repos_group.py
429 lines
| 16.1 KiB
| text/x-python
|
PythonLexer
r1345 | # -*- coding: utf-8 -*- | |||
""" | ||||
rhodecode.model.user_group | ||||
~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
Mads Kiilerich
|
r3410 | repo group model for RhodeCode | ||
r1345 | ||||
:created_on: Jan 25, 2011 | ||||
:author: marcink | ||||
r1824 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> | |||
r1345 | :license: GPLv3, see COPYING for more details. | |||
""" | ||||
# This program is free software: you can redistribute it and/or modify | ||||
# it under the terms of the GNU General Public License as published by | ||||
# the Free Software Foundation, either version 3 of the License, or | ||||
# (at your option) any later version. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU General Public License | ||||
# along with this program. If not, see <http://www.gnu.org/licenses/>. | ||||
import os | ||||
import logging | ||||
import traceback | ||||
r1347 | import shutil | |||
r2961 | import datetime | |||
r1345 | ||||
r2109 | from rhodecode.lib.utils2 import LazyProperty | |||
r1345 | ||||
from rhodecode.model import BaseModel | ||||
r1982 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ | |||
Mads Kiilerich
|
r3417 | User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository | ||
r1345 | ||||
Nicolas VINOT
|
r1593 | log = logging.getLogger(__name__) | ||
r1345 | ||||
Nicolas VINOT
|
r1593 | class ReposGroupModel(BaseModel): | ||
r1345 | ||||
r2522 | cls = RepoGroup | |||
r3714 | def _get_user_group(self, users_group): | |||
Mads Kiilerich
|
r3417 | return self._get_instance(UserGroup, users_group, | ||
callback=UserGroup.get_by_group_name) | ||||
r1982 | ||||
r3714 | def _get_repo_group(self, repos_group): | |||
r1982 | return self._get_instance(RepoGroup, repos_group, | |||
callback=RepoGroup.get_by_group_name) | ||||
r1345 | @LazyProperty | |||
Nicolas VINOT
|
r1593 | def repos_path(self): | ||
r1345 | """ | |||
Get's the repositories root path from database | ||||
""" | ||||
r2708 | q = RhodeCodeUi.get_by_key('/') | |||
r1345 | return q.ui_value | |||
r1982 | def _create_default_perms(self, new_group): | |||
# create default permission | ||||
default_perm = 'group.read' | ||||
r3734 | def_user = User.get_default_user() | |||
r3714 | for p in def_user.user_perms: | |||
r1982 | if p.permission.permission_name.startswith('group.'): | |||
default_perm = p.permission.permission_name | ||||
break | ||||
r3714 | repo_group_to_perm = UserRepoGroupToPerm() | |||
repo_group_to_perm.permission = Permission.get_by_key(default_perm) | ||||
r1982 | ||||
repo_group_to_perm.group = new_group | ||||
r3714 | repo_group_to_perm.user_id = def_user.user_id | |||
return repo_group_to_perm | ||||
r1982 | ||||
r1594 | def __create_group(self, group_name): | |||
r1345 | """ | |||
Mads Kiilerich
|
r3416 | makes repository group on filesystem | ||
r1345 | ||||
:param repo_name: | ||||
:param parent_id: | ||||
""" | ||||
r1594 | create_path = os.path.join(self.repos_path, group_name) | |||
r1976 | log.debug('creating new group in %s' % create_path) | |||
r1345 | ||||
Nicolas VINOT
|
r1593 | if os.path.isdir(create_path): | ||
raise Exception('That directory already exists !') | ||||
r1345 | ||||
Nicolas VINOT
|
r1593 | os.makedirs(create_path) | ||
r1345 | ||||
r1594 | def __rename_group(self, old, new): | |||
r1345 | """ | |||
Renames a group on filesystem | ||||
r1818 | ||||
r1345 | :param group_name: | |||
""" | ||||
r1594 | ||||
if old == new: | ||||
log.debug('skipping group rename') | ||||
return | ||||
Mads Kiilerich
|
r3653 | log.debug('renaming repository group from %s to %s' % (old, new)) | ||
r1347 | ||||
r1594 | old_path = os.path.join(self.repos_path, old) | |||
new_path = os.path.join(self.repos_path, new) | ||||
r1349 | ||||
r1976 | log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) | |||
r1349 | ||||
Nicolas VINOT
|
r1593 | if os.path.isdir(new_path): | ||
raise Exception('Was trying to rename to already ' | ||||
'existing dir %s' % new_path) | ||||
shutil.move(old_path, new_path) | ||||
r1345 | ||||
r2820 | def __delete_group(self, group, force_delete=False): | |||
r1345 | """ | |||
Deletes a group from a filesystem | ||||
r1818 | ||||
r1346 | :param group: instance of group from database | |||
r2820 | :param force_delete: use shutil rmtree to remove all objects | |||
r1345 | """ | |||
r1633 | paths = group.full_path.split(RepoGroup.url_sep()) | |||
Nicolas VINOT
|
r1593 | paths = os.sep.join(paths) | ||
r1346 | ||||
Nicolas VINOT
|
r1593 | rm_path = os.path.join(self.repos_path, paths) | ||
r2961 | log.info("Removing group %s" % (rm_path)) | |||
# delete only if that path really exists | ||||
r1594 | if os.path.isdir(rm_path): | |||
r2820 | if force_delete: | |||
shutil.rmtree(rm_path) | ||||
else: | ||||
r2961 | #archive that group` | |||
_now = datetime.datetime.now() | ||||
_ms = str(_now.microsecond).rjust(6, '0') | ||||
_d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms), | ||||
group.name) | ||||
shutil.move(rm_path, os.path.join(self.repos_path, _d)) | ||||
r1345 | ||||
r3222 | def create(self, group_name, group_description, owner, parent=None, just_db=False): | |||
r1345 | try: | |||
r1633 | new_repos_group = RepoGroup() | |||
r3714 | new_repos_group.user = self._get_user(owner) | |||
r3222 | new_repos_group.group_description = group_description or group_name | |||
r3714 | new_repos_group.parent_group = self._get_repo_group(parent) | |||
r1982 | new_repos_group.group_name = new_repos_group.get_new_name(group_name) | |||
r1345 | ||||
Nicolas VINOT
|
r1593 | self.sa.add(new_repos_group) | ||
r3714 | perm_obj = self._create_default_perms(new_repos_group) | |||
self.sa.add(perm_obj) | ||||
r1982 | ||||
r3222 | #create an ADMIN permission for owner, later owner should go into | |||
#the owner field of groups | ||||
self.grant_user_permission(repos_group=new_repos_group, | ||||
user=owner, perm='group.admin') | ||||
r1982 | if not just_db: | |||
# we need to flush here, in order to check if database won't | ||||
# throw any exceptions, create filesystem dirs at the very end | ||||
self.sa.flush() | ||||
self.__create_group(new_repos_group.group_name) | ||||
r1345 | ||||
Nicolas VINOT
|
r1589 | return new_repos_group | ||
r3631 | except Exception: | |||
Nicolas VINOT
|
r1593 | log.error(traceback.format_exc()) | ||
r1345 | raise | |||
r2820 | def _update_permissions(self, repos_group, perms_new=None, | |||
perms_updates=None, recursive=False): | ||||
from rhodecode.model.repo import RepoModel | ||||
if not perms_new: | ||||
perms_new = [] | ||||
if not perms_updates: | ||||
perms_updates = [] | ||||
def _set_perm_user(obj, user, perm): | ||||
if isinstance(obj, RepoGroup): | ||||
r3714 | self.grant_user_permission( | |||
r2820 | repos_group=obj, user=user, perm=perm | |||
) | ||||
elif isinstance(obj, Repository): | ||||
r3221 | #we do this ONLY IF repository is non-private | |||
if obj.private: | ||||
return | ||||
r2820 | # we set group permission but we have to switch to repo | |||
# permission | ||||
perm = perm.replace('group.', 'repository.') | ||||
RepoModel().grant_user_permission( | ||||
repo=obj, user=user, perm=perm | ||||
) | ||||
def _set_perm_group(obj, users_group, perm): | ||||
if isinstance(obj, RepoGroup): | ||||
r3714 | self.grant_users_group_permission( | |||
r2820 | repos_group=obj, group_name=users_group, perm=perm | |||
) | ||||
elif isinstance(obj, Repository): | ||||
# we set group permission but we have to switch to repo | ||||
# permission | ||||
perm = perm.replace('group.', 'repository.') | ||||
RepoModel().grant_users_group_permission( | ||||
repo=obj, group_name=users_group, perm=perm | ||||
) | ||||
updates = [] | ||||
log.debug('Now updating permissions for %s in recursive mode:%s' | ||||
% (repos_group, recursive)) | ||||
for obj in repos_group.recursive_groups_and_repos(): | ||||
r3221 | #obj is an instance of a group or repositories in that group | |||
r2820 | if not recursive: | |||
obj = repos_group | ||||
# update permissions | ||||
for member, perm, member_type in perms_updates: | ||||
## set for user | ||||
if member_type == 'user': | ||||
# this updates also current one if found | ||||
_set_perm_user(obj, user=member, perm=perm) | ||||
Mads Kiilerich
|
r3410 | ## set for user group | ||
r2820 | else: | |||
_set_perm_group(obj, users_group=member, perm=perm) | ||||
# set new permissions | ||||
for member, perm, member_type in perms_new: | ||||
if member_type == 'user': | ||||
_set_perm_user(obj, user=member, perm=perm) | ||||
else: | ||||
_set_perm_group(obj, users_group=member, perm=perm) | ||||
updates.append(obj) | ||||
#if it's not recursive call | ||||
# break the loop and don't proceed with other changes | ||||
if not recursive: | ||||
break | ||||
return updates | ||||
r3222 | def update(self, repos_group, form_data): | |||
r1345 | ||||
try: | ||||
r3714 | repos_group = self._get_repo_group(repos_group) | |||
r1594 | old_path = repos_group.full_path | |||
r1734 | ||||
r1594 | # change properties | |||
repos_group.group_description = form_data['group_description'] | ||||
r2059 | repos_group.group_parent_id = form_data['group_parent_id'] | |||
r2749 | repos_group.enable_locking = form_data['enable_locking'] | |||
r3459 | ||||
repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) | ||||
r1594 | repos_group.group_name = repos_group.get_new_name(form_data['group_name']) | |||
new_path = repos_group.full_path | ||||
Nicolas VINOT
|
r1593 | self.sa.add(repos_group) | ||
r1347 | ||||
r3459 | # iterate over all members of this groups and do fixes | |||
# set locking if given | ||||
# if obj is a repoGroup also fix the name of the group according | ||||
# to the parent | ||||
# if obj is a Repo fix it's name | ||||
r2749 | # this can be potentially heavy operation | |||
for obj in repos_group.recursive_groups_and_repos(): | ||||
#set the value from it's parent | ||||
obj.enable_locking = repos_group.enable_locking | ||||
r3459 | if isinstance(obj, RepoGroup): | |||
new_name = obj.get_new_name(obj.name) | ||||
log.debug('Fixing group %s to new name %s' \ | ||||
% (obj.group_name, new_name)) | ||||
obj.group_name = new_name | ||||
elif isinstance(obj, Repository): | ||||
# we need to get all repositories from this new group and | ||||
# rename them accordingly to new group path | ||||
new_name = obj.get_new_name(obj.just_name) | ||||
log.debug('Fixing repo %s to new name %s' \ | ||||
% (obj.repo_name, new_name)) | ||||
obj.repo_name = new_name | ||||
r2749 | self.sa.add(obj) | |||
r2059 | self.__rename_group(old_path, new_path) | |||
r1594 | return repos_group | |||
r3631 | except Exception: | |||
Nicolas VINOT
|
r1593 | log.error(traceback.format_exc()) | ||
r1345 | raise | |||
r2820 | def delete(self, repos_group, force_delete=False): | |||
r3714 | repos_group = self._get_repo_group(repos_group) | |||
r1345 | try: | |||
r2467 | self.sa.delete(repos_group) | |||
r2820 | self.__delete_group(repos_group, force_delete) | |||
r3631 | except Exception: | |||
r3166 | log.error('Error removing repos_group %s' % repos_group) | |||
r1345 | raise | |||
r1982 | ||||
r2820 | def delete_permission(self, repos_group, obj, obj_type, recursive): | |||
""" | ||||
Revokes permission for repos_group for given obj(user or users_group), | ||||
Mads Kiilerich
|
r3410 | obj_type can be user or user group | ||
r2820 | ||||
:param repos_group: | ||||
Mads Kiilerich
|
r3410 | :param obj: user or user group id | ||
:param obj_type: user or user group type | ||||
r2820 | :param recursive: recurse to all children of group | |||
""" | ||||
from rhodecode.model.repo import RepoModel | ||||
r3714 | repos_group = self._get_repo_group(repos_group) | |||
r2820 | ||||
for el in repos_group.recursive_groups_and_repos(): | ||||
if not recursive: | ||||
# if we don't recurse set the permission on only the top level | ||||
# object | ||||
el = repos_group | ||||
if isinstance(el, RepoGroup): | ||||
if obj_type == 'user': | ||||
ReposGroupModel().revoke_user_permission(el, user=obj) | ||||
elif obj_type == 'users_group': | ||||
ReposGroupModel().revoke_users_group_permission(el, group_name=obj) | ||||
else: | ||||
raise Exception('undefined object type %s' % obj_type) | ||||
elif isinstance(el, Repository): | ||||
if obj_type == 'user': | ||||
RepoModel().revoke_user_permission(el, user=obj) | ||||
elif obj_type == 'users_group': | ||||
RepoModel().revoke_users_group_permission(el, group_name=obj) | ||||
else: | ||||
raise Exception('undefined object type %s' % obj_type) | ||||
#if it's not recursive call | ||||
# break the loop and don't proceed with other changes | ||||
if not recursive: | ||||
break | ||||
r1982 | def grant_user_permission(self, repos_group, user, perm): | |||
""" | ||||
Mads Kiilerich
|
r3416 | Grant permission for user on given repository group, or update | ||
r1982 | existing one if found | |||
:param repos_group: Instance of ReposGroup, repositories_group_id, | ||||
or repositories_group name | ||||
:param user: Instance of User, user_id or username | ||||
:param perm: Instance of Permission, or permission_name | ||||
""" | ||||
r3714 | repos_group = self._get_repo_group(repos_group) | |||
r2432 | user = self._get_user(user) | |||
permission = self._get_perm(perm) | ||||
r1982 | ||||
# check if we have that permission already | ||||
obj = self.sa.query(UserRepoGroupToPerm)\ | ||||
.filter(UserRepoGroupToPerm.user == user)\ | ||||
.filter(UserRepoGroupToPerm.group == repos_group)\ | ||||
.scalar() | ||||
if obj is None: | ||||
# create new ! | ||||
obj = UserRepoGroupToPerm() | ||||
obj.group = repos_group | ||||
obj.user = user | ||||
obj.permission = permission | ||||
self.sa.add(obj) | ||||
r2820 | log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) | |||
r1982 | ||||
def revoke_user_permission(self, repos_group, user): | ||||
""" | ||||
Mads Kiilerich
|
r3416 | Revoke permission for user on given repository group | ||
r1982 | ||||
:param repos_group: Instance of ReposGroup, repositories_group_id, | ||||
or repositories_group name | ||||
:param user: Instance of User, user_id or username | ||||
""" | ||||
r3714 | repos_group = self._get_repo_group(repos_group) | |||
r2432 | user = self._get_user(user) | |||
r1982 | ||||
obj = self.sa.query(UserRepoGroupToPerm)\ | ||||
.filter(UserRepoGroupToPerm.user == user)\ | ||||
.filter(UserRepoGroupToPerm.group == repos_group)\ | ||||
r2820 | .scalar() | |||
if obj: | ||||
self.sa.delete(obj) | ||||
log.debug('Revoked perm on %s on %s' % (repos_group, user)) | ||||
r1982 | ||||
def grant_users_group_permission(self, repos_group, group_name, perm): | ||||
""" | ||||
Mads Kiilerich
|
r3416 | Grant permission for user group on given repository group, or update | ||
r1982 | existing one if found | |||
:param repos_group: Instance of ReposGroup, repositories_group_id, | ||||
or repositories_group name | ||||
:param group_name: Instance of UserGroup, users_group_id, | ||||
Mads Kiilerich
|
r3410 | or user group name | ||
r1982 | :param perm: Instance of Permission, or permission_name | |||
""" | ||||
r3714 | repos_group = self._get_repo_group(repos_group) | |||
group_name = self._get_user_group(group_name) | ||||
r2432 | permission = self._get_perm(perm) | |||
r1982 | ||||
# check if we have that permission already | ||||
Mads Kiilerich
|
r3417 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ | ||
.filter(UserGroupRepoGroupToPerm.group == repos_group)\ | ||||
.filter(UserGroupRepoGroupToPerm.users_group == group_name)\ | ||||
r1982 | .scalar() | |||
if obj is None: | ||||
# create new | ||||
Mads Kiilerich
|
r3417 | obj = UserGroupRepoGroupToPerm() | ||
r1982 | ||||
obj.group = repos_group | ||||
obj.users_group = group_name | ||||
obj.permission = permission | ||||
self.sa.add(obj) | ||||
r2820 | log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) | |||
r1982 | ||||
def revoke_users_group_permission(self, repos_group, group_name): | ||||
""" | ||||
Mads Kiilerich
|
r3416 | Revoke permission for user group on given repository group | ||
r1982 | ||||
:param repos_group: Instance of ReposGroup, repositories_group_id, | ||||
or repositories_group name | ||||
:param group_name: Instance of UserGroup, users_group_id, | ||||
Mads Kiilerich
|
r3410 | or user group name | ||
r1982 | """ | |||
r3714 | repos_group = self._get_repo_group(repos_group) | |||
group_name = self._get_user_group(group_name) | ||||
r1982 | ||||
Mads Kiilerich
|
r3417 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ | ||
.filter(UserGroupRepoGroupToPerm.group == repos_group)\ | ||||
.filter(UserGroupRepoGroupToPerm.users_group == group_name)\ | ||||
r2820 | .scalar() | |||
if obj: | ||||
self.sa.delete(obj) | ||||
log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) | ||||