##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

commit less models...
commit less models - models don't do any commits(with few exceptions) - all db transactions should be handled by higher level modules like controllers, celery tasks
marcink - - Load All Authors

File last commit:

r1749:8ecc6b82 beta
r1749:8ecc6b82 beta
Show More
user.py
504 lines | 18.9 KiB | text/x-python | PythonLexer
/ rhodecode / model / user.py
History | Source | Raw |Copy content |Copy permalink
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 # -*- coding: utf-8 -*-
"""
marcink
started working on issue #56
 r956 rhodecode.model.user
~~~~~~~~~~~~~~~~~~~~
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761
users model for RhodeCode
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 :created_on: Apr 9, 2010
:author: marcink
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 :license: GPLv3, see COPYING for more details.
"""
marcink
fixed license issue #149
 r1206 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203 #
marcink
Code refactoring,models renames...
 r629 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203 #
marcink
Code refactoring,models renames...
 r629 # You should have received a copy of the GNU General Public License
marcink
fixed license issue #149
 r1206 # along with this program. If not, see <http://www.gnu.org/licenses/>.
marcink
fixed security issue when saving ldap user saved plaintext password
 r750
marcink
Code refactoring,models renames...
 r629 import logging
import traceback
marcink
implements #222 registration feedback...
 r1731 from pylons import url
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 from pylons.i18n.translation import _
marcink
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
 r1516 from rhodecode.lib import safe_unicode
marcink
moved caching query to libs
 r1669 from rhodecode.lib.caching_query import FromCache
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 from rhodecode.model import BaseModel
marcink
refactoring of models names for repoGroup permissions
 r1633 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
marcink
implements #222 registration feedback...
 r1731 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \
Notification
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 from rhodecode.lib.exceptions import DefaultUserException, \
UserOwnsReposException
marcink
fixed #72 show warning on removal when user still is owner of existing repositories...
 r713
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 from sqlalchemy.exc import DatabaseError
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 from rhodecode.lib import generate_api_key
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 from sqlalchemy.orm import joinedload
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761
log = logging.getLogger(__name__)
marcink
Code refactoring,models renames...
 r629
marcink
implements #222 registration feedback...
 r1731
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 PERM_WEIGHTS = {'repository.none': 0,
'repository.read': 1,
'repository.write': 3,
'repository.admin': 3}
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267
marcink
fixed Example celery config to ampq,...
 r752 class UserModel(BaseModel):
marcink
notification to commit author + gardening
 r1716
marcink
commit less models...
 r1749 def __get_user(self, user):
return self._get_instance(User, user)
marcink
fixes #288...
 r1594 def get(self, user_id, cache=False):
marcink
Code refactoring,models renames...
 r629 user = self.sa.query(User)
if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % user_id))
return user.get(user_id)
marcink
fixes #288...
 r1594 def get_by_username(self, username, cache=False, case_insensitive=False):
marcink
fixed security issue when saving ldap user saved plaintext password
 r750
marcink
#78, fixed more reliable case insensitive searches
 r742 if case_insensitive:
user = self.sa.query(User).filter(User.username.ilike(username))
else:
user = self.sa.query(User)\
.filter(User.username == username)
marcink
Code refactoring,models renames...
 r629 if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % username))
return user.scalar()
marcink
fixes #288...
 r1594 def get_by_api_key(self, api_key, cache=False):
marcink
fix for api key lookup, reuse same function in user model
 r1693 return User.get_by_api_key(api_key, cache)
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
marcink
Code refactoring,models renames...
 r629 def create(self, form_data):
try:
new_user = User()
for k, v in form_data.items():
setattr(new_user, k, v)
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 new_user.api_key = generate_api_key(form_data['username'])
marcink
Code refactoring,models renames...
 r629 self.sa.add(new_user)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
 r1586 return new_user
marcink
Code refactoring,models renames...
 r629 except:
log.error(traceback.format_exc())
raise
marcink
User usermodel instead of db model to manage accounts...
 r1634
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 def create_or_update(self, username, password, email, name, lastname,
marcink
User usermodel instead of db model to manage accounts...
 r1634 active=True, admin=False, ldap_dn=None):
"""
Creates a new instance if not found, or updates current one
:param username:
:param password:
:param email:
:param active:
:param name:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728
marcink
User usermodel instead of db model to manage accounts...
 r1634 from rhodecode.lib.auth import get_crypt_password
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728
marcink
User usermodel instead of db model to manage accounts...
 r1634 log.debug('Checking for %s account in RhodeCode database', username)
user = User.get_by_username(username, case_insensitive=True)
if user is None:
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 log.debug('creating new user %s', username)
marcink
User usermodel instead of db model to manage accounts...
 r1634 new_user = User()
else:
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 log.debug('updating user %s', username)
marcink
User usermodel instead of db model to manage accounts...
 r1634 new_user = user
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728
marcink
User usermodel instead of db model to manage accounts...
 r1634 try:
new_user.username = username
new_user.admin = admin
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = name
new_user.lastname = lastname
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728
Liad Shani
Added basic automatic user creation for container auth
 r1621 def create_for_container_auth(self, username, attrs):
"""
Creates the given user if it's not already in the database
:param username:
:param attrs:
"""
if self.get_by_username(username, case_insensitive=True) is None:
marcink
fixed issues with not unique emails when using ldap or container auth.
 r1690
# autogenerate email for container account without one
generate_email = lambda usr: '%s@container_auth.account' % usr
Liad Shani
Added basic automatic user creation for container auth
 r1621 try:
new_user = User()
new_user.username = username
new_user.password = None
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
marcink
Some code cleanups and fixes
 r1628 new_user.active = attrs.get('active', True)
marcink
fixed issues with not unique emails when using ldap or container auth.
 r1690 new_user.name = attrs['name'] or generate_email(username)
Liad Shani
Added basic automatic user creation for container auth
 r1621 new_user.lastname = attrs['lastname']
self.sa.add(new_user)
marcink
Some code cleanups and fixes
 r1628 return new_user
Liad Shani
Added basic automatic user creation for container auth
 r1621 except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
marcink
Some code cleanups and fixes
 r1628 log.debug('User %s already exists. Skipping creation of account'
' for container auth.', username)
return None
Liad Shani
Added basic automatic user creation for container auth
 r1621
Thayne Harbaugh
Improve LDAP authentication...
 r991 def create_ldap(self, username, password, user_dn, attrs):
marcink
implements #60, ldap configuration and authentication....
 r705 """
Checks if user is in database, if not creates this user marked
as ldap user
marcink
fixes #288...
 r1594
marcink
implements #60, ldap configuration and authentication....
 r705 :param username:
:param password:
Thayne Harbaugh
Improve LDAP authentication...
 r991 :param user_dn:
:param attrs:
marcink
implements #60, ldap configuration and authentication....
 r705 """
marcink
fixed security issue when saving ldap user saved plaintext password
 r750 from rhodecode.lib.auth import get_crypt_password
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 log.debug('Checking for such ldap account in RhodeCode database')
marcink
fixes #288...
 r1594 if self.get_by_username(username, case_insensitive=True) is None:
marcink
fix fo empty email passed in attributes of ldap account....
 r1689
# autogenerate email for ldap account without one
generate_email = lambda usr: '%s@ldap.account' % usr
marcink
implements #60, ldap configuration and authentication....
 r705 try:
new_user = User()
marcink
fix fo empty email passed in attributes of ldap account....
 r1689 username = username.lower()
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 # add ldap account always lowercase
marcink
fix fo empty email passed in attributes of ldap account....
 r1689 new_user.username = username
marcink
fixed security issue when saving ldap user saved plaintext password
 r750 new_user.password = get_crypt_password(password)
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 new_user.api_key = generate_api_key(username)
marcink
fix fo empty email passed in attributes of ldap account....
 r1689 new_user.email = attrs['email'] or generate_email(username)
marcink
Some code cleanups and fixes
 r1628 new_user.active = attrs.get('active', True)
marcink
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
 r1516 new_user.ldap_dn = safe_unicode(user_dn)
Thayne Harbaugh
Improve LDAP authentication...
 r991 new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
marcink
implements #60, ldap configuration and authentication....
 r705
self.sa.add(new_user)
marcink
Some code cleanups and fixes
 r1628 return new_user
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 except (DatabaseError,):
marcink
implements #60, ldap configuration and authentication....
 r705 log.error(traceback.format_exc())
self.sa.rollback()
raise
marcink
ldap auth rewrite, moved split authfunc into two functions,...
 r761 log.debug('this %s user exists skipping creation of ldap account',
username)
marcink
Some code cleanups and fixes
 r1628 return None
marcink
implements #60, ldap configuration and authentication....
 r705
marcink
Code refactoring,models renames...
 r629 def create_registration(self, form_data):
marcink
implements #222 registration feedback...
 r1731 from rhodecode.model.notification import NotificationModel
marcink
Code refactoring,models renames...
 r629 try:
new_user = User()
for k, v in form_data.items():
if k != 'admin':
setattr(new_user, k, v)
self.sa.add(new_user)
marcink
implements #222 registration feedback...
 r1731 self.sa.flush()
# notification to admins
subject = _('new user registration')
marcink
fixes #59, notifications for user registrations + some changes to mailer
 r689 body = ('New user registration\n'
marcink
implements #222 registration feedback...
 r1731 '---------------------\n'
'- Username: %s\n'
'- Full Name: %s\n'
'- Email: %s\n')
body = body % (new_user.username, new_user.full_name,
new_user.email)
edit_url = url('edit_user', id=new_user.user_id, qualified=True)
kw = {'registered_user_url':edit_url}
NotificationModel().create(created_by=new_user, subject=subject,
body=body, recipients=None,
type_=Notification.TYPE_REGISTRATION,
email_kwargs=kw)
marcink
fixes #59, notifications for user registrations + some changes to mailer
 r689
marcink
Code refactoring,models renames...
 r629 except:
log.error(traceback.format_exc())
raise
def update(self, user_id, form_data):
try:
marcink
fixes #288...
 r1594 user = self.get(user_id, cache=False)
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 if user.username == 'default':
marcink
Code refactoring,models renames...
 r629 raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
marcink
fixed #72 show warning on removal when user still is owner of existing repositories...
 r713
marcink
Code refactoring,models renames...
 r629 for k, v in form_data.items():
if k == 'new_password' and v != '':
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 user.password = v
user.api_key = generate_api_key(user.username)
marcink
Code refactoring,models renames...
 r629 else:
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 setattr(user, k, v)
marcink
Code refactoring,models renames...
 r629
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 self.sa.add(user)
marcink
Code refactoring,models renames...
 r629 except:
log.error(traceback.format_exc())
raise
def update_my_account(self, user_id, form_data):
try:
marcink
fixes #288...
 r1594 user = self.get(user_id, cache=False)
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 if user.username == 'default':
marcink
Code refactoring,models renames...
 r629 raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v != '':
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 user.password = v
user.api_key = generate_api_key(user.username)
marcink
Code refactoring,models renames...
 r629 else:
if k not in ['admin', 'active']:
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 setattr(user, k, v)
marcink
Code refactoring,models renames...
 r629
marcink
Added api_key into user, api key get's generated again after password change...
 r1116 self.sa.add(user)
marcink
Code refactoring,models renames...
 r629 except:
log.error(traceback.format_exc())
raise
def delete(self, user_id):
try:
marcink
fixes #288...
 r1594 user = self.get(user_id, cache=False)
marcink
Code refactoring,models renames...
 r629 if user.username == 'default':
raise DefaultUserException(
_("You can't remove this user since it's"
" crucial for entire application"))
marcink
fixed #72 show warning on removal when user still is owner of existing repositories...
 r713 if user.repositories:
raise UserOwnsReposException(_('This user still owns %s '
'repositories and cannot be '
'removed. Switch owners or '
'remove those repositories') \
% user.repositories)
marcink
Code refactoring,models renames...
 r629 self.sa.delete(user)
except:
log.error(traceback.format_exc())
raise
marcink
fixes #223 improve password reset form
 r1417 def reset_password_link(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.send_password_link, data['email'])
marcink
Code refactoring,models renames...
 r629 def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.reset_user_password, data['email'])
marcink
#49 Enabled anonymous access for web interface controllable from permissions pannel
 r673
marcink
fixes #288...
 r1594 def fill_data(self, auth_user, user_id=None, api_key=None):
marcink
#49 Enabled anonymous access for web interface controllable from permissions pannel
 r673 """
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 Fetches auth_user by user_id,or api_key if present.
Fills auth_user attributes with those taken from database.
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203 Additionally set's is_authenitated if lookup fails
marcink
#49 Enabled anonymous access for web interface controllable from permissions pannel
 r673 present in database
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 :param auth_user: instance of user to set attributes
:param user_id: user id to fetch by
:param api_key: api key to fetch by
marcink
#49 Enabled anonymous access for web interface controllable from permissions pannel
 r673 """
marcink
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal...
 r1120 if user_id is None and api_key is None:
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 raise Exception('You need to pass user_id or api_key')
marcink
fixed anonymous access bug.
 r686
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 try:
if api_key:
dbuser = self.get_by_api_key(api_key)
else:
dbuser = self.get(user_id)
Liad Shani
Added automatic logout of deactivated/deleted users
 r1618 if dbuser is not None and dbuser.active:
marcink
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal...
 r1120 log.debug('filling %s data', dbuser)
for k, v in dbuser.get_dict().items():
setattr(auth_user, k, v)
Liad Shani
Added automatic logout of deactivated/deleted users
 r1618 else:
return False
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
except:
log.error(traceback.format_exc())
auth_user.is_authenticated = False
Liad Shani
Added automatic logout of deactivated/deleted users
 r1618 return False
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
Liad Shani
Added automatic logout of deactivated/deleted users
 r1618 return True
marcink
fixed anonymous access bug.
 r686
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 def fill_perms(self, user):
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 """
Fills user permission attribute with permissions taken from database
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 works for permissions given for repositories, and for permissions that
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 are granted to groups
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 :param user: user instance to fill his perms
"""
user.permissions['repositories'] = {}
user.permissions['global'] = set()
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #======================================================================
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 # fetch default permissions
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #======================================================================
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 default_user = User.get_by_username('default', cache=True)
default_user_id = default_user.user_id
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 default_perms = Permission.get_default_perms(default_user_id)
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
if user.is_admin:
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #==================================================================
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203 # #admin have all default rights set to admin
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #==================================================================
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 user.permissions['global'].add('hg.admin')
for perm in default_perms:
p = 'repository.admin'
marcink
refactoring of models names for repoGroup permissions
 r1633 user.permissions['repositories'][perm.UserRepoToPerm.
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 repository.repo_name] = p
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
else:
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #==================================================================
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 # set default permissions
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #==================================================================
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 uid = user.user_id
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
marcink
implements #236 forking copy permission option
 r1729 # default global
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 default_global_perms = self.sa.query(UserToPerm)\
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 .filter(UserToPerm.user_id == default_user_id)
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
for perm in default_global_perms:
user.permissions['global'].add(perm.permission.permission_name)
marcink
implements #236 forking copy permission option
 r1729 # default for repositories
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 for perm in default_perms:
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 if perm.Repository.private and not (perm.Repository.user_id ==
uid):
marcink
implements #236 forking copy permission option
 r1729 # disable defaults for private repos,
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 p = 'repository.none'
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 elif perm.Repository.user_id == uid:
marcink
implements #236 forking copy permission option
 r1729 # set admin if owner
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 p = 'repository.admin'
else:
p = perm.Permission.permission_name
marcink
refactoring of models names for repoGroup permissions
 r1633 user.permissions['repositories'][perm.UserRepoToPerm.
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 repository.repo_name] = p
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #==================================================================
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 # overwrite default with user permissions if any
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 #==================================================================
marcink
implements #236 forking copy permission option
 r1729 # user global
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 user_perms = self.sa.query(UserToPerm)\
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 .options(joinedload(UserToPerm.permission))\
.filter(UserToPerm.user_id == uid).all()
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267
for perm in user_perms:
marcink
implements #236 forking copy permission option
 r1729 user.permissions['global'].add(perm.permission.permission_name)
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267
marcink
implements #236 forking copy permission option
 r1729 # user repositories
marcink
refactoring of models names for repoGroup permissions
 r1633 user_repo_perms = self.sa.query(UserRepoToPerm, Permission,
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 Repository)\
marcink
refactoring of models names for repoGroup permissions
 r1633 .join((Repository, UserRepoToPerm.repository_id ==
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 Repository.repo_id))\
marcink
refactoring of models names for repoGroup permissions
 r1633 .join((Permission, UserRepoToPerm.permission_id ==
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 Permission.permission_id))\
marcink
refactoring of models names for repoGroup permissions
 r1633 .filter(UserRepoToPerm.user_id == uid).all()
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
marcink
user defined permission will update the global permissions, and overwrite default settings.
 r1267 for perm in user_repo_perms:
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 # set admin if owner
if perm.Repository.user_id == uid:
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 p = 'repository.admin'
else:
p = perm.Permission.permission_name
marcink
refactoring of models names for repoGroup permissions
 r1633 user.permissions['repositories'][perm.UserRepoToPerm.
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 repository.repo_name] = p
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 #==================================================================
marcink
source code cleanup: remove trailing white space, normalize file endings
 r1203 # check if user is part of groups for this repository and fill in
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 # (or replace with higher) permissions
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 #==================================================================
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 # users group global
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
.options(joinedload(UsersGroupToPerm.permission))\
.join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid).all()
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117
for perm in user_perms_from_users_groups:
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 user.permissions['global'].add(perm.permission.permission_name)
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 # users group repositories
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 user_repo_perms_from_users_groups = self.sa.query(
UsersGroupRepoToPerm,
Permission, Repository,)\
.join((Repository, UsersGroupRepoToPerm.repository_id ==
Repository.repo_id))\
.join((Permission, UsersGroupRepoToPerm.permission_id ==
Permission.permission_id))\
.join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid).all()
for perm in user_repo_perms_from_users_groups:
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 p = perm.Permission.permission_name
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 cur_perm = user.permissions['repositories'][perm.
UsersGroupRepoToPerm.
repository.repo_name]
marcink
- fixes celery sqlalchemy session issues for async forking...
 r1728 # overwrite permission only if it's greater than permission
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 # given from other sources
marcink
Major rewrite of auth objects. Moved parts of filling user data into user model....
 r1117 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
marcink
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
 r1269 user.permissions['repositories'][perm.UsersGroupRepoToPerm.
repository.repo_name] = p
marcink
#49 Enabled anonymous access for web interface controllable from permissions pannel
 r673
return user
marcink
fixes #288...
 r1594
marcink
commit less models...
 r1749
def has_perm(self, user, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class')
user = self.__get_user(user)
return UserToPerm.query().filter(UserToPerm.user == user.user)\
.filter(UserToPerm.permission == perm).scalar() is not None
def grant_perm(self, user, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class')
user = self.__get_user(user)
new = UserToPerm()
new.user = user.user
new.permission = perm
self.sa.add(new)
def revoke_perm(self, user, perm):
if not isinstance(perm, Permission):
raise Exception('perm needs to be an instance of Permission class')
user = self.__get_user(user)
obj = UserToPerm.query().filter(UserToPerm.user == user.user)\
.filter(UserToPerm.permission == perm).one()
self.sa.delete(obj)