upstream/kallithea Commit - r2278:24095abd

print statement cleanup

marcink -

r2278:24095abd beta

parent child

rhodecode/lib/auth.py

0 +1 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.auth
                 ~~~~~~~~~~~~~~~~~~
                 authentication and permission libraries
                 :created_on: Apr 4, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import random
             import logging
             import traceback
             import hashlib
             from tempfile import _RandomNameSequence
             from decorator import decorator
             from pylons import config, url, request
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS
             from rhodecode.model.meta import Session
             if __platform__ in PLATFORM_WIN:
                 from hashlib import sha256
             if __platform__ in PLATFORM_OTHERS:
                 import bcrypt
             from rhodecode.lib.utils2 import str2bool, safe_unicode
             from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
             from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
             from rhodecode.lib.auth_ldap import AuthLdap
             from rhodecode.model import meta
             from rhodecode.model.user import UserModel
             from rhodecode.model.db import Permission, RhodeCodeSetting, User
             log = logging.getLogger(__name__)
             class PasswordGenerator(object):
                 """
                 This is a simple class for generating password from different sets of
                 characters
                 usage::
                     passwd_gen = PasswordGenerator()
                     #print 8-letter password containing only big and small letters
                         of alphabet
-                    print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
+                    passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
                 """
                 ALPHABETS_NUM = r'''1234567890'''
                 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
                 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
                 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
                 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
                     + ALPHABETS_NUM + ALPHABETS_SPECIAL
                 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
                 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
                 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
                 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
                 def __init__(self, passwd=''):
                     self.passwd = passwd
                 def gen_password(self, length, type_=None):
                     if type_ is None:
                         type_ = self.ALPHABETS_FULL
                     self.passwd = ''.join([random.choice(type_) for _ in xrange(length)])
                     return self.passwd
             class RhodeCodeCrypto(object):
                 @classmethod
                 def hash_string(cls, str_):
                     """
                     Cryptographic function used for password hashing based on pybcrypt
                     or pycrypto in windows
                     :param password: password to hash
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(str_).hexdigest()
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(str_, bcrypt.gensalt(10))
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
                 @classmethod
                 def hash_check(cls, password, hashed):
                     """
                     Checks matching password with it's hashed value, runs different
                     implementation based on platform it runs on
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(password).hexdigest() == hashed
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(password, hashed) == hashed
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
             def get_crypt_password(password):
                 return RhodeCodeCrypto.hash_string(password)
             def check_password(password, hashed):
                 return RhodeCodeCrypto.hash_check(password, hashed)
             def generate_api_key(str_, salt=None):
                 """
                 Generates API KEY from given string
                 :param str_:
                 :param salt:
                 """
                 if salt is None:
                     salt = _RandomNameSequence().next()
                 return hashlib.sha1(str_ + salt).hexdigest()
             def authfunc(environ, username, password):
                 """
                 Dummy authentication wrapper function used in Mercurial and Git for
                 access control.
                 :param environ: needed only for using in Basic auth
                 """
                 return authenticate(username, password)
             def authenticate(username, password):
                 """
                 Authentication function used for access control,
                 firstly checks for db authentication then if ldap is enabled for ldap
                 authentication, also creates ldap user if not in database
                 :param username: username
                 :param password: password
                 """
                 user_model = UserModel()
                 user = User.get_by_username(username)
                 log.debug('Authenticating user using RhodeCode account')
                 if user is not None and not user.ldap_dn:
                     if user.active:
                         if user.username == 'default' and user.active:
                             log.info('user %s authenticated correctly as anonymous user' %
                                      username)
                             return True
                         elif user.username == username and check_password(password,
                                                                           user.password):
                             log.info('user %s authenticated correctly' % username)
                             return True
                     else:
                         log.warning('user %s tried auth but is disabled' % username)
                 else:
                     log.debug('Regular authentication failed')
                     user_obj = User.get_by_username(username, case_insensitive=True)
                     if user_obj is not None and not user_obj.ldap_dn:
                         log.debug('this user already exists as non ldap')
                         return False
                     ldap_settings = RhodeCodeSetting.get_ldap_settings()
                     #======================================================================
                     # FALLBACK TO LDAP AUTH IF ENABLE
                     #======================================================================
                     if str2bool(ldap_settings.get('ldap_active')):
                         log.debug("Authenticating user using ldap")
                         kwargs = {
                               'server': ldap_settings.get('ldap_host', ''),
                               'base_dn': ldap_settings.get('ldap_base_dn', ''),
                               'port': ldap_settings.get('ldap_port'),
                               'bind_dn': ldap_settings.get('ldap_dn_user'),
                               'bind_pass': ldap_settings.get('ldap_dn_pass'),
                               'tls_kind': ldap_settings.get('ldap_tls_kind'),
                               'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                               'ldap_filter': ldap_settings.get('ldap_filter'),
                               'search_scope': ldap_settings.get('ldap_search_scope'),
                               'attr_login': ldap_settings.get('ldap_attr_login'),
                               'ldap_version': 3,
                               }
                         log.debug('Checking for ldap authentication')
                         try:
                             aldap = AuthLdap(**kwargs)
                             (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                             password)
                             log.debug('Got ldap DN response %s' % user_dn)
                             get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\
                                                                        .get(k), [''])[0]
                             user_attrs = {
                              'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')),
                              'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                              'email': get_ldap_attr('ldap_attr_email'),
                             }
                             # don't store LDAP password since we don't need it. Override
                             # with some random generated password
                             _password = PasswordGenerator().gen_password(length=8)
                             # create this user on the fly if it doesn't exist in rhodecode
                             # database
                             if user_model.create_ldap(username, _password, user_dn,
                                                       user_attrs):
                                 log.info('created new ldap user %s' % username)
                             Session.commit()
                             return True
                         except (LdapUsernameError, LdapPasswordError,):
                             pass
                         except (Exception,):
                             log.error(traceback.format_exc())
                             pass
                 return False
             def login_container_auth(username):
                 user = User.get_by_username(username)
                 if user is None:
                     user_attrs = {
                         'name': username,
                         'lastname': None,
                         'email': None,
                     }
                     user = UserModel().create_for_container_auth(username, user_attrs)
                     if not user:
                         return None
                     log.info('User %s was created by container authentication' % username)
                 if not user.active:
                     return None
                 user.update_lastlogin()
                 Session.commit()
                 log.debug('User %s is now logged in by container authentication',
                           user.username)
                 return user
             def get_container_username(environ, config):
                 username = None
                 if str2bool(config.get('container_auth_enabled', False)):
                     from paste.httpheaders import REMOTE_USER
                     username = REMOTE_USER(environ)
                 if not username and str2bool(config.get('proxypass_auth_enabled', False)):
                     username = environ.get('HTTP_X_FORWARDED_USER')
                 if username:
                     # Removing realm and domain from username
                     username = username.partition('@')[0]
                     username = username.rpartition('\\')[2]
                     log.debug('Received username %s from container' % username)
                 return username
             class CookieStoreWrapper(object):
                 def __init__(self, cookie_store):
                     self.cookie_store = cookie_store
                 def __repr__(self):
                     return 'CookieStore<%s>' % (self.cookie_store)
                 def get(self, key, other=None):
                     if isinstance(self.cookie_store, dict):
                         return self.cookie_store.get(key, other)
                     elif isinstance(self.cookie_store, AuthUser):
                         return self.cookie_store.__dict__.get(key, other)
             class  AuthUser(object):
                 """
                 A simple object that handles all attributes of user in RhodeCode
                 It does lookup based on API key,given user, or user present in session
                 Then it fills all required information for such user. It also checks if
                 anonymous access is enabled and if so, it returns default user as logged
                 in
                 """
                 def __init__(self, user_id=None, api_key=None, username=None):
                     self.user_id = user_id
                     self.api_key = None
                     self.username = username
                     self.name = ''
                     self.lastname = ''
                     self.email = ''
                     self.is_authenticated = False
                     self.admin = False
                     self.permissions = {}
                     self._api_key = api_key
                     self.propagate_data()
                     self._instance = None
                 def propagate_data(self):
                     user_model = UserModel()
                     self.anonymous_user = User.get_by_username('default', cache=True)
                     is_user_loaded = False
                     # try go get user by api key
                     if self._api_key and self._api_key != self.anonymous_user.api_key:
                         log.debug('Auth User lookup by API KEY %s' % self._api_key)
                         is_user_loaded = user_model.fill_data(self, api_key=self._api_key)
                     # lookup by userid
                     elif (self.user_id is not None and
                           self.user_id != self.anonymous_user.user_id):
                         log.debug('Auth User lookup by USER ID %s' % self.user_id)
                         is_user_loaded = user_model.fill_data(self, user_id=self.user_id)
                     # lookup by username
                     elif self.username and \
                         str2bool(config.get('container_auth_enabled', False)):
                         log.debug('Auth User lookup by USER NAME %s' % self.username)
                         dbuser = login_container_auth(self.username)
                         if dbuser is not None:
                             for k, v in dbuser.get_dict().items():
                                 setattr(self, k, v)
                             self.set_authenticated()
                             is_user_loaded = True
                     else:
                         log.debug('No data in %s that could been used to log in' % self)
                     if not is_user_loaded:
                         # if we cannot authenticate user try anonymous
                         if self.anonymous_user.active is True:
                             user_model.fill_data(self, user_id=self.anonymous_user.user_id)
                             # then we set this user is logged in
                             self.is_authenticated = True
                         else:
                             self.user_id = None
                             self.username = None
                             self.is_authenticated = False
                     if not self.username:
                         self.username = 'None'
                     log.debug('Auth User is now %s' % self)
                     user_model.fill_perms(self)
                 @property
                 def is_admin(self):
                     return self.admin
                 def __repr__(self):
                     return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                                           self.is_authenticated)
                 def set_authenticated(self, authenticated=True):
                     if self.user_id != self.anonymous_user.user_id:
                         self.is_authenticated = authenticated
                 def get_cookie_store(self):
                     return {'username': self.username,
                             'user_id': self.user_id,
                             'is_authenticated': self.is_authenticated}
                 @classmethod
                 def from_cookie_store(cls, cookie_store):
                     """
                     Creates AuthUser from a cookie store
                     :param cls:
                     :param cookie_store:
                     """
                     user_id = cookie_store.get('user_id')
                     username = cookie_store.get('username')
                     api_key = cookie_store.get('api_key')
                     return AuthUser(user_id, api_key, username)
             def set_available_permissions(config):
                 """
                 This function will propagate pylons globals with all available defined
                 permission given in db. We don't want to check each time from db for new
                 permissions since adding a new permission also requires application restart
                 ie. to decorate new views with the newly created permission
                 :param config: current pylons config instance
                 """
                 log.info('getting information about all available permissions')
                 try:
                     sa = meta.Session
                     all_perms = sa.query(Permission).all()
                 except Exception:
                     pass
                 finally:
                     meta.Session.remove()
                 config['available_permissions'] = [x.permission_name for x in all_perms]
             #==============================================================================
             # CHECK DECORATORS
             #==============================================================================
             class LoginRequired(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page
                 :param api_access: if enabled this checks only for valid auth token
                     and grants access based on valid token
                 """
                 def __init__(self, api_access=False):
                     self.api_access = api_access
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     user = cls.rhodecode_user
                     api_access_ok = False
                     if self.api_access:
                         log.debug('Checking API KEY access for %s' % cls)
                         if user.api_key == request.GET.get('api_key'):
                             api_access_ok = True
                         else:
                             log.debug("API KEY token not valid")
                     loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
                     log.debug('Checking if %s is authenticated @ %s' % (user.username, loc))
                     if user.is_authenticated or api_access_ok:
                         log.info('user %s is authenticated and granted access to %s' % (
                                    user.username, loc)
                         )
                         return func(*fargs, **fkwargs)
                     else:
                         log.warn('user %s NOT authenticated on func: %s' % (
                             user, loc)
                         )
                         p = url.current()
                         log.debug('redirecting to login page with %s' % p)
                         return redirect(url('login_home', came_from=p))
             class NotAnonymous(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page"""
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     log.debug('Checking if user is not anonymous @%s' % cls)
                     anonymous = self.user.username == 'default'
                     if anonymous:
                         p = url.current()
                         import rhodecode.lib.helpers as h
                         h.flash(_('You need to be a registered user to '
                                   'perform this action'),
                                 category='warning')
                         return redirect(url('login_home', came_from=p))
                     else:
                         return func(*fargs, **fkwargs)
             class PermsDecorator(object):
                 """Base class for controller decorators"""
                 def __init__(self, *required_perms):
                     available_perms = config['available_permissions']
                     for perm in required_perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(required_perms)
                     self.user_perms = None
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     self.user_perms = self.user.permissions
                     log.debug('checking %s permissions %s for %s %s',
                        self.__class__.__name__, self.required_perms, cls, self.user)
                     if self.check_permissions():
                         log.debug('Permission granted for %s %s' % (cls, self.user))
                         return func(*fargs, **fkwargs)
                     else:
                         log.debug('Permission denied for %s %s' % (cls, self.user))
                         anonymous = self.user.username == 'default'
                         if anonymous:
                             p = url.current()
                             import rhodecode.lib.helpers as h
                             h.flash(_('You need to be a signed in to '
                                       'view this page'),
                                     category='warning')
                             return redirect(url('login_home', came_from=p))
                         else:
                             # redirect with forbidden ret code
                             return abort(403)
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates. All of them
                 have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates. In order to
                 fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAllDecorator(PermsDecorator):
                 """
                 Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAnyDecorator(PermsDecorator):
                 """
                 Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     group_name = get_repos_group_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories_groups'][group_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             #==============================================================================
             # CHECK FUNCTIONS
             #==============================================================================
             class PermsFunction(object):
                 """Base function for other check functions"""
                 def __init__(self, *perms):
                     available_perms = config['available_permissions']
                     for perm in perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(perms)
                     self.user_perms = None
                     self.repo_name = None
                     self.group_name = None
                 def __call__(self, check_Location=''):
                     user = request.user
                     cls_name = self.__class__.__name__
                     check_scope = {
                         'HasPermissionAll': '',
                         'HasPermissionAny': '',
                         'HasRepoPermissionAll': 'repo:%s' % self.repo_name,
                         'HasRepoPermissionAny': 'repo:%s' % self.repo_name,
                         'HasReposGroupPermissionAll': 'group:%s' % self.group_name,
                         'HasReposGroupPermissionAny': 'group:%s' % self.group_name,
                     }.get(cls_name, '?')
                     log.debug('checking cls:%s %s usr:%s %s @ %s', cls_name,
                               self.required_perms, user, check_scope,
                               check_Location or 'unspecified location')
                     if not user:
                         log.debug('Empty request user')
                         return False
                     self.user_perms = user.permissions
                     if self.check_permissions():
                         log.debug('Permission granted for user: %s @ %s', user,
                                   check_Location or 'unspecified location')
                         return True
                     else:
                         log.debug('Permission denied for user: %s @ %s', user,
                                     check_Location or 'unspecified location')
                         return False
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAll(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAny(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAll(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAll, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.issubset(self._user_perms):
                         return True
                     return False
             class HasRepoPermissionAny(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories'][self.repo_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.intersection(self._user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAny(PermsFunction):
                 def __call__(self, group_name=None, check_Location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.intersection(self._user_perms):
                         return True
                     return False
             class HasReposGroupPermissionAll(PermsFunction):
                 def __call__(self, group_name=None, check_Location=''):
                     self.group_name = group_name
                     return super(HasReposGroupPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     try:
                         self._user_perms = set(
                             [self.user_perms['repositories_groups'][self.group_name]]
                         )
                     except KeyError:
                         return False
                     if self.required_perms.issubset(self._user_perms):
                         return True
                     return False
             #==============================================================================
             # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
             #==============================================================================
             class HasPermissionAnyMiddleware(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, user, repo_name):
                     # repo_name MUST be unicode, since we handle keys in permission
                     # dict by unicode
                     repo_name = safe_unicode(repo_name)
                     usr = AuthUser(user.user_id)
                     try:
                         self.user_perms = set([usr.permissions['repositories'][repo_name]])
                     except Exception:
                         log.error('Exception while accessing permissions %s' %
                                   traceback.format_exc())
                         self.user_perms = set()
                     self.username = user.username
                     self.repo_name = repo_name
                     return self.check_permissions()
                 def check_permissions(self):
                     log.debug('checking mercurial protocol '
                               'permissions %s for user:%s repository:%s', self.user_perms,
                                                             self.username, self.repo_name)
                     if self.required_perms.intersection(self.user_perms):
                         log.debug('permission granted for user:%s on repo:%s' % (
                                       self.username, self.repo_name
                                  )
                         )
                         return True
                     log.debug('permission denied for user:%s on repo:%s' % (
                                   self.username, self.repo_name
                              )
                     )
                     return False

rhodecode/lib/utils2.py

0 0 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.utils
                 ~~~~~~~~~~~~~~~~~~~
                 Some simple helper functions
                 :created_on: Jan 5, 2011
                 :author: marcink
                 :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import re
             from rhodecode.lib.vcs.utils.lazy import LazyProperty
             def __get_lem():
                 """
                 Get language extension map based on what's inside pygments lexers
                 """
                 from pygments import lexers
                 from string import lower
                 from collections import defaultdict
                 d = defaultdict(lambda: [])
                 def __clean(s):
                     s = s.lstrip('*')
                     s = s.lstrip('.')
                     if s.find('[') != -1:
                         exts = []
                         start, stop = s.find('['), s.find(']')
                         for suffix in s[start + 1:stop]:
                             exts.append(s[:s.find('[')] + suffix)
                         return map(lower, exts)
                     else:
                         return map(lower, [s])
                 for lx, t in sorted(lexers.LEXERS.items()):
                     m = map(__clean, t[-2])
                     if m:
                         m = reduce(lambda x, y: x + y, m)
                         for ext in m:
                             desc = lx.replace('Lexer', '')
                             d[ext].append(desc)
                 return dict(d)
             def str2bool(_str):
                 """
                 returs True/False value from given string, it tries to translate the
                 string into boolean
                 :param _str: string value to translate into boolean
                 :rtype: boolean
                 :returns: boolean from given string
                 """
                 if _str is None:
                     return False
                 if _str in (True, False):
                     return _str
                 _str = str(_str).strip().lower()
                 return _str in ('t', 'true', 'y', 'yes', 'on', '1')
             def convert_line_endings(line, mode):
                 """
                 Converts a given line  "line end" accordingly to given mode
                 Available modes are::
 - Unix
 - Mac
 - DOS
                 :param line: given line to convert
                 :param mode: mode to convert to
                 :rtype: str
                 :return: converted line according to mode
                 """
                 from string import replace
                 if mode == 0:
                         line = replace(line, '\r\n', '\n')
                         line = replace(line, '\r', '\n')
                 elif mode == 1:
                         line = replace(line, '\r\n', '\r')
                         line = replace(line, '\n', '\r')
                 elif mode == 2:
                         line = re.sub("\r(?!\n)|(?<!\r)\n", "\r\n", line)
                 return line
             def detect_mode(line, default):
                 """
                 Detects line break for given line, if line break couldn't be found
                 given default value is returned
                 :param line: str line
                 :param default: default
                 :rtype: int
                 :return: value of line end on of 0 - Unix, 1 - Mac, 2 - DOS
                 """
                 if line.endswith('\r\n'):
                     return 2
                 elif line.endswith('\n'):
                     return 0
                 elif line.endswith('\r'):
                     return 1
                 else:
                     return default
             def generate_api_key(username, salt=None):
                 """
                 Generates unique API key for given username, if salt is not given
                 it'll be generated from some random string
                 :param username: username as string
                 :param salt: salt to hash generate KEY
                 :rtype: str
                 :returns: sha1 hash from username+salt
                 """
                 from tempfile import _RandomNameSequence
                 import hashlib
                 if salt is None:
                     salt = _RandomNameSequence().next()
                 return hashlib.sha1(username + salt).hexdigest()
             def safe_unicode(str_, from_encoding=None):
                 """
                 safe unicode function. Does few trick to turn str_ into unicode
                 In case of UnicodeDecode error we try to return it with encoding detected
                 by chardet library if it fails fallback to unicode with errors replaced
                 :param str_: string to decode
                 :rtype: unicode
                 :returns: unicode object
                 """
                 if isinstance(str_, unicode):
                     return str_
                 if not from_encoding:
                     import rhodecode
                     DEFAULT_ENCODING = rhodecode.CONFIG.get('default_encoding','utf8')
                     from_encoding = DEFAULT_ENCODING
                 try:
                     return unicode(str_)
                 except UnicodeDecodeError:
                     pass
                 try:
                     return unicode(str_, from_encoding)
                 except UnicodeDecodeError:
                     pass
                 try:
                     import chardet
                     encoding = chardet.detect(str_)['encoding']
                     if encoding is None:
                         raise Exception()
                     return str_.decode(encoding)
                 except (ImportError, UnicodeDecodeError, Exception):
                     return unicode(str_, from_encoding, 'replace')
             def safe_str(unicode_, to_encoding=None):
                 """
                 safe str function. Does few trick to turn unicode_ into string
                 In case of UnicodeEncodeError we try to return it with encoding detected
                 by chardet library if it fails fallback to string with errors replaced
                 :param unicode_: unicode to encode
                 :rtype: str
                 :returns: str object
                 """
                 # if it's not basestr cast to str
                 if not isinstance(unicode_, basestring):
                     return str(unicode_)
                 if isinstance(unicode_, str):
                     return unicode_
                 if not to_encoding:
                     import rhodecode
                     DEFAULT_ENCODING = rhodecode.CONFIG.get('default_encoding','utf8')
                     to_encoding = DEFAULT_ENCODING
                 try:
                     return unicode_.encode(to_encoding)
                 except UnicodeEncodeError:
                     pass
                 try:
                     import chardet
                     encoding = chardet.detect(unicode_)['encoding']
-                    print encoding
                     if encoding is None:
                         raise UnicodeEncodeError()
                     return unicode_.encode(encoding)
                 except (ImportError, UnicodeEncodeError):
                     return unicode_.encode(to_encoding, 'replace')
                 return safe_str
             def engine_from_config(configuration, prefix='sqlalchemy.', **kwargs):
                 """
                 Custom engine_from_config functions that makes sure we use NullPool for
                 file based sqlite databases. This prevents errors on sqlite. This only
                 applies to sqlalchemy versions < 0.7.0
                 """
                 import sqlalchemy
                 from sqlalchemy import engine_from_config as efc
                 import logging
                 if int(sqlalchemy.__version__.split('.')[1]) < 7:
                     # This solution should work for sqlalchemy < 0.7.0, and should use
                     # proxy=TimerProxy() for execution time profiling
                     from sqlalchemy.pool import NullPool
                     url = configuration[prefix + 'url']
                     if url.startswith('sqlite'):
                         kwargs.update({'poolclass': NullPool})
                     return efc(configuration, prefix, **kwargs)
                 else:
                     import time
                     from sqlalchemy import event
                     from sqlalchemy.engine import Engine
                     log = logging.getLogger('sqlalchemy.engine')
                     BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE = xrange(30, 38)
                     engine = efc(configuration, prefix, **kwargs)
                     def color_sql(sql):
                         COLOR_SEQ = "\033[1;%dm"
                         COLOR_SQL = YELLOW
                         normal = '\x1b[0m'
                         return ''.join([COLOR_SEQ % COLOR_SQL, sql, normal])
                     if configuration['debug']:
                         #attach events only for debug configuration
                         def before_cursor_execute(conn, cursor, statement,
                                                 parameters, context, executemany):
                             context._query_start_time = time.time()
                             log.info(color_sql(">>>>> STARTING QUERY >>>>>"))
                         def after_cursor_execute(conn, cursor, statement,
                                                 parameters, context, executemany):
                             total = time.time() - context._query_start_time
                             log.info(color_sql("<<<<< TOTAL TIME: %f <<<<<" % total))
                         event.listen(engine, "before_cursor_execute",
                                      before_cursor_execute)
                         event.listen(engine, "after_cursor_execute",
                                      after_cursor_execute)
                 return engine
             def age(curdate):
                 """
                 turns a datetime into an age string.
                 :param curdate: datetime object
                 :rtype: unicode
                 :returns: unicode words describing age
                 """
                 from datetime import datetime
                 from webhelpers.date import time_ago_in_words
                 _ = lambda s: s
                 if not curdate:
                     return ''
                 agescales = [(_(u"year"), 3600 * 24 * 365),
                              (_(u"month"), 3600 * 24 * 30),
                              (_(u"day"), 3600 * 24),
                              (_(u"hour"), 3600),
                              (_(u"minute"), 60),
                              (_(u"second"), 1), ]
                 age = datetime.now() - curdate
                 age_seconds = (age.days * agescales[2][1]) + age.seconds
                 pos = 1
                 for scale in agescales:
                     if scale[1] <= age_seconds:
                         if pos == 6:
                             pos = 5
                         return '%s %s' % (time_ago_in_words(curdate,
                                                             agescales[pos][0]), _('ago'))
                     pos += 1
                 return _(u'just now')
             def uri_filter(uri):
                 """
                 Removes user:password from given url string
                 :param uri:
                 :rtype: unicode
                 :returns: filtered list of strings
                 """
                 if not uri:
                     return ''
                 proto = ''
                 for pat in ('https://', 'http://'):
                     if uri.startswith(pat):
                         uri = uri[len(pat):]
                         proto = pat
                         break
                 # remove passwords and username
                 uri = uri[uri.find('@') + 1:]
                 # get the port
                 cred_pos = uri.find(':')
                 if cred_pos == -1:
                     host, port = uri, None
                 else:
                     host, port = uri[:cred_pos], uri[cred_pos + 1:]
                 return filter(None, [proto, host, port])
             def credentials_filter(uri):
                 """
                 Returns a url with removed credentials
                 :param uri:
                 """
                 uri = uri_filter(uri)
                 #check if we have port
                 if len(uri) > 2 and uri[2]:
                     uri[2] = ':' + uri[2]
                 return ''.join(uri)
             def get_changeset_safe(repo, rev):
                 """
                 Safe version of get_changeset if this changeset doesn't exists for a
                 repo it returns a Dummy one instead
                 :param repo:
                 :param rev:
                 """
                 from rhodecode.lib.vcs.backends.base import BaseRepository
                 from rhodecode.lib.vcs.exceptions import RepositoryError
                 if not isinstance(repo, BaseRepository):
                     raise Exception('You must pass an Repository '
                                     'object as first argument got %s', type(repo))
                 try:
                     cs = repo.get_changeset(rev)
                 except RepositoryError:
                     from rhodecode.lib.utils import EmptyChangeset
                     cs = EmptyChangeset(requested_revision=rev)
                 return cs
             MENTIONS_REGEX = r'(?:^@|\s@)([a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+)(?:\s{1})'
             def extract_mentioned_users(s):
                 """
                 Returns unique usernames from given string s that have @mention
                 :param s: string to get mentions
                 """
                 usrs = set()
                 for username in re.findall(MENTIONS_REGEX, s):
                     usrs.add(username)
                 return sorted(list(usrs), key=lambda k: k.lower())

rhodecode/lib/vcs/backends/hg/changeset.py

0 +1 -3

             import os
             import posixpath
             from rhodecode.lib.vcs.backends.base import BaseChangeset
             from rhodecode.lib.vcs.conf import settings
             from rhodecode.lib.vcs.exceptions import  ChangesetDoesNotExistError, \
                 ChangesetError, ImproperArchiveTypeError, NodeDoesNotExistError, VCSError
             from rhodecode.lib.vcs.nodes import AddedFileNodesGenerator, \
                 ChangedFileNodesGenerator, DirNode, FileNode, NodeKind, \
                 RemovedFileNodesGenerator, RootNode, SubModuleNode
             from rhodecode.lib.vcs.utils import safe_str, safe_unicode, date_fromtimestamp
             from rhodecode.lib.vcs.utils.lazy import LazyProperty
             from rhodecode.lib.vcs.utils.paths import get_dirs_for_path
             from ...utils.hgcompat import archival, hex
             class MercurialChangeset(BaseChangeset):
                 """
                 Represents state of the repository at the single revision.
                 """
                 def __init__(self, repository, revision):
                     self.repository = repository
                     self.raw_id = revision
                     self._ctx = repository._repo[revision]
                     self.revision = self._ctx._rev
                     self.nodes = {}
                 @LazyProperty
                 def tags(self):
                     return map(safe_unicode, self._ctx.tags())
                 @LazyProperty
                 def branch(self):
                     return  safe_unicode(self._ctx.branch())
                 @LazyProperty
                 def bookmarks(self):
                     return map(safe_unicode, self._ctx.bookmarks())
                 @LazyProperty
                 def message(self):
                     return safe_unicode(self._ctx.description())
                 @LazyProperty
                 def author(self):
                     return safe_unicode(self._ctx.user())
                 @LazyProperty
                 def date(self):
                     return date_fromtimestamp(*self._ctx.date())
                 @LazyProperty
                 def status(self):
                     """
                     Returns modified, added, removed, deleted files for current changeset
                     """
                     return self.repository._repo.status(self._ctx.p1().node(),
                                                         self._ctx.node())
                 @LazyProperty
                 def _file_paths(self):
                     return list(self._ctx)
                 @LazyProperty
                 def _dir_paths(self):
                     p = list(set(get_dirs_for_path(*self._file_paths)))
                     p.insert(0, '')
                     return p
                 @LazyProperty
                 def _paths(self):
                     return self._dir_paths + self._file_paths
                 @LazyProperty
                 def id(self):
                     if self.last:
                         return u'tip'
                     return self.short_id
                 @LazyProperty
                 def short_id(self):
                     return self.raw_id[:12]
                 @LazyProperty
                 def parents(self):
                     """
                     Returns list of parents changesets.
                     """
                     return [self.repository.get_changeset(parent.rev())
                             for parent in self._ctx.parents() if parent.rev() >= 0]
                 def next(self, branch=None):
                     if branch and self.branch != branch:
                         raise VCSError('Branch option used on changeset not belonging '
                                        'to that branch')
                     def _next(changeset, branch):
                         try:
                             next_ = changeset.revision + 1
                             next_rev = changeset.repository.revisions[next_]
                         except IndexError:
                             raise ChangesetDoesNotExistError
                         cs = changeset.repository.get_changeset(next_rev)
                         if branch and branch != cs.branch:
                             return _next(cs, branch)
                         return cs
                     return _next(self, branch)
                 def prev(self, branch=None):
                     if branch and self.branch != branch:
                         raise VCSError('Branch option used on changeset not belonging '
                                        'to that branch')
                     def _prev(changeset, branch):
                         try:
                             prev_ = changeset.revision - 1
                             if prev_ < 0:
                                 raise IndexError
                             prev_rev = changeset.repository.revisions[prev_]
                         except IndexError:
                             raise ChangesetDoesNotExistError
                         cs = changeset.repository.get_changeset(prev_rev)
                         if branch and branch != cs.branch:
                             return _prev(cs, branch)
                         return cs
                     return _prev(self, branch)
                 def _fix_path(self, path):
                     """
                     Paths are stored without trailing slash so we need to get rid off it if
                     needed. Also mercurial keeps filenodes as str so we need to decode
                     from unicode to str
                     """
                     if path.endswith('/'):
                         path = path.rstrip('/')
                     return safe_str(path)
                 def _get_kind(self, path):
                     path = self._fix_path(path)
                     if path in self._file_paths:
                         return NodeKind.FILE
                     elif path in self._dir_paths:
                         return NodeKind.DIR
                     else:
                         raise ChangesetError("Node does not exist at the given path %r"
                             % (path))
                 def _get_filectx(self, path):
                     path = self._fix_path(path)
                     if self._get_kind(path) != NodeKind.FILE:
                         raise ChangesetError("File does not exist for revision %r at "
                             " %r" % (self.revision, path))
                     return self._ctx.filectx(path)
                 def _extract_submodules(self):
                     """
                     returns a dictionary with submodule information from substate file
                     of hg repository
                     """
                     return self._ctx.substate
                 def get_file_mode(self, path):
                     """
                     Returns stat mode of the file at the given ``path``.
                     """
                     fctx = self._get_filectx(path)
                     if 'x' in fctx.flags():
                         return 0100755
                     else:
                         return 0100644
                 def get_file_content(self, path):
                     """
                     Returns content of the file at given ``path``.
                     """
                     fctx = self._get_filectx(path)
                     return fctx.data()
                 def get_file_size(self, path):
                     """
                     Returns size of the file at given ``path``.
                     """
                     fctx = self._get_filectx(path)
                     return fctx.size()
                 def get_file_changeset(self, path):
                     """
                     Returns last commit of the file at the given ``path``.
                     """
                     node = self.get_node(path)
                     return node.history[0]
                 def get_file_history(self, path):
                     """
                     Returns history of file as reversed list of ``Changeset`` objects for
                     which file at given ``path`` has been modified.
                     """
                     fctx = self._get_filectx(path)
                     nodes = [fctx.filectx(x).node() for x in fctx.filelog()]
                     changesets = [self.repository.get_changeset(hex(node))
                         for node in reversed(nodes)]
                     return changesets
                 def get_file_annotate(self, path):
                     """
                     Returns a list of three element tuples with lineno,changeset and line
                     """
                     fctx = self._get_filectx(path)
                     annotate = []
                     for i, annotate_data in enumerate(fctx.annotate()):
                         ln_no = i + 1
                         annotate.append((ln_no, self.repository\
                                          .get_changeset(hex(annotate_data[0].node())),
                                          annotate_data[1],))
                     return annotate
                 def fill_archive(self, stream=None, kind='tgz', prefix=None,
                                  subrepos=False):
                     """
                     Fills up given stream.
                     :param stream: file like object.
                     :param kind: one of following: ``zip``, ``tgz`` or ``tbz2``.
                         Default: ``tgz``.
                     :param prefix: name of root directory in archive.
                         Default is repository name and changeset's raw_id joined with dash
                         (``repo-tip.<KIND>``).
                     :param subrepos: include subrepos in this archive.
                     :raise ImproperArchiveTypeError: If given kind is wrong.
                     :raise VcsError: If given stream is None
                     """
                     allowed_kinds = settings.ARCHIVE_SPECS.keys()
                     if kind not in allowed_kinds:
                         raise ImproperArchiveTypeError('Archive kind not supported use one'
                             'of %s', allowed_kinds)
                     if stream is None:
                         raise VCSError('You need to pass in a valid stream for filling'
                                        ' with archival data')
                     if prefix is None:
                         prefix = '%s-%s' % (self.repository.name, self.short_id)
                     elif prefix.startswith('/'):
                         raise VCSError("Prefix cannot start with leading slash")
                     elif prefix.strip() == '':
                         raise VCSError("Prefix cannot be empty")
-                    print stream.closed
                     archival.archive(self.repository._repo, stream, self.raw_id,
                                      kind, prefix=prefix, subrepos=subrepos)
-                    print stream.closed
                     if stream.closed and hasattr(stream, 'name'):
                         stream = open(stream.name, 'rb')
                     elif hasattr(stream, 'mode') and 'r' not in stream.mode:
                         stream = open(stream.name, 'rb')
                     else:
                         stream.seek(0)
                 def get_nodes(self, path):
                     """
                     Returns combined ``DirNode`` and ``FileNode`` objects list representing
                     state of changeset at the given ``path``. If node at the given ``path``
                     is not instance of ``DirNode``, ChangesetError would be raised.
                     """
                     if self._get_kind(path) != NodeKind.DIR:
                         raise ChangesetError("Directory does not exist for revision %r at "
                             " %r" % (self.revision, path))
                     path = self._fix_path(path)
                     filenodes = [FileNode(f, changeset=self) for f in self._file_paths
                         if os.path.dirname(f) == path]
                     dirs = path == '' and '' or [d for d in self._dir_paths
                         if d and posixpath.dirname(d) == path]
                     dirnodes = [DirNode(d, changeset=self) for d in dirs
                         if os.path.dirname(d) == path]
                     als = self.repository.alias
                     for k, vals in self._extract_submodules().iteritems():
                         #vals = url,rev,type
                         loc = vals[0]
                         cs = vals[1]
                         dirnodes.append(SubModuleNode(k, url=loc, changeset=cs,
                                                       alias=als))
                     nodes = dirnodes + filenodes
                     # cache nodes
                     for node in nodes:
                         self.nodes[node.path] = node
                     nodes.sort()
                     return nodes
                 def get_node(self, path):
                     """
                     Returns ``Node`` object from the given ``path``. If there is no node at
                     the given ``path``, ``ChangesetError`` would be raised.
                     """
                     path = self._fix_path(path)
                     if not path in self.nodes:
                         if path in self._file_paths:
                             node = FileNode(path, changeset=self)
                         elif path in self._dir_paths or path in self._dir_paths:
                             if path == '':
                                 node = RootNode(changeset=self)
                             else:
                                 node = DirNode(path, changeset=self)
                         else:
                             raise NodeDoesNotExistError("There is no file nor directory "
                                 "at the given path: %r at revision %r"
                                 % (path, self.short_id))
                         # cache node
                         self.nodes[path] = node
                     return self.nodes[path]
                 @LazyProperty
                 def affected_files(self):
                     """
                     Get's a fast accessible file changes for given changeset
                     """
                     return self._ctx.files()
                 @property
                 def added(self):
                     """
                     Returns list of added ``FileNode`` objects.
                     """
                     return AddedFileNodesGenerator([n for n in self.status[1]], self)
                 @property
                 def changed(self):
                     """
                     Returns list of modified ``FileNode`` objects.
                     """
                     return ChangedFileNodesGenerator([n for n in  self.status[0]], self)
                 @property
                 def removed(self):
                     """
                     Returns list of removed ``FileNode`` objects.
                     """
                     return RemovedFileNodesGenerator([n for n in self.status[2]], self)

rhodecode/lib/vcs/utils/__init__.py

0 0 -1

             """
             This module provides some useful tools for ``vcs`` like annotate/diff html
             output. It also includes some internal helpers.
             """
             import sys
             import time
             import datetime
             def makedate():
                 lt = time.localtime()
                 if lt[8] == 1 and time.daylight:
                     tz = time.altzone
                 else:
                     tz = time.timezone
                 return time.mktime(lt), tz
             def date_fromtimestamp(unixts, tzoffset=0):
                 """
                 Makes a local datetime object out of unix timestamp
                 :param unixts:
                 :param tzoffset:
                 """
                 return datetime.datetime.fromtimestamp(float(unixts))
             def safe_unicode(str_, from_encoding=None):
                 """
                 safe unicode function. Does few trick to turn str_ into unicode
                 In case of UnicodeDecode error we try to return it with encoding detected
                 by chardet library if it fails fallback to unicode with errors replaced
                 :param str_: string to decode
                 :rtype: unicode
                 :returns: unicode object
                 """
                 if isinstance(str_, unicode):
                     return str_
                 if not from_encoding:
                     import rhodecode
                     DEFAULT_ENCODING = rhodecode.CONFIG.get('default_encoding', 'utf8')
                     from_encoding = DEFAULT_ENCODING
                 try:
                     return unicode(str_)
                 except UnicodeDecodeError:
                     pass
                 try:
                     return unicode(str_, from_encoding)
                 except UnicodeDecodeError:
                     pass
                 try:
                     import chardet
                     encoding = chardet.detect(str_)['encoding']
                     if encoding is None:
                         raise Exception()
                     return str_.decode(encoding)
                 except (ImportError, UnicodeDecodeError, Exception):
                     return unicode(str_, from_encoding, 'replace')
             def safe_str(unicode_, to_encoding=None):
                 """
                 safe str function. Does few trick to turn unicode_ into string
                 In case of UnicodeEncodeError we try to return it with encoding detected
                 by chardet library if it fails fallback to string with errors replaced
                 :param unicode_: unicode to encode
                 :rtype: str
                 :returns: str object
                 """
                 if isinstance(unicode_, str):
                     return unicode_
                 if not to_encoding:
                     import rhodecode
                     DEFAULT_ENCODING = rhodecode.CONFIG.get('default_encoding', 'utf8')
                     to_encoding = DEFAULT_ENCODING
                 try:
                     return unicode_.encode(to_encoding)
                 except UnicodeEncodeError:
                     pass
                 try:
                     import chardet
                     encoding = chardet.detect(unicode_)['encoding']
-                    print encoding
                     if encoding is None:
                         raise UnicodeEncodeError()
                     return unicode_.encode(encoding)
                 except (ImportError, UnicodeEncodeError):
                     return unicode_.encode(to_encoding, 'replace')
                 return safe_str
             def author_email(author):
                 """
                 returns email address of given author.
                 If any of <,> sign are found, it fallbacks to regex findall()
                 and returns first found result or empty string
                 Regex taken from http://www.regular-expressions.info/email.html
                 """
                 import re
                 r = author.find('>')
                 l = author.find('<')
                 if l == -1 or r == -1:
                     # fallback to regex match of email out of a string
                     email_re = re.compile(r"""[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!"""
                                           r"""#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z"""
                                           r"""0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]"""
                                           r"""*[a-z0-9])?""", re.IGNORECASE)
                     m = re.findall(email_re, author)
                     return m[0] if m else ''
                 return author[l + 1:r].strip()
             def author_name(author):
                 """
                 get name of author, or else username.
                 It'll try to find an email in the author string and just cut it off
                 to get the username
                 """
                 if not '@' in author:
                     return author
                 else:
                     return author.replace(author_email(author), '').replace('<', '')\
                         .replace('>', '').strip()

rhodecode/model/user.py

0 0 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.model.user
                 ~~~~~~~~~~~~~~~~~~~~
                 users model for RhodeCode
                 :created_on: Apr 9, 2010
                 :author: marcink
                 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             from pylons import url
             from pylons.i18n.translation import _
             from rhodecode.lib.utils2 import safe_unicode, generate_api_key
             from rhodecode.lib.caching_query import FromCache
             from rhodecode.model import BaseModel
             from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
                 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \
                 Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup,\
                 UsersGroupRepoGroupToPerm
             from rhodecode.lib.exceptions import DefaultUserException, \
                 UserOwnsReposException
             from sqlalchemy.exc import DatabaseError
             from sqlalchemy.orm import joinedload
             log = logging.getLogger(__name__)
             PERM_WEIGHTS = {
                 'repository.none': 0,
                 'repository.read': 1,
                 'repository.write': 3,
                 'repository.admin': 4,
                 'group.none': 0,
                 'group.read': 1,
                 'group.write': 3,
                 'group.admin': 4,
             }
             class UserModel(BaseModel):
                 def __get_user(self, user):
                     return self._get_instance(User, user, callback=User.get_by_username)
                 def __get_perm(self, permission):
                     return self._get_instance(Permission, permission,
                                               callback=Permission.get_by_key)
                 def get(self, user_id, cache=False):
                     user = self.sa.query(User)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % user_id))
                     return user.get(user_id)
                 def get_user(self, user):
                     return self.__get_user(user)
                 def get_by_username(self, username, cache=False, case_insensitive=False):
                     if case_insensitive:
                         user = self.sa.query(User).filter(User.username.ilike(username))
                     else:
                         user = self.sa.query(User)\
                             .filter(User.username == username)
                     if cache:
                         user = user.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % username))
                     return user.scalar()
                 def get_by_api_key(self, api_key, cache=False):
                     return User.get_by_api_key(api_key, cache)
                 def create(self, form_data):
                     try:
                         new_user = User()
                         for k, v in form_data.items():
                             setattr(new_user, k, v)
                         new_user.api_key = generate_api_key(form_data['username'])
                         self.sa.add(new_user)
                         return new_user
                     except:
                         log.error(traceback.format_exc())
                         raise
                 def create_or_update(self, username, password, email, name, lastname,
                                      active=True, admin=False, ldap_dn=None):
                     """
                     Creates a new instance if not found, or updates current one
                     :param username:
                     :param password:
                     :param email:
                     :param active:
                     :param name:
                     :param lastname:
                     :param active:
                     :param admin:
                     :param ldap_dn:
                     """
                     from rhodecode.lib.auth import get_crypt_password
                     log.debug('Checking for %s account in RhodeCode database' % username)
                     user = User.get_by_username(username, case_insensitive=True)
                     if user is None:
                         log.debug('creating new user %s' % username)
                         new_user = User()
                     else:
                         log.debug('updating user %s' % username)
                         new_user = user
                     try:
                         new_user.username = username
                         new_user.admin = admin
                         new_user.password = get_crypt_password(password)
                         new_user.api_key = generate_api_key(username)
                         new_user.email = email
                         new_user.active = active
                         new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
                         new_user.name = name
                         new_user.lastname = lastname
                         self.sa.add(new_user)
                         return new_user
                     except (DatabaseError,):
                         log.error(traceback.format_exc())
                         raise
                 def create_for_container_auth(self, username, attrs):
                     """
                     Creates the given user if it's not already in the database
                     :param username:
                     :param attrs:
                     """
                     if self.get_by_username(username, case_insensitive=True) is None:
                         # autogenerate email for container account without one
                         generate_email = lambda usr: '%s@container_auth.account' % usr
                         try:
                             new_user = User()
                             new_user.username = username
                             new_user.password = None
                             new_user.api_key = generate_api_key(username)
                             new_user.email = attrs['email']
                             new_user.active = attrs.get('active', True)
                             new_user.name = attrs['name'] or generate_email(username)
                             new_user.lastname = attrs['lastname']
                             self.sa.add(new_user)
                             return new_user
                         except (DatabaseError,):
                             log.error(traceback.format_exc())
                             self.sa.rollback()
                             raise
                     log.debug('User %s already exists. Skipping creation of account'
                               ' for container auth.', username)
                     return None
                 def create_ldap(self, username, password, user_dn, attrs):
                     """
                     Checks if user is in database, if not creates this user marked
                     as ldap user
                     :param username:
                     :param password:
                     :param user_dn:
                     :param attrs:
                     """
                     from rhodecode.lib.auth import get_crypt_password
                     log.debug('Checking for such ldap account in RhodeCode database')
                     if self.get_by_username(username, case_insensitive=True) is None:
                         # autogenerate email for ldap account without one
                         generate_email = lambda usr: '%s@ldap.account' % usr
                         try:
                             new_user = User()
                             username = username.lower()
                             # add ldap account always lowercase
                             new_user.username = username
                             new_user.password = get_crypt_password(password)
                             new_user.api_key = generate_api_key(username)
                             new_user.email = attrs['email'] or generate_email(username)
                             new_user.active = attrs.get('active', True)
                             new_user.ldap_dn = safe_unicode(user_dn)
                             new_user.name = attrs['name']
                             new_user.lastname = attrs['lastname']
                             self.sa.add(new_user)
                             return new_user
                         except (DatabaseError,):
                             log.error(traceback.format_exc())
                             self.sa.rollback()
                             raise
                     log.debug('this %s user exists skipping creation of ldap account',
                               username)
                     return None
                 def create_registration(self, form_data):
                     from rhodecode.model.notification import NotificationModel
                     try:
                         form_data['admin'] = False
                         new_user = self.create(form_data)
                         self.sa.add(new_user)
                         self.sa.flush()
                         # notification to admins
                         subject = _('new user registration')
                         body = ('New user registration\n'
                                 '---------------------\n'
                                 '- Username: %s\n'
                                 '- Full Name: %s\n'
                                 '- Email: %s\n')
                         body = body % (new_user.username, new_user.full_name,
                                        new_user.email)
                         edit_url = url('edit_user', id=new_user.user_id, qualified=True)
                         kw = {'registered_user_url': edit_url}
                         NotificationModel().create(created_by=new_user, subject=subject,
                                                    body=body, recipients=None,
                                                    type_=Notification.TYPE_REGISTRATION,
                                                    email_kwargs=kw)
                     except:
                         log.error(traceback.format_exc())
                         raise
                 def update(self, user_id, form_data):
                     try:
                         user = self.get(user_id, cache=False)
                         if user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't Edit this user since it's"
                                               " crucial for entire application"))
                         for k, v in form_data.items():
                             if k == 'new_password' and v != '':
                                 user.password = v
                                 user.api_key = generate_api_key(user.username)
                             else:
                                 setattr(user, k, v)
                         self.sa.add(user)
                     except:
                         log.error(traceback.format_exc())
                         raise
                 def update_my_account(self, user_id, form_data):
                     try:
                         user = self.get(user_id, cache=False)
                         if user.username == 'default':
                             raise DefaultUserException(
                                             _("You can't Edit this user since it's"
                                               " crucial for entire application"))
                         for k, v in form_data.items():
                             if k == 'new_password' and v != '':
                                 user.password = v
                                 user.api_key = generate_api_key(user.username)
                             else:
                                 if k not in ['admin', 'active']:
                                     setattr(user, k, v)
                         self.sa.add(user)
                     except:
                         log.error(traceback.format_exc())
                         raise
                 def delete(self, user):
                     user = self.__get_user(user)
                     try:
                         if user.username == 'default':
                             raise DefaultUserException(
                                 _(u"You can't remove this user since it's"
                                   " crucial for entire application")
                             )
                         if user.repositories:
                             repos = [x.repo_name for x in user.repositories]
                             raise UserOwnsReposException(
                                 _(u'user "%s" still owns %s repositories and cannot be '
                                   'removed. Switch owners or remove those repositories. %s')
                                 % (user.username, len(repos), ', '.join(repos))
                             )
                         self.sa.delete(user)
                     except:
                         log.error(traceback.format_exc())
                         raise
                 def reset_password_link(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     run_task(tasks.send_password_link, data['email'])
                 def reset_password(self, data):
                     from rhodecode.lib.celerylib import tasks, run_task
                     run_task(tasks.reset_user_password, data['email'])
                 def fill_data(self, auth_user, user_id=None, api_key=None):
                     """
                     Fetches auth_user by user_id,or api_key if present.
                     Fills auth_user attributes with those taken from database.
                     Additionally set's is_authenitated if lookup fails
                     present in database
                     :param auth_user: instance of user to set attributes
                     :param user_id: user id to fetch by
                     :param api_key: api key to fetch by
                     """
                     if user_id is None and api_key is None:
                         raise Exception('You need to pass user_id or api_key')
                     try:
                         if api_key:
                             dbuser = self.get_by_api_key(api_key)
                         else:
                             dbuser = self.get(user_id)
                         if dbuser is not None and dbuser.active:
                             log.debug('filling %s data' % dbuser)
                             for k, v in dbuser.get_dict().items():
                                 setattr(auth_user, k, v)
                         else:
                             return False
                     except:
                         log.error(traceback.format_exc())
                         auth_user.is_authenticated = False
                         return False
                     return True
                 def fill_perms(self, user):
                     """
                     Fills user permission attribute with permissions taken from database
                     works for permissions given for repositories, and for permissions that
                     are granted to groups
                     :param user: user instance to fill his perms
                     """
                     RK = 'repositories'
                     GK = 'repositories_groups'
                     GLOBAL = 'global'
                     user.permissions[RK] = {}
                     user.permissions[GK] = {}
                     user.permissions[GLOBAL] = set()
                     #======================================================================
                     # fetch default permissions
                     #======================================================================
                     default_user = User.get_by_username('default', cache=True)
                     default_user_id = default_user.user_id
                     default_repo_perms = Permission.get_default_perms(default_user_id)
                     default_repo_groups_perms = Permission.get_default_group_perms(default_user_id)
                     if user.is_admin:
                         #==================================================================
                         # admin user have all default rights for repositories
                         # and groups set to admin
                         #==================================================================
                         user.permissions[GLOBAL].add('hg.admin')
                         # repositories
                         for perm in default_repo_perms:
                             r_k = perm.UserRepoToPerm.repository.repo_name
                             p = 'repository.admin'
                             user.permissions[RK][r_k] = p
                         # repositories groups
                         for perm in default_repo_groups_perms:
                             rg_k = perm.UserRepoGroupToPerm.group.group_name
                             p = 'group.admin'
                             user.permissions[GK][rg_k] = p
                         return user
                     #==================================================================
                     # set default permissions first for repositories and groups
                     #==================================================================
                     uid = user.user_id
                     # default global permissions
                     default_global_perms = self.sa.query(UserToPerm)\
                         .filter(UserToPerm.user_id == default_user_id)
                     for perm in default_global_perms:
                         user.permissions[GLOBAL].add(perm.permission.permission_name)
                     # defaults for repositories, taken from default user
                     for perm in default_repo_perms:
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         if perm.Repository.private and not (perm.Repository.user_id == uid):
                             # disable defaults for private repos,
                             p = 'repository.none'
                         elif perm.Repository.user_id == uid:
                             # set admin if owner
                             p = 'repository.admin'
                         else:
                             p = perm.Permission.permission_name
                         user.permissions[RK][r_k] = p
                     # defaults for repositories groups taken from default user permission
                     # on given group
                     for perm in default_repo_groups_perms:
                         rg_k = perm.UserRepoGroupToPerm.group.group_name
                         p = perm.Permission.permission_name
                         user.permissions[GK][rg_k] = p
                     #==================================================================
                     # overwrite defaults with user permissions if any found
                     #==================================================================
                     # user global permissions
                     user_perms = self.sa.query(UserToPerm)\
                             .options(joinedload(UserToPerm.permission))\
                             .filter(UserToPerm.user_id == uid).all()
                     for perm in user_perms:
                         user.permissions[GLOBAL].add(perm.permission.permission_name)
                     # user explicit permissions for repositories
                     user_repo_perms = \
                      self.sa.query(UserRepoToPerm, Permission, Repository)\
                      .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
                      .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
                      .filter(UserRepoToPerm.user_id == uid)\
                      .all()
                     for perm in user_repo_perms:
                         # set admin if owner
                         r_k = perm.UserRepoToPerm.repository.repo_name
                         if perm.Repository.user_id == uid:
                             p = 'repository.admin'
                         else:
                             p = perm.Permission.permission_name
                         user.permissions[RK][r_k] = p
                     # USER GROUP
                     #==================================================================
                     # check if user is part of user groups for this repository and
                     # fill in (or replace with higher) permissions
                     #==================================================================
                     # users group global
                     user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
                         .options(joinedload(UsersGroupToPerm.permission))\
                         .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
                                UsersGroupMember.users_group_id))\
                         .filter(UsersGroupMember.user_id == uid).all()
                     for perm in user_perms_from_users_groups:
                         user.permissions[GLOBAL].add(perm.permission.permission_name)
                     # users group for repositories permissions
                     user_repo_perms_from_users_groups = \
                      self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
                      .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\
                      .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\
                      .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\
                      .filter(UsersGroupMember.user_id == uid)\
                      .all()
                     for perm in user_repo_perms_from_users_groups:
                         r_k = perm.UsersGroupRepoToPerm.repository.repo_name
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[RK][r_k]
                         # overwrite permission only if it's greater than permission
                         # given from other sources
                         if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                             user.permissions[RK][r_k] = p
                     # REPO GROUP
                     #==================================================================
                     # get access for this user for repos group and override defaults
                     #==================================================================
                     # user explicit permissions for repository
                     user_repo_groups_perms = \
                      self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\
                      .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\
                      .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\
                      .filter(UserRepoGroupToPerm.user_id == uid)\
                      .all()
                     for perm in user_repo_groups_perms:
                         rg_k = perm.UserRepoGroupToPerm.group.group_name
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[GK][rg_k]
                         if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                             user.permissions[GK][rg_k] = p
                     # REPO GROUP + USER GROUP
                     #==================================================================
                     # check if user is part of user groups for this repo group and
                     # fill in (or replace with higher) permissions
                     #==================================================================
                     # users group for repositories permissions
                     user_repo_group_perms_from_users_groups = \
                      self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\
                      .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\
                      .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\
                      .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\
                      .filter(UsersGroupMember.user_id == uid)\
                      .all()
                     for perm in user_repo_group_perms_from_users_groups:
                         g_k = perm.UsersGroupRepoGroupToPerm.group.group_name
-                        print perm, g_k
                         p = perm.Permission.permission_name
                         cur_perm = user.permissions[GK][g_k]
                         # overwrite permission only if it's greater than permission
                         # given from other sources
                         if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
                             user.permissions[GK][g_k] = p
                     return user
                 def has_perm(self, user, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class '
                                         'got %s instead' % type(perm))
                     user = self.__get_user(user)
                     return UserToPerm.query().filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm).scalar() is not None
                 def grant_perm(self, user, perm):
                     """
                     Grant user global permissions
                     :param user:
                     :param perm:
                     """
                     user = self.__get_user(user)
                     perm = self.__get_perm(perm)
                     # if this permission is already granted skip it
                     _perm = UserToPerm.query()\
                         .filter(UserToPerm.user == user)\
                         .filter(UserToPerm.permission == perm)\
                         .scalar()
                     if _perm:
                         return
                     new = UserToPerm()
                     new.user = user
                     new.permission = perm
                     self.sa.add(new)
                 def revoke_perm(self, user, perm):
                     """
                     Revoke users global permissions
                     :param user:
                     :param perm:
                     """
                     user = self.__get_user(user)
                     perm = self.__get_perm(perm)
                     obj = UserToPerm.query()\
                             .filter(UserToPerm.user == user)\
                             .filter(UserToPerm.permission == perm)\
                             .scalar()
                     if obj:
                         self.sa.delete(obj)

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages