permissions.py
166 lines
| 6.5 KiB
| text/x-python
|
PythonLexer
| r760 | # -*- coding: utf-8 -*- | |||
| """ | ||||
| r853 | rhodecode.controllers.admin.permissions | |||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| r1203 | ||||
| r760 | permissions controller for Rhodecode | |||
| r1203 | ||||
| r760 | :created_on: Apr 27, 2010 | |||
| :author: marcink | ||||
| r1203 | :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com> | |||
| r760 | :license: GPLv3, see COPYING for more details. | |||
| """ | ||||
| r1206 | # This program is free software: you can redistribute it and/or modify | |||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| r1203 | # | |||
| r547 | # This program is distributed in the hope that it will be useful, | |||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| r1203 | # | |||
| r547 | # You should have received a copy of the GNU General Public License | |||
| r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
| r547 | ||||
| from formencode import htmlfill | ||||
| from pylons import request, session, tmpl_context as c, url | ||||
| from pylons.controllers.util import abort, redirect | ||||
| from pylons.i18n.translation import _ | ||||
| from rhodecode.lib import helpers as h | ||||
| from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator | ||||
| r705 | from rhodecode.lib.auth_ldap import LdapImportError | |||
| r547 | from rhodecode.lib.base import BaseController, render | |||
| r705 | from rhodecode.model.forms import LdapSettingsForm, DefaultPermissionsForm | |||
| r692 | from rhodecode.model.permission import PermissionModel | |||
| r629 | from rhodecode.model.user import UserModel | |||
| r547 | import formencode | |||
| import logging | ||||
| import traceback | ||||
| log = logging.getLogger(__name__) | ||||
| r1245 | ||||
| r547 | class PermissionsController(BaseController): | |||
| """REST Controller styled on the Atom Publishing Protocol""" | ||||
| # To properly map this controller, ensure your config/routing.py | ||||
| # file has a resource setup: | ||||
| # map.resource('permission', 'permissions') | ||||
| r629 | ||||
| r547 | @LoginRequired() | |||
| @HasPermissionAllDecorator('hg.admin') | ||||
| def __before__(self): | ||||
| c.admin_user = session.get('admin_user') | ||||
| c.admin_username = session.get('admin_username') | ||||
| super(PermissionsController, self).__before__() | ||||
| r629 | ||||
| r547 | self.perms_choices = [('repository.none', _('None'),), | |||
| ('repository.read', _('Read'),), | ||||
| ('repository.write', _('Write'),), | ||||
| ('repository.admin', _('Admin'),)] | ||||
| self.register_choices = [ | ||||
| r673 | ('hg.register.none', | |||
| _('disabled')), | ||||
| r547 | ('hg.register.manual_activate', | |||
| r673 | _('allowed with manual account activation')), | |||
| r547 | ('hg.register.auto_activate', | |||
| r673 | _('allowed with automatic account activation')), ] | |||
| r629 | ||||
| r547 | self.create_choices = [('hg.create.none', _('Disabled')), | |||
| r629 | ('hg.create.repository', _('Enabled'))] | |||
| r547 | ||||
| def index(self, format='html'): | ||||
| """GET /permissions: All items in the collection""" | ||||
| # url('permissions') | ||||
| def create(self): | ||||
| """POST /permissions: Create a new item""" | ||||
| # url('permissions') | ||||
| def new(self, format='html'): | ||||
| """GET /permissions/new: Form to create a new item""" | ||||
| # url('new_permission') | ||||
| def update(self, id): | ||||
| """PUT /permissions/id: Update an existing item""" | ||||
| # Forms posted to this method should contain a hidden field: | ||||
| # <input type="hidden" name="_method" value="PUT" /> | ||||
| # Or using helpers: | ||||
| # h.form(url('permission', id=ID), | ||||
| # method='put') | ||||
| # url('permission', id=ID) | ||||
| r629 | ||||
| r547 | permission_model = PermissionModel() | |||
| r629 | ||||
| r547 | _form = DefaultPermissionsForm([x[0] for x in self.perms_choices], | |||
| [x[0] for x in self.register_choices], | ||||
| [x[0] for x in self.create_choices])() | ||||
| r629 | ||||
| r547 | try: | |||
| form_result = _form.to_python(dict(request.POST)) | ||||
| r1245 | form_result.update({'perm_user_name': id}) | |||
| r547 | permission_model.update(form_result) | |||
| r705 | h.flash(_('Default permissions updated successfully'), | |||
| r547 | category='success') | |||
| r629 | ||||
| r564 | except formencode.Invalid, errors: | |||
| r547 | c.perms_choices = self.perms_choices | |||
| c.register_choices = self.register_choices | ||||
| c.create_choices = self.create_choices | ||||
| r705 | defaults = errors.value | |||
| r629 | ||||
| r547 | return htmlfill.render( | |||
| render('admin/permissions/permissions.html'), | ||||
| r705 | defaults=defaults, | |||
| r547 | errors=errors.error_dict or {}, | |||
| prefix_error=False, | ||||
| r629 | encoding="UTF-8") | |||
| r547 | except Exception: | |||
| log.error(traceback.format_exc()) | ||||
| r860 | h.flash(_('error occurred during update of permissions'), | |||
| r547 | category='error') | |||
| r629 | ||||
| r547 | return redirect(url('edit_permission', id=id)) | |||
| r629 | ||||
| r547 | def delete(self, id): | |||
| """DELETE /permissions/id: Delete an existing item""" | ||||
| # Forms posted to this method should contain a hidden field: | ||||
| # <input type="hidden" name="_method" value="DELETE" /> | ||||
| # Or using helpers: | ||||
| # h.form(url('permission', id=ID), | ||||
| # method='delete') | ||||
| # url('permission', id=ID) | ||||
| def show(self, id, format='html'): | ||||
| """GET /permissions/id: Show a specific item""" | ||||
| # url('permission', id=ID) | ||||
| def edit(self, id, format='html'): | ||||
| """GET /permissions/id/edit: Form to edit an existing item""" | ||||
| #url('edit_permission', id=ID) | ||||
| c.perms_choices = self.perms_choices | ||||
| c.register_choices = self.register_choices | ||||
| c.create_choices = self.create_choices | ||||
| r629 | ||||
| r547 | if id == 'default': | |||
| r673 | default_user = UserModel().get_by_username('default') | |||
| r1245 | defaults = {'_method': 'put', | |||
| 'anonymous': default_user.active} | ||||
| r769 | ||||
| r673 | for p in default_user.user_perms: | |||
| r547 | if p.permission.permission_name.startswith('repository.'): | |||
| r629 | defaults['default_perm'] = p.permission.permission_name | |||
| r547 | if p.permission.permission_name.startswith('hg.register.'): | |||
| defaults['default_register'] = p.permission.permission_name | ||||
| r629 | ||||
| r547 | if p.permission.permission_name.startswith('hg.create.'): | |||
| defaults['default_create'] = p.permission.permission_name | ||||
| r629 | ||||
| r547 | return htmlfill.render( | |||
| render('admin/permissions/permissions.html'), | ||||
| defaults=defaults, | ||||
| encoding="UTF-8", | ||||
| r629 | force_defaults=True,) | |||
| r547 | else: | |||
| return redirect(url('admin_home')) | ||||
