u/pc/rhodecode-enterprise-ce-fork-pc Commit - r3438:abae8687

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

3

4

#

4

#

5

# This program is free software: you can redistribute it and/or modify

5

# This program is free software: you can redistribute it and/or modify

6

# it under the terms of the GNU Affero General Public License, version 3

6

# it under the terms of the GNU Affero General Public License, version 3

7

# (only), as published by the Free Software Foundation.

7

# (only), as published by the Free Software Foundation.

8

#

8

#

9

# This program is distributed in the hope that it will be useful,

9

# This program is distributed in the hope that it will be useful,

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

10

# but WITHOUT ANY WARRANTY; without even the implied warranty of

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

11

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12

# GNU General Public License for more details.

12

# GNU General Public License for more details.

13

#

13

#

14

# You should have received a copy of the GNU Affero General Public License

14

# You should have received a copy of the GNU Affero General Public License

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

15

# along with this program. If not, see <http://www.gnu.org/licenses/>.

16

#

16

#

17

# This program is dual-licensed. If you wish to learn more about the

17

# This program is dual-licensed. If you wish to learn more about the

18

# RhodeCode Enterprise Edition, including its added features, Support services,

18

# RhodeCode Enterprise Edition, including its added features, Support services,

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

19

# and proprietary license terms, please see https://rhodecode.com/licenses/

20

21

import logging

21

import logging

22

23

from pyramid.httpexceptions import HTTPFound

23

from pyramid.httpexceptions import HTTPFound

24

from pyramid.view import view_config

24

from pyramid.view import view_config

25

26

from rhodecode import events

26

from rhodecode import events

27

from rhodecode.apps._base import RepoAppView

27

from rhodecode.apps._base import RepoAppView

28

from rhodecode.lib import helpers as h

28

from rhodecode.lib import helpers as h

29

from rhodecode.lib import audit_logger

29

from rhodecode.lib import audit_logger

30

from rhodecode.lib.auth import (

30

from rhodecode.lib.auth import (

31

LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)

31

LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)

32

from rhodecode.lib.utils2 import safe_int

32

from rhodecode.lib.utils2 import safe_int

33

from rhodecode.model.db import UserGroup

33

from rhodecode.model.db import UserGroup

34

from rhodecode.model.forms import RepoPermsForm

34

from rhodecode.model.forms import RepoPermsForm

35

from rhodecode.model.meta import Session

35

from rhodecode.model.meta import Session

36

from rhodecode.model.repo import RepoModel

36

from rhodecode.model.repo import RepoModel

37

38

log = logging.getLogger(__name__)

38

log = logging.getLogger(__name__)

39

40

41

class RepoSettingsPermissionsView(RepoAppView):

41

class RepoSettingsPermissionsView(RepoAppView):

42

43

def load_default_context(self):

43

def load_default_context(self):

44

c = self._get_local_tmpl_context()

44

c = self._get_local_tmpl_context()

45

return c

45

return c

46

47

@LoginRequired()

47

@LoginRequired()

48

@HasRepoPermissionAnyDecorator('repository.admin')

48

@HasRepoPermissionAnyDecorator('repository.admin')

49

@view_config(

49

@view_config(

50

route_name='edit_repo_perms', request_method='GET',

50

route_name='edit_repo_perms', request_method='GET',

51

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

51

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

52

def edit_permissions(self):

52

def edit_permissions(self):

53

_ = self.request.translate

53

c = self.load_default_context()

54

c = self.load_default_context()

54

c.active = 'permissions'

55

c.active = 'permissions'

56

if self.request.GET.get('branch_permissions'):

57

h.flash(_('Explicitly add user or user group with write+ '

58

'permission to modify their branch permissions.'),

59

category='notice')

55

return self._get_template_context(c)

60

return self._get_template_context(c)

56

61

57

@LoginRequired()

62

@LoginRequired()

58

@HasRepoPermissionAnyDecorator('repository.admin')

63

@HasRepoPermissionAnyDecorator('repository.admin')

59

@CSRFRequired()

64

@CSRFRequired()

60

@view_config(

65

@view_config(

61

route_name='edit_repo_perms', request_method='POST',

66

route_name='edit_repo_perms', request_method='POST',

62

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

67

renderer='rhodecode:templates/admin/repos/repo_edit.mako')

63

def edit_permissions_update(self):

68

def edit_permissions_update(self):

64

_ = self.request.translate

69

_ = self.request.translate

65

c = self.load_default_context()

70

c = self.load_default_context()

66

c.active = 'permissions'

71

c.active = 'permissions'

67

data = self.request.POST

72

data = self.request.POST

68

# store private flag outside of HTML to verify if we can modify

73

# store private flag outside of HTML to verify if we can modify

69

# default user permissions, prevents submission of FAKE post data

74

# default user permissions, prevents submission of FAKE post data

70

# into the form for private repos

75

# into the form for private repos

71

data['repo_private'] = self.db_repo.private

76

data['repo_private'] = self.db_repo.private

72

form = RepoPermsForm(self.request.translate)().to_python(data)

77

form = RepoPermsForm(self.request.translate)().to_python(data)

73

changes = RepoModel().update_permissions(

78

changes = RepoModel().update_permissions(

74

self.db_repo_name, form['perm_additions'], form['perm_updates'],

79

self.db_repo_name, form['perm_additions'], form['perm_updates'],

75

form['perm_deletions'])

80

form['perm_deletions'])

76

81

77

action_data = {

82

action_data = {

78

'added': changes['added'],

83

'added': changes['added'],

79

'updated': changes['updated'],

84

'updated': changes['updated'],

80

'deleted': changes['deleted'],

85

'deleted': changes['deleted'],

81

}

86

}

82

audit_logger.store_web(

87

audit_logger.store_web(

83

'repo.edit.permissions', action_data=action_data,

88

'repo.edit.permissions', action_data=action_data,

84

user=self._rhodecode_user, repo=self.db_repo)

89

user=self._rhodecode_user, repo=self.db_repo)

85

90

86

Session().commit()

91

Session().commit()

87

h.flash(_('Repository permissions updated'), category='success')

92

h.flash(_('Repository permissions updated'), category='success')

88

93

89

affected_user_ids = []

94

affected_user_ids = []

90

for change in changes['added'] + changes['updated'] + changes['deleted']:

95

for change in changes['added'] + changes['updated'] + changes['deleted']:

91

if change['type'] == 'user':

96

if change['type'] == 'user':

92

affected_user_ids.append(change['id'])

97

affected_user_ids.append(change['id'])

93

if change['type'] == 'user_group':

98

if change['type'] == 'user_group':

94

user_group = UserGroup.get(safe_int(change['id']))

99

user_group = UserGroup.get(safe_int(change['id']))

95

if user_group:

100

if user_group:

96

group_members_ids = [x.user_id for x in user_group.members]

101

group_members_ids = [x.user_id for x in user_group.members]

97

affected_user_ids.extend(group_members_ids)

102

affected_user_ids.extend(group_members_ids)

98

103

99

events.trigger(events.UserPermissionsChange(affected_user_ids))

104

events.trigger(events.UserPermissionsChange(affected_user_ids))

100

105

101

raise HTTPFound(

106

raise HTTPFound(

102

h.route_path('edit_repo_perms', repo_name=self.db_repo_name))

107

h.route_path('edit_repo_perms', repo_name=self.db_repo_name))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             # Copyright (C) 2011-2019 RhodeCode GmbH
             #
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU Affero General Public License, version 3
             # (only), as published by the Free Software Foundation.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU Affero General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             #
             # This program is dual-licensed. If you wish to learn more about the
             # RhodeCode Enterprise Edition, including its added features, Support services,
             # and proprietary license terms, please see https://rhodecode.com/licenses/
             import logging
             from pyramid.httpexceptions import HTTPFound
             from pyramid.view import view_config
             from rhodecode import events
             from rhodecode.apps._base import RepoAppView
             from rhodecode.lib import helpers as h
             from rhodecode.lib import audit_logger
             from rhodecode.lib.auth import (
                 LoginRequired, HasRepoPermissionAnyDecorator, CSRFRequired)
             from rhodecode.lib.utils2 import safe_int
             from rhodecode.model.db import UserGroup
             from rhodecode.model.forms import RepoPermsForm
             from rhodecode.model.meta import Session
             from rhodecode.model.repo import RepoModel
             log = logging.getLogger(__name__)
             class RepoSettingsPermissionsView(RepoAppView):
                 def load_default_context(self):
                     c = self._get_local_tmpl_context()
                     return c
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @view_config(
                     route_name='edit_repo_perms', request_method='GET',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions(self):
+                    _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'permissions'
+                    if self.request.GET.get('branch_permissions'):
+                        h.flash(_('Explicitly add user or user group with write+ '
+                                  'permission to modify their branch permissions.'),
+                                category='notice')
                     return self._get_template_context(c)
                 @LoginRequired()
                 @HasRepoPermissionAnyDecorator('repository.admin')
                 @CSRFRequired()
                 @view_config(
                     route_name='edit_repo_perms', request_method='POST',
                     renderer='rhodecode:templates/admin/repos/repo_edit.mako')
                 def edit_permissions_update(self):
                     _ = self.request.translate
                     c = self.load_default_context()
                     c.active = 'permissions'
                     data = self.request.POST
                     # store private flag outside of HTML to verify if we can modify
                     # default user permissions, prevents submission of FAKE post data
                     # into the form for private repos
                     data['repo_private'] = self.db_repo.private
                     form = RepoPermsForm(self.request.translate)().to_python(data)
                     changes = RepoModel().update_permissions(
                         self.db_repo_name, form['perm_additions'], form['perm_updates'],
                         form['perm_deletions'])
                     action_data = {
                         'added': changes['added'],
                         'updated': changes['updated'],
                         'deleted': changes['deleted'],
                     }
                     audit_logger.store_web(
                         'repo.edit.permissions', action_data=action_data,
                         user=self._rhodecode_user, repo=self.db_repo)
                     Session().commit()
                     h.flash(_('Repository permissions updated'), category='success')
                     affected_user_ids = []
                     for change in changes['added'] + changes['updated'] + changes['deleted']:
                         if change['type'] == 'user':
                             affected_user_ids.append(change['id'])
                         if change['type'] == 'user_group':
                             user_group = UserGroup.get(safe_int(change['id']))
                             if user_group:
                                 group_members_ids = [x.user_id for x in user_group.members]
                                 affected_user_ids.extend(group_members_ids)
                     events.trigger(events.UserPermissionsChange(affected_user_ids))
                     raise HTTPFound(
                         h.route_path('edit_repo_perms', repo_name=self.db_repo_name))