permissions.py
207 lines
| 8.7 KiB
| text/x-python
|
PythonLexer
r760 | # -*- coding: utf-8 -*- | |||
""" | ||||
r853 | rhodecode.controllers.admin.permissions | |||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
r1203 | ||||
r760 | permissions controller for Rhodecode | |||
r1203 | ||||
r760 | :created_on: Apr 27, 2010 | |||
:author: marcink | ||||
r1824 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |||
r760 | :license: GPLv3, see COPYING for more details. | |||
""" | ||||
r1206 | # This program is free software: you can redistribute it and/or modify | |||
# it under the terms of the GNU General Public License as published by | ||||
# the Free Software Foundation, either version 3 of the License, or | ||||
# (at your option) any later version. | ||||
r1203 | # | |||
r547 | # This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
r1203 | # | |||
r547 | # You should have received a copy of the GNU General Public License | |||
r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
r547 | ||||
r1501 | import logging | |||
import traceback | ||||
import formencode | ||||
r547 | from formencode import htmlfill | |||
r1501 | ||||
r547 | from pylons import request, session, tmpl_context as c, url | |||
from pylons.controllers.util import abort, redirect | ||||
from pylons.i18n.translation import _ | ||||
r1501 | ||||
r547 | from rhodecode.lib import helpers as h | |||
r3125 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\ | |||
AuthUser | ||||
r547 | from rhodecode.lib.base import BaseController, render | |||
r1501 | from rhodecode.model.forms import DefaultPermissionsForm | |||
r692 | from rhodecode.model.permission import PermissionModel | |||
r3731 | from rhodecode.model.db import User, UserIpMap, Permission | |||
r1734 | from rhodecode.model.meta import Session | |||
r547 | ||||
log = logging.getLogger(__name__) | ||||
r1245 | ||||
r547 | class PermissionsController(BaseController): | |||
"""REST Controller styled on the Atom Publishing Protocol""" | ||||
# To properly map this controller, ensure your config/routing.py | ||||
# file has a resource setup: | ||||
# map.resource('permission', 'permissions') | ||||
r629 | ||||
r547 | @LoginRequired() | |||
@HasPermissionAllDecorator('hg.admin') | ||||
def __before__(self): | ||||
super(PermissionsController, self).__before__() | ||||
r629 | ||||
r3734 | c.repo_perms_choices = [('repository.none', _('None'),), | |||
r3052 | ('repository.read', _('Read'),), | |||
('repository.write', _('Write'),), | ||||
('repository.admin', _('Admin'),)] | ||||
r3734 | c.group_perms_choices = [('group.none', _('None'),), | |||
('group.read', _('Read'),), | ||||
('group.write', _('Write'),), | ||||
('group.admin', _('Admin'),)] | ||||
c.user_group_perms_choices = [('usergroup.none', _('None'),), | ||||
('usergroup.read', _('Read'),), | ||||
('usergroup.write', _('Write'),), | ||||
('usergroup.admin', _('Admin'),)] | ||||
c.register_choices = [ | ||||
r673 | ('hg.register.none', | |||
Mads Kiilerich
|
r3654 | _('Disabled')), | ||
r547 | ('hg.register.manual_activate', | |||
Mads Kiilerich
|
r3654 | _('Allowed with manual account activation')), | ||
r547 | ('hg.register.auto_activate', | |||
Mads Kiilerich
|
r3654 | _('Allowed with automatic account activation')), ] | ||
r629 | ||||
r3734 | c.repo_create_choices = [('hg.create.none', _('Disabled')), | |||
('hg.create.repository', _('Enabled'))] | ||||
r547 | ||||
r3734 | c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')), | |||
('hg.usergroup.create.true', _('Enabled'))] | ||||
r2709 | ||||
r3734 | c.repo_group_create_choices = [('hg.repogroup.create.false', _('Disabled')), | |||
('hg.repogroup.create.true', _('Enabled'))] | ||||
c.fork_choices = [('hg.fork.none', _('Disabled')), | ||||
('hg.fork.repository', _('Enabled'))] | ||||
r2709 | ||||
r547 | def index(self, format='html'): | |||
"""GET /permissions: All items in the collection""" | ||||
# url('permissions') | ||||
def create(self): | ||||
"""POST /permissions: Create a new item""" | ||||
# url('permissions') | ||||
def new(self, format='html'): | ||||
"""GET /permissions/new: Form to create a new item""" | ||||
# url('new_permission') | ||||
def update(self, id): | ||||
"""PUT /permissions/id: Update an existing item""" | ||||
# Forms posted to this method should contain a hidden field: | ||||
# <input type="hidden" name="_method" value="PUT" /> | ||||
# Or using helpers: | ||||
# h.form(url('permission', id=ID), | ||||
# method='put') | ||||
# url('permission', id=ID) | ||||
r3125 | if id == 'default': | |||
r3734 | c.user = default_user = User.get_default_user() | |||
r3125 | c.perm_user = AuthUser(user_id=default_user.user_id) | |||
c.user_ip_map = UserIpMap.query()\ | ||||
.filter(UserIpMap.user == default_user).all() | ||||
r629 | ||||
r3125 | _form = DefaultPermissionsForm( | |||
r3734 | [x[0] for x in c.repo_perms_choices], | |||
[x[0] for x in c.group_perms_choices], | ||||
[x[0] for x in c.user_group_perms_choices], | ||||
[x[0] for x in c.repo_create_choices], | ||||
[x[0] for x in c.repo_group_create_choices], | ||||
[x[0] for x in c.user_group_create_choices], | ||||
[x[0] for x in c.fork_choices], | ||||
[x[0] for x in c.register_choices])() | ||||
r629 | ||||
r3125 | try: | |||
form_result = _form.to_python(dict(request.POST)) | ||||
form_result.update({'perm_user_name': id}) | ||||
r3734 | PermissionModel().update(form_result) | |||
r3125 | Session().commit() | |||
h.flash(_('Default permissions updated successfully'), | ||||
category='success') | ||||
r629 | ||||
r3125 | except formencode.Invalid, errors: | |||
defaults = errors.value | ||||
r629 | ||||
r3125 | return htmlfill.render( | |||
render('admin/permissions/permissions.html'), | ||||
defaults=defaults, | ||||
errors=errors.error_dict or {}, | ||||
prefix_error=False, | ||||
encoding="UTF-8") | ||||
except Exception: | ||||
log.error(traceback.format_exc()) | ||||
Mads Kiilerich
|
r3565 | h.flash(_('Error occurred during update of permissions'), | ||
r3125 | category='error') | |||
r629 | ||||
r547 | return redirect(url('edit_permission', id=id)) | |||
r629 | ||||
r547 | def delete(self, id): | |||
"""DELETE /permissions/id: Delete an existing item""" | ||||
# Forms posted to this method should contain a hidden field: | ||||
# <input type="hidden" name="_method" value="DELETE" /> | ||||
# Or using helpers: | ||||
# h.form(url('permission', id=ID), | ||||
# method='delete') | ||||
# url('permission', id=ID) | ||||
def show(self, id, format='html'): | ||||
"""GET /permissions/id: Show a specific item""" | ||||
# url('permission', id=ID) | ||||
r3731 | Permission.get_or_404(-1) | |||
r547 | ||||
def edit(self, id, format='html'): | ||||
"""GET /permissions/id/edit: Form to edit an existing item""" | ||||
#url('edit_permission', id=ID) | ||||
r629 | ||||
r2709 | #this form can only edit default user permissions | |||
r547 | if id == 'default': | |||
r3734 | c.user = User.get_default_user() | |||
defaults = {'anonymous': c.user.active} | ||||
c.perm_user = c.user.AuthUser | ||||
r3125 | c.user_ip_map = UserIpMap.query()\ | |||
r3734 | .filter(UserIpMap.user == c.user).all() | |||
for p in c.user.user_perms: | ||||
r547 | if p.permission.permission_name.startswith('repository.'): | |||
r3052 | defaults['default_repo_perm'] = p.permission.permission_name | |||
if p.permission.permission_name.startswith('group.'): | ||||
defaults['default_group_perm'] = p.permission.permission_name | ||||
r629 | ||||
r3734 | if p.permission.permission_name.startswith('usergroup.'): | |||
defaults['default_user_group_perm'] = p.permission.permission_name | ||||
if p.permission.permission_name.startswith('hg.create.'): | ||||
defaults['default_repo_create'] = p.permission.permission_name | ||||
if p.permission.permission_name.startswith('hg.repogroup.'): | ||||
defaults['default_repo_group_create'] = p.permission.permission_name | ||||
if p.permission.permission_name.startswith('hg.usergroup.'): | ||||
defaults['default_user_group_create'] = p.permission.permission_name | ||||
r547 | if p.permission.permission_name.startswith('hg.register.'): | |||
defaults['default_register'] = p.permission.permission_name | ||||
r629 | ||||
r2709 | if p.permission.permission_name.startswith('hg.fork.'): | |||
defaults['default_fork'] = p.permission.permission_name | ||||
r547 | return htmlfill.render( | |||
r2709 | render('admin/permissions/permissions.html'), | |||
defaults=defaults, | ||||
encoding="UTF-8", | ||||
r3125 | force_defaults=False | |||
r2709 | ) | |||
r547 | else: | |||
return redirect(url('admin_home')) | ||||