##// END OF EJS Templates
Added --no-public-access / --public-access flags into setup-rhodecode...
Added --no-public-access / --public-access flags into setup-rhodecode command to enable setup without public access

File last commit:

r3974:39798d53 default
r4028:c3245a04 default
Show More
repos_group.py
443 lines | 17.0 KiB | text/x-python | PythonLexer
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 # -*- coding: utf-8 -*-
"""
rhodecode.model.user_group
~~~~~~~~~~~~~~~~~~~~~~~~~~
Mads Kiilerich
"Users groups" is grammatically incorrect English - rename to "user groups"...
r3410 repo group model for RhodeCode
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
:created_on: Jan 25, 2011
:author: marcink
2012 copyrights
r1824 :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 :license: GPLv3, see COPYING for more details.
"""
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import logging
import traceback
#47 implemented basic edition of groups
r1347 import shutil
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will...
r2961 import datetime
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
utils/conf...
r2109 from rhodecode.lib.utils2 import LazyProperty
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
from rhodecode.model import BaseModel
#227 Initial version of repository groups permissions system...
r1982 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
Mads Kiilerich
further cleanup of UsersGroup...
r3417 User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 log = logging.getLogger(__name__)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 class ReposGroupModel(BaseModel):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Added associated classes into child models
r2522 cls = RepoGroup
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 def _get_user_group(self, users_group):
Mads Kiilerich
further cleanup of UsersGroup...
r3417 return self._get_instance(UserGroup, users_group,
callback=UserGroup.get_by_group_name)
#227 Initial version of repository groups permissions system...
r1982
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 def _get_repo_group(self, repos_group):
#227 Initial version of repository groups permissions system...
r1982 return self._get_instance(RepoGroup, repos_group,
callback=RepoGroup.get_by_group_name)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 @LazyProperty
Nicolas VINOT
Correct code style
r1593 def repos_path(self):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
Get's the repositories root path from database
"""
Added form for controlling mercurial extensions...
r2708 q = RhodeCodeUi.get_by_key('/')
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 return q.ui_value
#227 Initial version of repository groups permissions system...
r1982 def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
New default permissions definition for user group create
r3734 def_user = User.get_default_user()
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 for p in def_user.user_perms:
#227 Initial version of repository groups permissions system...
r1982 if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
break
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repo_group_to_perm = UserRepoGroupToPerm()
repo_group_to_perm.permission = Permission.get_by_key(default_perm)
#227 Initial version of repository groups permissions system...
r1982
repo_group_to_perm.group = new_group
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repo_group_to_perm.user_id = def_user.user_id
return repo_group_to_perm
#227 Initial version of repository groups permissions system...
r1982
fixes #288...
r1594 def __create_group(self, group_name):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
Mads Kiilerich
follow-up on texts missing from 'users groups'/'repositories group' cleanup
r3416 makes repository group on filesystem
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
:param repo_name:
:param parent_id:
"""
fixes #288...
r1594 create_path = os.path.join(self.repos_path, group_name)
garden...
r1976 log.debug('creating new group in %s' % create_path)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 if os.path.isdir(create_path):
raise Exception('That directory already exists !')
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 os.makedirs(create_path)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
fixes #288...
r1594 def __rename_group(self, old, new):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
Renames a group on filesystem
auto white-space removal
r1818
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 :param group_name:
"""
fixes #288...
r1594
if old == new:
log.debug('skipping group rename')
return
Mads Kiilerich
Fix 'repos group' - it is 'repository group'
r3653 log.debug('renaming repository group from %s to %s' % (old, new))
#47 implemented basic edition of groups
r1347
fixes #288...
r1594 old_path = os.path.join(self.repos_path, old)
new_path = os.path.join(self.repos_path, new)
#47 added editing of groups, and moving them between. Added check constraint for groups...
r1349
garden...
r1976 log.debug('renaming repos paths from %s to %s' % (old_path, new_path))
#47 added editing of groups, and moving them between. Added check constraint for groups...
r1349
Nicolas VINOT
Correct code style
r1593 if os.path.isdir(new_path):
raise Exception('Was trying to rename to already '
'existing dir %s' % new_path)
shutil.move(old_path, new_path)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def __delete_group(self, group, force_delete=False):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
Deletes a group from a filesystem
auto white-space removal
r1818
#47 implemented deleting of empty groups. Fixed problem with full paths on nested groups
r1346 :param group: instance of group from database
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 :param force_delete: use shutil rmtree to remove all objects
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 """
refactoring of models names for repoGroup permissions
r1633 paths = group.full_path.split(RepoGroup.url_sep())
Nicolas VINOT
Correct code style
r1593 paths = os.sep.join(paths)
#47 implemented deleting of empty groups. Fixed problem with full paths on nested groups
r1346
Nicolas VINOT
Correct code style
r1593 rm_path = os.path.join(self.repos_path, paths)
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will...
r2961 log.info("Removing group %s" % (rm_path))
# delete only if that path really exists
fixes #288...
r1594 if os.path.isdir(rm_path):
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 if force_delete:
shutil.rmtree(rm_path)
else:
deleting a group now does same archive operation like deleting repositories. Improve prompt that show number of repos that will...
r2961 #archive that group`
_now = datetime.datetime.now()
_ms = str(_now.microsecond).rjust(6, '0')
_d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
group.name)
shutil.move(rm_path, os.path.join(self.repos_path, _d))
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Group management delegation:...
r3222 def create(self, group_name, group_description, owner, parent=None, just_db=False):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 try:
Repository groups: super admin shouldn't have the permission set...
r3853 user = self._get_user(owner)
refactoring of models names for repoGroup permissions
r1633 new_repos_group = RepoGroup()
Repository groups: super admin shouldn't have the permission set...
r3853 new_repos_group.user = user
Group management delegation:...
r3222 new_repos_group.group_description = group_description or group_name
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 new_repos_group.parent_group = self._get_repo_group(parent)
#227 Initial version of repository groups permissions system...
r1982 new_repos_group.group_name = new_repos_group.get_new_name(group_name)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
Correct code style
r1593 self.sa.add(new_repos_group)
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 perm_obj = self._create_default_perms(new_repos_group)
self.sa.add(perm_obj)
#227 Initial version of repository groups permissions system...
r1982
Repository groups: super admin shouldn't have the permission set...
r3853 #create an ADMIN permission for owner except if we're super admin,
#later owner should go into the owner field of groups
if not user.is_admin:
self.grant_user_permission(repos_group=new_repos_group,
user=owner, perm='group.admin')
Group management delegation:...
r3222
#227 Initial version of repository groups permissions system...
r1982 if not just_db:
# we need to flush here, in order to check if database won't
# throw any exceptions, create filesystem dirs at the very end
self.sa.flush()
self.__create_group(new_repos_group.group_name)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
Nicolas VINOT
[API] Create groups needed when creating repo
r1589 return new_repos_group
Don't catch all exceptions
r3631 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 raise
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def _update_permissions(self, repos_group, perms_new=None,
Add flag for permission check in _update_permissions function
r3827 perms_updates=None, recursive=False,
check_perms=True):
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 from rhodecode.model.repo import RepoModel
managing users groups enforce permissions checks....
r3789 from rhodecode.lib.auth import HasUserGroupPermissionAny
Add flag for permission check in _update_permissions function
r3827
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 if not perms_new:
perms_new = []
if not perms_updates:
perms_updates = []
def _set_perm_user(obj, user, perm):
if isinstance(obj, RepoGroup):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 self.grant_user_permission(
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 repos_group=obj, user=user, perm=perm
)
elif isinstance(obj, Repository):
When using apply to children flag in repo group permission...
r3974 # private repos will not allow to change the default permissions
# using recursive mode
if obj.private and user == User.DEFAULT_USER:
recursive mode of setting permission should skip private repositories, they should remain private, it's proper thing to do !
r3221 return
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 # we set group permission but we have to switch to repo
# permission
perm = perm.replace('group.', 'repository.')
RepoModel().grant_user_permission(
repo=obj, user=user, perm=perm
)
def _set_perm_group(obj, users_group, perm):
if isinstance(obj, RepoGroup):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 self.grant_users_group_permission(
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 repos_group=obj, group_name=users_group, perm=perm
)
elif isinstance(obj, Repository):
# we set group permission but we have to switch to repo
# permission
perm = perm.replace('group.', 'repository.')
RepoModel().grant_users_group_permission(
repo=obj, group_name=users_group, perm=perm
)
When using apply to children flag in repo group permission...
r3974
# start updates
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 updates = []
log.debug('Now updating permissions for %s in recursive mode:%s'
% (repos_group, recursive))
for obj in repos_group.recursive_groups_and_repos():
recursive mode of setting permission should skip private repositories, they should remain private, it's proper thing to do !
r3221 #obj is an instance of a group or repositories in that group
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 if not recursive:
obj = repos_group
# update permissions
for member, perm, member_type in perms_updates:
## set for user
if member_type == 'user':
# this updates also current one if found
_set_perm_user(obj, user=member, perm=perm)
Mads Kiilerich
"Users groups" is grammatically incorrect English - rename to "user groups"...
r3410 ## set for user group
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 else:
managing users groups enforce permissions checks....
r3789 #check if we have permissions to alter this usergroup
Add flag for permission check in _update_permissions function
r3827 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
managing users groups enforce permissions checks....
r3789 _set_perm_group(obj, users_group=member, perm=perm)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 # set new permissions
for member, perm, member_type in perms_new:
if member_type == 'user':
_set_perm_user(obj, user=member, perm=perm)
else:
managing users groups enforce permissions checks....
r3789 #check if we have permissions to alter this usergroup
Add flag for permission check in _update_permissions function
r3827 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
managing users groups enforce permissions checks....
r3789 _set_perm_group(obj, users_group=member, perm=perm)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 updates.append(obj)
#if it's not recursive call
# break the loop and don't proceed with other changes
if not recursive:
break
return updates
Group management delegation:...
r3222 def update(self, repos_group, form_data):
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345
try:
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repos_group = self._get_repo_group(repos_group)
fixes #288...
r1594 old_path = repos_group.full_path
another major refactoring with session management
r1734
fixes #288...
r1594 # change properties
repos_group.group_description = form_data['group_description']
fixes issue #366 setting null on parent_group didn't propagate to actually db field....
r2059 repos_group.group_parent_id = form_data['group_parent_id']
Recursive set locking on all children of a group.
r2749 repos_group.enable_locking = form_data['enable_locking']
fixed issue with renaming repos group together with changing parents with multiple nested trees...
r3459
repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
fixes #288...
r1594 repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
new_path = repos_group.full_path
Nicolas VINOT
Correct code style
r1593 self.sa.add(repos_group)
#47 implemented basic edition of groups
r1347
fixed issue with renaming repos group together with changing parents with multiple nested trees...
r3459 # iterate over all members of this groups and do fixes
# set locking if given
# if obj is a repoGroup also fix the name of the group according
# to the parent
# if obj is a Repo fix it's name
Recursive set locking on all children of a group.
r2749 # this can be potentially heavy operation
for obj in repos_group.recursive_groups_and_repos():
#set the value from it's parent
obj.enable_locking = repos_group.enable_locking
fixed issue with renaming repos group together with changing parents with multiple nested trees...
r3459 if isinstance(obj, RepoGroup):
new_name = obj.get_new_name(obj.name)
log.debug('Fixing group %s to new name %s' \
% (obj.group_name, new_name))
obj.group_name = new_name
elif isinstance(obj, Repository):
# we need to get all repositories from this new group and
# rename them accordingly to new group path
new_name = obj.get_new_name(obj.just_name)
log.debug('Fixing repo %s to new name %s' \
% (obj.repo_name, new_name))
obj.repo_name = new_name
Recursive set locking on all children of a group.
r2749 self.sa.add(obj)
fixes issue #366 setting null on parent_group didn't propagate to actually db field....
r2059 self.__rename_group(old_path, new_path)
fixes #288...
r1594 return repos_group
Don't catch all exceptions
r3631 except Exception:
Nicolas VINOT
Correct code style
r1593 log.error(traceback.format_exc())
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 raise
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def delete(self, repos_group, force_delete=False):
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repos_group = self._get_repo_group(repos_group)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 try:
Switched forms to new validators
r2467 self.sa.delete(repos_group)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 self.__delete_group(repos_group, force_delete)
Don't catch all exceptions
r3631 except Exception:
remove log.exception call
r3166 log.error('Error removing repos_group %s' % repos_group)
#47 implemented Adding of new repo_groups+forms+validators. Fixed sorting of repo groups by main names in multiple locations. Removed some unneeded calls to self.sa for exchange to .query() methods....
r1345 raise
#227 Initial version of repository groups permissions system...
r1982
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 def delete_permission(self, repos_group, obj, obj_type, recursive):
"""
Revokes permission for repos_group for given obj(user or users_group),
Mads Kiilerich
"Users groups" is grammatically incorrect English - rename to "user groups"...
r3410 obj_type can be user or user group
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820
:param repos_group:
Mads Kiilerich
"Users groups" is grammatically incorrect English - rename to "user groups"...
r3410 :param obj: user or user group id
:param obj_type: user or user group type
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 :param recursive: recurse to all children of group
"""
from rhodecode.model.repo import RepoModel
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repos_group = self._get_repo_group(repos_group)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820
for el in repos_group.recursive_groups_and_repos():
if not recursive:
# if we don't recurse set the permission on only the top level
# object
el = repos_group
if isinstance(el, RepoGroup):
if obj_type == 'user':
ReposGroupModel().revoke_user_permission(el, user=obj)
elif obj_type == 'users_group':
ReposGroupModel().revoke_users_group_permission(el, group_name=obj)
else:
raise Exception('undefined object type %s' % obj_type)
elif isinstance(el, Repository):
if obj_type == 'user':
RepoModel().revoke_user_permission(el, user=obj)
elif obj_type == 'users_group':
RepoModel().revoke_users_group_permission(el, group_name=obj)
else:
raise Exception('undefined object type %s' % obj_type)
#if it's not recursive call
# break the loop and don't proceed with other changes
if not recursive:
break
#227 Initial version of repository groups permissions system...
r1982 def grant_user_permission(self, repos_group, user, perm):
"""
Mads Kiilerich
follow-up on texts missing from 'users groups'/'repositories group' cleanup
r3416 Grant permission for user on given repository group, or update
#227 Initial version of repository groups permissions system...
r1982 existing one if found
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
:param perm: Instance of Permission, or permission_name
"""
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repos_group = self._get_repo_group(repos_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 user = self._get_user(user)
permission = self._get_perm(perm)
#227 Initial version of repository groups permissions system...
r1982
# check if we have that permission already
obj = self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == user)\
.filter(UserRepoGroupToPerm.group == repos_group)\
.scalar()
if obj is None:
# create new !
obj = UserRepoGroupToPerm()
obj.group = repos_group
obj.user = user
obj.permission = permission
self.sa.add(obj)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
#227 Initial version of repository groups permissions system...
r1982
def revoke_user_permission(self, repos_group, user):
"""
Mads Kiilerich
follow-up on texts missing from 'users groups'/'repositories group' cleanup
r3416 Revoke permission for user on given repository group
#227 Initial version of repository groups permissions system...
r1982
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param user: Instance of User, user_id or username
"""
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repos_group = self._get_repo_group(repos_group)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 user = self._get_user(user)
#227 Initial version of repository groups permissions system...
r1982
obj = self.sa.query(UserRepoGroupToPerm)\
.filter(UserRepoGroupToPerm.user == user)\
.filter(UserRepoGroupToPerm.group == repos_group)\
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 .scalar()
if obj:
self.sa.delete(obj)
log.debug('Revoked perm on %s on %s' % (repos_group, user))
#227 Initial version of repository groups permissions system...
r1982
def grant_users_group_permission(self, repos_group, group_name, perm):
"""
Mads Kiilerich
follow-up on texts missing from 'users groups'/'repositories group' cleanup
r3416 Grant permission for user group on given repository group, or update
#227 Initial version of repository groups permissions system...
r1982 existing one if found
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param group_name: Instance of UserGroup, users_group_id,
Mads Kiilerich
"Users groups" is grammatically incorrect English - rename to "user groups"...
r3410 or user group name
#227 Initial version of repository groups permissions system...
r1982 :param perm: Instance of Permission, or permission_name
"""
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repos_group = self._get_repo_group(repos_group)
group_name = self._get_user_group(group_name)
Share common getter functions in base model, and remove duplicated functions from other models
r2432 permission = self._get_perm(perm)
#227 Initial version of repository groups permissions system...
r1982
# check if we have that permission already
Mads Kiilerich
further cleanup of UsersGroup...
r3417 obj = self.sa.query(UserGroupRepoGroupToPerm)\
.filter(UserGroupRepoGroupToPerm.group == repos_group)\
.filter(UserGroupRepoGroupToPerm.users_group == group_name)\
#227 Initial version of repository groups permissions system...
r1982 .scalar()
if obj is None:
# create new
Mads Kiilerich
further cleanup of UsersGroup...
r3417 obj = UserGroupRepoGroupToPerm()
#227 Initial version of repository groups permissions system...
r1982
obj.group = repos_group
obj.users_group = group_name
obj.permission = permission
self.sa.add(obj)
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
#227 Initial version of repository groups permissions system...
r1982
def revoke_users_group_permission(self, repos_group, group_name):
"""
Mads Kiilerich
follow-up on texts missing from 'users groups'/'repositories group' cleanup
r3416 Revoke permission for user group on given repository group
#227 Initial version of repository groups permissions system...
r1982
:param repos_group: Instance of ReposGroup, repositories_group_id,
or repositories_group name
:param group_name: Instance of UserGroup, users_group_id,
Mads Kiilerich
"Users groups" is grammatically incorrect English - rename to "user groups"...
r3410 or user group name
#227 Initial version of repository groups permissions system...
r1982 """
- Manage User’s Groups: create, delete, rename, add/remove users inside....
r3714 repos_group = self._get_repo_group(repos_group)
group_name = self._get_user_group(group_name)
#227 Initial version of repository groups permissions system...
r1982
Mads Kiilerich
further cleanup of UsersGroup...
r3417 obj = self.sa.query(UserGroupRepoGroupToPerm)\
.filter(UserGroupRepoGroupToPerm.group == repos_group)\
.filter(UserGroupRepoGroupToPerm.users_group == group_name)\
Permissions on group can be set in recursive mode setting defined permission to all children...
r2820 .scalar()
if obj:
self.sa.delete(obj)
log.debug('Revoked perm to %s on %s' % (repos_group, group_name))