diff --git a/rhodecode/config/routing.py b/rhodecode/config/routing.py
--- a/rhodecode/config/routing.py
+++ b/rhodecode/config/routing.py
@@ -68,6 +68,15 @@ def make_map(config):
return is_valid_repos_group(repos_group_name, config['base_path'],
skip_path_check=True)
+ def check_user_group(environ, match_dict):
+ """
+ check for valid user group for proper 404 handling
+
+ :param environ:
+ :param match_dict:
+ """
+ return True
+
def check_int(environ, match_dict):
return match_dict.get('id').isdigit()
@@ -266,7 +275,8 @@ def make_map(config):
m.connect("delete_users_group", "/users_groups/{id}",
action="delete", conditions=dict(method=["DELETE"]))
m.connect("edit_users_group", "/users_groups/{id}/edit",
- action="edit", conditions=dict(method=["GET"]))
+ action="edit", conditions=dict(method=["GET"]),
+ function=check_user_group)
m.connect("formatted_edit_users_group",
"/users_groups/{id}.{format}/edit",
action="edit", conditions=dict(method=["GET"]))
diff --git a/rhodecode/controllers/admin/permissions.py b/rhodecode/controllers/admin/permissions.py
--- a/rhodecode/controllers/admin/permissions.py
+++ b/rhodecode/controllers/admin/permissions.py
@@ -55,15 +55,19 @@ class PermissionsController(BaseControll
def __before__(self):
super(PermissionsController, self).__before__()
- self.repo_perms_choices = [('repository.none', _('None'),),
+ c.repo_perms_choices = [('repository.none', _('None'),),
('repository.read', _('Read'),),
('repository.write', _('Write'),),
('repository.admin', _('Admin'),)]
- self.group_perms_choices = [('group.none', _('None'),),
- ('group.read', _('Read'),),
- ('group.write', _('Write'),),
- ('group.admin', _('Admin'),)]
- self.register_choices = [
+ c.group_perms_choices = [('group.none', _('None'),),
+ ('group.read', _('Read'),),
+ ('group.write', _('Write'),),
+ ('group.admin', _('Admin'),)]
+ c.user_group_perms_choices = [('usergroup.none', _('None'),),
+ ('usergroup.read', _('Read'),),
+ ('usergroup.write', _('Write'),),
+ ('usergroup.admin', _('Admin'),)]
+ c.register_choices = [
('hg.register.none',
_('Disabled')),
('hg.register.manual_activate',
@@ -71,18 +75,17 @@ class PermissionsController(BaseControll
('hg.register.auto_activate',
_('Allowed with automatic account activation')), ]
- self.create_choices = [('hg.create.none', _('Disabled')),
- ('hg.create.repository', _('Enabled'))]
+ c.repo_create_choices = [('hg.create.none', _('Disabled')),
+ ('hg.create.repository', _('Enabled'))]
- self.fork_choices = [('hg.fork.none', _('Disabled')),
- ('hg.fork.repository', _('Enabled'))]
+ c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),
+ ('hg.usergroup.create.true', _('Enabled'))]
- # set the global template variables
- c.repo_perms_choices = self.repo_perms_choices
- c.group_perms_choices = self.group_perms_choices
- c.register_choices = self.register_choices
- c.create_choices = self.create_choices
- c.fork_choices = self.fork_choices
+ c.repo_group_create_choices = [('hg.repogroup.create.false', _('Disabled')),
+ ('hg.repogroup.create.true', _('Enabled'))]
+
+ c.fork_choices = [('hg.fork.none', _('Disabled')),
+ ('hg.fork.repository', _('Enabled'))]
def index(self, format='html'):
"""GET /permissions: All items in the collection"""
@@ -105,23 +108,25 @@ class PermissionsController(BaseControll
# method='put')
# url('permission', id=ID)
if id == 'default':
- c.user = default_user = User.get_by_username('default')
+ c.user = default_user = User.get_default_user()
c.perm_user = AuthUser(user_id=default_user.user_id)
c.user_ip_map = UserIpMap.query()\
.filter(UserIpMap.user == default_user).all()
- permission_model = PermissionModel()
_form = DefaultPermissionsForm(
- [x[0] for x in self.repo_perms_choices],
- [x[0] for x in self.group_perms_choices],
- [x[0] for x in self.register_choices],
- [x[0] for x in self.create_choices],
- [x[0] for x in self.fork_choices])()
+ [x[0] for x in c.repo_perms_choices],
+ [x[0] for x in c.group_perms_choices],
+ [x[0] for x in c.user_group_perms_choices],
+ [x[0] for x in c.repo_create_choices],
+ [x[0] for x in c.repo_group_create_choices],
+ [x[0] for x in c.user_group_create_choices],
+ [x[0] for x in c.fork_choices],
+ [x[0] for x in c.register_choices])()
try:
form_result = _form.to_python(dict(request.POST))
form_result.update({'perm_user_name': id})
- permission_model.update(form_result)
+ PermissionModel().update(form_result)
Session().commit()
h.flash(_('Default permissions updated successfully'),
category='success')
@@ -162,24 +167,33 @@ class PermissionsController(BaseControll
#this form can only edit default user permissions
if id == 'default':
- c.user = default_user = User.get_by_username('default')
- defaults = {'anonymous': default_user.active}
- c.perm_user = AuthUser(user_id=default_user.user_id)
+ c.user = User.get_default_user()
+ defaults = {'anonymous': c.user.active}
+ c.perm_user = c.user.AuthUser
c.user_ip_map = UserIpMap.query()\
- .filter(UserIpMap.user == default_user).all()
- for p in default_user.user_perms:
+ .filter(UserIpMap.user == c.user).all()
+ for p in c.user.user_perms:
if p.permission.permission_name.startswith('repository.'):
defaults['default_repo_perm'] = p.permission.permission_name
if p.permission.permission_name.startswith('group.'):
defaults['default_group_perm'] = p.permission.permission_name
+ if p.permission.permission_name.startswith('usergroup.'):
+ defaults['default_user_group_perm'] = p.permission.permission_name
+
+ if p.permission.permission_name.startswith('hg.create.'):
+ defaults['default_repo_create'] = p.permission.permission_name
+
+ if p.permission.permission_name.startswith('hg.repogroup.'):
+ defaults['default_repo_group_create'] = p.permission.permission_name
+
+ if p.permission.permission_name.startswith('hg.usergroup.'):
+ defaults['default_user_group_create'] = p.permission.permission_name
+
if p.permission.permission_name.startswith('hg.register.'):
defaults['default_register'] = p.permission.permission_name
- if p.permission.permission_name.startswith('hg.create.'):
- defaults['default_create'] = p.permission.permission_name
-
if p.permission.permission_name.startswith('hg.fork.'):
defaults['default_fork'] = p.permission.permission_name
diff --git a/rhodecode/controllers/admin/repos.py b/rhodecode/controllers/admin/repos.py
--- a/rhodecode/controllers/admin/repos.py
+++ b/rhodecode/controllers/admin/repos.py
@@ -98,7 +98,7 @@ class ReposController(BaseRepoController
choices, c.landing_revs = ScmModel().get_repo_landing_revs(c.repo_info)
c.landing_revs_choices = choices
- c.default_user_id = User.get_by_username('default').user_id
+ c.default_user_id = User.get_default_user().user_id
c.in_public_journal = UserFollowing.query()\
.filter(UserFollowing.user_id == c.default_user_id)\
.filter(UserFollowing.follows_repository == c.repo_info).scalar()
@@ -466,7 +466,7 @@ class ReposController(BaseRepoController
if cur_token == token:
try:
repo_id = Repository.get_by_repo_name(repo_name).repo_id
- user_id = User.get_by_username('default').user_id
+ user_id = User.get_default_user().user_id
self.scm_model.toggle_following_repo(repo_id, user_id)
h.flash(_('Updated repository visibility in public journal'),
category='success')
diff --git a/rhodecode/controllers/forks.py b/rhodecode/controllers/forks.py
--- a/rhodecode/controllers/forks.py
+++ b/rhodecode/controllers/forks.py
@@ -77,7 +77,7 @@ class ForksController(BaseRepoController
h.not_mapped_error(repo_name)
return redirect(url('repos'))
- c.default_user_id = User.get_by_username('default').user_id
+ c.default_user_id = User.get_default_user().user_id
c.in_public_journal = UserFollowing.query()\
.filter(UserFollowing.user_id == c.default_user_id)\
.filter(UserFollowing.follows_repository == c.repo_info).scalar()
diff --git a/rhodecode/controllers/login.py b/rhodecode/controllers/login.py
--- a/rhodecode/controllers/login.py
+++ b/rhodecode/controllers/login.py
@@ -126,7 +126,7 @@ class LoginController(BaseController):
@HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
'hg.register.manual_activate')
def register(self):
- c.auto_active = 'hg.register.auto_activate' in User.get_by_username('default')\
+ c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\
.AuthUser.permissions['global']
if request.POST:
diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py
--- a/rhodecode/lib/auth.py
+++ b/rhodecode/lib/auth.py
@@ -229,7 +229,7 @@ def authenticate(username, password):
'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
'email': get_ldap_attr('ldap_attr_email'),
'active': 'hg.register.auto_activate' in User\
- .get_by_username('default').AuthUser.permissions['global']
+ .get_default_user().AuthUser.permissions['global']
}
# don't store LDAP password since we don't need it. Override
@@ -259,7 +259,7 @@ def login_container_auth(username):
'lastname': None,
'email': None,
'active': 'hg.register.auto_activate' in User\
- .get_by_username('default').AuthUser.permissions['global']
+ .get_default_user().AuthUser.permissions['global']
}
user = UserModel().create_for_container_auth(username, user_attrs)
if not user:
diff --git a/rhodecode/lib/db_manage.py b/rhodecode/lib/db_manage.py
--- a/rhodecode/lib/db_manage.py
+++ b/rhodecode/lib/db_manage.py
@@ -521,7 +521,7 @@ class DbManage(object):
self.sa.add(setting)
def fixup_groups(self):
- def_usr = User.get_by_username('default')
+ def_usr = User.get_default_user()
for g in RepoGroup.query().all():
g.group_name = g.get_new_name(g.name)
self.sa.add(g)
@@ -688,13 +688,8 @@ class DbManage(object):
"""
# module.(access|create|change|delete)_[name]
# module.(none|read|write|admin)
-
- for p in Permission.PERMS:
- if not Permission.get_by_key(p[0]):
- new_perm = Permission()
- new_perm.permission_name = p[0]
- new_perm.permission_longname = p[0]
- self.sa.add(new_perm)
+ log.info('creating permissions')
+ PermissionModel(self.sa).create_permissions()
def populate_default_permissions(self):
"""
diff --git a/rhodecode/lib/utils.py b/rhodecode/lib/utils.py
--- a/rhodecode/lib/utils.py
+++ b/rhodecode/lib/utils.py
@@ -58,6 +58,7 @@ from rhodecode.model.meta import Session
from rhodecode.model.repos_group import ReposGroupModel
from rhodecode.lib.utils2 import safe_str, safe_unicode
from rhodecode.lib.vcs.utils.fakemod import create_module
+from rhodecode.model.users_group import UserGroupModel
log = logging.getLogger(__name__)
@@ -100,6 +101,9 @@ def repo_name_slug(value):
return slug
+#==============================================================================
+# PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS
+#==============================================================================
def get_repo_slug(request):
_repo = request.environ['pylons.routes_dict'].get('repo_name')
if _repo:
@@ -116,9 +120,15 @@ def get_repos_group_slug(request):
def get_user_group_slug(request):
_group = request.environ['pylons.routes_dict'].get('id')
- _group = UserGroup.get(_group)
- if _group:
- _group = _group.users_group_name
+ try:
+ _group = UserGroup.get(_group)
+ if _group:
+ _group = _group.users_group_name
+ except Exception:
+ log.debug(traceback.format_exc())
+ #catch all failures here
+ pass
+
return _group
diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -637,6 +637,7 @@ class UserGroup(Base, BaseModel):
members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
+ users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')
user = relationship('User')
@@ -1426,6 +1427,12 @@ class Permission(Base, BaseModel):
('usergroup.write', _('User group write access')),
('usergroup.admin', _('User group admin access')),
+ ('hg.repogroup.create.false', _('Repository Group creation disabled')),
+ ('hg.repogroup.create.true', _('Repository Group creation enabled')),
+
+ ('hg.usergroup.create.false', _('User Group creation disabled')),
+ ('hg.usergroup.create.true', _('User Group creation enabled')),
+
('hg.create.none', _('Repository creation disabled')),
('hg.create.repository', _('Repository creation enabled')),
@@ -1451,6 +1458,8 @@ class Permission(Base, BaseModel):
]
# defines which permissions are more important higher the more important
+ # Weight defines which permissions are more important.
+ # The higher number the more important.
PERM_WEIGHTS = {
'repository.none': 0,
'repository.read': 1,
@@ -1466,6 +1475,11 @@ class Permission(Base, BaseModel):
'usergroup.read': 1,
'usergroup.write': 3,
'usergroup.admin': 4,
+ 'hg.repogroup.create.false': 0,
+ 'hg.repogroup.create.true': 1,
+
+ 'hg.usergroup.create.false': 0,
+ 'hg.usergroup.create.true': 1,
'hg.fork.none': 0,
'hg.fork.repository': 1,
diff --git a/rhodecode/model/forms.py b/rhodecode/model/forms.py
--- a/rhodecode/model/forms.py
+++ b/rhodecode/model/forms.py
@@ -311,7 +311,9 @@ def ApplicationUiSettingsForm():
def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,
- register_choices, create_choices, fork_choices):
+ user_group_perms_choices, create_choices,
+ repo_group_create_choices, user_group_create_choices,
+ fork_choices, register_choices):
class _DefaultPermissionsForm(formencode.Schema):
allow_extra_fields = True
filter_extra_fields = True
@@ -320,10 +322,14 @@ def DefaultPermissionsForm(repo_perms_ch
anonymous = v.StringBoolean(if_missing=False)
default_repo_perm = v.OneOf(repo_perms_choices)
default_group_perm = v.OneOf(group_perms_choices)
- default_register = v.OneOf(register_choices)
- default_create = v.OneOf(create_choices)
+ default_user_group_perm = v.OneOf(user_group_perms_choices)
+
+ default_repo_create = v.OneOf(create_choices)
+ default_user_group_create = v.OneOf(user_group_create_choices)
+ #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet
default_fork = v.OneOf(fork_choices)
+ default_register = v.OneOf(register_choices)
return _DefaultPermissionsForm
diff --git a/rhodecode/model/permission.py b/rhodecode/model/permission.py
--- a/rhodecode/model/permission.py
+++ b/rhodecode/model/permission.py
@@ -43,6 +43,17 @@ class PermissionModel(BaseModel):
cls = Permission
+ def create_permissions(self):
+ """
+ Create permissions for whole system
+ """
+ for p in Permission.PERMS:
+ if not Permission.get_by_key(p[0]):
+ new_perm = Permission()
+ new_perm.permission_name = p[0]
+ new_perm.permission_longname = p[0] #translation err with p[1]
+ self.sa.add(new_perm)
+
def create_default_permissions(self, user):
"""
Creates only missing default permissions for user
@@ -87,6 +98,7 @@ class PermissionModel(BaseModel):
# stage 2 reset defaults and set them from form data
def _make_new(usr, perm_name):
+ log.debug('Creating new permission:%s' % (perm_name))
new = UserToPerm()
new.user = usr
new.permission = Permission.get_by_key(perm_name)
@@ -101,8 +113,11 @@ class PermissionModel(BaseModel):
self.sa.delete(p)
#create fresh set of permissions
for def_perm_key in ['default_repo_perm', 'default_group_perm',
- 'default_register', 'default_create',
- 'default_fork']:
+ 'default_user_group_perm',
+ 'default_repo_create',
+ #'default_repo_group_create', #not implemented yet
+ 'default_user_group_create',
+ 'default_fork', 'default_register']:
p = _make_new(perm_user, form_result[def_perm_key])
self.sa.add(p)
diff --git a/rhodecode/model/repo.py b/rhodecode/model/repo.py
--- a/rhodecode/model/repo.py
+++ b/rhodecode/model/repo.py
@@ -63,7 +63,7 @@ class RepoModel(BaseModel):
def _create_default_perms(self, repository, private):
# create default permission
default = 'repository.read'
- def_user = User.get_by_username('default')
+ def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('repository.'):
default = p.permission.permission_name
diff --git a/rhodecode/model/repos_group.py b/rhodecode/model/repos_group.py
--- a/rhodecode/model/repos_group.py
+++ b/rhodecode/model/repos_group.py
@@ -62,7 +62,7 @@ class ReposGroupModel(BaseModel):
def _create_default_perms(self, new_group):
# create default permission
default_perm = 'group.read'
- def_user = User.get_by_username('default')
+ def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('group.'):
default_perm = p.permission.permission_name
diff --git a/rhodecode/model/users_group.py b/rhodecode/model/users_group.py
--- a/rhodecode/model/users_group.py
+++ b/rhodecode/model/users_group.py
@@ -46,7 +46,7 @@ class UserGroupModel(BaseModel):
def _create_default_perms(self, user_group):
# create default permission
default_perm = 'usergroup.read'
- def_user = User.get_by_username('default')
+ def_user = User.get_default_user()
for p in def_user.user_perms:
if p.permission.permission_name.startswith('usergroup.'):
default_perm = p.permission.permission_name
diff --git a/rhodecode/templates/admin/permissions/permissions.html b/rhodecode/templates/admin/permissions/permissions.html
--- a/rhodecode/templates/admin/permissions/permissions.html
+++ b/rhodecode/templates/admin/permissions/permissions.html
@@ -66,18 +66,32 @@
-
+
- ${h.select('default_register','',c.register_choices)}
+ ${h.select('default_user_group_perm','',c.user_group_perms_choices)}
+ ${h.checkbox('overwrite_default_user_group','true')}
+
+
-
+
- ${h.select('default_create','',c.create_choices)}
+ ${h.select('default_repo_create','',c.repo_create_choices)}
+
+
+
+
+
+
+
+ ${h.select('default_user_group_create','',c.user_group_create_choices)}
@@ -88,6 +102,14 @@
${h.select('default_fork','',c.fork_choices)}
+
+
+
+
+
+ ${h.select('default_register','',c.register_choices)}
+
+
${h.submit('save',_('Save'),class_="ui-btn large")}
${h.reset('reset',_('Reset'),class_="ui-btn large")}
@@ -104,7 +126,8 @@
## permissions overview
- <%include file="/base/perms_summary.html"/>
+ <%namespace name="p" file="/base/perms_summary.html"/>
+ ${p.perms_summary(c.perm_user.permissions)}
diff --git a/rhodecode/templates/admin/users_groups/users_groups.html b/rhodecode/templates/admin/users_groups/users_groups.html
--- a/rhodecode/templates/admin/users_groups/users_groups.html
+++ b/rhodecode/templates/admin/users_groups/users_groups.html
@@ -28,7 +28,9 @@
+
+ %if c.users_groups_list:
+ %else:
+ ${_('There are no user groups yet')}
+ %endif
%def>
diff --git a/rhodecode/templates/base/perms_summary.html b/rhodecode/templates/base/perms_summary.html
--- a/rhodecode/templates/base/perms_summary.html
+++ b/rhodecode/templates/base/perms_summary.html
@@ -9,28 +9,32 @@
%else:
-
-
- ${_('Name')} |
- ${_('Permission')} |
- ${_('Edit Permission')} |
-
-
%if section == 'global':
+
+
+ ${_('Permission')} |
+ ${_('Edit Permission')} |
+
+
%for k in sorted(permissions[section], key=lambda s: s.lower()):
-
+ |
${h.get_permission_name(k)}
|
- ${h.boolicon(k.split('.')[-1] != 'none')}
- |
-
${_('edit')}
|
%endfor
+
%else:
+
+
+ ${_('Name')} |
+ ${_('Permission')} |
+ ${_('Edit Permission')} |
+
+
%for k, section_perm in sorted(permissions[section].items(), key=lambda s: s[1]+s[0].lower()):
@@ -38,6 +42,9 @@
${k}
%elif section == 'repositories_groups':
${k}
+ %elif section == 'user_groups':
+ ##${k}
+ ${k}
%endif
|
@@ -48,13 +55,14 @@
${_('edit')}
%elif section == 'repositories_groups':
${_('edit')}
+ %elif section == 'user_groups':
+ ##${_('edit')}
%endif
|
%endfor
+
%endif
-
-
%endif
diff --git a/rhodecode/templates/pullrequests/pullrequest_data.html b/rhodecode/templates/pullrequests/pullrequest_data.html
--- a/rhodecode/templates/pullrequests/pullrequest_data.html
+++ b/rhodecode/templates/pullrequests/pullrequest_data.html
@@ -21,4 +21,4 @@
-
\ No newline at end of file
+
diff --git a/rhodecode/tests/functional/test_home.py b/rhodecode/tests/functional/test_home.py
--- a/rhodecode/tests/functional/test_home.py
+++ b/rhodecode/tests/functional/test_home.py
@@ -33,7 +33,7 @@ merge" class="tooltip" href="/vcs_test_h
)
def test_repo_summary_with_anonymous_access_disabled(self):
- anon = User.get_by_username('default')
+ anon = User.get_default_user()
anon.active = False
Session().add(anon)
Session().commit()
@@ -45,13 +45,13 @@ merge" class="tooltip" href="/vcs_test_h
assert 'login' in response.location
finally:
- anon = User.get_by_username('default')
+ anon = User.get_default_user()
anon.active = True
Session().add(anon)
Session().commit()
def test_index_with_anonymous_access_disabled(self):
- anon = User.get_by_username('default')
+ anon = User.get_default_user()
anon.active = False
Session().add(anon)
Session().commit()
@@ -61,7 +61,7 @@ merge" class="tooltip" href="/vcs_test_h
status=302)
assert 'login' in response.location
finally:
- anon = User.get_by_username('default')
+ anon = User.get_default_user()
anon.active = True
Session().add(anon)
Session().commit()
diff --git a/rhodecode/tests/models/test_permissions.py b/rhodecode/tests/models/test_permissions.py
--- a/rhodecode/tests/models/test_permissions.py
+++ b/rhodecode/tests/models/test_permissions.py
@@ -34,7 +34,7 @@ class TestPermissions(unittest.TestCase)
username=u'u3', password=u'qweqwe',
email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
)
- self.anon = User.get_by_username('default')
+ self.anon = User.get_default_user()
self.a1 = UserModel().create_or_update(
username=u'a1', password=u'qweqwe',
email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True