##// END OF EJS Templates
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.
security bugfix simplehg wasn't checking for permissions on remote commands different than pull or push.

File last commit:

r597:53128b6b rhodecode-0.0.1.0.0rc4 default
r605:72bed562 default
Show More
db_manage.py
287 lines | 10.0 KiB | text/x-python | PythonLexer
renamed project to rhodecode
r547 #!/usr/bin/env python
# encoding: utf-8
bumped version, some spelling fixes
r569 # database management for RhodeCode
renamed project to rhodecode
r547 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2
# of the License or (at your opinion) any later version of the license.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
"""
Created on April 10, 2010
bumped version, some spelling fixes
r569 database management and creation for RhodeCode
renamed project to rhodecode
r547 @author: marcink
"""
from os.path import dirname as dn, join as jn
import os
import sys
import uuid
from rhodecode.lib.auth import get_crypt_password
from rhodecode.lib.utils import ask_ok
from rhodecode.model import init_model
more renames for rhode code !!
r549 from rhodecode.model.db import User, Permission, RhodeCodeUi, RhodeCodeSettings, \
renamed project to rhodecode
r547 UserToPerm
from rhodecode.model import meta
from sqlalchemy.engine import create_engine
import logging
log = logging.getLogger(__name__)
class DbManage(object):
removed egg info, update files for distutils build...
r552 def __init__(self, log_sql, dbname, root, tests=False):
renamed project to rhodecode
r547 self.dbname = dbname
self.tests = tests
removed egg info, update files for distutils build...
r552 self.root = root
dburi = 'sqlite:////%s' % jn(self.root, self.dbname)
renamed project to rhodecode
r547 engine = create_engine(dburi, echo=log_sql)
init_model(engine)
self.sa = meta.Session
self.db_exists = False
def check_for_db(self, override):
removed egg info, update files for distutils build...
r552 db_path = jn(self.root, self.dbname)
log.info('checking for existing db in %s', db_path)
if os.path.isfile(db_path):
renamed project to rhodecode
r547 self.db_exists = True
if not override:
raise Exception('database already exists')
def create_tables(self, override=False):
"""
Create a auth database
"""
self.check_for_db(override)
added password validation, second try on paster setup-app,...
r597 if self.db_exists:
removed egg info, update files for distutils build...
r552 log.info("database exist and it's going to be destroyed")
renamed project to rhodecode
r547 if self.tests:
destroy = True
else:
destroy = ask_ok('Are you sure to destroy old database ? [y/n]')
if not destroy:
sys.exit()
if self.db_exists and destroy:
removed egg info, update files for distutils build...
r552 os.remove(jn(self.root, self.dbname))
renamed project to rhodecode
r547 checkfirst = not override
meta.Base.metadata.create_all(checkfirst=checkfirst)
log.info('Created tables for %s', self.dbname)
added password validation, second try on paster setup-app,...
r597 def admin_prompt(self, second=False):
renamed project to rhodecode
r547 if not self.tests:
import getpass
added password validation, second try on paster setup-app,...
r597
def get_password():
password = getpass.getpass('Specify admin password (min 6 chars):')
confirm = getpass.getpass('Confirm password:')
if password != confirm:
log.error('passwords mismatch')
return False
if len(password) < 6:
log.error('password is to short use at least 6 characters')
return False
return password
renamed project to rhodecode
r547 username = raw_input('Specify admin username:')
added password validation, second try on paster setup-app,...
r597
password = get_password()
if not password:
#second try
password = get_password()
if not password:
sys.exit()
renamed project to rhodecode
r547 email = raw_input('Specify admin email:')
self.create_user(username, password, email, True)
else:
log.info('creating admin and regular test users')
self.create_user('test_admin', 'test12', 'test_admin@mail.com', True)
self.create_user('test_regular', 'test12', 'test_regular@mail.com', False)
self.create_user('test_regular2', 'test12', 'test_regular2@mail.com', False)
def config_prompt(self, test_repo_path=''):
log.info('Setting up repositories config')
if not self.tests and not test_repo_path:
path = raw_input('Specify valid full path to your repositories'
' you can change this later in application settings:')
else:
path = test_repo_path
if not os.path.isdir(path):
log.error('You entered wrong path: %s', path)
sys.exit()
more renames for rhode code !!
r549 hooks1 = RhodeCodeUi()
renamed project to rhodecode
r547 hooks1.ui_section = 'hooks'
hooks1.ui_key = 'changegroup.update'
hooks1.ui_value = 'hg update >&2'
rewrote whoosh indexing to run internal repository.walk() instead of filesystem....
r560 hooks1.ui_active = False
renamed project to rhodecode
r547
more renames for rhode code !!
r549 hooks2 = RhodeCodeUi()
renamed project to rhodecode
r547 hooks2.ui_section = 'hooks'
hooks2.ui_key = 'changegroup.repo_size'
hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'
more renames for rhode code !!
r549 web1 = RhodeCodeUi()
renamed project to rhodecode
r547 web1.ui_section = 'web'
web1.ui_key = 'push_ssl'
web1.ui_value = 'false'
more renames for rhode code !!
r549 web2 = RhodeCodeUi()
renamed project to rhodecode
r547 web2.ui_section = 'web'
web2.ui_key = 'allow_archive'
web2.ui_value = 'gz zip bz2'
more renames for rhode code !!
r549 web3 = RhodeCodeUi()
renamed project to rhodecode
r547 web3.ui_section = 'web'
web3.ui_key = 'allow_push'
web3.ui_value = '*'
more renames for rhode code !!
r549 web4 = RhodeCodeUi()
renamed project to rhodecode
r547 web4.ui_section = 'web'
web4.ui_key = 'baseurl'
web4.ui_value = '/'
more renames for rhode code !!
r549 paths = RhodeCodeUi()
renamed project to rhodecode
r547 paths.ui_section = 'paths'
paths.ui_key = '/'
paths.ui_value = os.path.join(path, '*')
more renames for rhode code !!
r549 hgsettings1 = RhodeCodeSettings()
renamed project to rhodecode
r547
hgsettings1.app_settings_name = 'realm'
added fault tolerant case when celeryconfig is not present in the directory....
r555 hgsettings1.app_settings_value = 'RhodeCode authentication'
renamed project to rhodecode
r547
more renames for rhode code !!
r549 hgsettings2 = RhodeCodeSettings()
renamed project to rhodecode
r547 hgsettings2.app_settings_name = 'title'
added fault tolerant case when celeryconfig is not present in the directory....
r555 hgsettings2.app_settings_value = 'RhodeCode'
renamed project to rhodecode
r547
try:
self.sa.add(hooks1)
self.sa.add(hooks2)
self.sa.add(web1)
self.sa.add(web2)
self.sa.add(web3)
self.sa.add(web4)
self.sa.add(paths)
self.sa.add(hgsettings1)
self.sa.add(hgsettings2)
self.sa.commit()
except:
self.sa.rollback()
raise
log.info('created ui config')
def create_user(self, username, password, email='', admin=False):
log.info('creating administrator user %s', username)
new_user = User()
new_user.username = username
new_user.password = get_crypt_password(password)
added fault tolerant case when celeryconfig is not present in the directory....
r555 new_user.name = 'RhodeCode'
renamed project to rhodecode
r547 new_user.lastname = 'Admin'
new_user.email = email
new_user.admin = admin
new_user.active = True
try:
self.sa.add(new_user)
self.sa.commit()
except:
self.sa.rollback()
raise
def create_default_user(self):
log.info('creating default user')
#create default user for handling default permissions.
def_user = User()
def_user.username = 'default'
def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
def_user.name = 'default'
def_user.lastname = 'default'
def_user.email = 'default@default.com'
def_user.admin = False
def_user.active = False
try:
self.sa.add(def_user)
self.sa.commit()
except:
self.sa.rollback()
raise
def create_permissions(self):
#module.(access|create|change|delete)_[name]
#module.(read|write|owner)
perms = [('repository.none', 'Repository no access'),
('repository.read', 'Repository read access'),
('repository.write', 'Repository write access'),
('repository.admin', 'Repository admin access'),
('hg.admin', 'Hg Administrator'),
('hg.create.repository', 'Repository create'),
('hg.create.none', 'Repository creation disabled'),
('hg.register.none', 'Register disabled'),
more renames for rhode code !!
r549 ('hg.register.manual_activate', 'Register new user with rhodecode without manual activation'),
('hg.register.auto_activate', 'Register new user with rhodecode without auto activation'),
renamed project to rhodecode
r547 ]
for p in perms:
new_perm = Permission()
new_perm.permission_name = p[0]
new_perm.permission_longname = p[1]
try:
self.sa.add(new_perm)
self.sa.commit()
except:
self.sa.rollback()
raise
def populate_default_permissions(self):
log.info('creating default user permissions')
default_user = self.sa.query(User)\
.filter(User.username == 'default').scalar()
reg_perm = UserToPerm()
reg_perm.user = default_user
reg_perm.permission = self.sa.query(Permission)\
.filter(Permission.permission_name == 'hg.register.manual_activate')\
.scalar()
create_repo_perm = UserToPerm()
create_repo_perm.user = default_user
create_repo_perm.permission = self.sa.query(Permission)\
.filter(Permission.permission_name == 'hg.create.repository')\
.scalar()
default_repo_perm = UserToPerm()
default_repo_perm.user = default_user
default_repo_perm.permission = self.sa.query(Permission)\
.filter(Permission.permission_name == 'repository.read')\
.scalar()
try:
self.sa.add(reg_perm)
self.sa.add(create_repo_perm)
self.sa.add(default_repo_perm)
self.sa.commit()
except:
self.sa.rollback()
raise