##// END OF EJS Templates
#399 added inheritance of permissions for users group on repos groups
#399 added inheritance of permissions for users group on repos groups

File last commit:

r2120:d5527ceb beta
r2129:43481c3d beta
Show More
api.py
656 lines | 21.0 KiB | text/x-python | PythonLexer
2012 copyrights
r1824 # -*- coding: utf-8 -*-
"""
rhodecode.controllers.api
~~~~~~~~~~~~~~~~~~~~~~~~~
API controller for RhodeCode
:created_on: Aug 20, 2011
:author: marcink
:copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
:license: GPLv3, see COPYING for more details.
"""
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License or (at your opinion) any later version of the license.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
Extended API...
r1500 import traceback
import logging
Beginning of API implementation for rhodecode
r1445 from rhodecode.controllers.api import JSONRPCController, JSONRPCError
fixes #288...
r1594 from rhodecode.lib.auth import HasPermissionAllDecorator, \
API: allowed password field to be null when used with ldap_dn ref #362...
r2008 HasPermissionAnyDecorator, PasswordGenerator
another major refactoring with session management
r1734
from rhodecode.model.meta import Session
Beginning of API implementation for rhodecode
r1445 from rhodecode.model.scm import ScmModel
refactoring of models names for repoGroup permissions
r1633 from rhodecode.model.db import User, UsersGroup, RepoGroup, Repository
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 from rhodecode.model.repo import RepoModel
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 from rhodecode.model.user import UserModel
from rhodecode.model.users_group import UsersGroupModel
Nicolas VINOT
[API] Create groups needed when creating repo
r1589 from rhodecode.model.repos_group import ReposGroupModel
Resolve error occurring during recursive group creation in API create-repo function
r2120 from rhodecode.lib.utils import map_groups
another major refactoring with session management
r1734
Extended API...
r1500
Nicolas VINOT
Correct code style
r1593 log = logging.getLogger(__name__)
Extended API...
r1500
Beginning of API implementation for rhodecode
r1445
Nicolas VINOT
Correct code style
r1593 class ApiController(JSONRPCController):
Beginning of API implementation for rhodecode
r1445 """
API Controller
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Beginning of API implementation for rhodecode
r1445 Each method needs to have USER as argument this is then based on given
API_KEY propagated as instance of user object
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Beginning of API implementation for rhodecode
r1445 Preferably this should be first argument also
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Each function should also **raise** JSONRPCError for any
Beginning of API implementation for rhodecode
r1445 errors that happens
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Beginning of API implementation for rhodecode
r1445 """
Nicolas VINOT
Correct code style
r1593 @HasPermissionAllDecorator('hg.admin')
api review...
r1843 def pull(self, apiuser, repo_name):
Beginning of API implementation for rhodecode
r1445 """
Dispatch pull action on given repo
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Extended API...
r1500 :param user:
api review...
r1843 :param repo_name:
Beginning of API implementation for rhodecode
r1445 """
api review...
r1843 if Repository.is_valid(repo_name) is False:
raise JSONRPCError('Unknown repo "%s"' % repo_name)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Beginning of API implementation for rhodecode
r1445 try:
api review...
r1843 ScmModel().pull_changes(repo_name, self.rhodecode_user.username)
return 'Pulled from %s' % repo_name
Beginning of API implementation for rhodecode
r1445 except Exception:
api review...
r1843 raise JSONRPCError('Unable to pull changes from "%s"' % repo_name)
Beginning of API implementation for rhodecode
r1445
Nicolas VINOT
Correct code style
r1593 @HasPermissionAllDecorator('hg.admin')
API get_user and get_repo methods can fetch by id or names
r2010 def get_user(self, apiuser, userid):
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 """"
Get a user by username
implements #329...
r1793 :param apiuser:
:param username:
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 """
Beginning of API implementation for rhodecode
r1445
API get_user and get_repo methods can fetch by id or names
r2010 user = UserModel().get_user(userid)
API changes...
r1989 if user is None:
return user
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
implements #329...
r1793 return dict(
id=user.user_id,
username=user.username,
firstname=user.name,
lastname=user.lastname,
email=user.email,
active=user.active,
admin=user.admin,
API updates...
r2009 ldap_dn=user.ldap_dn
implements #329...
r1793 )
@HasPermissionAllDecorator('hg.admin')
def get_users(self, apiuser):
""""
Get all users
:param apiuser:
"""
result = []
for user in User.getAll():
result.append(
dict(
id=user.user_id,
notification to commit author + gardening
r1716 username=user.username,
firstname=user.name,
lastname=user.lastname,
email=user.email,
active=user.active,
admin=user.admin,
API updates...
r2009 ldap_dn=user.ldap_dn
implements #329...
r1793 )
)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 return result
Nicolas VINOT
Correct code style
r1593 @HasPermissionAllDecorator('hg.admin')
API: allowed password field to be null when used with ldap_dn ref #362...
r2008 def create_user(self, apiuser, username, email, password, firstname=None,
#344 optional firstname lastname on user creation...
r1950 lastname=None, active=True, admin=False, ldap_dn=None):
Extended API...
r1500 """
API added explicit method for updating user account
r2002 Create new user
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Extended API...
r1500 :param apiuser:
:param username:
:param password:
#344 optional firstname lastname on user creation...
r1950 :param email:
Extended API...
r1500 :param name:
:param lastname:
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 :param active:
:param admin:
:param ldap_dn:
Extended API...
r1500 """
notification to commit author + gardening
r1716 if User.get_by_username(username):
Nicolas VINOT
Correct code style
r1593 raise JSONRPCError("user %s already exist" % username)
Nicolas VINOT
[API] Create groups needed when creating repo
r1589
API: allowed password field to be null when used with ldap_dn ref #362...
r2008 if User.get_by_email(email, case_insensitive=True):
raise JSONRPCError("email %s already exist" % email)
if ldap_dn:
# generate temporary password if ldap_dn
password = PasswordGenerator().gen_password(length=8)
Extended API...
r1500 try:
api review...
r1843 usr = UserModel().create_or_update(
username, password, email, firstname,
lastname, active, admin, ldap_dn
)
commit less models...
r1749 Session.commit()
api review...
r1843 return dict(
id=usr.user_id,
msg='created new user %s' % username
)
Extended API...
r1500 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
raise JSONRPCError('failed to create user %s' % username)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Nicolas VINOT
Correct code style
r1593 @HasPermissionAllDecorator('hg.admin')
API updates...
r2009 def update_user(self, apiuser, userid, username, password, email,
firstname, lastname, active, admin, ldap_dn):
API added explicit method for updating user account
r2002 """
Updates given user
:param apiuser:
:param username:
:param password:
:param email:
:param name:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
API updates...
r2009 if not UserModel().get_user(userid):
API added explicit method for updating user account
r2002 raise JSONRPCError("user %s does not exist" % username)
try:
usr = UserModel().create_or_update(
username, password, email, firstname,
lastname, active, admin, ldap_dn
)
Session.commit()
return dict(
id=usr.user_id,
msg='updated user %s' % username
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to update user %s' % username)
@HasPermissionAllDecorator('hg.admin')
Nicolas VINOT
Correct code style
r1593 def get_users_group(self, apiuser, group_name):
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 """"
Get users group by name
implements #329...
r1793 :param apiuser:
:param group_name:
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 """
Nicolas VINOT
Correct code style
r1593 users_group = UsersGroup.get_by_group_name(group_name)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 if not users_group:
return None
Beginning of API implementation for rhodecode
r1445
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 members = []
for user in users_group.members:
user = user.user
fixes #288...
r1594 members.append(dict(id=user.user_id,
username=user.username,
firstname=user.name,
lastname=user.lastname,
email=user.email,
active=user.active,
admin=user.admin,
ldap=user.ldap_dn))
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
fixes #288...
r1594 return dict(id=users_group.users_group_id,
api review...
r1843 group_name=users_group.users_group_name,
fixes #288...
r1594 active=users_group.users_group_active,
members=members)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Nicolas VINOT
Correct code style
r1593 @HasPermissionAllDecorator('hg.admin')
def get_users_groups(self, apiuser):
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 """"
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 Get all users groups
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
implements #329...
r1793 :param apiuser:
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 """
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 result = []
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 for users_group in UsersGroup.getAll():
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 members = []
for user in users_group.members:
user = user.user
fixes #288...
r1594 members.append(dict(id=user.user_id,
username=user.username,
firstname=user.name,
lastname=user.lastname,
email=user.email,
active=user.active,
admin=user.admin,
ldap=user.ldap_dn))
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
fixes #288...
r1594 result.append(dict(id=users_group.users_group_id,
api review...
r1843 group_name=users_group.users_group_name,
fixes #288...
r1594 active=users_group.users_group_active,
members=members))
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 return result
Nicolas VINOT
Correct code style
r1593 @HasPermissionAllDecorator('hg.admin')
api review...
r1843 def create_users_group(self, apiuser, group_name, active=True):
Extended API...
r1500 """
Creates an new usergroup
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
api review...
r1843 :param group_name:
Extended API...
r1500 :param active:
"""
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
api review...
r1843 if self.get_users_group(apiuser, group_name):
raise JSONRPCError("users group %s already exist" % group_name)
Nicolas VINOT
[API] Create groups needed when creating repo
r1589
Extended API...
r1500 try:
api review...
r1843 ug = UsersGroupModel().create(name=group_name, active=active)
commit less models...
r1749 Session.commit()
fixes #288...
r1594 return dict(id=ug.users_group_id,
api review...
r1843 msg='created new users group %s' % group_name)
Extended API...
r1500 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
api review...
r1843 raise JSONRPCError('failed to create group %s' % group_name)
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Nicolas VINOT
Correct code style
r1593 @HasPermissionAllDecorator('hg.admin')
implements #330 api method for listing nodes at particular revision...
r1810 def add_user_to_users_group(self, apiuser, group_name, username):
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 """"
Add a user to a group
implements #329...
r1793 :param apiuser:
:param group_name:
implements #330 api method for listing nodes at particular revision...
r1810 :param username:
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 """
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 try:
Nicolas VINOT
Correct code style
r1593 users_group = UsersGroup.get_by_group_name(group_name)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 if not users_group:
Nicolas VINOT
Correct code style
r1593 raise JSONRPCError('unknown users group %s' % group_name)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
API changes...
r1989 user = User.get_by_username(username)
if user is None:
implements #330 api method for listing nodes at particular revision...
r1810 raise JSONRPCError('unknown user %s' % username)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Nicolas VINOT
Correct code style
r1593 ugm = UsersGroupModel().add_user_to_group(users_group, user)
API changes...
r1989 success = True if ugm != True else False
msg = 'added member %s to users group %s' % (username, group_name)
msg = msg if success else 'User is already in that group'
commit less models...
r1749 Session.commit()
API changes...
r1989
return dict(
id=ugm.users_group_member_id if ugm != True else None,
success=success,
msg=msg
)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
API changes...
r1989 raise JSONRPCError('failed to add users group member')
@HasPermissionAllDecorator('hg.admin')
def remove_user_from_users_group(self, apiuser, group_name, username):
"""
Remove user from a group
:param apiuser
:param group_name
:param username
"""
try:
users_group = UsersGroup.get_by_group_name(group_name)
if not users_group:
raise JSONRPCError('unknown users group %s' % group_name)
user = User.get_by_username(username)
if user is None:
raise JSONRPCError('unknown user %s' % username)
success = UsersGroupModel().remove_user_from_group(users_group, user)
msg = 'removed member %s from users group %s' % (username, group_name)
msg = msg if success else "User wasn't in group"
Session.commit()
return dict(success=success, msg=msg)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to remove user from group')
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Nicolas VINOT
Correct code style
r1593 @HasPermissionAnyDecorator('hg.admin')
API get_user and get_repo methods can fetch by id or names
r2010 def get_repo(self, apiuser, repoid):
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 """"
Get repository by name
implements #329...
r1793 :param apiuser:
:param repo_name:
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 """
API get_user and get_repo methods can fetch by id or names
r2010 repo = RepoModel().get_repo(repoid)
commit less models...
r1749 if repo is None:
raise JSONRPCError('unknown repository %s' % repo)
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 members = []
for user in repo.repo_to_perm:
perm = user.permission.permission_name
user = user.user
implements #329...
r1793 members.append(
dict(
type_="user",
id=user.user_id,
username=user.username,
firstname=user.name,
lastname=user.lastname,
email=user.email,
active=user.active,
admin=user.admin,
ldap=user.ldap_dn,
permission=perm
)
)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 for users_group in repo.users_group_to_perm:
perm = users_group.permission.permission_name
users_group = users_group.users_group
implements #329...
r1793 members.append(
dict(
type_="users_group",
id=users_group.users_group_id,
name=users_group.users_group_name,
active=users_group.users_group_active,
permission=perm
)
)
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
implements #329...
r1793 return dict(
id=repo.repo_id,
api review...
r1843 repo_name=repo.repo_name,
implements #329...
r1793 type=repo.repo_type,
description=repo.description,
members=members
)
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Nicolas VINOT
Correct code style
r1593 @HasPermissionAnyDecorator('hg.admin')
def get_repos(self, apiuser):
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 """"
Nicolas VINOT
Implement all CRUD API operation for repo
r1587 Get all repositories
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
implements #329...
r1793 :param apiuser:
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 """
Nicolas VINOT
Implement all CRUD API operation for repo
r1587
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 result = []
for repository in Repository.getAll():
implements #329...
r1793 result.append(
dict(
id=repository.repo_id,
api review...
r1843 repo_name=repository.repo_name,
implements #329...
r1793 type=repository.repo_type,
description=repository.description
)
)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 return result
implements #330 api method for listing nodes at particular revision...
r1810 @HasPermissionAnyDecorator('hg.admin')
def get_repo_nodes(self, apiuser, repo_name, revision, root_path,
ret_type='all'):
"""
returns a list of nodes and it's children
for a given path at given revision. It's possible to specify ret_type
to show only files or dirs
:param apiuser:
:param repo_name: name of repository
:param revision: revision for which listing should be done
:param root_path: path from which start displaying
:param ret_type: return type 'all|files|dirs' nodes
"""
try:
_d, _f = ScmModel().get_nodes(repo_name, revision, root_path,
flat=False)
_map = {
'all': _d + _f,
'files': _f,
'dirs': _d,
}
return _map[ret_type]
except KeyError:
raise JSONRPCError('ret_type must be one of %s' % _map.keys())
except Exception, e:
raise JSONRPCError(e)
Nicolas VINOT
Correct code style
r1593 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
api review...
r1843 def create_repo(self, apiuser, repo_name, owner_name, description='',
added clone_uri to API method for creating users
r2006 repo_type='hg', private=False, clone_uri=None):
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 """
added clone_uri to API method for creating users
r2006 Create repository, if clone_url is given it makes a remote clone
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
implements #329...
r1793 :param apiuser:
api review...
r1843 :param repo_name:
added clone_uri to API method for creating users
r2006 :param owner_name:
implements #329...
r1793 :param description:
added clone_uri to API method for creating users
r2006 :param repo_type:
implements #329...
r1793 :param private:
added clone_uri to API method for creating users
r2006 :param clone_uri:
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 """
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 try:
API changes...
r1989 owner = User.get_by_username(owner_name)
if owner is None:
raise JSONRPCError('unknown user %s' % owner_name)
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
api review...
r1843 if Repository.get_by_repo_name(repo_name):
raise JSONRPCError("repo %s already exist" % repo_name)
Nicolas VINOT
[API] Create groups needed when creating repo
r1589
Resolve error occurring during recursive group creation in API create-repo function
r2120 groups = repo_name.split(Repository.url_sep())
Nicolas VINOT
[API] Create groups needed when creating repo
r1589 real_name = groups[-1]
Resolve error occurring during recursive group creation in API create-repo function
r2120 # create structure of groups
group = map_groups(repo_name)
Nicolas VINOT
[API] Create groups needed when creating repo
r1589
api review...
r1843 repo = RepoModel().create(
implements #329...
r1793 dict(
repo_name=real_name,
api review...
r1843 repo_name_full=repo_name,
implements #329...
r1793 description=description,
private=private,
repo_type=repo_type,
Resolve error occurring during recursive group creation in API create-repo function
r2120 repo_group=group.group_id if group else None,
added clone_uri to API method for creating users
r2006 clone_uri=clone_uri
implements #329...
r1793 ),
owner
)
commit less models...
r1749 Session.commit()
api review...
r1843
return dict(
id=repo.repo_id,
msg="Created new repository %s" % repo.repo_name
)
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
api review...
r1843 raise JSONRPCError('failed to create repository %s' % repo_name)
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
Nicolas VINOT
Correct code style
r1593 @HasPermissionAnyDecorator('hg.admin')
implements #361 API method for deleting repositories
r2003 def delete_repo(self, apiuser, repo_name):
"""
Deletes a given repository
:param repo_name:
"""
if not Repository.get_by_repo_name(repo_name):
raise JSONRPCError("repo %s does not exist" % repo_name)
try:
RepoModel().delete(repo_name)
Session.commit()
return dict(
msg='Deleted repository %s' % repo_name
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError('failed to delete repository %s' % repo_name)
@HasPermissionAnyDecorator('hg.admin')
enabled grant/revoke api functions for users and users groups
r2004 def grant_user_permission(self, apiuser, repo_name, username, perm):
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 """
#227 Initial version of repository groups permissions system...
r1982 Grant permission for user on given repository, or update existing one
if found
Nicolas VINOT
Improve API with user/group/repo CRUD methods
r1584
implements #329...
r1793 :param repo_name:
implements #330 api method for listing nodes at particular revision...
r1810 :param username:
implements #329...
r1793 :param perm:
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 """
try:
commit less models...
r1749 repo = Repository.get_by_repo_name(repo_name)
if repo is None:
implements #329...
r1793 raise JSONRPCError('unknown repository %s' % repo)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
#227 Initial version of repository groups permissions system...
r1982 user = User.get_by_username(username)
if user is None:
raise JSONRPCError('unknown user %s' % username)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
#227 Initial version of repository groups permissions system...
r1982 RepoModel().grant_user_permission(repo=repo, user=user, perm=perm)
commit less models...
r1749 Session.commit()
implements #329...
r1793 return dict(
#227 Initial version of repository groups permissions system...
r1982 msg='Granted perm: %s for user: %s in repo: %s' % (
implements #330 api method for listing nodes at particular revision...
r1810 perm, username, repo_name
implements #329...
r1793 )
)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
implements #329...
r1793 raise JSONRPCError(
'failed to edit permission %(repo)s for %(user)s' % dict(
implements #330 api method for listing nodes at particular revision...
r1810 user=username, repo=repo_name
implements #329...
r1793 )
)
@HasPermissionAnyDecorator('hg.admin')
enabled grant/revoke api functions for users and users groups
r2004 def revoke_user_permission(self, apiuser, repo_name, username):
#227 Initial version of repository groups permissions system...
r1982 """
Revoke permission for user on given repository
:param repo_name:
:param username:
implements #329...
r1793 """
#227 Initial version of repository groups permissions system...
r1982
try:
repo = Repository.get_by_repo_name(repo_name)
if repo is None:
raise JSONRPCError('unknown repository %s' % repo)
user = User.get_by_username(username)
if user is None:
raise JSONRPCError('unknown user %s' % username)
RepoModel().revoke_user_permission(repo=repo_name, user=username)
implements #329...
r1793
#227 Initial version of repository groups permissions system...
r1982 Session.commit()
return dict(
msg='Revoked perm for user: %s in repo: %s' % (
username, repo_name
)
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'failed to edit permission %(repo)s for %(user)s' % dict(
user=username, repo=repo_name
)
)
@HasPermissionAnyDecorator('hg.admin')
enabled grant/revoke api functions for users and users groups
r2004 def grant_users_group_permission(self, apiuser, repo_name, group_name, perm):
#227 Initial version of repository groups permissions system...
r1982 """
Grant permission for users group on given repository, or update
existing one if found
implements #329...
r1793 :param repo_name:
:param group_name:
:param perm:
"""
try:
repo = Repository.get_by_repo_name(repo_name)
if repo is None:
raise JSONRPCError('unknown repository %s' % repo)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586
#227 Initial version of repository groups permissions system...
r1982 user_group = UsersGroup.get_by_group_name(group_name)
if user_group is None:
implements #329...
r1793 raise JSONRPCError('unknown users group %s' % user_group)
#227 Initial version of repository groups permissions system...
r1982 RepoModel().grant_users_group_permission(repo=repo_name,
group_name=group_name,
perm=perm)
implements #329...
r1793 Session.commit()
return dict(
#227 Initial version of repository groups permissions system...
r1982 msg='Granted perm: %s for group: %s in repo: %s' % (
implements #329...
r1793 perm, group_name, repo_name
)
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
#227 Initial version of repository groups permissions system...
r1982 'failed to edit permission %(repo)s for %(usersgr)s' % dict(
usersgr=group_name, repo=repo_name
implements #329...
r1793 )
)
#227 Initial version of repository groups permissions system...
r1982
@HasPermissionAnyDecorator('hg.admin')
enabled grant/revoke api functions for users and users groups
r2004 def revoke_users_group_permission(self, apiuser, repo_name, group_name):
#227 Initial version of repository groups permissions system...
r1982 """
Revoke permission for users group on given repository
:param repo_name:
:param group_name:
"""
try:
repo = Repository.get_by_repo_name(repo_name)
if repo is None:
raise JSONRPCError('unknown repository %s' % repo)
user_group = UsersGroup.get_by_group_name(group_name)
if user_group is None:
raise JSONRPCError('unknown users group %s' % user_group)
RepoModel().revoke_users_group_permission(repo=repo_name,
group_name=group_name)
Session.commit()
return dict(
msg='Revoked perm for group: %s in repo: %s' % (
group_name, repo_name
)
)
except Exception:
log.error(traceback.format_exc())
raise JSONRPCError(
'failed to edit permission %(repo)s for %(usersgr)s' % dict(
usersgr=group_name, repo=repo_name
)
)