##// END OF EJS Templates
Added two headers into example nginx proxy conf that allows container auth...
Added two headers into example nginx proxy conf that allows container auth to work properly

File last commit:

r3960:5293d4bb merge default
r4073:2c82dd8b default
Show More
permission.py
163 lines | 6.3 KiB | text/x-python | PythonLexer
Models code cleanups
r759 # -*- coding: utf-8 -*-
"""
docs updates
r811 rhodecode.model.permission
~~~~~~~~~~~~~~~~~~~~~~~~~~
#50 on point cache invalidation changes....
r692
Models code cleanups
r759 permissions model for RhodeCode
source code cleanup: remove trailing white space, normalize file endings
r1203
Models code cleanups
r759 :created_on: Aug 20, 2010
:author: marcink
2012 copyrights
r1824 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
Models code cleanups
r759 :license: GPLv3, see COPYING for more details.
"""
fixed license issue #149
r1206 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
#50 on point cache invalidation changes....
r692 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
#50 on point cache invalidation changes....
r692 # You should have received a copy of the GNU General Public License
fixed license issue #149
r1206 # along with this program. If not, see <http://www.gnu.org/licenses/>.
Models code cleanups
r759
import logging
import traceback
from sqlalchemy.exc import DatabaseError
#50 on point cache invalidation changes....
r692
fixed Example celery config to ampq,...
r752 from rhodecode.model import BaseModel
Update permissions from admin permissions menu, also overwrites defaults...
r2425 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
fixed overwrite default user group permission flag
r3735 UserRepoGroupToPerm, UserUserGroupToPerm
make the permission update function idempotent
r3730 from rhodecode.lib.utils2 import str2bool
moved caching query to libs
r1669
#50 on point cache invalidation changes....
r692 log = logging.getLogger(__name__)
fixed Example celery config to ampq,...
r752 class PermissionModel(BaseModel):
notification to commit author + gardening
r1716 """
Permissions model for RhodeCode
docs updates
r811 """
#50 on point cache invalidation changes....
r692
Added associated classes into child models
r2522 cls = Permission
New default permissions definition for user group create
r3734 def create_permissions(self):
"""
Create permissions for whole system
"""
for p in Permission.PERMS:
if not Permission.get_by_key(p[0]):
new_perm = Permission()
new_perm.permission_name = p[0]
new_perm.permission_longname = p[0] #translation err with p[1]
self.sa.add(new_perm)
fixed default permissions population during upgrades...
r3733 def create_default_permissions(self, user):
"""
Creates only missing default permissions for user
:param user:
"""
user = self._get_user(user)
def _make_perm(perm):
new_perm = UserToPerm()
new_perm.user = user
new_perm.permission = Permission.get_by_key(perm)
return new_perm
def _get_group(perm_name):
return '.'.join(perm_name.split('.')[:1])
perms = UserToPerm.query().filter(UserToPerm.user == user).all()
defined_perms_groups = map(_get_group,
(x.permission.permission_name for x in perms))
log.debug('GOT ALREADY DEFINED:%s' % perms)
DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS
# for every default permission that needs to be created, we check if
# it's group is already defined, if it's not we create default perm
for perm_name in DEFAULT_PERMS:
gr = _get_group(perm_name)
if gr not in defined_perms_groups:
log.debug('GR:%s not found, creating permission %s'
% (gr, perm_name))
new_perm = _make_perm(perm_name)
self.sa.add(new_perm)
#50 on point cache invalidation changes....
r692 def update(self, form_result):
make the permission update function idempotent
r3730 perm_user = User.get_by_username(username=form_result['perm_user_name'])
#50 on point cache invalidation changes....
r692
try:
fixed default permissions population during upgrades...
r3733 # stage 1 set anonymous access
if perm_user.username == 'default':
perm_user.active = str2bool(form_result['anonymous'])
self.sa.add(perm_user)
# stage 2 reset defaults and set them from form data
make the permission update function idempotent
r3730 def _make_new(usr, perm_name):
New default permissions definition for user group create
r3734 log.debug('Creating new permission:%s' % (perm_name))
make the permission update function idempotent
r3730 new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
return new
# clear current entries, to make this function idempotent
# it will fix even if we define more permissions or permissions
# are somehow missing
fixed default permissions population during upgrades...
r3733 u2p = self.sa.query(UserToPerm)\
.filter(UserToPerm.user == perm_user)\
.all()
#50 on point cache invalidation changes....
r692 for p in u2p:
make the permission update function idempotent
r3730 self.sa.delete(p)
#create fresh set of permissions
for def_perm_key in ['default_repo_perm', 'default_group_perm',
New default permissions definition for user group create
r3734 'default_user_group_perm',
'default_repo_create',
#'default_repo_group_create', #not implemented yet
'default_user_group_create',
Added separate default permission for external_auth account...
r3786 'default_fork', 'default_register',
'default_extern_activate']:
make the permission update function idempotent
r3730 p = _make_new(perm_user, form_result[def_perm_key])
self.sa.add(p)
RhodeCode now has a option to explicitly set forking permissions. ref #508...
r2709
fixed default permissions population during upgrades...
r3733 #stage 3 update all default permissions for repos if checked
simplified boolean expressions
r3888 if form_result['overwrite_default_repo']:
implemented #663 Admin/permission: specify default repogroup perms...
r3052 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
make the permission update function idempotent
r3730 _def = Permission.get_by_key('repository.' + _def_name)
Update permissions from admin permissions menu, also overwrites defaults...
r2425 # repos
refactoring of models names for repoGroup permissions
r1633 for r2p in self.sa.query(UserRepoToPerm)\
Update permissions from admin permissions menu, also overwrites defaults...
r2425 .filter(UserRepoToPerm.user == perm_user)\
.all():
Global permission update with "overwrite existing settings" shouldn't override private repositories....
r3220
#don't reset PRIVATE repositories
Mads Kiilerich
follow Python conventions for boolean values...
r3625 if not r2p.repository.private:
Global permission update with "overwrite existing settings" shouldn't override private repositories....
r3220 r2p.permission = _def
self.sa.add(r2p)
implemented #663 Admin/permission: specify default repogroup perms...
r3052
simplified boolean expressions
r3888 if form_result['overwrite_default_group']:
implemented #663 Admin/permission: specify default repogroup perms...
r3052 _def_name = form_result['default_group_perm'].split('group.')[-1]
Update permissions from admin permissions menu, also overwrites defaults...
r2425 # groups
make the permission update function idempotent
r3730 _def = Permission.get_by_key('group.' + _def_name)
Update permissions from admin permissions menu, also overwrites defaults...
r2425 for g2p in self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
#50 on point cache invalidation changes....
r692
simplified boolean expressions
r3888 if form_result['overwrite_default_user_group']:
fixed overwrite default user group permission flag
r3735 _def_name = form_result['default_user_group_perm'].split('usergroup.')[-1]
# groups
_def = Permission.get_by_key('usergroup.' + _def_name)
for g2p in self.sa.query(UserUserGroupToPerm)\
.filter(UserUserGroupToPerm.user == perm_user)\
.all():
g2p.permission = _def
self.sa.add(g2p)
make the permission update function idempotent
r3730 self.sa.commit()
Models code cleanups
r759 except (DatabaseError,):
#50 on point cache invalidation changes....
r692 log.error(traceback.format_exc())
make the permission update function idempotent
r3730 self.sa.rollback()
#50 on point cache invalidation changes....
r692 raise