##// END OF EJS Templates
tests update
tests update

File last commit:

r779:389d02a5 beta
r875:0765fd5b beta
Show More
auth.py
569 lines | 20.4 KiB | text/x-python | PythonLexer
renamed project to rhodecode
r547 #!/usr/bin/env python
# encoding: utf-8
# authentication and permission libraries
# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License or (at your opinion) any later version of the license.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
"""
Created on April 4, 2010
@author: marcink
"""
from pylons import config, session, url, request
from pylons.controllers.util import abort, redirect
fixed #72 show warning on removal when user still is owner of existing repositories...
r713 from rhodecode.lib.exceptions import *
renamed project to rhodecode
r547 from rhodecode.lib.utils import get_repo_slug
fixed #72 show warning on removal when user still is owner of existing repositories...
r713 from rhodecode.lib.auth_ldap import AuthLdap
renamed project to rhodecode
r547 from rhodecode.model import meta
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 from rhodecode.model.user import UserModel
moved out sqlalchemy cache from meta to the config files....
r609 from rhodecode.model.caching_query import FromCache
renamed project to rhodecode
r547 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 UserToPerm
renamed project to rhodecode
r547 import bcrypt
from decorator import decorator
import logging
import random
implements #60, ldap configuration and authentication....
r705 import traceback
renamed project to rhodecode
r547
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 log = logging.getLogger(__name__)
renamed project to rhodecode
r547
class PasswordGenerator(object):
"""This is a simple class for generating password from
different sets of characters
usage:
passwd_gen = PasswordGenerator()
#print 8-letter password containing only big and small letters of alphabet
print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
"""
ALPHABETS_NUM = r'''1234567890'''#[0]
ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1]
ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2]
ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' #[3]
ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4]
ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5]
ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __init__(self, passwd=''):
self.passwd = passwd
def gen_password(self, len, type):
self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
return self.passwd
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def get_crypt_password(password):
"""Cryptographic function used for password hashing based on sha1
fixed @repo into :repo for docs...
r604 :param password: password to hash
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 """
renamed project to rhodecode
r547 return bcrypt.hashpw(password, bcrypt.gensalt(10))
def check_password(password, hashed):
return bcrypt.hashpw(password, hashed) == hashed
def authfunc(environ, username, password):
Code refactor for auth func, preparing for ldap support...
r699 """
ldap auth rewrite, moved split authfunc into two functions,...
r761 Dummy authentication function used in Mercurial/Git/ and access control,
:param environ: needed only for using in Basic auth
"""
return authenticate(username, password)
def authenticate(username, password):
"""
Authentication function used for access control,
Code refactor for auth func, preparing for ldap support...
r699 firstly checks for db authentication then if ldap is enabled for ldap
implements #60, ldap configuration and authentication....
r705 authentication, also creates ldap user if not in database
Code refactor for auth func, preparing for ldap support...
r699 :param username: username
:param password: password
"""
implements #60, ldap configuration and authentication....
r705 user_model = UserModel()
user = user_model.get_by_username(username, cache=False)
Code refactor for auth func, preparing for ldap support...
r699
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('Authenticating user using RhodeCode account')
implements #60, ldap configuration and authentication....
r705 if user is not None and user.is_ldap is False:
renamed project to rhodecode
r547 if user.active:
#49 Enabled anonymous access push and pull commands
r674
if user.username == 'default' and user.active:
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.info('user %s authenticated correctly as anonymous user',
username)
#49 Enabled anonymous access push and pull commands
r674 return True
elif user.username == username and check_password(password, user.password):
renamed project to rhodecode
r547 log.info('user %s authenticated correctly', username)
return True
else:
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.warning('user %s is disabled', username)
implements #60, ldap configuration and authentication....
r705
else:
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('Regular authentication failed')
#78, fixed more reliable case insensitive searches
r742 user_obj = user_model.get_by_username(username, cache=False,
case_insensitive=True)
ldap auth rewrite, moved split authfunc into two functions,...
r761
fixed ldap issue and small template fix
r748 if user_obj is not None and user_obj.is_ldap is False:
added debug message for ldap auth
r749 log.debug('this user already exists as non ldap')
fixed ldap issue and small template fix
r748 return False
implements #60, ldap configuration and authentication....
r705 from rhodecode.model.settings import SettingsModel
ldap_settings = SettingsModel().get_ldap_settings()
#======================================================================
# FALLBACK TO LDAP AUTH IN ENABLE
#======================================================================
if ldap_settings.get('ldap_active', False):
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug("Authenticating user using ldap")
implements #60, ldap configuration and authentication....
r705 kwargs = {
'server':ldap_settings.get('ldap_host', ''),
'base_dn':ldap_settings.get('ldap_base_dn', ''),
'port':ldap_settings.get('ldap_port'),
'bind_dn':ldap_settings.get('ldap_dn_user'),
'bind_pass':ldap_settings.get('ldap_dn_pass'),
'use_ldaps':ldap_settings.get('ldap_ldaps'),
'ldap_version':3,
}
log.debug('Checking for ldap authentication')
try:
aldap = AuthLdap(**kwargs)
res = aldap.authenticate_ldap(username, password)
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('Got ldap response %s', res)
implements #60, ldap configuration and authentication....
r705
ldap auth rewrite, moved split authfunc into two functions,...
r761 if user_model.create_ldap(username, password):
implements #60, ldap configuration and authentication....
r705 log.info('created new ldap user')
ldap auth rewrite, moved split authfunc into two functions,...
r761 return True
except (LdapUsernameError, LdapPasswordError,):
pass
except (Exception,):
implements #60, ldap configuration and authentication....
r705 log.error(traceback.format_exc())
ldap auth rewrite, moved split authfunc into two functions,...
r761 pass
renamed project to rhodecode
r547 return False
class AuthUser(object):
"""
A simple object that handles a mercurial username for authentication
"""
def __init__(self):
self.username = 'None'
self.name = ''
self.lastname = ''
self.email = ''
self.user_id = None
self.is_authenticated = False
self.is_admin = False
self.permissions = {}
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 def __repr__(self):
return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
renamed project to rhodecode
r547
def set_available_permissions(config):
"""
This function will propagate pylons globals with all available defined
permission given in db. We don't wannt to check each time from db for new
permissions since adding a new permission also requires application restart
ie. to decorate new views with the newly created permission
fixed @repo into :repo for docs...
r604 :param config:
renamed project to rhodecode
r547 """
log.info('getting information about all available permissions')
try:
Code refactoring,models renames...
r629 sa = meta.Session()
renamed project to rhodecode
r547 all_perms = sa.query(Permission).all()
Code refactoring,models renames...
r629 except:
pass
renamed project to rhodecode
r547 finally:
meta.Session.remove()
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 config['available_permissions'] = [x.permission_name for x in all_perms]
def set_base_path(config):
config['base_path'] = config['pylons.app_globals'].base_path
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def fill_perms(user):
"""
Fills user permission attribute with permissions taken from database
fixed @repo into :repo for docs...
r604 :param user:
renamed project to rhodecode
r547 """
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
Code refactoring,models renames...
r629 sa = meta.Session()
renamed project to rhodecode
r547 user.permissions['repositories'] = {}
user.permissions['global'] = set()
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 #===========================================================================
# fetch default permissions
#===========================================================================
#50 on point cache invalidation changes....
r692 default_user = UserModel().get_by_username('default', cache=True)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 default_perms = sa.query(RepoToPerm, Repository, Permission)\
.join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
.join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
moved out sqlalchemy cache from meta to the config files....
r609 .filter(RepoToPerm.user == default_user).all()
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 if user.is_admin:
#=======================================================================
# #admin have all default rights set to admin
#=======================================================================
user.permissions['global'].add('hg.admin')
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 for perm in default_perms:
p = 'repository.admin'
user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 else:
#=======================================================================
# set default permissions
#=======================================================================
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 #default global
default_global_perms = sa.query(UserToPerm)\
fixes issue #78, ldap makes user validation caseInsensitive...
r741 .filter(UserToPerm.user == sa.query(User)\
.filter(User.username == 'default').one())
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 for perm in default_global_perms:
user.permissions['global'].add(perm.permission.permission_name)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 #default repositories
for perm in default_perms:
if perm.Repository.private and not perm.Repository.user_id == user.user_id:
#disable defaults for private repos,
p = 'repository.none'
elif perm.Repository.user_id == user.user_id:
#set admin if owner
p = 'repository.admin'
else:
p = perm.Permission.permission_name
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 #=======================================================================
# #overwrite default with user permissions if any
#=======================================================================
user_perms = sa.query(RepoToPerm, Permission, Repository)\
.join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
.join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
.filter(RepoToPerm.user_id == user.user_id).all()
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 for perm in user_perms:
if perm.Repository.user_id == user.user_id:#set admin if owner
p = 'repository.admin'
else:
p = perm.Permission.permission_name
user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 meta.Session.remove()
renamed project to rhodecode
r547 return user
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def get_user(session):
"""
Gets user from session, and wraps permissions into user
fixed @repo into :repo for docs...
r604 :param session:
renamed project to rhodecode
r547 """
renamed hg_app to rhodecode
r548 user = session.get('rhodecode_user', AuthUser())
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 #if the user is not logged in we check for anonymous access
#if user is logged and it's a default user check if we still have anonymous
#access enabled
if user.user_id is None or user.username == 'default':
anonymous_user = UserModel().get_by_username('default', cache=True)
if anonymous_user.active is True:
#then we set this user is logged in
user.is_authenticated = True
fixed anonymous access bug.
r686 user.user_id = anonymous_user.user_id
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 else:
user.is_authenticated = False
renamed project to rhodecode
r547 if user.is_authenticated:
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 user = UserModel().fill_data(user)
renamed project to rhodecode
r547 user = fill_perms(user)
renamed hg_app to rhodecode
r548 session['rhodecode_user'] = user
renamed project to rhodecode
r547 session.save()
return user
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 #===============================================================================
# CHECK DECORATORS
#===============================================================================
class LoginRequired(object):
Added isanonymous decorator for checking permissions for anonymous access
r779 """Must be logged in to execute this function else
redirect to login page"""
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __call__(self, func):
return decorator(self.__wrapper, func)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __wrapper(self, func, *fargs, **fkwargs):
renamed hg_app to rhodecode
r548 user = session.get('rhodecode_user', AuthUser())
renamed project to rhodecode
r547 log.debug('Checking login required for user:%s', user.username)
if user.is_authenticated:
log.debug('user %s is authenticated', user.username)
return func(*fargs, **fkwargs)
else:
log.warn('user %s not authenticated', user.username)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 p = ''
if request.environ.get('SCRIPT_NAME') != '/':
p += request.environ.get('SCRIPT_NAME')
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 p += request.environ.get('PATH_INFO')
if request.environ.get('QUERY_STRING'):
p += '?' + request.environ.get('QUERY_STRING')
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
log.debug('redirecting to login page with %s', p)
renamed project to rhodecode
r547 return redirect(url('login_home', came_from=p))
Added isanonymous decorator for checking permissions for anonymous access
r779 class NotAnonymous(object):
"""Must be logged in to execute this function else
redirect to login page"""
def __call__(self, func):
return decorator(self.__wrapper, func)
def __wrapper(self, func, *fargs, **fkwargs):
user = session.get('rhodecode_user', AuthUser())
log.debug('Checking if user is not anonymous')
anonymous = user.username == 'default'
if anonymous:
p = ''
if request.environ.get('SCRIPT_NAME') != '/':
p += request.environ.get('SCRIPT_NAME')
p += request.environ.get('PATH_INFO')
if request.environ.get('QUERY_STRING'):
p += '?' + request.environ.get('QUERY_STRING')
return redirect(url('login_home', came_from=p))
else:
return func(*fargs, **fkwargs)
renamed project to rhodecode
r547 class PermsDecorator(object):
"""Base class for decorators"""
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __init__(self, *required_perms):
available_perms = config['available_permissions']
for perm in required_perms:
if perm not in available_perms:
raise Exception("'%s' permission is not defined" % perm)
self.required_perms = set(required_perms)
self.user_perms = None
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __call__(self, func):
return decorator(self.__wrapper, func)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __wrapper(self, func, *fargs, **fkwargs):
# _wrapper.__name__ = func.__name__
# _wrapper.__dict__.update(func.__dict__)
# _wrapper.__doc__ = func.__doc__
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 self.user = session.get('rhodecode_user', AuthUser())
self.user_perms = self.user.permissions
log.debug('checking %s permissions %s for %s %s',
self.__class__.__name__, self.required_perms, func.__name__,
self.user)
renamed project to rhodecode
r547
if self.check_permissions():
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 log.debug('Permission granted for %s %s', func.__name__, self.user)
renamed project to rhodecode
r547 return func(*fargs, **fkwargs)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 else:
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 log.warning('Permission denied for %s %s', func.__name__, self.user)
renamed project to rhodecode
r547 #redirect with forbidden ret code
return abort(403)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
"""Dummy function for overriding"""
raise Exception('You have to write this function in child class')
class HasPermissionAllDecorator(PermsDecorator):
"""Checks for access permission for all given predicates. All of them
have to be meet in order to fulfill the request
"""
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
if self.required_perms.issubset(self.user_perms.get('global')):
return True
return False
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547
class HasPermissionAnyDecorator(PermsDecorator):
"""Checks for access permission for any of given predicates. In order to
fulfill the request any of predicates must be meet
"""
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
if self.required_perms.intersection(self.user_perms.get('global')):
return True
return False
class HasRepoPermissionAllDecorator(PermsDecorator):
"""Checks for access permission for all given predicates for specific
repository. All of them have to be meet in order to fulfill the request
"""
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
repo_name = get_repo_slug(request)
try:
user_perms = set([self.user_perms['repositories'][repo_name]])
except KeyError:
return False
if self.required_perms.issubset(user_perms):
return True
return False
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547
class HasRepoPermissionAnyDecorator(PermsDecorator):
"""Checks for access permission for any of given predicates for specific
repository. In order to fulfill the request any of predicates must be meet
"""
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
repo_name = get_repo_slug(request)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 try:
user_perms = set([self.user_perms['repositories'][repo_name]])
except KeyError:
return False
if self.required_perms.intersection(user_perms):
return True
return False
#===============================================================================
# CHECK FUNCTIONS
#===============================================================================
class PermsFunction(object):
"""Base function for other check functions"""
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __init__(self, *perms):
available_perms = config['available_permissions']
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 for perm in perms:
if perm not in available_perms:
raise Exception("'%s' permission in not defined" % perm)
self.required_perms = set(perms)
self.user_perms = None
self.granted_for = ''
self.repo_name = None
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __call__(self, check_Location=''):
renamed hg_app to rhodecode
r548 user = session.get('rhodecode_user', False)
renamed project to rhodecode
r547 if not user:
return False
self.user_perms = user.permissions
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 self.granted_for = user.username
log.debug('checking %s %s %s', self.__class__.__name__,
self.required_perms, user)
renamed project to rhodecode
r547 if self.check_permissions():
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 log.debug('Permission granted for %s @ %s %s', self.granted_for,
check_Location, user)
renamed project to rhodecode
r547 return True
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 else:
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 log.warning('Permission denied for %s @ %s %s', self.granted_for,
check_Location, user)
return False
renamed project to rhodecode
r547 def check_permissions(self):
"""Dummy function for overriding"""
raise Exception('You have to write this function in child class')
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 class HasPermissionAll(PermsFunction):
def check_permissions(self):
if self.required_perms.issubset(self.user_perms.get('global')):
return True
return False
class HasPermissionAny(PermsFunction):
def check_permissions(self):
if self.required_perms.intersection(self.user_perms.get('global')):
return True
return False
class HasRepoPermissionAll(PermsFunction):
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __call__(self, repo_name=None, check_Location=''):
self.repo_name = repo_name
return super(HasRepoPermissionAll, self).__call__(check_Location)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
if not self.repo_name:
self.repo_name = get_repo_slug(request)
try:
self.user_perms = set([self.user_perms['repositories']\
[self.repo_name]])
except KeyError:
return False
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 self.granted_for = self.repo_name
renamed project to rhodecode
r547 if self.required_perms.issubset(self.user_perms):
return True
return False
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 class HasRepoPermissionAny(PermsFunction):
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __call__(self, repo_name=None, check_Location=''):
self.repo_name = repo_name
return super(HasRepoPermissionAny, self).__call__(check_Location)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
if not self.repo_name:
self.repo_name = get_repo_slug(request)
try:
self.user_perms = set([self.user_perms['repositories']\
[self.repo_name]])
except KeyError:
return False
self.granted_for = self.repo_name
if self.required_perms.intersection(self.user_perms):
return True
return False
#===============================================================================
# SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
#===============================================================================
class HasPermissionAnyMiddleware(object):
def __init__(self, *perms):
self.required_perms = set(perms)
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def __call__(self, user, repo_name):
usr = AuthUser()
usr.user_id = user.user_id
usr.username = user.username
usr.is_admin = user.admin
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 try:
self.user_perms = set([fill_perms(usr)\
.permissions['repositories'][repo_name]])
except:
self.user_perms = set()
self.granted_for = ''
self.username = user.username
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 self.repo_name = repo_name
renamed project to rhodecode
r547 return self.check_permissions()
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
renamed project to rhodecode
r547 def check_permissions(self):
log.debug('checking mercurial protocol '
'permissions for user:%s repository:%s',
self.username, self.repo_name)
if self.required_perms.intersection(self.user_perms):
log.debug('permission granted')
return True
log.debug('permission denied')
return False