##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

tries to fix issue #177 by fallback to user.user_id instead of fetching from db, user.user_id...
marcink -
r1269:2e7f2142 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -31,21 +31,20 b' from pylons.i18n.translation import _'
31 from rhodecode.model import BaseModel
31 from rhodecode.model import BaseModel
32 from rhodecode.model.caching_query import FromCache
32 from rhodecode.model.caching_query import FromCache
33 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
33 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
34 UserToPerm, UsersGroupToPerm, UsersGroupMember
34 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
35 from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException
35 from rhodecode.lib.exceptions import DefaultUserException, \
36 UserOwnsReposException
36
37
37 from sqlalchemy.exc import DatabaseError
38 from sqlalchemy.exc import DatabaseError
38 from rhodecode.lib import generate_api_key
39 from rhodecode.lib import generate_api_key
40 from sqlalchemy.orm import joinedload
39
41
40 log = logging.getLogger(__name__)
42 log = logging.getLogger(__name__)
41
43
42
44 PERM_WEIGHTS = {'repository.none': 0,
43 PERM_ = ''
45 'repository.read': 1,
44
46 'repository.write': 3,
45 PERM_WEIGHTS = {'repository.none':0,
47 'repository.admin': 3}
46 'repository.read':1,
47 'repository.write':3,
48 'repository.admin':3}
49
48
50
49
51 class UserModel(BaseModel):
50 class UserModel(BaseModel):
@@ -57,7 +56,6 b' class UserModel(BaseModel):'
57 "get_user_%s" % user_id))
56 "get_user_%s" % user_id))
58 return user.get(user_id)
57 return user.get(user_id)
59
58
60
61 def get_by_username(self, username, cache=False, case_insensitive=False):
59 def get_by_username(self, username, cache=False, case_insensitive=False):
62
60
63 if case_insensitive:
61 if case_insensitive:
@@ -70,7 +68,6 b' class UserModel(BaseModel):'
70 "get_user_%s" % username))
68 "get_user_%s" % username))
71 return user.scalar()
69 return user.scalar()
72
70
73
74 def get_by_api_key(self, api_key, cache=False):
71 def get_by_api_key(self, api_key, cache=False):
75
72
76 user = self.sa.query(User)\
73 user = self.sa.query(User)\
@@ -108,7 +105,8 b' class UserModel(BaseModel):'
108 if self.get_by_username(username, case_insensitive=True) is None:
105 if self.get_by_username(username, case_insensitive=True) is None:
109 try:
106 try:
110 new_user = User()
107 new_user = User()
111 new_user.username = username.lower() # add ldap account always lowercase
108 # add ldap account always lowercase
109 new_user.username = username.lower()
112 new_user.password = get_crypt_password(password)
110 new_user.password = get_crypt_password(password)
113 new_user.api_key = generate_api_key(username)
111 new_user.api_key = generate_api_key(username)
114 new_user.email = attrs['email']
112 new_user.email = attrs['email']
@@ -117,7 +115,6 b' class UserModel(BaseModel):'
117 new_user.name = attrs['name']
115 new_user.name = attrs['name']
118 new_user.lastname = attrs['lastname']
116 new_user.lastname = attrs['lastname']
119
117
120
121 self.sa.add(new_user)
118 self.sa.add(new_user)
122 self.sa.commit()
119 self.sa.commit()
123 return True
120 return True
@@ -220,7 +217,6 b' class UserModel(BaseModel):'
220 from rhodecode.lib.celerylib import tasks, run_task
217 from rhodecode.lib.celerylib import tasks, run_task
221 run_task(tasks.reset_user_password, data['email'])
218 run_task(tasks.reset_user_password, data['email'])
222
219
223
224 def fill_data(self, auth_user, user_id=None, api_key=None):
220 def fill_data(self, auth_user, user_id=None, api_key=None):
225 """
221 """
226 Fetches auth_user by user_id,or api_key if present.
222 Fetches auth_user by user_id,or api_key if present.
@@ -252,11 +248,11 b' class UserModel(BaseModel):'
252
248
253 return auth_user
249 return auth_user
254
250
255
256 def fill_perms(self, user):
251 def fill_perms(self, user):
257 """Fills user permission attribute with permissions taken from database
252 """
253 Fills user permission attribute with permissions taken from database
258 works for permissions given for repositories, and for permissions that
254 works for permissions given for repositories, and for permissions that
259 as part of beeing group member
255 are granted to groups
260
256
261 :param user: user instance to fill his perms
257 :param user: user instance to fill his perms
262 """
258 """
@@ -270,8 +266,10 b' class UserModel(BaseModel):'
270 default_user = self.get_by_username('default', cache=True)
266 default_user = self.get_by_username('default', cache=True)
271
267
272 default_perms = self.sa.query(RepoToPerm, Repository, Permission)\
268 default_perms = self.sa.query(RepoToPerm, Repository, Permission)\
273 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
269 .join((Repository, RepoToPerm.repository_id ==
274 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
270 Repository.repo_id))\
271 .join((Permission, RepoToPerm.permission_id ==
272 Permission.permission_id))\
275 .filter(RepoToPerm.user == default_user).all()
273 .filter(RepoToPerm.user == default_user).all()
276
274
277 if user.is_admin:
275 if user.is_admin:
@@ -282,12 +280,14 b' class UserModel(BaseModel):'
282
280
283 for perm in default_perms:
281 for perm in default_perms:
284 p = 'repository.admin'
282 p = 'repository.admin'
285 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
283 user.permissions['repositories'][perm.RepoToPerm.
284 repository.repo_name] = p
286
285
287 else:
286 else:
288 #==================================================================
287 #==================================================================
289 # set default permissions
288 # set default permissions
290 #==================================================================
289 #==================================================================
290 uid = user.user_id
291
291
292 #default global
292 #default global
293 default_global_perms = self.sa.query(UserToPerm)\
293 default_global_perms = self.sa.query(UserToPerm)\
@@ -298,56 +298,86 b' class UserModel(BaseModel):'
298
298
299 #default for repositories
299 #default for repositories
300 for perm in default_perms:
300 for perm in default_perms:
301 if perm.Repository.private and not perm.Repository.user_id == user.user_id:
301 if perm.Repository.private and not (perm.Repository.user_id ==
302 uid):
302 #diself.sable defaults for private repos,
303 #diself.sable defaults for private repos,
303 p = 'repository.none'
304 p = 'repository.none'
304 elif perm.Repository.user_id == user.user_id:
305 elif perm.Repository.user_id == uid:
305 #set admin if owner
306 #set admin if owner
306 p = 'repository.admin'
307 p = 'repository.admin'
307 else:
308 else:
308 p = perm.Permission.permission_name
309 p = perm.Permission.permission_name
309
310
310 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
311 user.permissions['repositories'][perm.RepoToPerm.
312 repository.repo_name] = p
311
313
312 #==================================================================
314 #==================================================================
313 # overwrite default with user permissions if any
315 # overwrite default with user permissions if any
314 #==================================================================
316 #==================================================================
315
317
318 #user global
316 user_perms = self.sa.query(UserToPerm)\
319 user_perms = self.sa.query(UserToPerm)\
317 .filter(UserToPerm.user ==
320 .options(joinedload(UserToPerm.permission))\
318 User.get(user.user_id)).all()
321 .filter(UserToPerm.user_id == uid).all()
319
322
320 for perm in user_perms:
323 for perm in user_perms:
321 user.permissions['global'].add(perm.permission.permission_name)
324 user.permissions['global'].add(perm.permission.
325 permission_name)
322
326
323 user_repo_perms = self.sa.query(RepoToPerm, Permission, Repository)\
327 #user repositories
324 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
328 user_repo_perms = self.sa.query(RepoToPerm, Permission,
325 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
329 Repository)\
326 .filter(RepoToPerm.user_id == user.user_id).all()
330 .join((Repository, RepoToPerm.repository_id ==
331 Repository.repo_id))\
332 .join((Permission, RepoToPerm.permission_id ==
333 Permission.permission_id))\
334 .filter(RepoToPerm.user_id == uid).all()
327
335
328 for perm in user_repo_perms:
336 for perm in user_repo_perms:
329 if perm.Repository.user_id == user.user_id:#set admin if owner
337 # set admin if owner
338 if perm.Repository.user_id == uid:
330 p = 'repository.admin'
339 p = 'repository.admin'
331 else:
340 else:
332 p = perm.Permission.permission_name
341 p = perm.Permission.permission_name
333 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
342 user.permissions['repositories'][perm.RepoToPerm.
343 repository.repo_name] = p
334
344
335
345 #==================================================================
336 #=======================================================================
337 # check if user is part of groups for this repository and fill in
346 # check if user is part of groups for this repository and fill in
338 # (or replace with higher) permissions
347 # (or replace with higher) permissions
339 #=======================================================================
348 #==================================================================
340 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm, Permission, Repository,)\
349
341 .join((Repository, UsersGroupToPerm.repository_id == Repository.repo_id))\
350 #users group global
342 .join((Permission, UsersGroupToPerm.permission_id == Permission.permission_id))\
351 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
343 .join((UsersGroupMember, UsersGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\
352 .options(joinedload(UsersGroupToPerm.permission))\
344 .filter(UsersGroupMember.user_id == user.user_id).all()
353 .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
354 UsersGroupMember.users_group_id))\
355 .filter(UsersGroupMember.user_id == uid).all()
345
356
346 for perm in user_perms_from_users_groups:
357 for perm in user_perms_from_users_groups:
358 user.permissions['global'].add(perm.permission.permission_name)
359
360 #users group repositories
361 user_repo_perms_from_users_groups = self.sa.query(
362 UsersGroupRepoToPerm,
363 Permission, Repository,)\
364 .join((Repository, UsersGroupRepoToPerm.repository_id ==
365 Repository.repo_id))\
366 .join((Permission, UsersGroupRepoToPerm.permission_id ==
367 Permission.permission_id))\
368 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
369 UsersGroupMember.users_group_id))\
370 .filter(UsersGroupMember.user_id == uid).all()
371
372 for perm in user_repo_perms_from_users_groups:
347 p = perm.Permission.permission_name
373 p = perm.Permission.permission_name
348 cur_perm = user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name]
374 cur_perm = user.permissions['repositories'][perm.
349 #overwrite permission only if it's greater than permission given from other sources
375 UsersGroupRepoToPerm.
376 repository.repo_name]
377 #overwrite permission only if it's greater than permission
378 # given from other sources
350 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
379 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
351 user.permissions['repositories'][perm.UsersGroupToPerm.repository.repo_name] = p
380 user.permissions['repositories'][perm.UsersGroupRepoToPerm.
381 repository.repo_name] = p
352
382
353 return user
383 return user
General Comments 0
You need to be logged in to leave comments. Login now