##// END OF EJS Templates
Added two headers into example nginx proxy conf that allows container auth...
Added two headers into example nginx proxy conf that allows container auth to work properly

File last commit:

r3789:32f66c83 beta
r4073:2c82dd8b default
Show More
users_group.py
350 lines | 12.7 KiB | text/x-python | PythonLexer
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 # -*- coding: utf-8 -*-
"""
rhodecode.model.users_group
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mads Kiilerich
"Users groups" is grammatically incorrect English - rename to "user groups"...
r3410 user group model for RhodeCode
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
:created_on: Oct 1, 2011
:author: nvinot
:copyright: (C) 2011-2011 Nicolas Vinot <aeris@imirhil.fr>
2012 copyrights
r1824 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 :license: GPLv3, see COPYING for more details.
"""
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import traceback
fixed typo
r1692 from rhodecode.model import BaseModel
Mads Kiilerich
further cleanup of UsersGroup...
r3417 from rhodecode.model.db import UserGroupMember, UserGroup,\
UserGroup on UserGroup permissions implementation....
r3788 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\
UserGroupUserGroupToPerm
from rhodecode.lib.exceptions import UserGroupsAssignedException,\
RepoGroupAssignmentError
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
Nicolas VINOT
Correct code style
r1593 log = logging.getLogger(__name__)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
notification to commit author + gardening
r1716
Mads Kiilerich
further cleanup of UsersGroup...
r3417 class UserGroupModel(BaseModel):
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
Mads Kiilerich
further cleanup of UsersGroup...
r3417 cls = UserGroup
New repo model create function...
r2524
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 def _get_user_group(self, users_group):
Mads Kiilerich
further cleanup of UsersGroup...
r3417 return self._get_instance(UserGroup, users_group,
callback=UserGroup.get_by_group_name)
#227 Initial version of repository groups permissions system...
r1982
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 def _create_default_perms(self, user_group):
# create default permission
default_perm = 'usergroup.read'
New default permissions definition for user group create
r3734 def_user = User.get_default_user()
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 for p in def_user.user_perms:
if p.permission.permission_name.startswith('usergroup.'):
default_perm = p.permission.permission_name
break
user_group_to_perm = UserUserGroupToPerm()
user_group_to_perm.permission = Permission.get_by_key(default_perm)
user_group_to_perm.user_group = user_group
user_group_to_perm.user_id = def_user.user_id
return user_group_to_perm
def _update_permissions(self, user_group, perms_new=None,
perms_updates=None):
managing users groups enforce permissions checks....
r3789 from rhodecode.lib.auth import HasUserGroupPermissionAny
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 if not perms_new:
perms_new = []
if not perms_updates:
perms_updates = []
# update permissions
for member, perm, member_type in perms_updates:
if member_type == 'user':
# this updates existing one
self.grant_user_permission(
user_group=user_group, user=member, perm=perm
)
else:
managing users groups enforce permissions checks....
r3789 #check if we have permissions to alter this usergroup
if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
'usergroup.admin')(member):
self.grant_users_group_permission(
target_user_group=user_group, user_group=member, perm=perm
)
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 # set new permissions
for member, perm, member_type in perms_new:
if member_type == 'user':
self.grant_user_permission(
user_group=user_group, user=member, perm=perm
)
else:
managing users groups enforce permissions checks....
r3789 #check if we have permissions to alter this usergroup
if HasUserGroupPermissionAny('usergroup.read', 'usergroup.write',
'usergroup.admin')(member):
self.grant_users_group_permission(
target_user_group=user_group, user_group=member, perm=perm
)
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714
notification to commit author + gardening
r1716 def get(self, users_group_id, cache=False):
Mads Kiilerich
further cleanup of UsersGroup...
r3417 return UserGroup.get(users_group_id)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
Added associated classes into child models
r2522 def get_group(self, users_group):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 return self._get_user_group(users_group)
Added associated classes into child models
r2522
notification to commit author + gardening
r1716 def get_by_name(self, name, cache=False, case_insensitive=False):
Mads Kiilerich
further cleanup of UsersGroup...
r3417 return UserGroup.get_by_group_name(name, cache, case_insensitive)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 def create(self, name, owner, active=True):
commit less models...
r1749 try:
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 new_user_group = UserGroup()
new_user_group.user = self._get_user(owner)
new_user_group.users_group_name = name
new_user_group.users_group_active = active
self.sa.add(new_user_group)
perm_obj = self._create_default_perms(new_user_group)
self.sa.add(perm_obj)
implemented usergroup permissions checks....
r3737
self.grant_user_permission(user_group=new_user_group,
user=owner, perm='usergroup.admin')
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 return new_user_group
Don't catch all exceptions
r3631 except Exception:
commit less models...
r1749 log.error(traceback.format_exc())
raise
def update(self, users_group, form_data):
try:
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 users_group = self._get_user_group(users_group)
commit less models...
r1749
for k, v in form_data.items():
if k == 'users_group_members':
users_group.members = []
self.sa.flush()
members_list = []
if v:
v = [v] if isinstance(v, basestring) else v
for u_id in set(v):
Mads Kiilerich
further cleanup of UsersGroup...
r3417 member = UserGroupMember(users_group.users_group_id, u_id)
commit less models...
r1749 members_list.append(member)
setattr(users_group, 'members', members_list)
setattr(users_group, k, v)
self.sa.add(users_group)
Don't catch all exceptions
r3631 except Exception:
commit less models...
r1749 log.error(traceback.format_exc())
raise
Tests updates, Session refactoring
r1713
#227 Initial version of repository groups permissions system...
r1982 def delete(self, users_group, force=False):
"""
Mads Kiilerich
Fix 'repos group' - it is 'repository group'
r3653 Deletes repository group, unless force flag is used
#227 Initial version of repository groups permissions system...
r1982 raises exception if there are members in that group, else deletes
group and users
:param users_group:
:param force:
"""
commit less models...
r1749 try:
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 users_group = self._get_user_group(users_group)
auto white-space removal
r1818
commit less models...
r1749 # check if this group is not assigned to repo
Mads Kiilerich
further cleanup of UsersGroup...
r3417 assigned_groups = UserGroupRepoToPerm.query()\
.filter(UserGroupRepoToPerm.users_group == users_group).all()
commit less models...
r1749
Mads Kiilerich
follow Python conventions for boolean values...
r3625 if assigned_groups and not force:
Mads Kiilerich
further cleanup of UsersGroup...
r3417 raise UserGroupsAssignedException('RepoGroup assigned to %s' %
commit less models...
r1749 assigned_groups)
auto white-space removal
r1818
commit less models...
r1749 self.sa.delete(users_group)
Don't catch all exceptions
r3631 except Exception:
commit less models...
r1749 log.error(traceback.format_exc())
raise
Tests updates, Session refactoring
r1713
Nicolas VINOT
Correct code style
r1593 def add_user_to_group(self, users_group, user):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 users_group = self._get_user_group(users_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 user = self._get_user(user)
API changes...
r1989
Nicolas VINOT
[API] Create groups needed when creating repo
r1589 for m in users_group.members:
u = m.user
if u.user_id == user.user_id:
API changes...
r1989 return True
Nicolas VINOT
[API] Create groups needed when creating repo
r1589
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 try:
Mads Kiilerich
further cleanup of UsersGroup...
r3417 users_group_member = UserGroupMember()
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 users_group_member.user = user
users_group_member.users_group = users_group
Nicolas VINOT
Correct code style
r1593 users_group.members.append(users_group_member)
user.group_member.append(users_group_member)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Nicolas VINOT
Correct code style
r1593 self.sa.add(users_group_member)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 return users_group_member
Don't catch all exceptions
r3631 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 raise
commit less models...
r1749
API changes...
r1989 def remove_user_from_group(self, users_group, user):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 users_group = self._get_user_group(users_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 user = self._get_user(user)
API changes...
r1989
users_group_member = None
for m in users_group.members:
if m.user.user_id == user.user_id:
# Found this user's membership row
users_group_member = m
break
if users_group_member:
try:
self.sa.delete(users_group_member)
return True
Don't catch all exceptions
r3631 except Exception:
API changes...
r1989 log.error(traceback.format_exc())
raise
else:
# User isn't in that group
return False
commit less models...
r1749 def has_perm(self, users_group, perm):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 users_group = self._get_user_group(users_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 perm = self._get_perm(perm)
commit less models...
r1749
Mads Kiilerich
further cleanup of UsersGroup...
r3417 return UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.filter(UserGroupToPerm.permission == perm).scalar() is not None
commit less models...
r1749
def grant_perm(self, users_group, perm):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 users_group = self._get_user_group(users_group)
RhodeCode now has a option to explicitly set forking permissions. ref #508...
r2709 perm = self._get_perm(perm)
commit less models...
r1749
fixes issue when user tried to resubmit same permission into user/user_groups
r2078 # if this permission is already granted skip it
Mads Kiilerich
further cleanup of UsersGroup...
r3417 _perm = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.filter(UserGroupToPerm.permission == perm)\
fixes issue when user tried to resubmit same permission into user/user_groups
r2078 .scalar()
if _perm:
return
Mads Kiilerich
further cleanup of UsersGroup...
r3417 new = UserGroupToPerm()
commit less models...
r1749 new.users_group = users_group
new.permission = perm
self.sa.add(new)
def revoke_perm(self, users_group, perm):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 users_group = self._get_user_group(users_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 perm = self._get_perm(perm)
auto white-space removal
r1818
Mads Kiilerich
further cleanup of UsersGroup...
r3417 obj = UserGroupToPerm.query()\
.filter(UserGroupToPerm.users_group == users_group)\
.filter(UserGroupToPerm.permission == perm).scalar()
fixes issue with initial grant/revoke permissions for users group
r1932 if obj:
self.sa.delete(obj)
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714
def grant_user_permission(self, user_group, user, perm):
"""
Grant permission for user on given user group, or update
existing one if found
:param user_group: Instance of UserGroup, users_group_id,
or users_group_name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
user_group = self._get_user_group(user_group)
user = self._get_user(user)
permission = self._get_perm(perm)
# check if we have that permission already
obj = self.sa.query(UserUserGroupToPerm)\
.filter(UserUserGroupToPerm.user == user)\
.filter(UserUserGroupToPerm.user_group == user_group)\
.scalar()
if obj is None:
# create new !
obj = UserUserGroupToPerm()
obj.user_group = user_group
obj.user = user
obj.permission = permission
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, user, user_group))
def revoke_user_permission(self, user_group, user):
"""
Revoke permission for user on given repository group
:param user_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
"""
user_group = self._get_user_group(user_group)
user = self._get_user(user)
obj = self.sa.query(UserUserGroupToPerm)\
.filter(UserUserGroupToPerm.user == user)\
.filter(UserUserGroupToPerm.user_group == user_group)\
.scalar()
if obj:
self.sa.delete(obj)
log.debug('Revoked perm on %s on %s' % (user_group, user))
UserGroup on UserGroup permissions implementation....
r3788 def grant_users_group_permission(self, target_user_group, user_group, perm):
"""
Grant user group permission for given target_user_group
:param target_user_group:
:param user_group:
:param perm:
"""
target_user_group = self._get_user_group(target_user_group)
user_group = self._get_user_group(user_group)
permission = self._get_perm(perm)
# forbid assigning same user group to itself
if target_user_group == user_group:
raise RepoGroupAssignmentError('target repo:%s cannot be '
'assigned to itself' % target_user_group)
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714
UserGroup on UserGroup permissions implementation....
r3788 # check if we have that permission already
obj = self.sa.query(UserGroupUserGroupToPerm)\
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
.filter(UserGroupUserGroupToPerm.user_group == user_group)\
.scalar()
if obj is None:
# create new !
obj = UserGroupUserGroupToPerm()
obj.user_group = user_group
obj.target_user_group = target_user_group
obj.permission = permission
self.sa.add(obj)
log.debug('Granted perm %s to %s on %s' % (perm, target_user_group, user_group))
def revoke_users_group_permission(self, target_user_group, user_group):
"""
Revoke user group permission for given target_user_group
:param target_user_group:
:param user_group:
"""
target_user_group = self._get_user_group(target_user_group)
user_group = self._get_user_group(user_group)
obj = self.sa.query(UserGroupUserGroupToPerm)\
.filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
.filter(UserGroupUserGroupToPerm.user_group == user_group)\
.scalar()
if obj:
self.sa.delete(obj)
log.debug('Revoked perm on %s on %s' % (target_user_group, user_group))