##// END OF EJS Templates
old style: show the full link box on summary page - no overlap or truncation
old style: show the full link box on summary page - no overlap or truncation

File last commit:

r4116:ffd45b18 rhodecode-2.2.5-gpl
r4147:1c8f8187 rhodecode-2.2.5-gpl
Show More
permission.py
173 lines | 6.7 KiB | text/x-python | PythonLexer
Models code cleanups
r759 # -*- coding: utf-8 -*-
fixed license issue #149
r1206 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
#50 on point cache invalidation changes....
r692 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
#50 on point cache invalidation changes....
r692 # You should have received a copy of the GNU General Public License
fixed license issue #149
r1206 # along with this program. If not, see <http://www.gnu.org/licenses/>.
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 """
rhodecode.model.permission
~~~~~~~~~~~~~~~~~~~~~~~~~~
permissions model for RhodeCode
:created_on: Aug 20, 2010
:author: marcink
:copyright: (c) 2013 RhodeCode GmbH.
:license: GPLv3, see LICENSE for more details.
"""
Models code cleanups
r759
import logging
import traceback
from sqlalchemy.exc import DatabaseError
#50 on point cache invalidation changes....
r692
fixed Example celery config to ampq,...
r752 from rhodecode.model import BaseModel
Update permissions from admin permissions menu, also overwrites defaults...
r2425 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
fixed overwrite default user group permission flag
r3735 UserRepoGroupToPerm, UserUserGroupToPerm
make the permission update function idempotent
r3730 from rhodecode.lib.utils2 import str2bool
moved caching query to libs
r1669
#50 on point cache invalidation changes....
r692 log = logging.getLogger(__name__)
fixed Example celery config to ampq,...
r752 class PermissionModel(BaseModel):
notification to commit author + gardening
r1716 """
Permissions model for RhodeCode
docs updates
r811 """
#50 on point cache invalidation changes....
r692
Added associated classes into child models
r2522 cls = Permission
New default permissions definition for user group create
r3734 def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
new_perm.permission_longname = p[0] #translation err with p[1]
self.sa.add(new_perm)
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 def create_default_permissions(self, user, force=False):
fixed default permissions population during upgrades...
r3733 """
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 Creates only missing default permissions for user, if force is set it
resets the default permissions for that user
fixed default permissions population during upgrades...
r3733
:param user:
"""
user = self._get_user(user)
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def _get_group(perm_name):
return '.'.join(perm_name.split('.')[:1])
perms = UserToPerm.query().filter(UserToPerm.user == user).all()
defined_perms_groups = map(_get_group,
(x.permission.permission_name for x in perms))
log.debug('GOT ALREADY DEFINED:%s' % perms)
DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 if force:
for perm in perms:
self.sa.delete(perm)
self.sa.commit()
defined_perms_groups = []
fixed default permissions population during upgrades...
r3733 # for every default permission that needs to be created, we check if
# it's group is already defined, if it's not we create default perm
for perm_name in DEFAULT_PERMS:
gr = _get_group(perm_name)
if gr not in defined_perms_groups:
log.debug('GR:%s not found, creating permission %s'
% (gr, perm_name))
new_perm = _make_perm(perm_name)
self.sa.add(new_perm)
#50 on point cache invalidation changes....
r692 def update(self, form_result):
make the permission update function idempotent
r3730 perm_user = User.get_by_username(username=form_result['perm_user_name'])
#50 on point cache invalidation changes....
r692
try:
fixed default permissions population during upgrades...
r3733 # stage 1 set anonymous access
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 if perm_user.username == User.DEFAULT_USER:
fixed default permissions population during upgrades...
r3733 perm_user.active = str2bool(form_result['anonymous'])
self.sa.add(perm_user)
# stage 2 reset defaults and set them from form data
make the permission update function idempotent
r3730 def _make_new(usr, perm_name):
New default permissions definition for user group create
r3734 log.debug('Creating new permission:%s' % (perm_name))
make the permission update function idempotent
r3730 new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
fixed default permissions population during upgrades...
r3733 u2p = self.sa.query(UserToPerm)\
.filter(UserToPerm.user == perm_user)\
.all()
#50 on point cache invalidation changes....
r692 for p in u2p:
make the permission update function idempotent
r3730 self.sa.delete(p)
#create fresh set of permissions
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 for def_perm_key in ['default_repo_perm',
'default_group_perm',
New default permissions definition for user group create
r3734 'default_user_group_perm',
'default_repo_create',
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 'create_on_write', # special case for create repos on write access to group
New default permissions definition for user group create
r3734 #'default_repo_group_create', #not implemented yet
'default_user_group_create',
Bradley M. Kuhn
Imported some of the GPLv3'd changes from RhodeCode v2.2.5....
r4116 'default_fork',
'default_register',
Added separate default permission for external_auth account...
r3786 'default_extern_activate']:
make the permission update function idempotent
r3730 p = _make_new(perm_user, form_result[def_perm_key])
self.sa.add(p)
RhodeCode now has a option to explicitly set forking permissions. ref #508...
r2709
fixed default permissions population during upgrades...
r3733 #stage 3 update all default permissions for repos if checked
simplified boolean expressions
r3888 if form_result['overwrite_default_repo']:
implemented #663 Admin/permission: specify default repogroup perms...
r3052 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
make the permission update function idempotent
r3730 _def = Permission.get_by_key('repository.' + _def_name)
Update permissions from admin permissions menu, also overwrites defaults...
r2425 # repos
refactoring of models names for repoGroup permissions
r1633 for r2p in self.sa.query(UserRepoToPerm)\
Update permissions from admin permissions menu, also overwrites defaults...
r2425 .filter(UserRepoToPerm.user == perm_user)\
.all():
Global permission update with "overwrite existing settings" shouldn't override private repositories....
r3220
#don't reset PRIVATE repositories
Mads Kiilerich
follow Python conventions for boolean values...
r3625 if not r2p.repository.private:
Global permission update with "overwrite existing settings" shouldn't override private repositories....
r3220 r2p.permission = _def
self.sa.add(r2p)
implemented #663 Admin/permission: specify default repogroup perms...
r3052
simplified boolean expressions
r3888 if form_result['overwrite_default_group']:
implemented #663 Admin/permission: specify default repogroup perms...
r3052 _def_name = form_result['default_group_perm'].split('group.')[-1]
Update permissions from admin permissions menu, also overwrites defaults...
r2425 # groups
make the permission update function idempotent
r3730 _def = Permission.get_by_key('group.' + _def_name)
Update permissions from admin permissions menu, also overwrites defaults...
r2425 for g2p in self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
#50 on point cache invalidation changes....
r692
simplified boolean expressions
r3888 if form_result['overwrite_default_user_group']:
fixed overwrite default user group permission flag
r3735 _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in self.sa.query(UserUserGroupToPerm)\
.filter(UserUserGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
make the permission update function idempotent
r3730 self.sa.commit()
Models code cleanups
r759 except (DatabaseError,):
#50 on point cache invalidation changes....
r692 log.error(traceback.format_exc())
make the permission update function idempotent
r3730 self.sa.rollback()
#50 on point cache invalidation changes....
r692 raise