permission.py
144 lines
| 5.6 KiB
| text/x-python
|
PythonLexer
| r759 | # -*- coding: utf-8 -*- | |||
| """ | ||||
| r811 | rhodecode.model.permission | |||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
| r692 | ||||
| r759 | permissions model for RhodeCode | |||
| r1203 | ||||
| r759 | :created_on: Aug 20, 2010 | |||
| :author: marcink | ||||
| r1824 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |||
| r759 | :license: GPLv3, see COPYING for more details. | |||
| """ | ||||
| r1206 | # This program is free software: you can redistribute it and/or modify | |||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation, either version 3 of the License, or | ||||
| # (at your option) any later version. | ||||
| r1203 | # | |||
| r692 | # This program is distributed in the hope that it will be useful, | |||
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
| # GNU General Public License for more details. | ||||
| r1203 | # | |||
| r692 | # You should have received a copy of the GNU General Public License | |||
| r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
| r759 | ||||
| import logging | ||||
| import traceback | ||||
| from sqlalchemy.exc import DatabaseError | ||||
| r692 | ||||
| r1669 | from rhodecode.lib.caching_query import FromCache | |||
| r752 | from rhodecode.model import BaseModel | |||
| r2425 | from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\ | |||
| UserRepoGroupToPerm | ||||
| r1669 | ||||
| r692 | log = logging.getLogger(__name__) | |||
| r752 | class PermissionModel(BaseModel): | |||
| r1716 | """ | |||
| Permissions model for RhodeCode | ||||
| r811 | """ | |||
| r692 | ||||
| r2522 | cls = Permission | |||
| r692 | def get_permission(self, permission_id, cache=False): | |||
| r1716 | """ | |||
| Get's permissions by id | ||||
| r1203 | ||||
| r811 | :param permission_id: id of permission to get from database | |||
| :param cache: use Cache for this query | ||||
| """ | ||||
| r692 | perm = self.sa.query(Permission) | |||
| if cache: | ||||
| perm = perm.options(FromCache("sql_cache_short", | ||||
| "get_permission_%s" % permission_id)) | ||||
| return perm.get(permission_id) | ||||
| def get_permission_by_name(self, name, cache=False): | ||||
| r1716 | """ | |||
| Get's permissions by given name | ||||
| r1203 | ||||
| r811 | :param name: name to fetch | |||
| :param cache: Use cache for this query | ||||
| """ | ||||
| r692 | perm = self.sa.query(Permission)\ | |||
| .filter(Permission.permission_name == name) | ||||
| if cache: | ||||
| perm = perm.options(FromCache("sql_cache_short", | ||||
| "get_permission_%s" % name)) | ||||
| return perm.scalar() | ||||
| def update(self, form_result): | ||||
| perm_user = self.sa.query(User)\ | ||||
| r1734 | .filter(User.username == | |||
| form_result['perm_user_name']).scalar() | ||||
| r1271 | u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == | |||
| perm_user).all() | ||||
| r2798 | if len(u2p) != len(User.DEFAULT_PERMISSIONS): | |||
| r3052 | raise Exception('Defined: %s should be %s permissions for default' | |||
| r692 | ' user. This should not happen please verify' | |||
| r3052 | ' your database' % (len(u2p), len(User.DEFAULT_PERMISSIONS))) | |||
| r692 | ||||
| try: | ||||
| r1716 | # stage 1 change defaults | |||
| r692 | for p in u2p: | |||
| if p.permission.permission_name.startswith('repository.'): | ||||
| p.permission = self.get_permission_by_name( | ||||
| r3052 | form_result['default_repo_perm']) | |||
| self.sa.add(p) | ||||
| elif p.permission.permission_name.startswith('group.'): | ||||
| p.permission = self.get_permission_by_name( | ||||
| form_result['default_group_perm']) | ||||
| r692 | self.sa.add(p) | |||
| r2425 | elif p.permission.permission_name.startswith('hg.register.'): | |||
| r692 | p.permission = self.get_permission_by_name( | |||
| form_result['default_register']) | ||||
| self.sa.add(p) | ||||
| r2425 | elif p.permission.permission_name.startswith('hg.create.'): | |||
| r692 | p.permission = self.get_permission_by_name( | |||
| form_result['default_create']) | ||||
| self.sa.add(p) | ||||
| r751 | ||||
| r2709 | elif p.permission.permission_name.startswith('hg.fork.'): | |||
| p.permission = self.get_permission_by_name( | ||||
| form_result['default_fork']) | ||||
| self.sa.add(p) | ||||
| r692 | #stage 2 update all default permissions for repos if checked | |||
| r3052 | if form_result['overwrite_default_repo'] == True: | |||
| _def_name = form_result['default_repo_perm'].split('repository.')[-1] | ||||
| r2425 | _def = self.get_permission_by_name('repository.' + _def_name) | |||
| # repos | ||||
| r1633 | for r2p in self.sa.query(UserRepoToPerm)\ | |||
| r2425 | .filter(UserRepoToPerm.user == perm_user)\ | |||
| .all(): | ||||
| r3220 | ||||
| #don't reset PRIVATE repositories | ||||
| if r2p.repository.private is False: | ||||
| r2p.permission = _def | ||||
| self.sa.add(r2p) | ||||
| r3052 | ||||
| if form_result['overwrite_default_group'] == True: | ||||
| _def_name = form_result['default_group_perm'].split('group.')[-1] | ||||
| r2425 | # groups | |||
| _def = self.get_permission_by_name('group.' + _def_name) | ||||
| for g2p in self.sa.query(UserRepoGroupToPerm)\ | ||||
| .filter(UserRepoGroupToPerm.user == perm_user)\ | ||||
| .all(): | ||||
| g2p.permission = _def | ||||
| self.sa.add(g2p) | ||||
| r692 | ||||
| r1716 | # stage 3 set anonymous access | |||
| r692 | if perm_user.username == 'default': | |||
| perm_user.active = bool(form_result['anonymous']) | ||||
| self.sa.add(perm_user) | ||||
| r759 | except (DatabaseError,): | |||
| r692 | log.error(traceback.format_exc()) | |||
| raise | ||||
