##// END OF EJS Templates
version bump
version bump

File last commit:

r2961:08f89c68 beta
r3114:82a6d17d beta
Show More
repos_group.py
416 lines | 15.5 KiB | text/x-python | PythonLexer
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 # -*- coding: utf-8 -*-
"""
rhodecode.model.user_group
~~~~~~~~~~~~~~~~~~~~~~~~~~
users groups model for RhodeCode
:created_on: Jan 25, 2011
:author: marcink
2012 copyrights
r1824 :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 :license: GPLv3, see COPYING for more details.
"""
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import logging
import traceback
#47 implemented basic edition of groups
r1347 import shutil
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will...
r2961 import datetime
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
utils/conf...
r2109 from rhodecode.lib.utils2 import LazyProperty
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
from rhodecode.model import BaseModel
#227 Initial version of repository groups permissions system...
r1982 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 User, Permission, UsersGroupRepoGroupToPerm, UsersGroup, Repository
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 log = logging.getLogger(__name__)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 class ReposGroupModel(BaseModel):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Added associated classes into child models
r2522 cls = RepoGroup
#227 Initial version of repository groups permissions system...
r1982 def __get_users_group(self, users_group):
return self._get_instance(UsersGroup, users_group,
callback=UsersGroup.get_by_group_name)
Added quick links for editing permissions for users from permission overview
r2631 def _get_repos_group(self, repos_group):
#227 Initial version of repository groups permissions system...
r1982 return self._get_instance(RepoGroup, repos_group,
callback=RepoGroup.get_by_group_name)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 @LazyProperty
Nicolas VINOT
Correct code style
r1593 def repos_path(self):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
Get's the repositories root path from database
"""
Added form for controlling mercurial extensions...
r2708 q = RhodeCodeUi.get_by_key('/')
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 return q.ui_value
#227 Initial version of repository groups permissions system...
r1982 def _create_default_perms(self, new_group):
# create default permission
repo_group_to_perm = UserRepoGroupToPerm()
default_perm = 'group.read'
for p in User.get_by_username('default').user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
repo_group_to_perm.permission_id = self.sa.query(Permission)\
.filter(Permission.permission_name == default_perm)\
.one().permission_id
repo_group_to_perm.group = new_group
repo_group_to_perm.user_id = User.get_by_username('default').user_id
self.sa.add(repo_group_to_perm)
fixes #288...
r1594 def __create_group(self, group_name):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
makes repositories group on filesystem
:param repo_name:
:param parent_id:
"""
fixes #288...
r1594 create_path = os.path.join(self.repos_path, group_name)
garden...
r1976 log.debug('creating new group in %s' % create_path)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 if os.path.isdir(create_path):
raise Exception('That directory already exists !')
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 os.makedirs(create_path)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
fixes #288...
r1594 def __rename_group(self, old, new):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
Renames a group on filesystem
auto white-space removal
r1818
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 :param group_name:
"""
fixes #288...
r1594
if old == new:
log.debug('skipping group rename')
return
garden...
r1976 log.debug('renaming repos group from %s to %s' % (old, new))
#47 implemented basic edition of groups
r1347
fixes #288...
r1594 old_path = os.path.join(self.repos_path, old)
new_path = os.path.join(self.repos_path, new)
#47 added editing of groups, and moving them between. Added check constraint for groups...
r1349
garden...
r1976 log.debug('renaming repos paths from %s to %s' % (old_path, new_path))
#47 added editing of groups, and moving them between. Added check constraint for groups...
r1349
Nicolas VINOT
Correct code style
r1593 if os.path.isdir(new_path):
raise Exception('Was trying to rename to already '
'existing dir %s' % new_path)
shutil.move(old_path, new_path)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def __delete_group(self, group, force_delete=False):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
Deletes a group from a filesystem
auto white-space removal
r1818
#47 implemented deleting of empty groups. Fixed problem with full paths on nested groups
r1346 :param group: instance of group from database
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 :param force_delete: use shutil rmtree to remove all objects
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
refactoring of models names for repoGroup permissions
r1633 paths = group.full_path.split(RepoGroup.url_sep())
Nicolas VINOT
Correct code style
r1593 paths = os.sep.join(paths)
#47 implemented deleting of empty groups. Fixed problem with full paths on nested groups
r1346
Nicolas VINOT
Correct code style
r1593 rm_path = os.path.join(self.repos_path, paths)
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will...
r2961 log.info("Removing group %s" % (rm_path))
# delete only if that path really exists
fixes #288...
r1594 if os.path.isdir(rm_path):
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 if force_delete:
shutil.rmtree(rm_path)
else:
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will...
r2961 #archive that group`
_now = datetime.datetime.now()
_ms = str(_now.microsecond).rjust(6, '0')
_d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
group.name)
shutil.move(rm_path, os.path.join(self.repos_path, _d))
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Added functional test create repo with a group...
r2529 def create(self, group_name, group_description, parent=None, just_db=False):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 try:
refactoring of models names for repoGroup permissions
r1633 new_repos_group = RepoGroup()
#227 Initial version of repository groups permissions system...
r1982 new_repos_group.group_description = group_description
Added quick links for editing permissions for users from permission overview
r2631 new_repos_group.parent_group = self._get_repos_group(parent)
#227 Initial version of repository groups permissions system...
r1982 new_repos_group.group_name = new_repos_group.get_new_name(group_name)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 self.sa.add(new_repos_group)
#227 Initial version of repository groups permissions system...
r1982 self._create_default_perms(new_repos_group)
if not just_db:
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
self.sa.flush()
self.__create_group(new_repos_group.group_name)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
[API] Create groups needed when creating repo
r1589 return new_repos_group
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 except:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 raise
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def _update_permissions(self, repos_group, perms_new=None,
perms_updates=None, recursive=False):
from rhodecode.model.repo import RepoModel
if not perms_new:
perms_new = []
if not perms_updates:
perms_updates = []
def _set_perm_user(obj, user, perm):
if isinstance(obj, RepoGroup):
ReposGroupModel().grant_user_permission(
repos_group=obj, user=user, perm=perm
)
elif isinstance(obj, Repository):
# we set group permission but we have to switch to repo
# permission
perm = perm.replace('group.', 'repository.')
RepoModel().grant_user_permission(
repo=obj, user=user, perm=perm
)
def _set_perm_group(obj, users_group, perm):
if isinstance(obj, RepoGroup):
ReposGroupModel().grant_users_group_permission(
repos_group=obj, group_name=users_group, perm=perm
)
elif isinstance(obj, Repository):
# we set group permission but we have to switch to repo
# permission
perm = perm.replace('group.', 'repository.')
RepoModel().grant_users_group_permission(
repo=obj, group_name=users_group, perm=perm
)
updates = []
log.debug('Now updating permissions for %s in recursive mode:%s'
% (repos_group, recursive))
for obj in repos_group.recursive_groups_and_repos():
if not recursive:
obj = repos_group
# update permissions
for member, perm, member_type in perms_updates:
## set for user
if member_type == 'user':
# this updates also current one if found
_set_perm_user(obj, user=member, perm=perm)
## set for users group
else:
_set_perm_group(obj, users_group=member, perm=perm)
# set new permissions
for member, perm, member_type in perms_new:
if member_type == 'user':
_set_perm_user(obj, user=member, perm=perm)
else:
_set_perm_group(obj, users_group=member, perm=perm)
updates.append(obj)
#if it's not recursive call
# break the loop and don't proceed with other changes
if not recursive:
break
return updates
Nicolas VINOT
Correct code style
r1593 def update(self, repos_group_id, form_data):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
try:
refactoring of models names for repoGroup permissions
r1633 repos_group = RepoGroup.get(repos_group_id)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 recursive = form_data['recursive']
# iterate over all members(if in recursive mode) of this groups and
# set the permissions !
# this can be potentially heavy operation
self._update_permissions(repos_group, form_data['perms_new'],
form_data['perms_updates'], recursive)
#227 Initial version of repository groups permissions system...
r1982
fixes #288...
r1594 old_path = repos_group.full_path
another major refactoring with session management
r1734
fixes #288...
r1594 # change properties
repos_group.group_description = form_data['group_description']
refactoring of models names for repoGroup permissions
r1633 repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
fixes issue #366 setting null on parent_group didn't propagate to actually db field....
r2059 repos_group.group_parent_id = form_data['group_parent_id']
Recursive set locking on all children of a group.
r2749 repos_group.enable_locking = form_data['enable_locking']
fixes #288...
r1594 repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
new_path = repos_group.full_path
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 self.sa.add(repos_group)
#47 implemented basic edition of groups
r1347
Recursive set locking on all children of a group.
r2749 # iterate over all members of this groups and set the locking !
# this can be potentially heavy operation
for obj in repos_group.recursive_groups_and_repos():
#set the value from it's parent
obj.enable_locking = repos_group.enable_locking
self.sa.add(obj)
auto white-space removal
r1818 # we need to get all repositories from this new group and
fixes #288...
r1594 # rename them accordingly to new group path
for r in repos_group.repositories:
r.repo_name = r.get_new_name(r.just_name)
self.sa.add(r)
#47 implemented basic edition of groups
r1347
fixes issue #366 setting null on parent_group didn't propagate to actually db field....
r2059 self.__rename_group(old_path, new_path)
fixes #288...
r1594 return repos_group
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 except:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 raise
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def delete(self, repos_group, force_delete=False):
Added quick links for editing permissions for users from permission overview
r2631 repos_group = self._get_repos_group(repos_group)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 try:
Switched forms to new validators
r2467 self.sa.delete(repos_group)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 self.__delete_group(repos_group, force_delete)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 except:
Switched forms to new validators
r2467 log.exception('Error removing repos_group %s' % repos_group)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 raise
#227 Initial version of repository groups permissions system...
r1982
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def delete_permission(self, repos_group, obj, obj_type, recursive):
"""
Revokes permission for repos_group for given obj(user or users_group),
obj_type can be user or users group
:param repos_group:
:param obj: user or users group id
:param obj_type: user or users group type
:param recursive: recurse to all children of group
"""
from rhodecode.model.repo import RepoModel
repos_group = self._get_repos_group(repos_group)
for el in repos_group.recursive_groups_and_repos():
if not recursive:
# if we don't recurse set the permission on only the top level
# object
el = repos_group
if isinstance(el, RepoGroup):
if obj_type == 'user':
ReposGroupModel().revoke_user_permission(el, user=obj)
elif obj_type == 'users_group':
ReposGroupModel().revoke_users_group_permission(el, group_name=obj)
else:
raise Exception('undefined object type %s' % obj_type)
elif isinstance(el, Repository):
if obj_type == 'user':
RepoModel().revoke_user_permission(el, user=obj)
elif obj_type == 'users_group':
RepoModel().revoke_users_group_permission(el, group_name=obj)
else:
raise Exception('undefined object type %s' % obj_type)
#if it's not recursive call
# break the loop and don't proceed with other changes
if not recursive:
break
#227 Initial version of repository groups permissions system...
r1982 def grant_user_permission(self, repos_group, user, perm):
"""
Grant permission for user on given repositories group, or update
existing one if found
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
Added quick links for editing permissions for users from permission overview
r2631 repos_group = self._get_repos_group(repos_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 user = self._get_user(user)
permission = self._get_perm(perm)
#227 Initial version of repository groups permissions system...
r1982
# check if we have that permission already
obj = self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == user)\
.filter(UserRepoGroupToPerm.group == repos_group)\
.scalar()
if obj is None:
# create new !
obj = UserRepoGroupToPerm()
obj.group = repos_group
obj.user = user
obj.permission = permission
self.sa.add(obj)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
#227 Initial version of repository groups permissions system...
r1982
def revoke_user_permission(self, repos_group, user):
"""
Revoke permission for user on given repositories group
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
"""
Added quick links for editing permissions for users from permission overview
r2631 repos_group = self._get_repos_group(repos_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 user = self._get_user(user)
#227 Initial version of repository groups permissions system...
r1982
obj = self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == user)\
.filter(UserRepoGroupToPerm.group == repos_group)\
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 .scalar()
if obj:
self.sa.delete(obj)
log.debug('Revoked perm on %s on %s' % (repos_group, user))
#227 Initial version of repository groups permissions system...
r1982
def grant_users_group_permission(self, repos_group, group_name, perm):
"""
Grant permission for users group on given repositories group, or update
existing one if found
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param group_name: Instance of UserGroup, users_group_id,
or users group name
:param perm: Instance of Permission, or permission_name
"""
Added quick links for editing permissions for users from permission overview
r2631 repos_group = self._get_repos_group(repos_group)
#227 Initial version of repository groups permissions system...
r1982 group_name = self.__get_users_group(group_name)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 permission = self._get_perm(perm)
#227 Initial version of repository groups permissions system...
r1982
# check if we have that permission already
obj = self.sa.query(UsersGroupRepoGroupToPerm)\
.filter(UsersGroupRepoGroupToPerm.group == repos_group)\
.filter(UsersGroupRepoGroupToPerm.users_group == group_name)\
.scalar()
if obj is None:
# create new
obj = UsersGroupRepoGroupToPerm()
obj.group = repos_group
obj.users_group = group_name
obj.permission = permission
self.sa.add(obj)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
#227 Initial version of repository groups permissions system...
r1982
def revoke_users_group_permission(self, repos_group, group_name):
"""
Revoke permission for users group on given repositories group
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param group_name: Instance of UserGroup, users_group_id,
or users group name
"""
Added quick links for editing permissions for users from permission overview
r2631 repos_group = self._get_repos_group(repos_group)
#227 Initial version of repository groups permissions system...
r1982 group_name = self.__get_users_group(group_name)
obj = self.sa.query(UsersGroupRepoGroupToPerm)\
.filter(UsersGroupRepoGroupToPerm.group == repos_group)\
.filter(UsersGroupRepoGroupToPerm.users_group == group_name)\
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 .scalar()
if obj:
self.sa.delete(obj)
log.debug('Revoked perm to %s on %s' % (repos_group, group_name))