##// END OF EJS Templates
formatting and small changes
marcink -
r4019:18121c54 default
parent child Browse files
Show More
@@ -1,829 +1,831
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2 """
2 """
3 rhodecode.model.user
3 rhodecode.model.user
4 ~~~~~~~~~~~~~~~~~~~~
4 ~~~~~~~~~~~~~~~~~~~~
5
5
6 users model for RhodeCode
6 users model for RhodeCode
7
7
8 :created_on: Apr 9, 2010
8 :created_on: Apr 9, 2010
9 :author: marcink
9 :author: marcink
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
11 :license: GPLv3, see COPYING for more details.
11 :license: GPLv3, see COPYING for more details.
12 """
12 """
13 # This program is free software: you can redistribute it and/or modify
13 # This program is free software: you can redistribute it and/or modify
14 # it under the terms of the GNU General Public License as published by
14 # it under the terms of the GNU General Public License as published by
15 # the Free Software Foundation, either version 3 of the License, or
15 # the Free Software Foundation, either version 3 of the License, or
16 # (at your option) any later version.
16 # (at your option) any later version.
17 #
17 #
18 # This program is distributed in the hope that it will be useful,
18 # This program is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 # GNU General Public License for more details.
21 # GNU General Public License for more details.
22 #
22 #
23 # You should have received a copy of the GNU General Public License
23 # You should have received a copy of the GNU General Public License
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
25
25
26 import logging
26 import logging
27 import traceback
27 import traceback
28 import itertools
28 import itertools
29 import collections
29 import collections
30 from pylons import url
30 from pylons import url
31 from pylons.i18n.translation import _
31 from pylons.i18n.translation import _
32
32
33 from sqlalchemy.exc import DatabaseError
33 from sqlalchemy.exc import DatabaseError
34 from sqlalchemy.orm import joinedload
34 from sqlalchemy.orm import joinedload
35
35
36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key, get_current_rhodecode_user
36 from rhodecode.lib.utils2 import safe_unicode, generate_api_key, get_current_rhodecode_user
37 from rhodecode.lib.caching_query import FromCache
37 from rhodecode.lib.caching_query import FromCache
38 from rhodecode.model import BaseModel
38 from rhodecode.model import BaseModel
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
43 from rhodecode.lib.exceptions import DefaultUserException, \
43 from rhodecode.lib.exceptions import DefaultUserException, \
44 UserOwnsReposException
44 UserOwnsReposException
45 from rhodecode.model.meta import Session
45 from rhodecode.model.meta import Session
46
46
47
47
48 log = logging.getLogger(__name__)
48 log = logging.getLogger(__name__)
49
49
50 PERM_WEIGHTS = Permission.PERM_WEIGHTS
50 PERM_WEIGHTS = Permission.PERM_WEIGHTS
51
51
52
52
53 class UserModel(BaseModel):
53 class UserModel(BaseModel):
54 cls = User
54 cls = User
55
55
56 def get(self, user_id, cache=False):
56 def get(self, user_id, cache=False):
57 user = self.sa.query(User)
57 user = self.sa.query(User)
58 if cache:
58 if cache:
59 user = user.options(FromCache("sql_cache_short",
59 user = user.options(FromCache("sql_cache_short",
60 "get_user_%s" % user_id))
60 "get_user_%s" % user_id))
61 return user.get(user_id)
61 return user.get(user_id)
62
62
63 def get_user(self, user):
63 def get_user(self, user):
64 return self._get_user(user)
64 return self._get_user(user)
65
65
66 def get_by_username(self, username, cache=False, case_insensitive=False):
66 def get_by_username(self, username, cache=False, case_insensitive=False):
67
67
68 if case_insensitive:
68 if case_insensitive:
69 user = self.sa.query(User).filter(User.username.ilike(username))
69 user = self.sa.query(User).filter(User.username.ilike(username))
70 else:
70 else:
71 user = self.sa.query(User)\
71 user = self.sa.query(User).filter(User.username == username)
72 .filter(User.username == username)
73 if cache:
72 if cache:
74 user = user.options(FromCache("sql_cache_short",
73 user = user.options(FromCache("sql_cache_short",
75 "get_user_%s" % username))
74 "get_user_%s" % username))
76 return user.scalar()
75 return user.scalar()
77
76
78 def get_by_email(self, email, cache=False, case_insensitive=False):
77 def get_by_email(self, email, cache=False, case_insensitive=False):
79 return User.get_by_email(email, case_insensitive, cache)
78 return User.get_by_email(email, case_insensitive, cache)
80
79
81 def get_by_api_key(self, api_key, cache=False):
80 def get_by_api_key(self, api_key, cache=False):
82 return User.get_by_api_key(api_key, cache)
81 return User.get_by_api_key(api_key, cache)
83
82
84 def create(self, form_data, cur_user=None):
83 def create(self, form_data, cur_user=None):
85 if not cur_user:
84 if not cur_user:
86 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
85 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
87 from rhodecode.lib.auth import get_crypt_password
86 from rhodecode.lib.auth import get_crypt_password
88 try:
87 try:
89 new_user = User()
88 new_user = User()
90 for k, v in form_data.items():
89 for k, v in form_data.items():
91 if k == 'password':
90 if k == 'password':
92 v = get_crypt_password(v)
91 v = get_crypt_password(v)
93 if k == 'firstname':
92 if k == 'firstname':
94 k = 'name'
93 k = 'name'
95 setattr(new_user, k, v)
94 setattr(new_user, k, v)
96
95
97 new_user.api_key = generate_api_key(form_data['username'])
96 new_user.api_key = generate_api_key(form_data['username'])
98 self.sa.add(new_user)
97 self.sa.add(new_user)
99
98
100 from rhodecode.lib.hooks import log_create_user
99 from rhodecode.lib.hooks import log_create_user
101 log_create_user(new_user.get_dict(), cur_user)
100 log_create_user(new_user.get_dict(), cur_user)
102 return new_user
101 return new_user
103 except Exception:
102 except Exception:
104 log.error(traceback.format_exc())
103 log.error(traceback.format_exc())
105 raise
104 raise
106
105
107 def create_or_update(self, username, password, email, firstname='',
106 def create_or_update(self, username, password, email, firstname='',
108 lastname='', active=True, admin=False, ldap_dn=None, cur_user=None):
107 lastname='', active=True, admin=False, ldap_dn=None,
108 cur_user=None):
109 """
109 """
110 Creates a new instance if not found, or updates current one
110 Creates a new instance if not found, or updates current one
111
111
112 :param username:
112 :param username:
113 :param password:
113 :param password:
114 :param email:
114 :param email:
115 :param active:
115 :param active:
116 :param firstname:
116 :param firstname:
117 :param lastname:
117 :param lastname:
118 :param active:
118 :param active:
119 :param admin:
119 :param admin:
120 :param ldap_dn:
120 :param ldap_dn:
121 :param cur_user:
121 """
122 """
122 if not cur_user:
123 if not cur_user:
123 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
124 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
124
125
125 from rhodecode.lib.auth import get_crypt_password
126 from rhodecode.lib.auth import get_crypt_password
126
127
127 log.debug('Checking for %s account in RhodeCode database' % username)
128 log.debug('Checking for %s account in RhodeCode database' % username)
128 user = User.get_by_username(username, case_insensitive=True)
129 user = User.get_by_username(username, case_insensitive=True)
129 if user is None:
130 if user is None:
130 log.debug('creating new user %s' % username)
131 log.debug('creating new user %s' % username)
131 new_user = User()
132 new_user = User()
132 edit = False
133 edit = False
133 else:
134 else:
134 log.debug('updating user %s' % username)
135 log.debug('updating user %s' % username)
135 new_user = user
136 new_user = user
136 edit = True
137 edit = True
137
138
138 try:
139 try:
139 new_user.username = username
140 new_user.username = username
140 new_user.admin = admin
141 new_user.admin = admin
141 # set password only if creating an user or password is changed
142 # set password only if creating an user or password is changed
142 if not edit or user.password != password:
143 if not edit or user.password != password:
143 new_user.password = get_crypt_password(password) if password else None
144 new_user.password = get_crypt_password(password) if password else None
144 new_user.api_key = generate_api_key(username)
145 new_user.api_key = generate_api_key(username)
145 new_user.email = email
146 new_user.email = email
146 new_user.active = active
147 new_user.active = active
147 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
148 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
148 new_user.name = firstname
149 new_user.name = firstname
149 new_user.lastname = lastname
150 new_user.lastname = lastname
150 self.sa.add(new_user)
151 self.sa.add(new_user)
151
152
152 if not edit:
153 if not edit:
153 from rhodecode.lib.hooks import log_create_user
154 from rhodecode.lib.hooks import log_create_user
154 log_create_user(new_user.get_dict(), cur_user)
155 log_create_user(new_user.get_dict(), cur_user)
155 return new_user
156 return new_user
156 except (DatabaseError,):
157 except (DatabaseError,):
157 log.error(traceback.format_exc())
158 log.error(traceback.format_exc())
158 raise
159 raise
159
160
160 def create_for_container_auth(self, username, attrs, cur_user=None):
161 def create_for_container_auth(self, username, attrs, cur_user=None):
161 """
162 """
162 Creates the given user if it's not already in the database
163 Creates the given user if it's not already in the database
163
164
164 :param username:
165 :param username:
165 :param attrs:
166 :param attrs:
167 :param cur_user:
166 """
168 """
167 if not cur_user:
169 if not cur_user:
168 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
170 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
169 if self.get_by_username(username, case_insensitive=True) is None:
171 if self.get_by_username(username, case_insensitive=True) is None:
170
172
171 # autogenerate email for container account without one
173 # autogenerate email for container account without one
172 generate_email = lambda usr: '%s@container_auth.account' % usr
174 generate_email = lambda usr: '%s@container_auth.account' % usr
173
175
174 try:
176 try:
175 new_user = User()
177 new_user = User()
176 new_user.username = username
178 new_user.username = username
177 new_user.password = None
179 new_user.password = None
178 new_user.api_key = generate_api_key(username)
180 new_user.api_key = generate_api_key(username)
179 new_user.email = attrs['email']
181 new_user.email = attrs['email']
180 new_user.active = attrs.get('active', True)
182 new_user.active = attrs.get('active', True)
181 new_user.name = attrs['name'] or generate_email(username)
183 new_user.name = attrs['name'] or generate_email(username)
182 new_user.lastname = attrs['lastname']
184 new_user.lastname = attrs['lastname']
183
185
184 self.sa.add(new_user)
186 self.sa.add(new_user)
185
187
186 from rhodecode.lib.hooks import log_create_user
188 from rhodecode.lib.hooks import log_create_user
187 log_create_user(new_user.get_dict(), cur_user)
189 log_create_user(new_user.get_dict(), cur_user)
188 return new_user
190 return new_user
189 except (DatabaseError,):
191 except (DatabaseError,):
190 log.error(traceback.format_exc())
192 log.error(traceback.format_exc())
191 self.sa.rollback()
193 self.sa.rollback()
192 raise
194 raise
193 log.debug('User %s already exists. Skipping creation of account'
195 log.debug('User %s already exists. Skipping creation of account'
194 ' for container auth.', username)
196 ' for container auth.', username)
195 return None
197 return None
196
198
197 def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
199 def create_ldap(self, username, password, user_dn, attrs, cur_user=None):
198 """
200 """
199 Checks if user is in database, if not creates this user marked
201 Checks if user is in database, if not creates this user marked
200 as ldap user
202 as ldap user
201
203
202 :param username:
204 :param username:
203 :param password:
205 :param password:
204 :param user_dn:
206 :param user_dn:
205 :param attrs:
207 :param attrs:
208 :param cur_user:
206 """
209 """
207 if not cur_user:
210 if not cur_user:
208 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
211 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
209 from rhodecode.lib.auth import get_crypt_password
212 from rhodecode.lib.auth import get_crypt_password
210 log.debug('Checking for such ldap account in RhodeCode database')
213 log.debug('Checking for such ldap account in RhodeCode database')
211 if self.get_by_username(username, case_insensitive=True) is None:
214 if self.get_by_username(username, case_insensitive=True) is None:
212
215
213 # autogenerate email for ldap account without one
216 # autogenerate email for ldap account without one
214 generate_email = lambda usr: '%s@ldap.account' % usr
217 generate_email = lambda usr: '%s@ldap.account' % usr
215
218
216 try:
219 try:
217 new_user = User()
220 new_user = User()
218 username = username.lower()
221 username = username.lower()
219 # add ldap account always lowercase
222 # add ldap account always lowercase
220 new_user.username = username
223 new_user.username = username
221 new_user.password = get_crypt_password(password)
224 new_user.password = get_crypt_password(password)
222 new_user.api_key = generate_api_key(username)
225 new_user.api_key = generate_api_key(username)
223 new_user.email = attrs['email'] or generate_email(username)
226 new_user.email = attrs['email'] or generate_email(username)
224 new_user.active = attrs.get('active', True)
227 new_user.active = attrs.get('active', True)
225 new_user.ldap_dn = safe_unicode(user_dn)
228 new_user.ldap_dn = safe_unicode(user_dn)
226 new_user.name = attrs['name']
229 new_user.name = attrs['name']
227 new_user.lastname = attrs['lastname']
230 new_user.lastname = attrs['lastname']
228
231
229 self.sa.add(new_user)
232 self.sa.add(new_user)
230
233
231 from rhodecode.lib.hooks import log_create_user
234 from rhodecode.lib.hooks import log_create_user
232 log_create_user(new_user.get_dict(), cur_user)
235 log_create_user(new_user.get_dict(), cur_user)
233 return new_user
236 return new_user
234 except (DatabaseError,):
237 except (DatabaseError,):
235 log.error(traceback.format_exc())
238 log.error(traceback.format_exc())
236 self.sa.rollback()
239 self.sa.rollback()
237 raise
240 raise
238 log.debug('this %s user exists skipping creation of ldap account',
241 log.debug('this %s user exists skipping creation of ldap account',
239 username)
242 username)
240 return None
243 return None
241
244
242 def create_registration(self, form_data):
245 def create_registration(self, form_data):
243 from rhodecode.model.notification import NotificationModel
246 from rhodecode.model.notification import NotificationModel
244
247
245 try:
248 try:
246 form_data['admin'] = False
249 form_data['admin'] = False
247 new_user = self.create(form_data)
250 new_user = self.create(form_data)
248
251
249 self.sa.add(new_user)
252 self.sa.add(new_user)
250 self.sa.flush()
253 self.sa.flush()
251
254
252 # notification to admins
255 # notification to admins
253 subject = _('New user registration')
256 subject = _('New user registration')
254 body = ('New user registration\n'
257 body = ('New user registration\n'
255 '---------------------\n'
258 '---------------------\n'
256 '- Username: %s\n'
259 '- Username: %s\n'
257 '- Full Name: %s\n'
260 '- Full Name: %s\n'
258 '- Email: %s\n')
261 '- Email: %s\n')
259 body = body % (new_user.username, new_user.full_name,
262 body = body % (new_user.username, new_user.full_name, new_user.email)
260 new_user.email)
261 edit_url = url('edit_user', id=new_user.user_id, qualified=True)
263 edit_url = url('edit_user', id=new_user.user_id, qualified=True)
262 kw = {'registered_user_url': edit_url}
264 kw = {'registered_user_url': edit_url}
263 NotificationModel().create(created_by=new_user, subject=subject,
265 NotificationModel().create(created_by=new_user, subject=subject,
264 body=body, recipients=None,
266 body=body, recipients=None,
265 type_=Notification.TYPE_REGISTRATION,
267 type_=Notification.TYPE_REGISTRATION,
266 email_kwargs=kw)
268 email_kwargs=kw)
267
269
268 except Exception:
270 except Exception:
269 log.error(traceback.format_exc())
271 log.error(traceback.format_exc())
270 raise
272 raise
271
273
272 def update(self, user_id, form_data, skip_attrs=[]):
274 def update(self, user_id, form_data, skip_attrs=[]):
273 from rhodecode.lib.auth import get_crypt_password
275 from rhodecode.lib.auth import get_crypt_password
274 try:
276 try:
275 user = self.get(user_id, cache=False)
277 user = self.get(user_id, cache=False)
276 if user.username == 'default':
278 if user.username == 'default':
277 raise DefaultUserException(
279 raise DefaultUserException(
278 _("You can't Edit this user since it's"
280 _("You can't Edit this user since it's"
279 " crucial for entire application"))
281 " crucial for entire application"))
280
282
281 for k, v in form_data.items():
283 for k, v in form_data.items():
282 if k in skip_attrs:
284 if k in skip_attrs:
283 continue
285 continue
284 if k == 'new_password' and v:
286 if k == 'new_password' and v:
285 user.password = get_crypt_password(v)
287 user.password = get_crypt_password(v)
286 user.api_key = generate_api_key(user.username)
288 user.api_key = generate_api_key(user.username)
287 else:
289 else:
288 if k == 'firstname':
290 if k == 'firstname':
289 k = 'name'
291 k = 'name'
290 setattr(user, k, v)
292 setattr(user, k, v)
291 self.sa.add(user)
293 self.sa.add(user)
292 except Exception:
294 except Exception:
293 log.error(traceback.format_exc())
295 log.error(traceback.format_exc())
294 raise
296 raise
295
297
296 def update_user(self, user, **kwargs):
298 def update_user(self, user, **kwargs):
297 from rhodecode.lib.auth import get_crypt_password
299 from rhodecode.lib.auth import get_crypt_password
298 try:
300 try:
299 user = self._get_user(user)
301 user = self._get_user(user)
300 if user.username == 'default':
302 if user.username == 'default':
301 raise DefaultUserException(
303 raise DefaultUserException(
302 _("You can't Edit this user since it's"
304 _("You can't Edit this user since it's"
303 " crucial for entire application")
305 " crucial for entire application")
304 )
306 )
305
307
306 for k, v in kwargs.items():
308 for k, v in kwargs.items():
307 if k == 'password' and v:
309 if k == 'password' and v:
308 v = get_crypt_password(v)
310 v = get_crypt_password(v)
309 user.api_key = generate_api_key(user.username)
311 user.api_key = generate_api_key(user.username)
310
312
311 setattr(user, k, v)
313 setattr(user, k, v)
312 self.sa.add(user)
314 self.sa.add(user)
313 return user
315 return user
314 except Exception:
316 except Exception:
315 log.error(traceback.format_exc())
317 log.error(traceback.format_exc())
316 raise
318 raise
317
319
318 def delete(self, user, cur_user=None):
320 def delete(self, user, cur_user=None):
319 if not cur_user:
321 if not cur_user:
320 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
322 cur_user = getattr(get_current_rhodecode_user(), 'username', None)
321 user = self._get_user(user)
323 user = self._get_user(user)
322
324
323 try:
325 try:
324 if user.username == 'default':
326 if user.username == 'default':
325 raise DefaultUserException(
327 raise DefaultUserException(
326 _(u"You can't remove this user since it's"
328 _(u"You can't remove this user since it's"
327 " crucial for entire application")
329 " crucial for entire application")
328 )
330 )
329 if user.repositories:
331 if user.repositories:
330 repos = [x.repo_name for x in user.repositories]
332 repos = [x.repo_name for x in user.repositories]
331 raise UserOwnsReposException(
333 raise UserOwnsReposException(
332 _(u'user "%s" still owns %s repositories and cannot be '
334 _(u'user "%s" still owns %s repositories and cannot be '
333 'removed. Switch owners or remove those repositories. %s')
335 'removed. Switch owners or remove those repositories. %s')
334 % (user.username, len(repos), ', '.join(repos))
336 % (user.username, len(repos), ', '.join(repos))
335 )
337 )
336 self.sa.delete(user)
338 self.sa.delete(user)
337
339
338 from rhodecode.lib.hooks import log_delete_user
340 from rhodecode.lib.hooks import log_delete_user
339 log_delete_user(user.get_dict(), cur_user)
341 log_delete_user(user.get_dict(), cur_user)
340 except Exception:
342 except Exception:
341 log.error(traceback.format_exc())
343 log.error(traceback.format_exc())
342 raise
344 raise
343
345
344 def reset_password_link(self, data):
346 def reset_password_link(self, data):
345 from rhodecode.lib.celerylib import tasks, run_task
347 from rhodecode.lib.celerylib import tasks, run_task
346 from rhodecode.model.notification import EmailNotificationModel
348 from rhodecode.model.notification import EmailNotificationModel
347 user_email = data['email']
349 user_email = data['email']
348 try:
350 try:
349 user = User.get_by_email(user_email)
351 user = User.get_by_email(user_email)
350 if user:
352 if user:
351 log.debug('password reset user found %s' % user)
353 log.debug('password reset user found %s' % user)
352 link = url('reset_password_confirmation', key=user.api_key,
354 link = url('reset_password_confirmation', key=user.api_key,
353 qualified=True)
355 qualified=True)
354 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET
356 reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET
355 body = EmailNotificationModel().get_email_tmpl(reg_type,
357 body = EmailNotificationModel().get_email_tmpl(reg_type,
356 **{'user': user.short_contact,
358 **{'user': user.short_contact,
357 'reset_url': link})
359 'reset_url': link})
358 log.debug('sending email')
360 log.debug('sending email')
359 run_task(tasks.send_email, user_email,
361 run_task(tasks.send_email, user_email,
360 _("Password reset link"), body, body)
362 _("Password reset link"), body, body)
361 log.info('send new password mail to %s' % user_email)
363 log.info('send new password mail to %s' % user_email)
362 else:
364 else:
363 log.debug("password reset email %s not found" % user_email)
365 log.debug("password reset email %s not found" % user_email)
364 except Exception:
366 except Exception:
365 log.error(traceback.format_exc())
367 log.error(traceback.format_exc())
366 return False
368 return False
367
369
368 return True
370 return True
369
371
370 def reset_password(self, data):
372 def reset_password(self, data):
371 from rhodecode.lib.celerylib import tasks, run_task
373 from rhodecode.lib.celerylib import tasks, run_task
372 from rhodecode.lib import auth
374 from rhodecode.lib import auth
373 user_email = data['email']
375 user_email = data['email']
374 try:
376 try:
375 try:
377 try:
376 user = User.get_by_email(user_email)
378 user = User.get_by_email(user_email)
377 new_passwd = auth.PasswordGenerator().gen_password(8,
379 new_passwd = auth.PasswordGenerator().gen_password(8,
378 auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
380 auth.PasswordGenerator.ALPHABETS_BIG_SMALL)
379 if user:
381 if user:
380 user.password = auth.get_crypt_password(new_passwd)
382 user.password = auth.get_crypt_password(new_passwd)
381 user.api_key = auth.generate_api_key(user.username)
383 user.api_key = auth.generate_api_key(user.username)
382 Session().add(user)
384 Session().add(user)
383 Session().commit()
385 Session().commit()
384 log.info('change password for %s' % user_email)
386 log.info('change password for %s' % user_email)
385 if new_passwd is None:
387 if new_passwd is None:
386 raise Exception('unable to generate new password')
388 raise Exception('unable to generate new password')
387 except Exception:
389 except Exception:
388 log.error(traceback.format_exc())
390 log.error(traceback.format_exc())
389 Session().rollback()
391 Session().rollback()
390
392
391 run_task(tasks.send_email, user_email,
393 run_task(tasks.send_email, user_email,
392 _('Your new password'),
394 _('Your new password'),
393 _('Your new RhodeCode password:%s') % (new_passwd))
395 _('Your new RhodeCode password:%s') % (new_passwd,))
394 log.info('send new password mail to %s' % user_email)
396 log.info('send new password mail to %s' % user_email)
395
397
396 except Exception:
398 except Exception:
397 log.error('Failed to update user password')
399 log.error('Failed to update user password')
398 log.error(traceback.format_exc())
400 log.error(traceback.format_exc())
399
401
400 return True
402 return True
401
403
402 def fill_data(self, auth_user, user_id=None, api_key=None):
404 def fill_data(self, auth_user, user_id=None, api_key=None):
403 """
405 """
404 Fetches auth_user by user_id,or api_key if present.
406 Fetches auth_user by user_id,or api_key if present.
405 Fills auth_user attributes with those taken from database.
407 Fills auth_user attributes with those taken from database.
406 Additionally set's is_authenitated if lookup fails
408 Additionally set's is_authenitated if lookup fails
407 present in database
409 present in database
408
410
409 :param auth_user: instance of user to set attributes
411 :param auth_user: instance of user to set attributes
410 :param user_id: user id to fetch by
412 :param user_id: user id to fetch by
411 :param api_key: api key to fetch by
413 :param api_key: api key to fetch by
412 """
414 """
413 if user_id is None and api_key is None:
415 if user_id is None and api_key is None:
414 raise Exception('You need to pass user_id or api_key')
416 raise Exception('You need to pass user_id or api_key')
415
417
416 try:
418 try:
417 if api_key:
419 if api_key:
418 dbuser = self.get_by_api_key(api_key)
420 dbuser = self.get_by_api_key(api_key)
419 else:
421 else:
420 dbuser = self.get(user_id)
422 dbuser = self.get(user_id)
421
423
422 if dbuser is not None and dbuser.active:
424 if dbuser is not None and dbuser.active:
423 log.debug('filling %s data' % dbuser)
425 log.debug('filling %s data' % dbuser)
424 for k, v in dbuser.get_dict().items():
426 for k, v in dbuser.get_dict().items():
425 setattr(auth_user, k, v)
427 setattr(auth_user, k, v)
426 else:
428 else:
427 return False
429 return False
428
430
429 except Exception:
431 except Exception:
430 log.error(traceback.format_exc())
432 log.error(traceback.format_exc())
431 auth_user.is_authenticated = False
433 auth_user.is_authenticated = False
432 return False
434 return False
433
435
434 return True
436 return True
435
437
436 def fill_perms(self, user, explicit=True, algo='higherwin'):
438 def fill_perms(self, user, explicit=True, algo='higherwin'):
437 """
439 """
438 Fills user permission attribute with permissions taken from database
440 Fills user permission attribute with permissions taken from database
439 works for permissions given for repositories, and for permissions that
441 works for permissions given for repositories, and for permissions that
440 are granted to groups
442 are granted to groups
441
443
442 :param user: user instance to fill his perms
444 :param user: user instance to fill his perms
443 :param explicit: In case there are permissions both for user and a group
445 :param explicit: In case there are permissions both for user and a group
444 that user is part of, explicit flag will defiine if user will
446 that user is part of, explicit flag will defiine if user will
445 explicitly override permissions from group, if it's False it will
447 explicitly override permissions from group, if it's False it will
446 make decision based on the algo
448 make decision based on the algo
447 :param algo: algorithm to decide what permission should be choose if
449 :param algo: algorithm to decide what permission should be choose if
448 it's multiple defined, eg user in two different groups. It also
450 it's multiple defined, eg user in two different groups. It also
449 decides if explicit flag is turned off how to specify the permission
451 decides if explicit flag is turned off how to specify the permission
450 for case when user is in a group + have defined separate permission
452 for case when user is in a group + have defined separate permission
451 """
453 """
452 RK = 'repositories'
454 RK = 'repositories'
453 GK = 'repositories_groups'
455 GK = 'repositories_groups'
454 UK = 'user_groups'
456 UK = 'user_groups'
455 GLOBAL = 'global'
457 GLOBAL = 'global'
456 user.permissions[RK] = {}
458 user.permissions[RK] = {}
457 user.permissions[GK] = {}
459 user.permissions[GK] = {}
458 user.permissions[UK] = {}
460 user.permissions[UK] = {}
459 user.permissions[GLOBAL] = set()
461 user.permissions[GLOBAL] = set()
460
462
461 def _choose_perm(new_perm, cur_perm):
463 def _choose_perm(new_perm, cur_perm):
462 new_perm_val = PERM_WEIGHTS[new_perm]
464 new_perm_val = PERM_WEIGHTS[new_perm]
463 cur_perm_val = PERM_WEIGHTS[cur_perm]
465 cur_perm_val = PERM_WEIGHTS[cur_perm]
464 if algo == 'higherwin':
466 if algo == 'higherwin':
465 if new_perm_val > cur_perm_val:
467 if new_perm_val > cur_perm_val:
466 return new_perm
468 return new_perm
467 return cur_perm
469 return cur_perm
468 elif algo == 'lowerwin':
470 elif algo == 'lowerwin':
469 if new_perm_val < cur_perm_val:
471 if new_perm_val < cur_perm_val:
470 return new_perm
472 return new_perm
471 return cur_perm
473 return cur_perm
472
474
473 #======================================================================
475 #======================================================================
474 # fetch default permissions
476 # fetch default permissions
475 #======================================================================
477 #======================================================================
476 default_user = User.get_by_username('default', cache=True)
478 default_user = User.get_by_username('default', cache=True)
477 default_user_id = default_user.user_id
479 default_user_id = default_user.user_id
478
480
479 default_repo_perms = Permission.get_default_perms(default_user_id)
481 default_repo_perms = Permission.get_default_perms(default_user_id)
480 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
482 default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
481 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
483 default_user_group_perms = Permission.get_default_user_group_perms(default_user_id)
482
484
483 if user.is_admin:
485 if user.is_admin:
484 #==================================================================
486 #==================================================================
485 # admin user have all default rights for repositories
487 # admin user have all default rights for repositories
486 # and groups set to admin
488 # and groups set to admin
487 #==================================================================
489 #==================================================================
488 user.permissions[GLOBAL].add('hg.admin')
490 user.permissions[GLOBAL].add('hg.admin')
489
491
490 # repositories
492 # repositories
491 for perm in default_repo_perms:
493 for perm in default_repo_perms:
492 r_k = perm.UserRepoToPerm.repository.repo_name
494 r_k = perm.UserRepoToPerm.repository.repo_name
493 p = 'repository.admin'
495 p = 'repository.admin'
494 user.permissions[RK][r_k] = p
496 user.permissions[RK][r_k] = p
495
497
496 # repository groups
498 # repository groups
497 for perm in default_repo_groups_perms:
499 for perm in default_repo_groups_perms:
498 rg_k = perm.UserRepoGroupToPerm.group.group_name
500 rg_k = perm.UserRepoGroupToPerm.group.group_name
499 p = 'group.admin'
501 p = 'group.admin'
500 user.permissions[GK][rg_k] = p
502 user.permissions[GK][rg_k] = p
501
503
502 # user groups
504 # user groups
503 for perm in default_user_group_perms:
505 for perm in default_user_group_perms:
504 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
506 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
505 p = 'usergroup.admin'
507 p = 'usergroup.admin'
506 user.permissions[UK][u_k] = p
508 user.permissions[UK][u_k] = p
507 return user
509 return user
508
510
509 #==================================================================
511 #==================================================================
510 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
512 # SET DEFAULTS GLOBAL, REPOS, REPOSITORY GROUPS
511 #==================================================================
513 #==================================================================
512 uid = user.user_id
514 uid = user.user_id
513
515
514 # default global permissions taken fron the default user
516 # default global permissions taken fron the default user
515 default_global_perms = self.sa.query(UserToPerm)\
517 default_global_perms = self.sa.query(UserToPerm)\
516 .filter(UserToPerm.user_id == default_user_id)
518 .filter(UserToPerm.user_id == default_user_id)
517
519
518 for perm in default_global_perms:
520 for perm in default_global_perms:
519 user.permissions[GLOBAL].add(perm.permission.permission_name)
521 user.permissions[GLOBAL].add(perm.permission.permission_name)
520
522
521 # defaults for repositories, taken from default user
523 # defaults for repositories, taken from default user
522 for perm in default_repo_perms:
524 for perm in default_repo_perms:
523 r_k = perm.UserRepoToPerm.repository.repo_name
525 r_k = perm.UserRepoToPerm.repository.repo_name
524 if perm.Repository.private and not (perm.Repository.user_id == uid):
526 if perm.Repository.private and not (perm.Repository.user_id == uid):
525 # disable defaults for private repos,
527 # disable defaults for private repos,
526 p = 'repository.none'
528 p = 'repository.none'
527 elif perm.Repository.user_id == uid:
529 elif perm.Repository.user_id == uid:
528 # set admin if owner
530 # set admin if owner
529 p = 'repository.admin'
531 p = 'repository.admin'
530 else:
532 else:
531 p = perm.Permission.permission_name
533 p = perm.Permission.permission_name
532
534
533 user.permissions[RK][r_k] = p
535 user.permissions[RK][r_k] = p
534
536
535 # defaults for repository groups taken from default user permission
537 # defaults for repository groups taken from default user permission
536 # on given group
538 # on given group
537 for perm in default_repo_groups_perms:
539 for perm in default_repo_groups_perms:
538 rg_k = perm.UserRepoGroupToPerm.group.group_name
540 rg_k = perm.UserRepoGroupToPerm.group.group_name
539 p = perm.Permission.permission_name
541 p = perm.Permission.permission_name
540 user.permissions[GK][rg_k] = p
542 user.permissions[GK][rg_k] = p
541
543
542 # defaults for user groups taken from default user permission
544 # defaults for user groups taken from default user permission
543 # on given user group
545 # on given user group
544 for perm in default_user_group_perms:
546 for perm in default_user_group_perms:
545 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
547 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
546 p = perm.Permission.permission_name
548 p = perm.Permission.permission_name
547 user.permissions[UK][u_k] = p
549 user.permissions[UK][u_k] = p
548
550
549 #======================================================================
551 #======================================================================
550 # !! OVERRIDE GLOBALS !! with user permissions if any found
552 # !! OVERRIDE GLOBALS !! with user permissions if any found
551 #======================================================================
553 #======================================================================
552 # those can be configured from groups or users explicitly
554 # those can be configured from groups or users explicitly
553 _configurable = set([
555 _configurable = set([
554 'hg.fork.none', 'hg.fork.repository',
556 'hg.fork.none', 'hg.fork.repository',
555 'hg.create.none', 'hg.create.repository',
557 'hg.create.none', 'hg.create.repository',
556 'hg.usergroup.create.false', 'hg.usergroup.create.true'
558 'hg.usergroup.create.false', 'hg.usergroup.create.true'
557 ])
559 ])
558
560
559 # USER GROUPS comes first
561 # USER GROUPS comes first
560 # user group global permissions
562 # user group global permissions
561 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
563 user_perms_from_users_groups = self.sa.query(UserGroupToPerm)\
562 .options(joinedload(UserGroupToPerm.permission))\
564 .options(joinedload(UserGroupToPerm.permission))\
563 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
565 .join((UserGroupMember, UserGroupToPerm.users_group_id ==
564 UserGroupMember.users_group_id))\
566 UserGroupMember.users_group_id))\
565 .filter(UserGroupMember.user_id == uid)\
567 .filter(UserGroupMember.user_id == uid)\
566 .order_by(UserGroupToPerm.users_group_id)\
568 .order_by(UserGroupToPerm.users_group_id)\
567 .all()
569 .all()
568 #need to group here by groups since user can be in more than one group
570 #need to group here by groups since user can be in more than one group
569 _grouped = [[x, list(y)] for x, y in
571 _grouped = [[x, list(y)] for x, y in
570 itertools.groupby(user_perms_from_users_groups,
572 itertools.groupby(user_perms_from_users_groups,
571 lambda x:x.users_group)]
573 lambda x:x.users_group)]
572 for gr, perms in _grouped:
574 for gr, perms in _grouped:
573 # since user can be in multiple groups iterate over them and
575 # since user can be in multiple groups iterate over them and
574 # select the lowest permissions first (more explicit)
576 # select the lowest permissions first (more explicit)
575 ##TODO: do this^^
577 ##TODO: do this^^
576 if not gr.inherit_default_permissions:
578 if not gr.inherit_default_permissions:
577 # NEED TO IGNORE all configurable permissions and
579 # NEED TO IGNORE all configurable permissions and
578 # replace them with explicitly set
580 # replace them with explicitly set
579 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
581 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
580 .difference(_configurable)
582 .difference(_configurable)
581 for perm in perms:
583 for perm in perms:
582 user.permissions[GLOBAL].add(perm.permission.permission_name)
584 user.permissions[GLOBAL].add(perm.permission.permission_name)
583
585
584 # user specific global permissions
586 # user specific global permissions
585 user_perms = self.sa.query(UserToPerm)\
587 user_perms = self.sa.query(UserToPerm)\
586 .options(joinedload(UserToPerm.permission))\
588 .options(joinedload(UserToPerm.permission))\
587 .filter(UserToPerm.user_id == uid).all()
589 .filter(UserToPerm.user_id == uid).all()
588
590
589 if not user.inherit_default_permissions:
591 if not user.inherit_default_permissions:
590 # NEED TO IGNORE all configurable permissions and
592 # NEED TO IGNORE all configurable permissions and
591 # replace them with explicitly set
593 # replace them with explicitly set
592 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
594 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
593 .difference(_configurable)
595 .difference(_configurable)
594
596
595 for perm in user_perms:
597 for perm in user_perms:
596 user.permissions[GLOBAL].add(perm.permission.permission_name)
598 user.permissions[GLOBAL].add(perm.permission.permission_name)
597 ## END GLOBAL PERMISSIONS
599 ## END GLOBAL PERMISSIONS
598
600
599 #======================================================================
601 #======================================================================
600 # !! PERMISSIONS FOR REPOSITORIES !!
602 # !! PERMISSIONS FOR REPOSITORIES !!
601 #======================================================================
603 #======================================================================
602 #======================================================================
604 #======================================================================
603 # check if user is part of user groups for this repository and
605 # check if user is part of user groups for this repository and
604 # fill in his permission from it. _choose_perm decides of which
606 # fill in his permission from it. _choose_perm decides of which
605 # permission should be selected based on selected method
607 # permission should be selected based on selected method
606 #======================================================================
608 #======================================================================
607
609
608 # user group for repositories permissions
610 # user group for repositories permissions
609 user_repo_perms_from_users_groups = \
611 user_repo_perms_from_users_groups = \
610 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\
612 self.sa.query(UserGroupRepoToPerm, Permission, Repository,)\
611 .join((Repository, UserGroupRepoToPerm.repository_id ==
613 .join((Repository, UserGroupRepoToPerm.repository_id ==
612 Repository.repo_id))\
614 Repository.repo_id))\
613 .join((Permission, UserGroupRepoToPerm.permission_id ==
615 .join((Permission, UserGroupRepoToPerm.permission_id ==
614 Permission.permission_id))\
616 Permission.permission_id))\
615 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
617 .join((UserGroupMember, UserGroupRepoToPerm.users_group_id ==
616 UserGroupMember.users_group_id))\
618 UserGroupMember.users_group_id))\
617 .filter(UserGroupMember.user_id == uid)\
619 .filter(UserGroupMember.user_id == uid)\
618 .all()
620 .all()
619
621
620 multiple_counter = collections.defaultdict(int)
622 multiple_counter = collections.defaultdict(int)
621 for perm in user_repo_perms_from_users_groups:
623 for perm in user_repo_perms_from_users_groups:
622 r_k = perm.UserGroupRepoToPerm.repository.repo_name
624 r_k = perm.UserGroupRepoToPerm.repository.repo_name
623 multiple_counter[r_k] += 1
625 multiple_counter[r_k] += 1
624 p = perm.Permission.permission_name
626 p = perm.Permission.permission_name
625 cur_perm = user.permissions[RK][r_k]
627 cur_perm = user.permissions[RK][r_k]
626
628
627 if perm.Repository.user_id == uid:
629 if perm.Repository.user_id == uid:
628 # set admin if owner
630 # set admin if owner
629 p = 'repository.admin'
631 p = 'repository.admin'
630 else:
632 else:
631 if multiple_counter[r_k] > 1:
633 if multiple_counter[r_k] > 1:
632 p = _choose_perm(p, cur_perm)
634 p = _choose_perm(p, cur_perm)
633 user.permissions[RK][r_k] = p
635 user.permissions[RK][r_k] = p
634
636
635 # user explicit permissions for repositories, overrides any specified
637 # user explicit permissions for repositories, overrides any specified
636 # by the group permission
638 # by the group permission
637 user_repo_perms = Permission.get_default_perms(uid)
639 user_repo_perms = Permission.get_default_perms(uid)
638 for perm in user_repo_perms:
640 for perm in user_repo_perms:
639 r_k = perm.UserRepoToPerm.repository.repo_name
641 r_k = perm.UserRepoToPerm.repository.repo_name
640 cur_perm = user.permissions[RK][r_k]
642 cur_perm = user.permissions[RK][r_k]
641 # set admin if owner
643 # set admin if owner
642 if perm.Repository.user_id == uid:
644 if perm.Repository.user_id == uid:
643 p = 'repository.admin'
645 p = 'repository.admin'
644 else:
646 else:
645 p = perm.Permission.permission_name
647 p = perm.Permission.permission_name
646 if not explicit:
648 if not explicit:
647 p = _choose_perm(p, cur_perm)
649 p = _choose_perm(p, cur_perm)
648 user.permissions[RK][r_k] = p
650 user.permissions[RK][r_k] = p
649
651
650 #======================================================================
652 #======================================================================
651 # !! PERMISSIONS FOR REPOSITORY GROUPS !!
653 # !! PERMISSIONS FOR REPOSITORY GROUPS !!
652 #======================================================================
654 #======================================================================
653 #======================================================================
655 #======================================================================
654 # check if user is part of user groups for this repository groups and
656 # check if user is part of user groups for this repository groups and
655 # fill in his permission from it. _choose_perm decides of which
657 # fill in his permission from it. _choose_perm decides of which
656 # permission should be selected based on selected method
658 # permission should be selected based on selected method
657 #======================================================================
659 #======================================================================
658 # user group for repo groups permissions
660 # user group for repo groups permissions
659 user_repo_group_perms_from_users_groups = \
661 user_repo_group_perms_from_users_groups = \
660 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
662 self.sa.query(UserGroupRepoGroupToPerm, Permission, RepoGroup)\
661 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
663 .join((RepoGroup, UserGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
662 .join((Permission, UserGroupRepoGroupToPerm.permission_id
664 .join((Permission, UserGroupRepoGroupToPerm.permission_id
663 == Permission.permission_id))\
665 == Permission.permission_id))\
664 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
666 .join((UserGroupMember, UserGroupRepoGroupToPerm.users_group_id
665 == UserGroupMember.users_group_id))\
667 == UserGroupMember.users_group_id))\
666 .filter(UserGroupMember.user_id == uid)\
668 .filter(UserGroupMember.user_id == uid)\
667 .all()
669 .all()
668
670
669 multiple_counter = collections.defaultdict(int)
671 multiple_counter = collections.defaultdict(int)
670 for perm in user_repo_group_perms_from_users_groups:
672 for perm in user_repo_group_perms_from_users_groups:
671 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
673 g_k = perm.UserGroupRepoGroupToPerm.group.group_name
672 multiple_counter[g_k] += 1
674 multiple_counter[g_k] += 1
673 p = perm.Permission.permission_name
675 p = perm.Permission.permission_name
674 cur_perm = user.permissions[GK][g_k]
676 cur_perm = user.permissions[GK][g_k]
675 if multiple_counter[g_k] > 1:
677 if multiple_counter[g_k] > 1:
676 p = _choose_perm(p, cur_perm)
678 p = _choose_perm(p, cur_perm)
677 user.permissions[GK][g_k] = p
679 user.permissions[GK][g_k] = p
678
680
679 # user explicit permissions for repository groups
681 # user explicit permissions for repository groups
680 user_repo_groups_perms = Permission.get_default_group_perms(uid)
682 user_repo_groups_perms = Permission.get_default_group_perms(uid)
681 for perm in user_repo_groups_perms:
683 for perm in user_repo_groups_perms:
682 rg_k = perm.UserRepoGroupToPerm.group.group_name
684 rg_k = perm.UserRepoGroupToPerm.group.group_name
683 p = perm.Permission.permission_name
685 p = perm.Permission.permission_name
684 cur_perm = user.permissions[GK][rg_k]
686 cur_perm = user.permissions[GK][rg_k]
685 if not explicit:
687 if not explicit:
686 p = _choose_perm(p, cur_perm)
688 p = _choose_perm(p, cur_perm)
687 user.permissions[GK][rg_k] = p
689 user.permissions[GK][rg_k] = p
688
690
689 #======================================================================
691 #======================================================================
690 # !! PERMISSIONS FOR USER GROUPS !!
692 # !! PERMISSIONS FOR USER GROUPS !!
691 #======================================================================
693 #======================================================================
692 # user group for user group permissions
694 # user group for user group permissions
693 user_group_user_groups_perms = \
695 user_group_user_groups_perms = \
694 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\
696 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\
695 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
697 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
696 == UserGroup.users_group_id))\
698 == UserGroup.users_group_id))\
697 .join((Permission, UserGroupUserGroupToPerm.permission_id
699 .join((Permission, UserGroupUserGroupToPerm.permission_id
698 == Permission.permission_id))\
700 == Permission.permission_id))\
699 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
701 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
700 == UserGroupMember.users_group_id))\
702 == UserGroupMember.users_group_id))\
701 .filter(UserGroupMember.user_id == uid)\
703 .filter(UserGroupMember.user_id == uid)\
702 .all()
704 .all()
703
705
704 multiple_counter = collections.defaultdict(int)
706 multiple_counter = collections.defaultdict(int)
705 for perm in user_group_user_groups_perms:
707 for perm in user_group_user_groups_perms:
706 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
708 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
707 multiple_counter[g_k] += 1
709 multiple_counter[g_k] += 1
708 p = perm.Permission.permission_name
710 p = perm.Permission.permission_name
709 cur_perm = user.permissions[UK][g_k]
711 cur_perm = user.permissions[UK][g_k]
710 if multiple_counter[g_k] > 1:
712 if multiple_counter[g_k] > 1:
711 p = _choose_perm(p, cur_perm)
713 p = _choose_perm(p, cur_perm)
712 user.permissions[UK][g_k] = p
714 user.permissions[UK][g_k] = p
713
715
714 #user explicit permission for user groups
716 #user explicit permission for user groups
715 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
717 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
716 for perm in user_user_groups_perms:
718 for perm in user_user_groups_perms:
717 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
719 u_k = perm.UserUserGroupToPerm.user_group.users_group_name
718 p = perm.Permission.permission_name
720 p = perm.Permission.permission_name
719 cur_perm = user.permissions[UK][u_k]
721 cur_perm = user.permissions[UK][u_k]
720 if not explicit:
722 if not explicit:
721 p = _choose_perm(p, cur_perm)
723 p = _choose_perm(p, cur_perm)
722 user.permissions[UK][u_k] = p
724 user.permissions[UK][u_k] = p
723
725
724 return user
726 return user
725
727
726 def has_perm(self, user, perm):
728 def has_perm(self, user, perm):
727 perm = self._get_perm(perm)
729 perm = self._get_perm(perm)
728 user = self._get_user(user)
730 user = self._get_user(user)
729
731
730 return UserToPerm.query().filter(UserToPerm.user == user)\
732 return UserToPerm.query().filter(UserToPerm.user == user)\
731 .filter(UserToPerm.permission == perm).scalar() is not None
733 .filter(UserToPerm.permission == perm).scalar() is not None
732
734
733 def grant_perm(self, user, perm):
735 def grant_perm(self, user, perm):
734 """
736 """
735 Grant user global permissions
737 Grant user global permissions
736
738
737 :param user:
739 :param user:
738 :param perm:
740 :param perm:
739 """
741 """
740 user = self._get_user(user)
742 user = self._get_user(user)
741 perm = self._get_perm(perm)
743 perm = self._get_perm(perm)
742 # if this permission is already granted skip it
744 # if this permission is already granted skip it
743 _perm = UserToPerm.query()\
745 _perm = UserToPerm.query()\
744 .filter(UserToPerm.user == user)\
746 .filter(UserToPerm.user == user)\
745 .filter(UserToPerm.permission == perm)\
747 .filter(UserToPerm.permission == perm)\
746 .scalar()
748 .scalar()
747 if _perm:
749 if _perm:
748 return
750 return
749 new = UserToPerm()
751 new = UserToPerm()
750 new.user = user
752 new.user = user
751 new.permission = perm
753 new.permission = perm
752 self.sa.add(new)
754 self.sa.add(new)
753
755
754 def revoke_perm(self, user, perm):
756 def revoke_perm(self, user, perm):
755 """
757 """
756 Revoke users global permissions
758 Revoke users global permissions
757
759
758 :param user:
760 :param user:
759 :param perm:
761 :param perm:
760 """
762 """
761 user = self._get_user(user)
763 user = self._get_user(user)
762 perm = self._get_perm(perm)
764 perm = self._get_perm(perm)
763
765
764 obj = UserToPerm.query()\
766 obj = UserToPerm.query()\
765 .filter(UserToPerm.user == user)\
767 .filter(UserToPerm.user == user)\
766 .filter(UserToPerm.permission == perm)\
768 .filter(UserToPerm.permission == perm)\
767 .scalar()
769 .scalar()
768 if obj:
770 if obj:
769 self.sa.delete(obj)
771 self.sa.delete(obj)
770
772
771 def add_extra_email(self, user, email):
773 def add_extra_email(self, user, email):
772 """
774 """
773 Adds email address to UserEmailMap
775 Adds email address to UserEmailMap
774
776
775 :param user:
777 :param user:
776 :param email:
778 :param email:
777 """
779 """
778 from rhodecode.model import forms
780 from rhodecode.model import forms
779 form = forms.UserExtraEmailForm()()
781 form = forms.UserExtraEmailForm()()
780 data = form.to_python(dict(email=email))
782 data = form.to_python(dict(email=email))
781 user = self._get_user(user)
783 user = self._get_user(user)
782
784
783 obj = UserEmailMap()
785 obj = UserEmailMap()
784 obj.user = user
786 obj.user = user
785 obj.email = data['email']
787 obj.email = data['email']
786 self.sa.add(obj)
788 self.sa.add(obj)
787 return obj
789 return obj
788
790
789 def delete_extra_email(self, user, email_id):
791 def delete_extra_email(self, user, email_id):
790 """
792 """
791 Removes email address from UserEmailMap
793 Removes email address from UserEmailMap
792
794
793 :param user:
795 :param user:
794 :param email_id:
796 :param email_id:
795 """
797 """
796 user = self._get_user(user)
798 user = self._get_user(user)
797 obj = UserEmailMap.query().get(email_id)
799 obj = UserEmailMap.query().get(email_id)
798 if obj:
800 if obj:
799 self.sa.delete(obj)
801 self.sa.delete(obj)
800
802
801 def add_extra_ip(self, user, ip):
803 def add_extra_ip(self, user, ip):
802 """
804 """
803 Adds ip address to UserIpMap
805 Adds ip address to UserIpMap
804
806
805 :param user:
807 :param user:
806 :param ip:
808 :param ip:
807 """
809 """
808 from rhodecode.model import forms
810 from rhodecode.model import forms
809 form = forms.UserExtraIpForm()()
811 form = forms.UserExtraIpForm()()
810 data = form.to_python(dict(ip=ip))
812 data = form.to_python(dict(ip=ip))
811 user = self._get_user(user)
813 user = self._get_user(user)
812
814
813 obj = UserIpMap()
815 obj = UserIpMap()
814 obj.user = user
816 obj.user = user
815 obj.ip_addr = data['ip']
817 obj.ip_addr = data['ip']
816 self.sa.add(obj)
818 self.sa.add(obj)
817 return obj
819 return obj
818
820
819 def delete_extra_ip(self, user, ip_id):
821 def delete_extra_ip(self, user, ip_id):
820 """
822 """
821 Removes ip address from UserIpMap
823 Removes ip address from UserIpMap
822
824
823 :param user:
825 :param user:
824 :param ip_id:
826 :param ip_id:
825 """
827 """
826 user = self._get_user(user)
828 user = self._get_user(user)
827 obj = UserIpMap.query().get(ip_id)
829 obj = UserIpMap.query().get(ip_id)
828 if obj:
830 if obj:
829 self.sa.delete(obj)
831 self.sa.delete(obj)
General Comments 0
You need to be logged in to leave comments. Login now