permissions.py
217 lines
| 8.2 KiB
| text/x-python
|
PythonLexer
r547 | #!/usr/bin/env python | |||
# encoding: utf-8 | ||||
# permissions controller for pylons | ||||
# Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> | ||||
# | ||||
# This program is free software; you can redistribute it and/or | ||||
# modify it under the terms of the GNU General Public License | ||||
# as published by the Free Software Foundation; version 2 | ||||
# of the License or (at your opinion) any later version of the license. | ||||
# | ||||
# This program is distributed in the hope that it will be useful, | ||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
# | ||||
# You should have received a copy of the GNU General Public License | ||||
# along with this program; if not, write to the Free Software | ||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | ||||
# MA 02110-1301, USA. | ||||
""" | ||||
Created on April 27, 2010 | ||||
permissions controller for pylons | ||||
@author: marcink | ||||
""" | ||||
from formencode import htmlfill | ||||
from pylons import request, session, tmpl_context as c, url | ||||
from pylons.controllers.util import abort, redirect | ||||
from pylons.i18n.translation import _ | ||||
from rhodecode.lib import helpers as h | ||||
from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator | ||||
r705 | from rhodecode.lib.auth_ldap import LdapImportError | |||
r547 | from rhodecode.lib.base import BaseController, render | |||
r705 | from rhodecode.model.forms import LdapSettingsForm, DefaultPermissionsForm | |||
r692 | from rhodecode.model.permission import PermissionModel | |||
r705 | from rhodecode.model.settings import SettingsModel | |||
r629 | from rhodecode.model.user import UserModel | |||
r547 | import formencode | |||
import logging | ||||
import traceback | ||||
log = logging.getLogger(__name__) | ||||
class PermissionsController(BaseController): | ||||
"""REST Controller styled on the Atom Publishing Protocol""" | ||||
# To properly map this controller, ensure your config/routing.py | ||||
# file has a resource setup: | ||||
# map.resource('permission', 'permissions') | ||||
r629 | ||||
r547 | @LoginRequired() | |||
@HasPermissionAllDecorator('hg.admin') | ||||
def __before__(self): | ||||
c.admin_user = session.get('admin_user') | ||||
c.admin_username = session.get('admin_username') | ||||
super(PermissionsController, self).__before__() | ||||
r629 | ||||
r547 | self.perms_choices = [('repository.none', _('None'),), | |||
('repository.read', _('Read'),), | ||||
('repository.write', _('Write'),), | ||||
('repository.admin', _('Admin'),)] | ||||
self.register_choices = [ | ||||
r673 | ('hg.register.none', | |||
_('disabled')), | ||||
r547 | ('hg.register.manual_activate', | |||
r673 | _('allowed with manual account activation')), | |||
r547 | ('hg.register.auto_activate', | |||
r673 | _('allowed with automatic account activation')), ] | |||
r629 | ||||
r547 | self.create_choices = [('hg.create.none', _('Disabled')), | |||
r629 | ('hg.create.repository', _('Enabled'))] | |||
r547 | ||||
r629 | ||||
r547 | def index(self, format='html'): | |||
"""GET /permissions: All items in the collection""" | ||||
# url('permissions') | ||||
def create(self): | ||||
"""POST /permissions: Create a new item""" | ||||
# url('permissions') | ||||
def new(self, format='html'): | ||||
"""GET /permissions/new: Form to create a new item""" | ||||
# url('new_permission') | ||||
def update(self, id): | ||||
"""PUT /permissions/id: Update an existing item""" | ||||
# Forms posted to this method should contain a hidden field: | ||||
# <input type="hidden" name="_method" value="PUT" /> | ||||
# Or using helpers: | ||||
# h.form(url('permission', id=ID), | ||||
# method='put') | ||||
# url('permission', id=ID) | ||||
r629 | ||||
r547 | permission_model = PermissionModel() | |||
r629 | ||||
r547 | _form = DefaultPermissionsForm([x[0] for x in self.perms_choices], | |||
[x[0] for x in self.register_choices], | ||||
[x[0] for x in self.create_choices])() | ||||
r629 | ||||
r547 | try: | |||
form_result = _form.to_python(dict(request.POST)) | ||||
form_result.update({'perm_user_name':id}) | ||||
permission_model.update(form_result) | ||||
r705 | h.flash(_('Default permissions updated successfully'), | |||
r547 | category='success') | |||
r629 | ||||
r564 | except formencode.Invalid, errors: | |||
r547 | c.perms_choices = self.perms_choices | |||
c.register_choices = self.register_choices | ||||
c.create_choices = self.create_choices | ||||
r705 | defaults = errors.value | |||
defaults.update(SettingsModel().get_ldap_settings()) | ||||
r629 | ||||
r547 | return htmlfill.render( | |||
render('admin/permissions/permissions.html'), | ||||
r705 | defaults=defaults, | |||
r547 | errors=errors.error_dict or {}, | |||
prefix_error=False, | ||||
r629 | encoding="UTF-8") | |||
r547 | except Exception: | |||
log.error(traceback.format_exc()) | ||||
h.flash(_('error occured during update of permissions'), | ||||
category='error') | ||||
r629 | ||||
r547 | return redirect(url('edit_permission', id=id)) | |||
r629 | ||||
r547 | ||||
def delete(self, id): | ||||
"""DELETE /permissions/id: Delete an existing item""" | ||||
# Forms posted to this method should contain a hidden field: | ||||
# <input type="hidden" name="_method" value="DELETE" /> | ||||
# Or using helpers: | ||||
# h.form(url('permission', id=ID), | ||||
# method='delete') | ||||
# url('permission', id=ID) | ||||
def show(self, id, format='html'): | ||||
"""GET /permissions/id: Show a specific item""" | ||||
# url('permission', id=ID) | ||||
def edit(self, id, format='html'): | ||||
"""GET /permissions/id/edit: Form to edit an existing item""" | ||||
#url('edit_permission', id=ID) | ||||
c.perms_choices = self.perms_choices | ||||
c.register_choices = self.register_choices | ||||
c.create_choices = self.create_choices | ||||
r629 | ||||
r547 | if id == 'default': | |||
r673 | default_user = UserModel().get_by_username('default') | |||
defaults = {'_method':'put', | ||||
'anonymous':default_user.active} | ||||
r705 | defaults.update(SettingsModel().get_ldap_settings()) | |||
r673 | for p in default_user.user_perms: | |||
r547 | if p.permission.permission_name.startswith('repository.'): | |||
r629 | defaults['default_perm'] = p.permission.permission_name | |||
r547 | if p.permission.permission_name.startswith('hg.register.'): | |||
defaults['default_register'] = p.permission.permission_name | ||||
r629 | ||||
r547 | if p.permission.permission_name.startswith('hg.create.'): | |||
defaults['default_create'] = p.permission.permission_name | ||||
r629 | ||||
r547 | return htmlfill.render( | |||
render('admin/permissions/permissions.html'), | ||||
defaults=defaults, | ||||
encoding="UTF-8", | ||||
r629 | force_defaults=True,) | |||
r547 | else: | |||
return redirect(url('admin_home')) | ||||
r705 | ||||
def ldap(self, id_user='default'): | ||||
""" | ||||
POST ldap create and store ldap settings | ||||
""" | ||||
settings_model = SettingsModel() | ||||
_form = LdapSettingsForm()() | ||||
try: | ||||
form_result = _form.to_python(dict(request.POST)) | ||||
try: | ||||
for k, v in form_result.items(): | ||||
if k.startswith('ldap_'): | ||||
setting = settings_model.get(k) | ||||
setting.app_settings_value = v | ||||
self.sa.add(setting) | ||||
self.sa.commit() | ||||
h.flash(_('Ldap settings updated successfully'), | ||||
category='success') | ||||
except: | ||||
raise | ||||
except LdapImportError: | ||||
h.flash(_('Unable to activate ldap. The "ldap-python" library ' | ||||
'is missing.'), | ||||
category='warning') | ||||
except formencode.Invalid, errors: | ||||
c.perms_choices = self.perms_choices | ||||
c.register_choices = self.register_choices | ||||
c.create_choices = self.create_choices | ||||
return htmlfill.render( | ||||
render('admin/permissions/permissions.html'), | ||||
defaults=errors.value, | ||||
errors=errors.error_dict or {}, | ||||
prefix_error=False, | ||||
encoding="UTF-8") | ||||
except Exception: | ||||
log.error(traceback.format_exc()) | ||||
h.flash(_('error occured during update of ldap settings'), | ||||
category='error') | ||||
return redirect(url('edit_permission', id=id_user)) | ||||