##// END OF EJS Templates
merge beta fixes into stable
merge beta fixes into stable

File last commit:

r2031:82a88013 merge default
r2048:79a95f33 merge rhodecode-0.0.1.3.1 default
Show More
user.py
552 lines | 20.5 KiB | text/x-python | PythonLexer
ldap auth rewrite, moved split authfunc into two functions,...
r761 # -*- coding: utf-8 -*-
"""
started working on issue #56
r956 rhodecode.model.user
~~~~~~~~~~~~~~~~~~~~
ldap auth rewrite, moved split authfunc into two functions,...
r761
users model for RhodeCode
source code cleanup: remove trailing white space, normalize file endings
r1203
ldap auth rewrite, moved split authfunc into two functions,...
r761 :created_on: Apr 9, 2010
:author: marcink
2012 copyrights
r1824 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
ldap auth rewrite, moved split authfunc into two functions,...
r761 :license: GPLv3, see COPYING for more details.
"""
fixed license issue #149
r1206 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
Code refactoring,models renames...
r629 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
Code refactoring,models renames...
r629 # You should have received a copy of the GNU General Public License
fixed license issue #149
r1206 # along with this program. If not, see <http://www.gnu.org/licenses/>.
fixed security issue when saving ldap user saved plaintext password
r750
Code refactoring,models renames...
r629 import logging
import traceback
implements #222 registration feedback...
r1731 from pylons import url
ldap auth rewrite, moved split authfunc into two functions,...
r761 from pylons.i18n.translation import _
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
r1516 from rhodecode.lib import safe_unicode
moved caching query to libs
r1669 from rhodecode.lib.caching_query import FromCache
ldap auth rewrite, moved split authfunc into two functions,...
r761 from rhodecode.model import BaseModel
refactoring of models names for repoGroup permissions
r1633 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
implements #222 registration feedback...
r1731 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \
#227 Initial version of repository groups permissions system...
r1982 Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 from rhodecode.lib.exceptions import DefaultUserException, \
UserOwnsReposException
fixed #72 show warning on removal when user still is owner of existing repositories...
r713
ldap auth rewrite, moved split authfunc into two functions,...
r761 from sqlalchemy.exc import DatabaseError
Added api_key into user, api key get's generated again after password change...
r1116 from rhodecode.lib import generate_api_key
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 from sqlalchemy.orm import joinedload
ldap auth rewrite, moved split authfunc into two functions,...
r761
log = logging.getLogger(__name__)
Code refactoring,models renames...
r629
implements #222 registration feedback...
r1731
#227 Initial version of repository groups permissions system...
r1982 PERM_WEIGHTS = {
'repository.none': 0,
'repository.read': 1,
'repository.write': 3,
'repository.admin': 4,
'group.none': 0,
'group.read': 1,
'group.write': 3,
'group.admin': 4,
}
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
user defined permission will update the global permissions, and overwrite default settings.
r1267
fixed Example celery config to ampq,...
r752 class UserModel(BaseModel):
notification to commit author + gardening
r1716
commit less models...
r1749 def __get_user(self, user):
#227 Initial version of repository groups permissions system...
r1982 return self._get_instance(User, user, callback=User.get_by_username)
def __get_perm(self, permission):
return self._get_instance(Permission, permission,
callback=Permission.get_by_key)
commit less models...
r1749
fixes #288...
r1594 def get(self, user_id, cache=False):
Code refactoring,models renames...
r629 user = self.sa.query(User)
if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % user_id))
return user.get(user_id)
API updates...
r2009 def get_user(self, user):
return self.__get_user(user)
fixes #288...
r1594 def get_by_username(self, username, cache=False, case_insensitive=False):
fixed security issue when saving ldap user saved plaintext password
r750
#78, fixed more reliable case insensitive searches
r742 if case_insensitive:
user = self.sa.query(User).filter(User.username.ilike(username))
else:
user = self.sa.query(User)\
.filter(User.username == username)
Code refactoring,models renames...
r629 if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % username))
return user.scalar()
fixes #288...
r1594 def get_by_api_key(self, api_key, cache=False):
fix for api key lookup, reuse same function in user model
r1693 return User.get_by_api_key(api_key, cache)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
Code refactoring,models renames...
r629 def create(self, form_data):
try:
new_user = User()
for k, v in form_data.items():
setattr(new_user, k, v)
Added api_key into user, api key get's generated again after password change...
r1116 new_user.api_key = generate_api_key(form_data['username'])
Code refactoring,models renames...
r629 self.sa.add(new_user)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 return new_user
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
- fixes celery sqlalchemy session issues for async forking...
r1728 def create_or_update(self, username, password, email, name, lastname,
User usermodel instead of db model to manage accounts...
r1634 active=True, admin=False, ldap_dn=None):
"""
Creates a new instance if not found, or updates current one
auto white-space removal
r1818
User usermodel instead of db model to manage accounts...
r1634 :param username:
:param password:
:param email:
:param active:
:param name:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
- fixes celery sqlalchemy session issues for async forking...
r1728
User usermodel instead of db model to manage accounts...
r1634 from rhodecode.lib.auth import get_crypt_password
- fixes celery sqlalchemy session issues for async forking...
r1728
garden...
r1976 log.debug('Checking for %s account in RhodeCode database' % username)
User usermodel instead of db model to manage accounts...
r1634 user = User.get_by_username(username, case_insensitive=True)
if user is None:
garden...
r1976 log.debug('creating new user %s' % username)
User usermodel instead of db model to manage accounts...
r1634 new_user = User()
else:
garden...
r1976 log.debug('updating user %s' % username)
User usermodel instead of db model to manage accounts...
r1634 new_user = user
- fixes celery sqlalchemy session issues for async forking...
r1728
User usermodel instead of db model to manage accounts...
r1634 try:
new_user.username = username
new_user.admin = admin
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = name
new_user.lastname = lastname
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
- fixes celery sqlalchemy session issues for async forking...
r1728
Liad Shani
Added basic automatic user creation for container auth
r1621 def create_for_container_auth(self, username, attrs):
"""
Creates the given user if it's not already in the database
auto white-space removal
r1818
Liad Shani
Added basic automatic user creation for container auth
r1621 :param username:
:param attrs:
"""
if self.get_by_username(username, case_insensitive=True) is None:
fixed issues with not unique emails when using ldap or container auth.
r1690
# autogenerate email for container account without one
generate_email = lambda usr: '%s@container_auth.account' % usr
Liad Shani
Added basic automatic user creation for container auth
r1621 try:
new_user = User()
new_user.username = username
new_user.password = None
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
Some code cleanups and fixes
r1628 new_user.active = attrs.get('active', True)
fixed issues with not unique emails when using ldap or container auth.
r1690 new_user.name = attrs['name'] or generate_email(username)
Liad Shani
Added basic automatic user creation for container auth
r1621 new_user.lastname = attrs['lastname']
self.sa.add(new_user)
Some code cleanups and fixes
r1628 return new_user
Liad Shani
Added basic automatic user creation for container auth
r1621 except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
Some code cleanups and fixes
r1628 log.debug('User %s already exists. Skipping creation of account'
' for container auth.', username)
return None
Liad Shani
Added basic automatic user creation for container auth
r1621
Thayne Harbaugh
Improve LDAP authentication...
r991 def create_ldap(self, username, password, user_dn, attrs):
implements #60, ldap configuration and authentication....
r705 """
Checks if user is in database, if not creates this user marked
as ldap user
auto white-space removal
r1818
implements #60, ldap configuration and authentication....
r705 :param username:
:param password:
Thayne Harbaugh
Improve LDAP authentication...
r991 :param user_dn:
:param attrs:
implements #60, ldap configuration and authentication....
r705 """
fixed security issue when saving ldap user saved plaintext password
r750 from rhodecode.lib.auth import get_crypt_password
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('Checking for such ldap account in RhodeCode database')
fixes #288...
r1594 if self.get_by_username(username, case_insensitive=True) is None:
fix fo empty email passed in attributes of ldap account....
r1689
# autogenerate email for ldap account without one
generate_email = lambda usr: '%s@ldap.account' % usr
implements #60, ldap configuration and authentication....
r705 try:
new_user = User()
fix fo empty email passed in attributes of ldap account....
r1689 username = username.lower()
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 # add ldap account always lowercase
fix fo empty email passed in attributes of ldap account....
r1689 new_user.username = username
fixed security issue when saving ldap user saved plaintext password
r750 new_user.password = get_crypt_password(password)
Added api_key into user, api key get's generated again after password change...
r1116 new_user.api_key = generate_api_key(username)
fix fo empty email passed in attributes of ldap account....
r1689 new_user.email = attrs['email'] or generate_email(username)
Some code cleanups and fixes
r1628 new_user.active = attrs.get('active', True)
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
r1516 new_user.ldap_dn = safe_unicode(user_dn)
Thayne Harbaugh
Improve LDAP authentication...
r991 new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
implements #60, ldap configuration and authentication....
r705
self.sa.add(new_user)
Some code cleanups and fixes
r1628 return new_user
ldap auth rewrite, moved split authfunc into two functions,...
r761 except (DatabaseError,):
implements #60, ldap configuration and authentication....
r705 log.error(traceback.format_exc())
self.sa.rollback()
raise
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('this %s user exists skipping creation of ldap account',
username)
Some code cleanups and fixes
r1628 return None
implements #60, ldap configuration and authentication....
r705
Code refactoring,models renames...
r629 def create_registration(self, form_data):
implements #222 registration feedback...
r1731 from rhodecode.model.notification import NotificationModel
Code refactoring,models renames...
r629 try:
new_user = User()
for k, v in form_data.items():
if k != 'admin':
setattr(new_user, k, v)
self.sa.add(new_user)
implements #222 registration feedback...
r1731 self.sa.flush()
# notification to admins
subject = _('new user registration')
fixes #59, notifications for user registrations + some changes to mailer
r689 body = ('New user registration\n'
implements #222 registration feedback...
r1731 '---------------------\n'
'- Username: %s\n'
'- Full Name: %s\n'
'- Email: %s\n')
body = body % (new_user.username, new_user.full_name,
new_user.email)
edit_url = url('edit_user', id=new_user.user_id, qualified=True)
#344 optional firstname lastname on user creation...
r1950 kw = {'registered_user_url': edit_url}
implements #222 registration feedback...
r1731 NotificationModel().create(created_by=new_user, subject=subject,
body=body, recipients=None,
type_=Notification.TYPE_REGISTRATION,
email_kwargs=kw)
fixes #59, notifications for user registrations + some changes to mailer
r689
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
def update(self, user_id, form_data):
try:
fixes #288...
r1594 user = self.get(user_id, cache=False)
Added api_key into user, api key get's generated again after password change...
r1116 if user.username == 'default':
Code refactoring,models renames...
r629 raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
fixed #72 show warning on removal when user still is owner of existing repositories...
r713
Code refactoring,models renames...
r629 for k, v in form_data.items():
if k == 'new_password' and v != '':
Added api_key into user, api key get's generated again after password change...
r1116 user.password = v
user.api_key = generate_api_key(user.username)
Code refactoring,models renames...
r629 else:
Added api_key into user, api key get's generated again after password change...
r1116 setattr(user, k, v)
Code refactoring,models renames...
r629
Added api_key into user, api key get's generated again after password change...
r1116 self.sa.add(user)
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
def update_my_account(self, user_id, form_data):
try:
fixes #288...
r1594 user = self.get(user_id, cache=False)
Added api_key into user, api key get's generated again after password change...
r1116 if user.username == 'default':
Code refactoring,models renames...
r629 raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v != '':
Added api_key into user, api key get's generated again after password change...
r1116 user.password = v
user.api_key = generate_api_key(user.username)
Code refactoring,models renames...
r629 else:
if k not in ['admin', 'active']:
Added api_key into user, api key get's generated again after password change...
r1116 setattr(user, k, v)
Code refactoring,models renames...
r629
Added api_key into user, api key get's generated again after password change...
r1116 self.sa.add(user)
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
fixed repo_create permission by adding missing commit statements...
r1758 def delete(self, user):
user = self.__get_user(user)
auto white-space removal
r1818
Code refactoring,models renames...
r629 try:
if user.username == 'default':
raise DefaultUserException(
_("You can't remove this user since it's"
" crucial for entire application"))
fixed #72 show warning on removal when user still is owner of existing repositories...
r713 if user.repositories:
raise UserOwnsReposException(_('This user still owns %s '
'repositories and cannot be '
'removed. Switch owners or '
'remove those repositories') \
% user.repositories)
Code refactoring,models renames...
r629 self.sa.delete(user)
except:
log.error(traceback.format_exc())
raise
fixes #223 improve password reset form
r1417 def reset_password_link(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.send_password_link, data['email'])
Code refactoring,models renames...
r629 def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.reset_user_password, data['email'])
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
fixes #288...
r1594 def fill_data(self, auth_user, user_id=None, api_key=None):
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 """
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 Fetches auth_user by user_id,or api_key if present.
Fills auth_user attributes with those taken from database.
source code cleanup: remove trailing white space, normalize file endings
r1203 Additionally set's is_authenitated if lookup fails
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 present in database
source code cleanup: remove trailing white space, normalize file endings
r1203
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 :param auth_user: instance of user to set attributes
:param user_id: user id to fetch by
:param api_key: api key to fetch by
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 """
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal...
r1120 if user_id is None and api_key is None:
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 raise Exception('You need to pass user_id or api_key')
fixed anonymous access bug.
r686
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 try:
if api_key:
dbuser = self.get_by_api_key(api_key)
else:
dbuser = self.get(user_id)
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 if dbuser is not None and dbuser.active:
garden...
r1976 log.debug('filling %s data' % dbuser)
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal...
r1120 for k, v in dbuser.get_dict().items():
setattr(auth_user, k, v)
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 else:
return False
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
except:
log.error(traceback.format_exc())
auth_user.is_authenticated = False
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 return False
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 return True
fixed anonymous access bug.
r686
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 def fill_perms(self, user):
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 """
Fills user permission attribute with permissions taken from database
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 works for permissions given for repositories, and for permissions that
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 are granted to groups
source code cleanup: remove trailing white space, normalize file endings
r1203
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 :param user: user instance to fill his perms
"""
#227 Initial version of repository groups permissions system...
r1982 RK = 'repositories'
GK = 'repositories_groups'
GLOBAL = 'global'
user.permissions[RK] = {}
user.permissions[GK] = {}
user.permissions[GLOBAL] = set()
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
user defined permission will update the global permissions, and overwrite default settings.
r1267 #======================================================================
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 # fetch default permissions
user defined permission will update the global permissions, and overwrite default settings.
r1267 #======================================================================
- fixes celery sqlalchemy session issues for async forking...
r1728 default_user = User.get_by_username('default', cache=True)
default_user_id = default_user.user_id
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
#227 Initial version of repository groups permissions system...
r1982 default_repo_perms = Permission.get_default_perms(default_user_id)
default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
if user.is_admin:
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
#227 Initial version of repository groups permissions system...
r1982 # admin user have all default rights for repositories
# and groups set to admin
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
#227 Initial version of repository groups permissions system...
r1982 user.permissions[GLOBAL].add('hg.admin')
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
#227 Initial version of repository groups permissions system...
r1982 # repositories
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 p = 'repository.admin'
#227 Initial version of repository groups permissions system...
r1982 user.permissions[RK][r_k] = p
# repositories groups
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = 'group.admin'
user.permissions[GK][rg_k] = p
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
else:
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
#227 Initial version of repository groups permissions system...
r1982 # set default permissions first for repositories and groups
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 uid = user.user_id
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
#227 Initial version of repository groups permissions system...
r1982 # default global permissions
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 default_global_perms = self.sa.query(UserToPerm)\
- fixes celery sqlalchemy session issues for async forking...
r1728 .filter(UserToPerm.user_id == default_user_id)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
for perm in default_global_perms:
#227 Initial version of repository groups permissions system...
r1982 user.permissions[GLOBAL].add(perm.permission.permission_name)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
implements #236 forking copy permission option
r1729 # default for repositories
#227 Initial version of repository groups permissions system...
r1982 for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
if perm.Repository.private and not (perm.Repository.user_id == uid):
implements #236 forking copy permission option
r1729 # disable defaults for private repos,
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 p = 'repository.none'
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 elif perm.Repository.user_id == uid:
implements #236 forking copy permission option
r1729 # set admin if owner
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 p = 'repository.admin'
else:
p = perm.Permission.permission_name
#227 Initial version of repository groups permissions system...
r1982 user.permissions[RK][r_k] = p
# default for repositories groups
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
user.permissions[GK][rg_k] = p
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 # overwrite default with user permissions if any
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
implements #236 forking copy permission option
r1729 # user global
user defined permission will update the global permissions, and overwrite default settings.
r1267 user_perms = self.sa.query(UserToPerm)\
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 .options(joinedload(UserToPerm.permission))\
.filter(UserToPerm.user_id == uid).all()
user defined permission will update the global permissions, and overwrite default settings.
r1267
for perm in user_perms:
#227 Initial version of repository groups permissions system...
r1982 user.permissions[GLOBAL].add(perm.permission.permission_name)
user defined permission will update the global permissions, and overwrite default settings.
r1267
implements #236 forking copy permission option
r1729 # user repositories
#227 Initial version of repository groups permissions system...
r1982 user_repo_perms = \
self.sa.query(UserRepoToPerm, Permission, Repository)\
.join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
.join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
.filter(UserRepoToPerm.user_id == uid)\
.all()
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
user defined permission will update the global permissions, and overwrite default settings.
r1267 for perm in user_repo_perms:
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 # set admin if owner
#227 Initial version of repository groups permissions system...
r1982 r_k = perm.UserRepoToPerm.repository.repo_name
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 if perm.Repository.user_id == uid:
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 p = 'repository.admin'
else:
p = perm.Permission.permission_name
#227 Initial version of repository groups permissions system...
r1982 user.permissions[RK][r_k] = p
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 #==================================================================
source code cleanup: remove trailing white space, normalize file endings
r1203 # check if user is part of groups for this repository and fill in
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 # (or replace with higher) permissions
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 #==================================================================
- fixes celery sqlalchemy session issues for async forking...
r1728 # users group global
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
.options(joinedload(UsersGroupToPerm.permission))\
.join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid).all()
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
for perm in user_perms_from_users_groups:
#227 Initial version of repository groups permissions system...
r1982 user.permissions[GLOBAL].add(perm.permission.permission_name)
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269
- fixes celery sqlalchemy session issues for async forking...
r1728 # users group repositories
#227 Initial version of repository groups permissions system...
r1982 user_repo_perms_from_users_groups = \
self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
.join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\
.join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\
.join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid)\
.all()
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269
for perm in user_repo_perms_from_users_groups:
#227 Initial version of repository groups permissions system...
r1982 r_k = perm.UsersGroupRepoToPerm.repository.repo_name
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 p = perm.Permission.permission_name
#227 Initial version of repository groups permissions system...
r1982 cur_perm = user.permissions[RK][r_k]
- fixes celery sqlalchemy session issues for async forking...
r1728 # overwrite permission only if it's greater than permission
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 # given from other sources
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
#227 Initial version of repository groups permissions system...
r1982 user.permissions[RK][r_k] = p
#==================================================================
# get access for this user for repos group and override defaults
#==================================================================
# user repositories groups
user_repo_groups_perms = \
self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
.join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
.join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
.filter(UserRepoToPerm.user_id == uid)\
.all()
for perm in user_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
cur_perm = user.permissions[GK][rg_k]
if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
user.permissions[GK][rg_k] = p
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
return user
fixes #288...
r1594
commit less models...
r1749 def has_perm(self, user, perm):
if not isinstance(perm, Permission):
fixed repo_create permission by adding missing commit statements...
r1758 raise Exception('perm needs to be an instance of Permission class '
'got %s instead' % type(perm))
commit less models...
r1749
user = self.__get_user(user)
fixed repo_create permission by adding missing commit statements...
r1758 return UserToPerm.query().filter(UserToPerm.user == user)\
commit less models...
r1749 .filter(UserToPerm.permission == perm).scalar() is not None
def grant_perm(self, user, perm):
#227 Initial version of repository groups permissions system...
r1982 """
Grant user global permissions
commit less models...
r1749
#227 Initial version of repository groups permissions system...
r1982 :param user:
:param perm:
"""
commit less models...
r1749 user = self.__get_user(user)
#227 Initial version of repository groups permissions system...
r1982 perm = self.__get_perm(perm)
commit less models...
r1749 new = UserToPerm()
fixed repo_create permission by adding missing commit statements...
r1758 new.user = user
commit less models...
r1749 new.permission = perm
self.sa.add(new)
def revoke_perm(self, user, perm):
#227 Initial version of repository groups permissions system...
r1982 """
Revoke users global permissions
auto white-space removal
r1818
#227 Initial version of repository groups permissions system...
r1982 :param user:
:param perm:
"""
commit less models...
r1749 user = self.__get_user(user)
#227 Initial version of repository groups permissions system...
r1982 perm = self.__get_perm(perm)
auto white-space removal
r1818
fixed repo_create permission by adding missing commit statements...
r1758 obj = UserToPerm.query().filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm).scalar()
if obj:
self.sa.delete(obj)