##// END OF EJS Templates
Add ip reference into BaseController
Add ip reference into BaseController

File last commit:

r2330:b0fef8a7 codereview
r2374:be2163ef beta
Show More
user.py
589 lines | 21.8 KiB | text/x-python | PythonLexer
ldap auth rewrite, moved split authfunc into two functions,...
r761 # -*- coding: utf-8 -*-
"""
started working on issue #56
r956 rhodecode.model.user
~~~~~~~~~~~~~~~~~~~~
ldap auth rewrite, moved split authfunc into two functions,...
r761
users model for RhodeCode
source code cleanup: remove trailing white space, normalize file endings
r1203
ldap auth rewrite, moved split authfunc into two functions,...
r761 :created_on: Apr 9, 2010
:author: marcink
2012 copyrights
r1824 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
ldap auth rewrite, moved split authfunc into two functions,...
r761 :license: GPLv3, see COPYING for more details.
"""
fixed license issue #149
r1206 # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
Code refactoring,models renames...
r629 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
source code cleanup: remove trailing white space, normalize file endings
r1203 #
Code refactoring,models renames...
r629 # You should have received a copy of the GNU General Public License
fixed license issue #149
r1206 # along with this program. If not, see <http://www.gnu.org/licenses/>.
fixed security issue when saving ldap user saved plaintext password
r750
Code refactoring,models renames...
r629 import logging
import traceback
implements #222 registration feedback...
r1731 from pylons import url
ldap auth rewrite, moved split authfunc into two functions,...
r761 from pylons.i18n.translation import _
utils/conf...
r2109 from rhodecode.lib.utils2 import safe_unicode, generate_api_key
moved caching query to libs
r1669 from rhodecode.lib.caching_query import FromCache
ldap auth rewrite, moved split authfunc into two functions,...
r761 from rhodecode.model import BaseModel
refactoring of models names for repoGroup permissions
r1633 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
implements #222 registration feedback...
r1731 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \
#399 added inheritance of permissions for users group on repos groups
r2129 Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup,\
UsersGroupRepoGroupToPerm
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 from rhodecode.lib.exceptions import DefaultUserException, \
UserOwnsReposException
fixed #72 show warning on removal when user still is owner of existing repositories...
r713
ldap auth rewrite, moved split authfunc into two functions,...
r761 from sqlalchemy.exc import DatabaseError
utils/conf...
r2109
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 from sqlalchemy.orm import joinedload
ldap auth rewrite, moved split authfunc into two functions,...
r761
log = logging.getLogger(__name__)
Code refactoring,models renames...
r629
implements #222 registration feedback...
r1731
#227 Initial version of repository groups permissions system...
r1982 PERM_WEIGHTS = {
'repository.none': 0,
'repository.read': 1,
'repository.write': 3,
'repository.admin': 4,
'group.none': 0,
'group.read': 1,
'group.write': 3,
'group.admin': 4,
}
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
user defined permission will update the global permissions, and overwrite default settings.
r1267
fixed Example celery config to ampq,...
r752 class UserModel(BaseModel):
notification to commit author + gardening
r1716
commit less models...
r1749 def __get_user(self, user):
#227 Initial version of repository groups permissions system...
r1982 return self._get_instance(User, user, callback=User.get_by_username)
def __get_perm(self, permission):
return self._get_instance(Permission, permission,
callback=Permission.get_by_key)
commit less models...
r1749
fixes #288...
r1594 def get(self, user_id, cache=False):
Code refactoring,models renames...
r629 user = self.sa.query(User)
if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % user_id))
return user.get(user_id)
API updates...
r2009 def get_user(self, user):
return self.__get_user(user)
fixes #288...
r1594 def get_by_username(self, username, cache=False, case_insensitive=False):
fixed security issue when saving ldap user saved plaintext password
r750
#78, fixed more reliable case insensitive searches
r742 if case_insensitive:
user = self.sa.query(User).filter(User.username.ilike(username))
else:
user = self.sa.query(User)\
.filter(User.username == username)
Code refactoring,models renames...
r629 if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % username))
return user.scalar()
fixes #288...
r1594 def get_by_api_key(self, api_key, cache=False):
fix for api key lookup, reuse same function in user model
r1693 return User.get_by_api_key(api_key, cache)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
Code refactoring,models renames...
r629 def create(self, form_data):
try:
new_user = User()
for k, v in form_data.items():
setattr(new_user, k, v)
Added api_key into user, api key get's generated again after password change...
r1116 new_user.api_key = generate_api_key(form_data['username'])
Code refactoring,models renames...
r629 self.sa.add(new_user)
Nicolas VINOT
Add API for repositories and groups (creation, permission)
r1586 return new_user
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
- fixes celery sqlalchemy session issues for async forking...
r1728 def create_or_update(self, username, password, email, name, lastname,
User usermodel instead of db model to manage accounts...
r1634 active=True, admin=False, ldap_dn=None):
"""
Creates a new instance if not found, or updates current one
auto white-space removal
r1818
User usermodel instead of db model to manage accounts...
r1634 :param username:
:param password:
:param email:
:param active:
:param name:
:param lastname:
:param active:
:param admin:
:param ldap_dn:
"""
- fixes celery sqlalchemy session issues for async forking...
r1728
User usermodel instead of db model to manage accounts...
r1634 from rhodecode.lib.auth import get_crypt_password
- fixes celery sqlalchemy session issues for async forking...
r1728
garden...
r1976 log.debug('Checking for %s account in RhodeCode database' % username)
User usermodel instead of db model to manage accounts...
r1634 user = User.get_by_username(username, case_insensitive=True)
if user is None:
garden...
r1976 log.debug('creating new user %s' % username)
User usermodel instead of db model to manage accounts...
r1634 new_user = User()
else:
garden...
r1976 log.debug('updating user %s' % username)
User usermodel instead of db model to manage accounts...
r1634 new_user = user
- fixes celery sqlalchemy session issues for async forking...
r1728
User usermodel instead of db model to manage accounts...
r1634 try:
new_user.username = username
new_user.admin = admin
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = email
new_user.active = active
new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
new_user.name = name
new_user.lastname = lastname
self.sa.add(new_user)
return new_user
except (DatabaseError,):
log.error(traceback.format_exc())
raise
- fixes celery sqlalchemy session issues for async forking...
r1728
Liad Shani
Added basic automatic user creation for container auth
r1621 def create_for_container_auth(self, username, attrs):
"""
Creates the given user if it's not already in the database
auto white-space removal
r1818
Liad Shani
Added basic automatic user creation for container auth
r1621 :param username:
:param attrs:
"""
if self.get_by_username(username, case_insensitive=True) is None:
fixed issues with not unique emails when using ldap or container auth.
r1690
# autogenerate email for container account without one
generate_email = lambda usr: '%s@container_auth.account' % usr
Liad Shani
Added basic automatic user creation for container auth
r1621 try:
new_user = User()
new_user.username = username
new_user.password = None
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
Some code cleanups and fixes
r1628 new_user.active = attrs.get('active', True)
fixed issues with not unique emails when using ldap or container auth.
r1690 new_user.name = attrs['name'] or generate_email(username)
Liad Shani
Added basic automatic user creation for container auth
r1621 new_user.lastname = attrs['lastname']
self.sa.add(new_user)
Some code cleanups and fixes
r1628 return new_user
Liad Shani
Added basic automatic user creation for container auth
r1621 except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
Some code cleanups and fixes
r1628 log.debug('User %s already exists. Skipping creation of account'
' for container auth.', username)
return None
Liad Shani
Added basic automatic user creation for container auth
r1621
Thayne Harbaugh
Improve LDAP authentication...
r991 def create_ldap(self, username, password, user_dn, attrs):
implements #60, ldap configuration and authentication....
r705 """
Checks if user is in database, if not creates this user marked
as ldap user
auto white-space removal
r1818
implements #60, ldap configuration and authentication....
r705 :param username:
:param password:
Thayne Harbaugh
Improve LDAP authentication...
r991 :param user_dn:
:param attrs:
implements #60, ldap configuration and authentication....
r705 """
fixed security issue when saving ldap user saved plaintext password
r750 from rhodecode.lib.auth import get_crypt_password
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('Checking for such ldap account in RhodeCode database')
fixes #288...
r1594 if self.get_by_username(username, case_insensitive=True) is None:
fix fo empty email passed in attributes of ldap account....
r1689
# autogenerate email for ldap account without one
generate_email = lambda usr: '%s@ldap.account' % usr
implements #60, ldap configuration and authentication....
r705 try:
new_user = User()
fix fo empty email passed in attributes of ldap account....
r1689 username = username.lower()
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 # add ldap account always lowercase
fix fo empty email passed in attributes of ldap account....
r1689 new_user.username = username
fixed security issue when saving ldap user saved plaintext password
r750 new_user.password = get_crypt_password(password)
Added api_key into user, api key get's generated again after password change...
r1116 new_user.api_key = generate_api_key(username)
fix fo empty email passed in attributes of ldap account....
r1689 new_user.email = attrs['email'] or generate_email(username)
Some code cleanups and fixes
r1628 new_user.active = attrs.get('active', True)
fixes #256 fixes non ascii chars problems in base_dn on LDAP user creation
r1516 new_user.ldap_dn = safe_unicode(user_dn)
Thayne Harbaugh
Improve LDAP authentication...
r991 new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
implements #60, ldap configuration and authentication....
r705
self.sa.add(new_user)
Some code cleanups and fixes
r1628 return new_user
ldap auth rewrite, moved split authfunc into two functions,...
r761 except (DatabaseError,):
implements #60, ldap configuration and authentication....
r705 log.error(traceback.format_exc())
self.sa.rollback()
raise
ldap auth rewrite, moved split authfunc into two functions,...
r761 log.debug('this %s user exists skipping creation of ldap account',
username)
Some code cleanups and fixes
r1628 return None
implements #60, ldap configuration and authentication....
r705
Code refactoring,models renames...
r629 def create_registration(self, form_data):
implements #222 registration feedback...
r1731 from rhodecode.model.notification import NotificationModel
Code refactoring,models renames...
r629 try:
fixed issue with empty APIKEYS on registration #438
r2248 form_data['admin'] = False
new_user = self.create(form_data)
Code refactoring,models renames...
r629
self.sa.add(new_user)
implements #222 registration feedback...
r1731 self.sa.flush()
# notification to admins
subject = _('new user registration')
fixes #59, notifications for user registrations + some changes to mailer
r689 body = ('New user registration\n'
implements #222 registration feedback...
r1731 '---------------------\n'
'- Username: %s\n'
'- Full Name: %s\n'
'- Email: %s\n')
body = body % (new_user.username, new_user.full_name,
new_user.email)
edit_url = url('edit_user', id=new_user.user_id, qualified=True)
#344 optional firstname lastname on user creation...
r1950 kw = {'registered_user_url': edit_url}
implements #222 registration feedback...
r1731 NotificationModel().create(created_by=new_user, subject=subject,
body=body, recipients=None,
type_=Notification.TYPE_REGISTRATION,
email_kwargs=kw)
fixes #59, notifications for user registrations + some changes to mailer
r689
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
def update(self, user_id, form_data):
try:
fixes #288...
r1594 user = self.get(user_id, cache=False)
Added api_key into user, api key get's generated again after password change...
r1116 if user.username == 'default':
Code refactoring,models renames...
r629 raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
fixed #72 show warning on removal when user still is owner of existing repositories...
r713
Code refactoring,models renames...
r629 for k, v in form_data.items():
if k == 'new_password' and v != '':
Added api_key into user, api key get's generated again after password change...
r1116 user.password = v
user.api_key = generate_api_key(user.username)
Code refactoring,models renames...
r629 else:
Added api_key into user, api key get's generated again after password change...
r1116 setattr(user, k, v)
Code refactoring,models renames...
r629
Added api_key into user, api key get's generated again after password change...
r1116 self.sa.add(user)
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
def update_my_account(self, user_id, form_data):
try:
fixes #288...
r1594 user = self.get(user_id, cache=False)
Added api_key into user, api key get's generated again after password change...
r1116 if user.username == 'default':
Code refactoring,models renames...
r629 raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v != '':
Added api_key into user, api key get's generated again after password change...
r1116 user.password = v
user.api_key = generate_api_key(user.username)
Code refactoring,models renames...
r629 else:
if k not in ['admin', 'active']:
Added api_key into user, api key get's generated again after password change...
r1116 setattr(user, k, v)
Code refactoring,models renames...
r629
Added api_key into user, api key get's generated again after password change...
r1116 self.sa.add(user)
Code refactoring,models renames...
r629 except:
log.error(traceback.format_exc())
raise
fixed repo_create permission by adding missing commit statements...
r1758 def delete(self, user):
user = self.__get_user(user)
auto white-space removal
r1818
Code refactoring,models renames...
r629 try:
if user.username == 'default':
raise DefaultUserException(
Improved message about deleting user who owns repositories
r2153 _(u"You can't remove this user since it's"
fixed #397 Private repository groups shows up before login...
r2124 " crucial for entire application")
)
fixed #72 show warning on removal when user still is owner of existing repositories...
r713 if user.repositories:
Improved message about deleting user who owns repositories
r2153 repos = [x.repo_name for x in user.repositories]
fixed #397 Private repository groups shows up before login...
r2124 raise UserOwnsReposException(
Improved message about deleting user who owns repositories
r2153 _(u'user "%s" still owns %s repositories and cannot be '
'removed. Switch owners or remove those repositories. %s')
% (user.username, len(repos), ', '.join(repos))
fixed #397 Private repository groups shows up before login...
r2124 )
Code refactoring,models renames...
r629 self.sa.delete(user)
except:
log.error(traceback.format_exc())
raise
fixes #223 improve password reset form
r1417 def reset_password_link(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.send_password_link, data['email'])
Code refactoring,models renames...
r629 def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.reset_user_password, data['email'])
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673
fixes #288...
r1594 def fill_data(self, auth_user, user_id=None, api_key=None):
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 """
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 Fetches auth_user by user_id,or api_key if present.
Fills auth_user attributes with those taken from database.
source code cleanup: remove trailing white space, normalize file endings
r1203 Additionally set's is_authenitated if lookup fails
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 present in database
source code cleanup: remove trailing white space, normalize file endings
r1203
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 :param auth_user: instance of user to set attributes
:param user_id: user id to fetch by
:param api_key: api key to fetch by
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 """
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal...
r1120 if user_id is None and api_key is None:
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 raise Exception('You need to pass user_id or api_key')
fixed anonymous access bug.
r686
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 try:
if api_key:
dbuser = self.get_by_api_key(api_key)
else:
dbuser = self.get(user_id)
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 if dbuser is not None and dbuser.active:
garden...
r1976 log.debug('filling %s data' % dbuser)
fixed some bugs in api key auth, added access by api key into rss/atom feeds in global journal...
r1120 for k, v in dbuser.get_dict().items():
setattr(auth_user, k, v)
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 else:
return False
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
except:
log.error(traceback.format_exc())
auth_user.is_authenticated = False
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 return False
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
Liad Shani
Added automatic logout of deactivated/deleted users
r1618 return True
fixed anonymous access bug.
r686
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 def fill_perms(self, user):
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 """
Fills user permission attribute with permissions taken from database
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 works for permissions given for repositories, and for permissions that
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269 are granted to groups
source code cleanup: remove trailing white space, normalize file endings
r1203
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 :param user: user instance to fill his perms
"""
#227 Initial version of repository groups permissions system...
r1982 RK = 'repositories'
GK = 'repositories_groups'
GLOBAL = 'global'
user.permissions[RK] = {}
user.permissions[GK] = {}
user.permissions[GLOBAL] = set()
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
user defined permission will update the global permissions, and overwrite default settings.
r1267 #======================================================================
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 # fetch default permissions
user defined permission will update the global permissions, and overwrite default settings.
r1267 #======================================================================
- fixes celery sqlalchemy session issues for async forking...
r1728 default_user = User.get_by_username('default', cache=True)
default_user_id = default_user.user_id
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
#227 Initial version of repository groups permissions system...
r1982 default_repo_perms = Permission.get_default_perms(default_user_id)
default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
if user.is_admin:
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
#227 Initial version of repository groups permissions system...
r1982 # admin user have all default rights for repositories
# and groups set to admin
user defined permission will update the global permissions, and overwrite default settings.
r1267 #==================================================================
#227 Initial version of repository groups permissions system...
r1982 user.permissions[GLOBAL].add('hg.admin')
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
#227 Initial version of repository groups permissions system...
r1982 # repositories
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117 p = 'repository.admin'
#227 Initial version of repository groups permissions system...
r1982 user.permissions[RK][r_k] = p
# repositories groups
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = 'group.admin'
user.permissions[GK][rg_k] = p
permission comments + out identation for better readability
r2186 return user
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 #==================================================================
# set default permissions first for repositories and groups
#==================================================================
uid = user.user_id
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 # default global permissions
default_global_perms = self.sa.query(UserToPerm)\
.filter(UserToPerm.user_id == default_user_id)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 for perm in default_global_perms:
user.permissions[GLOBAL].add(perm.permission.permission_name)
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 # defaults for repositories, taken from default user
for perm in default_repo_perms:
r_k = perm.UserRepoToPerm.repository.repo_name
if perm.Repository.private and not (perm.Repository.user_id == uid):
# disable defaults for private repos,
p = 'repository.none'
elif perm.Repository.user_id == uid:
# set admin if owner
p = 'repository.admin'
else:
p = perm.Permission.permission_name
user.permissions[RK][r_k] = p
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 # defaults for repositories groups taken from default user permission
# on given group
for perm in default_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
user.permissions[GK][rg_k] = p
#==================================================================
# overwrite defaults with user permissions if any found
#==================================================================
# user global permissions
user_perms = self.sa.query(UserToPerm)\
.options(joinedload(UserToPerm.permission))\
.filter(UserToPerm.user_id == uid).all()
for perm in user_perms:
user.permissions[GLOBAL].add(perm.permission.permission_name)
#227 Initial version of repository groups permissions system...
r1982
permission comments + out identation for better readability
r2186 # user explicit permissions for repositories
user_repo_perms = \
self.sa.query(UserRepoToPerm, Permission, Repository)\
.join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
.join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
.filter(UserRepoToPerm.user_id == uid)\
.all()
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 for perm in user_repo_perms:
# set admin if owner
r_k = perm.UserRepoToPerm.repository.repo_name
if perm.Repository.user_id == uid:
p = 'repository.admin'
else:
p = perm.Permission.permission_name
user.permissions[RK][r_k] = p
user defined permission will update the global permissions, and overwrite default settings.
r1267
permission comments + out identation for better readability
r2186 # USER GROUP
#==================================================================
# check if user is part of user groups for this repository and
# fill in (or replace with higher) permissions
#==================================================================
user defined permission will update the global permissions, and overwrite default settings.
r1267
permission comments + out identation for better readability
r2186 # users group global
user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
.options(joinedload(UsersGroupToPerm.permission))\
.join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid).all()
for perm in user_perms_from_users_groups:
user.permissions[GLOBAL].add(perm.permission.permission_name)
user defined permission will update the global permissions, and overwrite default settings.
r1267
permission comments + out identation for better readability
r2186 # users group for repositories permissions
user_repo_perms_from_users_groups = \
self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
.join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\
.join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\
.join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid)\
.all()
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 for perm in user_repo_perms_from_users_groups:
r_k = perm.UsersGroupRepoToPerm.repository.repo_name
p = perm.Permission.permission_name
cur_perm = user.permissions[RK][r_k]
# overwrite permission only if it's greater than permission
# given from other sources
if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
#227 Initial version of repository groups permissions system...
r1982 user.permissions[RK][r_k] = p
Major rewrite of auth objects. Moved parts of filling user data into user model....
r1117
permission comments + out identation for better readability
r2186 # REPO GROUP
#==================================================================
# get access for this user for repos group and override defaults
#==================================================================
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269
permission comments + out identation for better readability
r2186 # user explicit permissions for repository
user_repo_groups_perms = \
self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
.join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
.join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
.filter(UserRepoGroupToPerm.user_id == uid)\
.all()
tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
r1269
permission comments + out identation for better readability
r2186 for perm in user_repo_groups_perms:
rg_k = perm.UserRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
cur_perm = user.permissions[GK][rg_k]
if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
user.permissions[GK][rg_k] = p
#227 Initial version of repository groups permissions system...
r1982
permission comments + out identation for better readability
r2186 # REPO GROUP + USER GROUP
#==================================================================
# check if user is part of user groups for this repo group and
# fill in (or replace with higher) permissions
#==================================================================
#399 added inheritance of permissions for users group on repos groups
r2129
permission comments + out identation for better readability
r2186 # users group for repositories permissions
user_repo_group_perms_from_users_groups = \
self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\
.join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
.join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\
.join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid)\
.all()
#399 added inheritance of permissions for users group on repos groups
r2129
permission comments + out identation for better readability
r2186 for perm in user_repo_group_perms_from_users_groups:
g_k = perm.UsersGroupRepoGroupToPerm.group.group_name
p = perm.Permission.permission_name
cur_perm = user.permissions[GK][g_k]
# overwrite permission only if it's greater than permission
# given from other sources
if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
user.permissions[GK][g_k] = p
#399 added inheritance of permissions for users group on repos groups
r2129
#49 Enabled anonymous access for web interface controllable from permissions pannel
r673 return user
fixes #288...
r1594
commit less models...
r1749 def has_perm(self, user, perm):
if not isinstance(perm, Permission):
fixed repo_create permission by adding missing commit statements...
r1758 raise Exception('perm needs to be an instance of Permission class '
'got %s instead' % type(perm))
commit less models...
r1749
user = self.__get_user(user)
fixed repo_create permission by adding missing commit statements...
r1758 return UserToPerm.query().filter(UserToPerm.user == user)\
commit less models...
r1749 .filter(UserToPerm.permission == perm).scalar() is not None
def grant_perm(self, user, perm):
#227 Initial version of repository groups permissions system...
r1982 """
Grant user global permissions
commit less models...
r1749
#227 Initial version of repository groups permissions system...
r1982 :param user:
:param perm:
"""
commit less models...
r1749 user = self.__get_user(user)
#227 Initial version of repository groups permissions system...
r1982 perm = self.__get_perm(perm)
fixes issue when user tried to resubmit same permission into user/user_groups
r2078 # if this permission is already granted skip it
_perm = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm)\
.scalar()
if _perm:
return
commit less models...
r1749 new = UserToPerm()
fixed repo_create permission by adding missing commit statements...
r1758 new.user = user
commit less models...
r1749 new.permission = perm
self.sa.add(new)
def revoke_perm(self, user, perm):
#227 Initial version of repository groups permissions system...
r1982 """
Revoke users global permissions
auto white-space removal
r1818
#227 Initial version of repository groups permissions system...
r1982 :param user:
:param perm:
"""
commit less models...
r1749 user = self.__get_user(user)
#227 Initial version of repository groups permissions system...
r1982 perm = self.__get_perm(perm)
auto white-space removal
r1818
fixes issue when user tried to resubmit same permission into user/user_groups
r2078 obj = UserToPerm.query()\
.filter(UserToPerm.user == user)\
.filter(UserToPerm.permission == perm)\
.scalar()
fixed repo_create permission by adding missing commit statements...
r1758 if obj:
self.sa.delete(obj)