_unicode(extern_type)
348 348 new_user.name = firstname
349 349 new_user.lastname = lastname
350 350
351 351 # set password only if creating an user or password is changed
352 352 if not edit or _password_change(new_user, password):
353 353 reason = 'new password' if edit else 'new user'
354 354 log.debug('Updating password reason=>%s', reason)
355 355 new_user.password = get_crypt_password(password) if password else None
356 356
357 357 if force_password_change:
358 358 new_user.update_userdata(force_password_change=True)
359 359 if language:
360 360 new_user.update_userdata(language=language)
361 361 new_user.update_userdata(notification_status=True)
362 362
363 363 self.sa.add(new_user)
364 364
365 365 if not edit and create_repo_group:
366 366 RepoGroupModel().create_personal_repo_group(
367 367 new_user, commit_early=False)
368 368
369 369 if not edit:
370 370 # add the RSS token
371 371 AuthTokenModel().create(username,
372 372 description='Generated feed token',
373 373 role=AuthTokenModel.cls.ROLE_FEED)
374 374 log_create_user(created_by=cur_user, **new_user.get_dict())
375 375 events.trigger(events.UserPostCreate(user_data))
376 376 return new_user
377 377 except (DatabaseError,):
378 378 log.error(traceback.format_exc())
379 379 raise
380 380
381 381 def create_registration(self, form_data):
382 382 from rhodecode.model.notification import NotificationModel
383 383 from rhodecode.model.notification import EmailNotificationModel
384 384
385 385 try:
386 386 form_data['admin'] = False
387 387 form_data['extern_name'] = 'rhodecode'
388 388 form_data['extern_type'] = 'rhodecode'
389 389 new_user = self.create(form_data)
390 390
391 391 self.sa.add(new_user)
392 392 self.sa.flush()
393 393
394 394 user_data = new_user.get_dict()
395 395 kwargs = {
396 396 # use SQLALCHEMY safe dump of user data
397 397 'user': AttributeDict(user_data),
398 398 'date': datetime.datetime.now()
399 399 }
400 400 notification_type = EmailNotificationModel.TYPE_REGISTRATION
401 401 # pre-generate the subject for notification itself
402 402 (subject,
403 403 _h, _e, # we don't care about those
404 404 body_plaintext) = EmailNotificationModel().render_email(
405 405 notification_type, **kwargs)
406 406
407 407 # create notification objects, and emails
408 408 NotificationModel().create(
409 409 created_by=new_user,
410 410 notification_subject=subject,
411 411 notification_body=body_plaintext,
412 412 notification_type=notification_type,
413 413 recipients=None, # all admins
414 414 email_kwargs=kwargs,
415 415 )
416 416
417 417 return new_user
418 418 except Exception:
419 419 log.error(traceback.format_exc())
420 420 raise
421 421
422 422 def _handle_user_repos(self, username, repositories, handle_mode=None):
423 423 _superadmin = self.cls.get_first_super_admin()
424 424 left_overs = True
425 425
426 426 from rhodecode.model.repo import RepoModel
427 427
428 428 if handle_mode == 'detach':
429 429 for obj in repositories:
430 430 obj.user = _superadmin
431 431 # set description we know why we super admin now owns
432 432 # additional repositories that were orphaned !
433 433 obj.description += ' \n::detached repository from deleted user: %s' % (username,)
434 434 self.sa.add(obj)
435 435 left_overs = False
436 436 elif handle_mode == 'delete':
437 437 for obj in repositories:
438 438 RepoModel().delete(obj, forks='detach')
439 439 left_overs = False
440 440
441 441 # if nothing is done we have left overs left
442 442 return left_overs
443 443
444 444 def _handle_user_repo_groups(self, username, repository_groups,
445 445 handle_mode=None):
446 446 _superadmin = self.cls.get_first_super_admin()
447 447 left_overs = True
448 448
449 449 from rhodecode.model.repo_group import RepoGroupModel
450 450
451 451 if handle_mode == 'detach':
452 452 for r in repository_groups:
453 453 r.user = _superadmin
454 454 # set description we know why we super admin now owns
455 455 # additional repositories that were orphaned !
456 456 r.group_description += ' \n::detached repository group from deleted user: %s' % (username,)
457 457 self.sa.add(r)
458 458 left_overs = False
459 459 elif handle_mode == 'delete':
460 460 for r in repository_groups:
461 461 RepoGroupModel().delete(r)
462 462 left_overs = False
463 463
464 464 # if nothing is done we have left overs left
465 465 return left_overs
466 466
467 467 def _handle_user_user_groups(self, username, user_groups, handle_mode=None):
468 468 _superadmin = self.cls.get_first_super_admin()
469 469 left_overs = True
470 470
471 471 from rhodecode.model.user_group import UserGroupModel
472 472
473 473 if handle_mode == 'detach':
474 474 for r in user_groups:
475 475 for user_user_group_to_perm in r.user_user_group_to_perm:
476 476 if user_user_group_to_perm.user.username == username:
477 477 user_user_group_to_perm.user = _superadmin
478 478 r.user = _superadmin
479 479 # set description we know why we super admin now owns
480 480 # additional repositories that were orphaned !
481 481 r.user_group_description += ' \n::detached user group from deleted user: %s' % (username,)
482 482 self.sa.add(r)
483 483 left_overs = False
484 484 elif handle_mode == 'delete':
485 485 for r in user_groups:
486 486 UserGroupModel().delete(r)
487 487 left_overs = False
488 488
489 489 # if nothing is done we have left overs left
490 490 return left_overs
491 491
492 492 def delete(self, user, cur_user=None, handle_repos=None,
493 493 handle_repo_groups=None, handle_user_groups=None):
494 494 if not cur_user:
495 495 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
496 496 user = self._get_user(user)
497 497
498 498 try:
499 499 if user.username == User.DEFAULT_USER:
500 500 raise DefaultUserException(
501 501 _(u"You can't remove this user since it's"
502 502 u" crucial for entire application"))
503 503
504 504 left_overs = self._handle_user_repos(
505 505 user.username, user.repositories, handle_repos)
506 506 if left_overs and user.repositories:
507 507 repos = [x.repo_name for x in user.repositories]
508 508 raise UserOwnsReposException(
509 509 _(u'user "%s" still owns %s repositories and cannot be '
510 510 u'removed. Switch owners or remove those repositories:%s')
511 511 % (user.username, len(repos), ', '.join(repos)))
512 512
513 513 left_overs = self._handle_user_repo_groups(
514 514 user.username, user.repository_groups, handle_repo_groups)
515 515 if left_overs and user.repository_groups:
516 516 repo_groups = [x.group_name for x in user.repository_groups]
517 517 raise UserOwnsRepoGroupsException(
518 518 _(u'user "%s" still owns %s repository groups and cannot be '
519 519 u'removed. Switch owners or remove those repository groups:%s')
520 520 % (user.username, len(repo_groups), ', '.join(repo_groups)))
521 521
522 522 left_overs = self._handle_user_user_groups(
523 523 user.username, user.user_groups, handle_user_groups)
524 524 if left_overs and user.user_groups:
525 525 user_groups = [x.users_group_name for x in user.user_groups]
526 526 raise UserOwnsUserGroupsException(
527 527 _(u'user "%s" still owns %s user groups and cannot be '
528 528 u'removed. Switch owners or remove those user groups:%s')
529 529 % (user.username, len(user_groups), ', '.join(user_groups)))
530 530
531 531 # we might change the user data with detach/delete, make sure
532 532 # the object is marked as expired before actually deleting !
533 533 self.sa.expire(user)
534 534 self.sa.delete(user)
535 535 from rhodecode.lib.hooks_base import log_delete_user
536 536 log_delete_user(deleted_by=cur_user, **user.get_dict())
537 537 except Exception:
538 538 log.error(traceback.format_exc())
539 539 raise
540 540
541 541 def reset_password_link(self, data, pwd_reset_url):
542 542 from rhodecode.lib.celerylib import tasks, run_task
543 543 from rhodecode.model.notification import EmailNotificationModel
544 544 user_email = data['email']
545 545 try:
546 546 user = User.get_by_email(user_email)
547 547 if user:
548 548 log.debug('password reset user found %s', user)
549 549
550 550 email_kwargs = {
551 551 'password_reset_url': pwd_reset_url,
552 552 'user': user,
553 553 'email': user_email,
554 554 'date': datetime.datetime.now()
555 555 }
556 556
557 557 (subject, headers, email_body,
558 558 email_body_plaintext) = EmailNotificationModel().render_email(
559 559 EmailNotificationModel.TYPE_PASSWORD_RESET, **email_kwargs)
560 560
561 561 recipients = [user_email]
562 562
563 563 action_logger_generic(
564 564 'sending password reset email to user: {}'.format(
565 565 user), namespace='security.password_reset')
566 566
567 567 run_task(tasks.send_email, recipients, subject,
568 568 email_body_plaintext, email_body)
569 569
570 570 else:
571 571 log.debug("password reset email %s not found", user_email)
572 572 except Exception:
573 573 log.error(traceback.format_exc())
574 574 return False
575 575
576 576 return True
577 577
578 578 def reset_password(self, data):
579 579 from rhodecode.lib.celerylib import tasks, run_task
580 580 from rhodecode.model.notification import EmailNotificationModel
581 581 from rhodecode.lib import auth
582 582 user_email = data['email']
583 583 pre_db = True
584 584 try:
585 585 user = User.get_by_email(user_email)
586 586 new_passwd = auth.PasswordGenerator().gen_password(
587 587 12, auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
588 588 if user:
589 589 user.password = auth.get_crypt_password(new_passwd)
590 590 # also force this user to reset his password !
591 591 user.update_userdata(force_password_change=True)
592 592
593 593 Session().add(user)
594 594
595 595 # now delete the token in question
596 596 UserApiKeys = AuthTokenModel.cls
597 597 UserApiKeys().query().filter(
598 598 UserApiKeys.api_key == data['token']).delete()
599 599
600 600 Session().commit()
601 601 log.info('successfully reset password for `%s`', user_email)
602 602
603 603 if new_passwd is None:
604 604 raise Exception('unable to generate new password')
605 605
606 606 pre_db = False
607 607
608 608 email_kwargs = {
609 609 'new_password': new_passwd,
610 610 'user': user,
611 611 'email': user_email,
612 612 'date': datetime.datetime.now()
613 613 }
614 614
615 615 (subject, headers, email_body,
616 616 email_body_plaintext) = EmailNotificationModel().render_email(
617 617 EmailNotificationModel.TYPE_PASSWORD_RESET_CONFIRMATION,
618 618 **email_kwargs)
619 619
620 620 recipients = [user_email]
621 621
622 622 action_logger_generic(
623 623 'sent new password to user: {} with email: {}'.format(
624 624 user, user_email), namespace='security.password_reset')
625 625
626 626 run_task(tasks.send_email, recipients, subject,
627 627 email_body_plaintext, email_body)
628 628
629 629 except Exception:
630 630 log.error('Failed to update user password')
631 631 log.error(traceback.format_exc())
632 632 if pre_db:
633 633 # we rollback only if local db stuff fails. If it goes into
634 634 # run_task, we're pass rollback state this wouldn't work then
635 635 Session().rollback()
636 636
637 637 return True
638 638
639 639 def fill_data(self, auth_user, user_id=None, api_key=None, username=None):
640 640 """
641 641 Fetches auth_user by user_id,or api_key if present.
642 642 Fills auth_user attributes with those taken from database.
643 643 Additionally set's is_authenitated if lookup fails
644 644 present in database
645 645
646 646 :param auth_user: instance of user to set attributes
647 647 :param user_id: user id to fetch by
648 648 :param api_key: api key to fetch by
649 649 :param username: username to fetch by
650 650 """
651 651 if user_id is None and api_key is None and username is None:
652 652 raise Exception('You need to pass user_id, api_key or username')
653 653
654 654 log.debug(
655 655 'doing fill data based on: user_id:%s api_key:%s username:%s',
656 656 user_id, api_key, username)
657 657 try:
658 658 dbuser = None
659 659 if user_id:
660 660 dbuser = self.get(user_id)
661 661 elif api_key:
662 662 dbuser = self.get_by_auth_token(api_key)
663 663 elif username:
664 664 dbuser = self.get_by_username(username)
665 665
666 666 if not dbuser:
667 667 log.warning(
668 668 'Unable to lookup user by id:%s api_key:%s username:%s',
669 669 user_id, api_key, username)
670 670 return False
671 671 if not dbuser.active:
672 log.debug('User `%s` is inactive, skipping fill data', username)
672 log.debug('User `%s:%s` is inactive, skipping fill data',
673 username, user_id)
673 674 return False
674 675
675 676 log.debug('filling user:%s data', dbuser)
676 677
677 678 # TODO: johbo: Think about this and find a clean solution
678 679 user_data = dbuser.get_dict()
679 680 user_data.update(dbuser.get_api_data(include_secrets=True))
680 681
681 682 for k, v in user_data.iteritems():
682 683 # properties of auth user we dont update
683 684 if k not in ['auth_tokens', 'permissions']:
684 685 setattr(auth_user, k, v)
685 686
686 687 # few extras
687 688 setattr(auth_user, 'feed_token', dbuser.feed_token)
688 689 except Exception:
689 690 log.error(traceback.format_exc())
690 691 auth_user.is_authenticated = False
691 692 return False
692 693
693 694 return True
694 695
695 696 def has_perm(self, user, perm):
696 697 perm = self._get_perm(perm)
697 698 user = self._get_user(user)
698 699
699 700 return UserToPerm.query().filter(UserToPerm.user == user)\
700 701 .filter(UserToPerm.permission == perm).scalar() is not None
701 702
702 703 def grant_perm(self, user, perm):
703 704 """
704 705 Grant user global permissions
705 706
706 707 :param user:
707 708 :param perm:
708 709 """
709 710 user = self._get_user(user)
710 711 perm = self._get_perm(perm)
711 712 # if this permission is already granted skip it
712 713 _perm = UserToPerm.query()\
713 714 .filter(UserToPerm.user == user)\
714 715 .filter(UserToPerm.permission == perm)\
715 716 .scalar()
716 717 if _perm:
717 718 return
718 719 new = UserToPerm()
719 720 new.user = user
720 721 new.permission = perm
721 722 self.sa.add(new)
722 723 return new
723 724
724 725 def revoke_perm(self, user, perm):
725 726 """
726 727 Revoke users global permissions
727 728
728 729 :param user:
729 730 :param perm:
730 731 """
731 732 user = self._get_user(user)
732 733 perm = self._get_perm(perm)
733 734
734 735 obj = UserToPerm.query()\
735 736 .filter(UserToPerm.user == user)\
736 737 .filter(UserToPerm.permission == perm)\
737 738 .scalar()
738 739 if obj:
739 740 self.sa.delete(obj)
740 741
741 742 def add_extra_email(self, user, email):
742 743 """
743 744 Adds email address to UserEmailMap
744 745
745 746 :param user:
746 747 :param email:
747 748 """
748 749 from rhodecode.model import forms
749 750 form = forms.UserExtraEmailForm()()
750 751 data = form.to_python({'email': email})
751 752 user = self._get_user(user)
752 753
753 754 obj = UserEmailMap()
754 755 obj.user = user
755 756 obj.email = data['email']
756 757 self.sa.add(obj)
757 758 return obj
758 759
759 760 def delete_extra_email(self, user, email_id):
760 761 """
761 762 Removes email address from UserEmailMap
762 763
763 764 :param user:
764 765 :param email_id:
765 766 """
766 767 user = self._get_user(user)
767 768 obj = UserEmailMap.query().get(email_id)
768 769 if obj:
769 770 self.sa.delete(obj)
770 771
771 772 def parse_ip_range(self, ip_range):
772 773 ip_list = []
773 774 def make_unique(value):
774 775 seen = []
775 776 return [c for c in value if not (c in seen or seen.append(c))]
776 777
777 778 # firsts split by commas
778 779 for ip_range in ip_range.split(','):
779 780 if not ip_range:
780 781 continue
781 782 ip_range = ip_range.strip()
782 783 if '-' in ip_range:
783 784 start_ip, end_ip = ip_range.split('-', 1)
784 785 start_ip = ipaddress.ip_address(start_ip.strip())
785 786 end_ip = ipaddress.ip_address(end_ip.strip())
786 787 parsed_ip_range = []
787 788
788 789 for index in xrange(int(start_ip), int(end_ip) + 1):
789 790 new_ip = ipaddress.ip_address(index)
790 791 parsed_ip_range.append(str(new_ip))
791 792 ip_list.extend(parsed_ip_range)
792 793 else:
793 794 ip_list.append(ip_range)
794 795
795 796 return make_unique(ip_list)
796 797
797 798 def add_extra_ip(self, user, ip, description=None):
798 799 """
799 800 Adds ip address to UserIpMap
800 801
801 802 :param user:
802 803 :param ip:
803 804 """
804 805 from rhodecode.model import forms
805 806 form = forms.UserExtraIpForm()()
806 807 data = form.to_python({'ip': ip})
807 808 user = self._get_user(user)
808 809
809 810 obj = UserIpMap()
810 811 obj.user = user
811 812 obj.ip_addr = data['ip']
812 813 obj.description = description
813 814 self.sa.add(obj)
814 815 return obj
815 816
816 817 def delete_extra_ip(self, user, ip_id):
817 818 """
818 819 Removes ip address from UserIpMap
819 820
820 821 :param user:
821 822 :param ip_id:
822 823 """
823 824 user = self._get_user(user)
824 825 obj = UserIpMap.query().get(ip_id)
825 826 if obj:
826 827 self.sa.delete(obj)
827 828
828 829 def get_accounts_in_creation_order(self, current_user=None):
829 830 """
830 831 Get accounts in order of creation for deactivation for license limits
831 832
832 833 pick currently logged in user, and append to the list in position 0
833 834 pick all super-admins in order of creation date and add it to the list
834 835 pick all other accounts in order of creation and add it to the list.
835 836
836 837 Based on that list, the last accounts can be disabled as they are
837 838 created at the end and don't include any of the super admins as well
838 839 as the current user.
839 840
840 841 :param current_user: optionally current user running this operation
841 842 """
842 843
843 844 if not current_user:
844 845 current_user = get_current_rhodecode_user()
845 846 active_super_admins = [
846 847 x.user_id for x in User.query()
847 848 .filter(User.user_id != current_user.user_id)
848 849 .filter(User.active == true())
849 850 .filter(User.admin == true())
850 851 .order_by(User.created_on.asc())]
851 852
852 853 active_regular_users = [
853 854 x.user_id for x in User.query()
854 855 .filter(User.user_id != current_user.user_id)
855 856 .filter(User.active == true())
856 857 .filter(User.admin == false())
857 858 .order_by(User.created_on.asc())]
858 859
859 860 list_of_accounts = [current_user.user_id]
860 861 list_of_accounts += active_super_admins
861 862 list_of_accounts += active_regular_users
862 863
863 864 return list_of_accounts
864 865
865 866 def deactivate_last_users(self, expected_users):
866 867 """
867 868 Deactivate accounts that are over the license limits.
868 869 Algorithm of which accounts to disabled is based on the formula:
869 870
870 871 Get current user, then super admins in creation order, then regular
871 872 active users in creation order.
872 873
873 874 Using that list we mark all accounts from the end of it as inactive.
874 875 This way we block only latest created accounts.
875 876
876 877 :param expected_users: list of users in special order, we deactivate
877 878 the end N ammoun of users from that list
878 879 """
879 880
880 881 list_of_accounts = self.get_accounts_in_creation_order()
881 882
882 883 for acc_id in list_of_accounts[expected_users + 1:]:
883 884 user = User.get(acc_id)
884 885 log.info('Deactivating account %s for license unlock', user)
885 886 user.active = False
886 887 Session().add(user)
887 888 Session().commit()
888 889
889 890 return
890 891
891 892 def get_user_log(self, user, filter_term):
892 893 user_log = UserLog.query()\
893 894 .filter(or_(UserLog.user_id == user.user_id,
894 895 UserLog.username == user.username))\
895 896 .options(joinedload(UserLog.user))\
896 897 .options(joinedload(UserLog.repository))\
897 898 .order_by(UserLog.action_date.desc())
898 899
899 900 user_log = user_log_filter(user_log, filter_term)
900 901 return user_log
General Comments 0
You need to be logged in to leave comments. Login now