diff --git a/rhodecode/controllers/admin/users.py b/rhodecode/controllers/admin/users.py --- a/rhodecode/controllers/admin/users.py +++ b/rhodecode/controllers/admin/users.py @@ -27,12 +27,13 @@ from formencode import htmlfill from pylons import request, session, tmpl_context as c, url from pylons.controllers.util import abort, redirect from pylons.i18n.translation import _ +from rhodecode.lib.exceptions import * from rhodecode.lib import helpers as h from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator from rhodecode.lib.base import BaseController, render -from rhodecode.model.db import User, UserLog +from rhodecode.model.db import User from rhodecode.model.forms import UserForm -from rhodecode.model.user import UserModel, DefaultUserException +from rhodecode.model.user import UserModel import formencode import logging import traceback @@ -135,7 +136,7 @@ class UsersController(BaseController): try: user_model.delete(id) h.flash(_('sucessfully deleted user'), category='success') - except DefaultUserException, e: + except (UserOwnsReposException, DefaultUserException), e: h.flash(str(e), category='warning') except Exception: h.flash(_('An error occured during deletion of user'), diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py --- a/rhodecode/lib/auth.py +++ b/rhodecode/lib/auth.py @@ -24,8 +24,9 @@ Created on April 4, 2010 """ from pylons import config, session, url, request from pylons.controllers.util import abort, redirect +from rhodecode.lib.exceptions import * from rhodecode.lib.utils import get_repo_slug -from rhodecode.lib.auth_ldap import AuthLdap, UsernameError, PasswordError +from rhodecode.lib.auth_ldap import AuthLdap from rhodecode.model import meta from rhodecode.model.user import UserModel from rhodecode.model.caching_query import FromCache @@ -129,7 +130,7 @@ def authfunc(environ, username, password log.info('created new ldap user') return authenticated - except (UsernameError, PasswordError): + except (LdapUsernameError, LdapPasswordError): return False except: log.error(traceback.format_exc()) diff --git a/rhodecode/lib/auth_ldap.py b/rhodecode/lib/auth_ldap.py --- a/rhodecode/lib/auth_ldap.py +++ b/rhodecode/lib/auth_ldap.py @@ -1,17 +1,29 @@ -#============================================================================== -# LDAP -#Name = Just a description for the auth modes page -#Host = DepartmentName.OrganizationName.local/ IP -#Port = 389 default for ldap -#LDAPS = no set True if You need to use ldaps -#Account = DepartmentName\UserName (or UserName@MyDomain depending on AD server) -#Password = -#Base DN = DC=DepartmentName,DC=OrganizationName,DC=local +#!/usr/bin/env python +# encoding: utf-8 +# ldap authentication lib +# Copyright (C) 2009-2010 Marcin Kuzminski +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 +# of the License or (at your opinion) any later version of the license. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301, USA. +""" +Created on Nov 17, 2010 -#============================================================================== +@author: marcink +""" -from rhodecode.lib.exceptions import LdapImportError, UsernameError, \ - PasswordError, ConnectionError +from rhodecode.lib.exceptions import * import logging log = logging.getLogger(__name__) @@ -61,7 +73,7 @@ class AuthLdap(object): dn = self.AUTH_DN % (uid, self.BASE_DN) log.debug("Authenticating %r at %s", dn, self.LDAP_SERVER) if "," in username: - raise UsernameError("invalid character in username: ,") + raise LdapUsernameError("invalid character in username: ,") try: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/openldap/cacerts') ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10) @@ -82,12 +94,12 @@ class AuthLdap(object): raise ldap.NO_SUCH_OBJECT() except ldap.NO_SUCH_OBJECT, e: log.debug("LDAP says no such user '%s' (%s)", uid, username) - raise UsernameError() + raise LdapUsernameError() except ldap.INVALID_CREDENTIALS, e: log.debug("LDAP rejected password for user '%s' (%s)", uid, username) - raise PasswordError() + raise LdapPasswordError() except ldap.SERVER_DOWN, e: - raise ConnectionError("LDAP can't access authentication server") + raise LdapConnectionError("LDAP can't access authentication server") return properties[0] diff --git a/rhodecode/lib/exceptions.py b/rhodecode/lib/exceptions.py --- a/rhodecode/lib/exceptions.py +++ b/rhodecode/lib/exceptions.py @@ -23,7 +23,10 @@ Custom Exceptions modules @author: marcink """ -class UsernameError(Exception):pass -class PasswordError(Exception):pass -class ConnectionError(Exception):pass +class LdapUsernameError(Exception):pass +class LdapPasswordError(Exception):pass +class LdapConnectionError(Exception):pass class LdapImportError(Exception):pass + +class DefaultUserException(Exception):pass +class UserOwnsReposException(Exception):pass diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py --- a/rhodecode/model/db.py +++ b/rhodecode/model/db.py @@ -48,6 +48,8 @@ class User(Base): user_log = relation('UserLog', cascade='all') user_perms = relation('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all') + repositories = relation('Repository') + @LazyProperty def full_contact(self): return '%s %s <%s>' % (self.name, self.lastname, self.email) diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py --- a/rhodecode/model/user.py +++ b/rhodecode/model/user.py @@ -27,12 +27,13 @@ from pylons.i18n.translation import _ from rhodecode.model.caching_query import FromCache from rhodecode.model.db import User from rhodecode.model.meta import Session +from rhodecode.lib.exceptions import * import logging import traceback log = logging.getLogger(__name__) -class DefaultUserException(Exception):pass + class UserModel(object): @@ -128,6 +129,7 @@ class UserModel(object): raise DefaultUserException( _("You can't Edit this user since it's" " crucial for entire application")) + for k, v in form_data.items(): if k == 'new_password' and v != '': new_user.password = v @@ -169,6 +171,12 @@ class UserModel(object): raise DefaultUserException( _("You can't remove this user since it's" " crucial for entire application")) + if user.repositories: + raise UserOwnsReposException(_('This user still owns %s ' + 'repositories and cannot be ' + 'removed. Switch owners or ' + 'remove those repositories') \ + % user.repositories) self.sa.delete(user) self.sa.commit() except: