##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

When using apply to children flag in repo group permission...
marcink -
r3974:39798d53 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,440 +1,443 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2 """
2 """
3 rhodecode.model.user_group
3 rhodecode.model.user_group
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~
5
5
6 repo group model for RhodeCode
6 repo group model for RhodeCode
7
7
8 :created_on: Jan 25, 2011
8 :created_on: Jan 25, 2011
9 :author: marcink
9 :author: marcink
10 :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
10 :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com>
11 :license: GPLv3, see COPYING for more details.
11 :license: GPLv3, see COPYING for more details.
12 """
12 """
13 # This program is free software: you can redistribute it and/or modify
13 # This program is free software: you can redistribute it and/or modify
14 # it under the terms of the GNU General Public License as published by
14 # it under the terms of the GNU General Public License as published by
15 # the Free Software Foundation, either version 3 of the License, or
15 # the Free Software Foundation, either version 3 of the License, or
16 # (at your option) any later version.
16 # (at your option) any later version.
17 #
17 #
18 # This program is distributed in the hope that it will be useful,
18 # This program is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 # GNU General Public License for more details.
21 # GNU General Public License for more details.
22 #
22 #
23 # You should have received a copy of the GNU General Public License
23 # You should have received a copy of the GNU General Public License
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
25
25
26 import os
26 import os
27 import logging
27 import logging
28 import traceback
28 import traceback
29 import shutil
29 import shutil
30 import datetime
30 import datetime
31
31
32 from rhodecode.lib.utils2 import LazyProperty
32 from rhodecode.lib.utils2 import LazyProperty
33
33
34 from rhodecode.model import BaseModel
34 from rhodecode.model import BaseModel
35 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
35 from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \
36 User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository
36 User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository
37
37
38 log = logging.getLogger(__name__)
38 log = logging.getLogger(__name__)
39
39
40
40
41 class ReposGroupModel(BaseModel):
41 class ReposGroupModel(BaseModel):
42
42
43 cls = RepoGroup
43 cls = RepoGroup
44
44
45 def _get_user_group(self, users_group):
45 def _get_user_group(self, users_group):
46 return self._get_instance(UserGroup, users_group,
46 return self._get_instance(UserGroup, users_group,
47 callback=UserGroup.get_by_group_name)
47 callback=UserGroup.get_by_group_name)
48
48
49 def _get_repo_group(self, repos_group):
49 def _get_repo_group(self, repos_group):
50 return self._get_instance(RepoGroup, repos_group,
50 return self._get_instance(RepoGroup, repos_group,
51 callback=RepoGroup.get_by_group_name)
51 callback=RepoGroup.get_by_group_name)
52
52
53 @LazyProperty
53 @LazyProperty
54 def repos_path(self):
54 def repos_path(self):
55 """
55 """
56 Get's the repositories root path from database
56 Get's the repositories root path from database
57 """
57 """
58
58
59 q = RhodeCodeUi.get_by_key('/')
59 q = RhodeCodeUi.get_by_key('/')
60 return q.ui_value
60 return q.ui_value
61
61
62 def _create_default_perms(self, new_group):
62 def _create_default_perms(self, new_group):
63 # create default permission
63 # create default permission
64 default_perm = 'group.read'
64 default_perm = 'group.read'
65 def_user = User.get_default_user()
65 def_user = User.get_default_user()
66 for p in def_user.user_perms:
66 for p in def_user.user_perms:
67 if p.permission.permission_name.startswith('group.'):
67 if p.permission.permission_name.startswith('group.'):
68 default_perm = p.permission.permission_name
68 default_perm = p.permission.permission_name
69 break
69 break
70
70
71 repo_group_to_perm = UserRepoGroupToPerm()
71 repo_group_to_perm = UserRepoGroupToPerm()
72 repo_group_to_perm.permission = Permission.get_by_key(default_perm)
72 repo_group_to_perm.permission = Permission.get_by_key(default_perm)
73
73
74 repo_group_to_perm.group = new_group
74 repo_group_to_perm.group = new_group
75 repo_group_to_perm.user_id = def_user.user_id
75 repo_group_to_perm.user_id = def_user.user_id
76 return repo_group_to_perm
76 return repo_group_to_perm
77
77
78 def __create_group(self, group_name):
78 def __create_group(self, group_name):
79 """
79 """
80 makes repository group on filesystem
80 makes repository group on filesystem
81
81
82 :param repo_name:
82 :param repo_name:
83 :param parent_id:
83 :param parent_id:
84 """
84 """
85
85
86 create_path = os.path.join(self.repos_path, group_name)
86 create_path = os.path.join(self.repos_path, group_name)
87 log.debug('creating new group in %s' % create_path)
87 log.debug('creating new group in %s' % create_path)
88
88
89 if os.path.isdir(create_path):
89 if os.path.isdir(create_path):
90 raise Exception('That directory already exists !')
90 raise Exception('That directory already exists !')
91
91
92 os.makedirs(create_path)
92 os.makedirs(create_path)
93
93
94 def __rename_group(self, old, new):
94 def __rename_group(self, old, new):
95 """
95 """
96 Renames a group on filesystem
96 Renames a group on filesystem
97
97
98 :param group_name:
98 :param group_name:
99 """
99 """
100
100
101 if old == new:
101 if old == new:
102 log.debug('skipping group rename')
102 log.debug('skipping group rename')
103 return
103 return
104
104
105 log.debug('renaming repository group from %s to %s' % (old, new))
105 log.debug('renaming repository group from %s to %s' % (old, new))
106
106
107 old_path = os.path.join(self.repos_path, old)
107 old_path = os.path.join(self.repos_path, old)
108 new_path = os.path.join(self.repos_path, new)
108 new_path = os.path.join(self.repos_path, new)
109
109
110 log.debug('renaming repos paths from %s to %s' % (old_path, new_path))
110 log.debug('renaming repos paths from %s to %s' % (old_path, new_path))
111
111
112 if os.path.isdir(new_path):
112 if os.path.isdir(new_path):
113 raise Exception('Was trying to rename to already '
113 raise Exception('Was trying to rename to already '
114 'existing dir %s' % new_path)
114 'existing dir %s' % new_path)
115 shutil.move(old_path, new_path)
115 shutil.move(old_path, new_path)
116
116
117 def __delete_group(self, group, force_delete=False):
117 def __delete_group(self, group, force_delete=False):
118 """
118 """
119 Deletes a group from a filesystem
119 Deletes a group from a filesystem
120
120
121 :param group: instance of group from database
121 :param group: instance of group from database
122 :param force_delete: use shutil rmtree to remove all objects
122 :param force_delete: use shutil rmtree to remove all objects
123 """
123 """
124 paths = group.full_path.split(RepoGroup.url_sep())
124 paths = group.full_path.split(RepoGroup.url_sep())
125 paths = os.sep.join(paths)
125 paths = os.sep.join(paths)
126
126
127 rm_path = os.path.join(self.repos_path, paths)
127 rm_path = os.path.join(self.repos_path, paths)
128 log.info("Removing group %s" % (rm_path))
128 log.info("Removing group %s" % (rm_path))
129 # delete only if that path really exists
129 # delete only if that path really exists
130 if os.path.isdir(rm_path):
130 if os.path.isdir(rm_path):
131 if force_delete:
131 if force_delete:
132 shutil.rmtree(rm_path)
132 shutil.rmtree(rm_path)
133 else:
133 else:
134 #archive that group`
134 #archive that group`
135 _now = datetime.datetime.now()
135 _now = datetime.datetime.now()
136 _ms = str(_now.microsecond).rjust(6, '0')
136 _ms = str(_now.microsecond).rjust(6, '0')
137 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
137 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
138 group.name)
138 group.name)
139 shutil.move(rm_path, os.path.join(self.repos_path, _d))
139 shutil.move(rm_path, os.path.join(self.repos_path, _d))
140
140
141 def create(self, group_name, group_description, owner, parent=None, just_db=False):
141 def create(self, group_name, group_description, owner, parent=None, just_db=False):
142 try:
142 try:
143 user = self._get_user(owner)
143 user = self._get_user(owner)
144 new_repos_group = RepoGroup()
144 new_repos_group = RepoGroup()
145 new_repos_group.user = user
145 new_repos_group.user = user
146 new_repos_group.group_description = group_description or group_name
146 new_repos_group.group_description = group_description or group_name
147 new_repos_group.parent_group = self._get_repo_group(parent)
147 new_repos_group.parent_group = self._get_repo_group(parent)
148 new_repos_group.group_name = new_repos_group.get_new_name(group_name)
148 new_repos_group.group_name = new_repos_group.get_new_name(group_name)
149
149
150 self.sa.add(new_repos_group)
150 self.sa.add(new_repos_group)
151 perm_obj = self._create_default_perms(new_repos_group)
151 perm_obj = self._create_default_perms(new_repos_group)
152 self.sa.add(perm_obj)
152 self.sa.add(perm_obj)
153
153
154 #create an ADMIN permission for owner except if we're super admin,
154 #create an ADMIN permission for owner except if we're super admin,
155 #later owner should go into the owner field of groups
155 #later owner should go into the owner field of groups
156 if not user.is_admin:
156 if not user.is_admin:
157 self.grant_user_permission(repos_group=new_repos_group,
157 self.grant_user_permission(repos_group=new_repos_group,
158 user=owner, perm='group.admin')
158 user=owner, perm='group.admin')
159
159
160 if not just_db:
160 if not just_db:
161 # we need to flush here, in order to check if database won't
161 # we need to flush here, in order to check if database won't
162 # throw any exceptions, create filesystem dirs at the very end
162 # throw any exceptions, create filesystem dirs at the very end
163 self.sa.flush()
163 self.sa.flush()
164 self.__create_group(new_repos_group.group_name)
164 self.__create_group(new_repos_group.group_name)
165
165
166 return new_repos_group
166 return new_repos_group
167 except Exception:
167 except Exception:
168 log.error(traceback.format_exc())
168 log.error(traceback.format_exc())
169 raise
169 raise
170
170
171 def _update_permissions(self, repos_group, perms_new=None,
171 def _update_permissions(self, repos_group, perms_new=None,
172 perms_updates=None, recursive=False,
172 perms_updates=None, recursive=False,
173 check_perms=True):
173 check_perms=True):
174 from rhodecode.model.repo import RepoModel
174 from rhodecode.model.repo import RepoModel
175 from rhodecode.lib.auth import HasUserGroupPermissionAny
175 from rhodecode.lib.auth import HasUserGroupPermissionAny
176
176
177 if not perms_new:
177 if not perms_new:
178 perms_new = []
178 perms_new = []
179 if not perms_updates:
179 if not perms_updates:
180 perms_updates = []
180 perms_updates = []
181
181
182 def _set_perm_user(obj, user, perm):
182 def _set_perm_user(obj, user, perm):
183 if isinstance(obj, RepoGroup):
183 if isinstance(obj, RepoGroup):
184 self.grant_user_permission(
184 self.grant_user_permission(
185 repos_group=obj, user=user, perm=perm
185 repos_group=obj, user=user, perm=perm
186 )
186 )
187 elif isinstance(obj, Repository):
187 elif isinstance(obj, Repository):
188 #we do this ONLY IF repository is non-private
188 # private repos will not allow to change the default permissions
189 if obj.private:
189 # using recursive mode
190 if obj.private and user == User.DEFAULT_USER:
190 return
191 return
191
192
192 # we set group permission but we have to switch to repo
193 # we set group permission but we have to switch to repo
193 # permission
194 # permission
194 perm = perm.replace('group.', 'repository.')
195 perm = perm.replace('group.', 'repository.')
195 RepoModel().grant_user_permission(
196 RepoModel().grant_user_permission(
196 repo=obj, user=user, perm=perm
197 repo=obj, user=user, perm=perm
197 )
198 )
198
199
199 def _set_perm_group(obj, users_group, perm):
200 def _set_perm_group(obj, users_group, perm):
200 if isinstance(obj, RepoGroup):
201 if isinstance(obj, RepoGroup):
201 self.grant_users_group_permission(
202 self.grant_users_group_permission(
202 repos_group=obj, group_name=users_group, perm=perm
203 repos_group=obj, group_name=users_group, perm=perm
203 )
204 )
204 elif isinstance(obj, Repository):
205 elif isinstance(obj, Repository):
205 # we set group permission but we have to switch to repo
206 # we set group permission but we have to switch to repo
206 # permission
207 # permission
207 perm = perm.replace('group.', 'repository.')
208 perm = perm.replace('group.', 'repository.')
208 RepoModel().grant_users_group_permission(
209 RepoModel().grant_users_group_permission(
209 repo=obj, group_name=users_group, perm=perm
210 repo=obj, group_name=users_group, perm=perm
210 )
211 )
212
213 # start updates
211 updates = []
214 updates = []
212 log.debug('Now updating permissions for %s in recursive mode:%s'
215 log.debug('Now updating permissions for %s in recursive mode:%s'
213 % (repos_group, recursive))
216 % (repos_group, recursive))
214
217
215 for obj in repos_group.recursive_groups_and_repos():
218 for obj in repos_group.recursive_groups_and_repos():
216 #obj is an instance of a group or repositories in that group
219 #obj is an instance of a group or repositories in that group
217 if not recursive:
220 if not recursive:
218 obj = repos_group
221 obj = repos_group
219
222
220 # update permissions
223 # update permissions
221 for member, perm, member_type in perms_updates:
224 for member, perm, member_type in perms_updates:
222 ## set for user
225 ## set for user
223 if member_type == 'user':
226 if member_type == 'user':
224 # this updates also current one if found
227 # this updates also current one if found
225 _set_perm_user(obj, user=member, perm=perm)
228 _set_perm_user(obj, user=member, perm=perm)
226 ## set for user group
229 ## set for user group
227 else:
230 else:
228 #check if we have permissions to alter this usergroup
231 #check if we have permissions to alter this usergroup
229 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
232 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
230 if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
233 if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
231 _set_perm_group(obj, users_group=member, perm=perm)
234 _set_perm_group(obj, users_group=member, perm=perm)
232 # set new permissions
235 # set new permissions
233 for member, perm, member_type in perms_new:
236 for member, perm, member_type in perms_new:
234 if member_type == 'user':
237 if member_type == 'user':
235 _set_perm_user(obj, user=member, perm=perm)
238 _set_perm_user(obj, user=member, perm=perm)
236 else:
239 else:
237 #check if we have permissions to alter this usergroup
240 #check if we have permissions to alter this usergroup
238 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
241 req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin')
239 if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
242 if not check_perms or HasUserGroupPermissionAny(*req_perms)(member):
240 _set_perm_group(obj, users_group=member, perm=perm)
243 _set_perm_group(obj, users_group=member, perm=perm)
241 updates.append(obj)
244 updates.append(obj)
242 #if it's not recursive call
245 #if it's not recursive call
243 # break the loop and don't proceed with other changes
246 # break the loop and don't proceed with other changes
244 if not recursive:
247 if not recursive:
245 break
248 break
246 return updates
249 return updates
247
250
248 def update(self, repos_group, form_data):
251 def update(self, repos_group, form_data):
249
252
250 try:
253 try:
251 repos_group = self._get_repo_group(repos_group)
254 repos_group = self._get_repo_group(repos_group)
252 old_path = repos_group.full_path
255 old_path = repos_group.full_path
253
256
254 # change properties
257 # change properties
255 repos_group.group_description = form_data['group_description']
258 repos_group.group_description = form_data['group_description']
256 repos_group.group_parent_id = form_data['group_parent_id']
259 repos_group.group_parent_id = form_data['group_parent_id']
257 repos_group.enable_locking = form_data['enable_locking']
260 repos_group.enable_locking = form_data['enable_locking']
258
261
259 repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
262 repos_group.parent_group = RepoGroup.get(form_data['group_parent_id'])
260 repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
263 repos_group.group_name = repos_group.get_new_name(form_data['group_name'])
261 new_path = repos_group.full_path
264 new_path = repos_group.full_path
262 self.sa.add(repos_group)
265 self.sa.add(repos_group)
263
266
264 # iterate over all members of this groups and do fixes
267 # iterate over all members of this groups and do fixes
265 # set locking if given
268 # set locking if given
266 # if obj is a repoGroup also fix the name of the group according
269 # if obj is a repoGroup also fix the name of the group according
267 # to the parent
270 # to the parent
268 # if obj is a Repo fix it's name
271 # if obj is a Repo fix it's name
269 # this can be potentially heavy operation
272 # this can be potentially heavy operation
270 for obj in repos_group.recursive_groups_and_repos():
273 for obj in repos_group.recursive_groups_and_repos():
271 #set the value from it's parent
274 #set the value from it's parent
272 obj.enable_locking = repos_group.enable_locking
275 obj.enable_locking = repos_group.enable_locking
273 if isinstance(obj, RepoGroup):
276 if isinstance(obj, RepoGroup):
274 new_name = obj.get_new_name(obj.name)
277 new_name = obj.get_new_name(obj.name)
275 log.debug('Fixing group %s to new name %s' \
278 log.debug('Fixing group %s to new name %s' \
276 % (obj.group_name, new_name))
279 % (obj.group_name, new_name))
277 obj.group_name = new_name
280 obj.group_name = new_name
278 elif isinstance(obj, Repository):
281 elif isinstance(obj, Repository):
279 # we need to get all repositories from this new group and
282 # we need to get all repositories from this new group and
280 # rename them accordingly to new group path
283 # rename them accordingly to new group path
281 new_name = obj.get_new_name(obj.just_name)
284 new_name = obj.get_new_name(obj.just_name)
282 log.debug('Fixing repo %s to new name %s' \
285 log.debug('Fixing repo %s to new name %s' \
283 % (obj.repo_name, new_name))
286 % (obj.repo_name, new_name))
284 obj.repo_name = new_name
287 obj.repo_name = new_name
285 self.sa.add(obj)
288 self.sa.add(obj)
286
289
287 self.__rename_group(old_path, new_path)
290 self.__rename_group(old_path, new_path)
288
291
289 return repos_group
292 return repos_group
290 except Exception:
293 except Exception:
291 log.error(traceback.format_exc())
294 log.error(traceback.format_exc())
292 raise
295 raise
293
296
294 def delete(self, repos_group, force_delete=False):
297 def delete(self, repos_group, force_delete=False):
295 repos_group = self._get_repo_group(repos_group)
298 repos_group = self._get_repo_group(repos_group)
296 try:
299 try:
297 self.sa.delete(repos_group)
300 self.sa.delete(repos_group)
298 self.__delete_group(repos_group, force_delete)
301 self.__delete_group(repos_group, force_delete)
299 except Exception:
302 except Exception:
300 log.error('Error removing repos_group %s' % repos_group)
303 log.error('Error removing repos_group %s' % repos_group)
301 raise
304 raise
302
305
303 def delete_permission(self, repos_group, obj, obj_type, recursive):
306 def delete_permission(self, repos_group, obj, obj_type, recursive):
304 """
307 """
305 Revokes permission for repos_group for given obj(user or users_group),
308 Revokes permission for repos_group for given obj(user or users_group),
306 obj_type can be user or user group
309 obj_type can be user or user group
307
310
308 :param repos_group:
311 :param repos_group:
309 :param obj: user or user group id
312 :param obj: user or user group id
310 :param obj_type: user or user group type
313 :param obj_type: user or user group type
311 :param recursive: recurse to all children of group
314 :param recursive: recurse to all children of group
312 """
315 """
313 from rhodecode.model.repo import RepoModel
316 from rhodecode.model.repo import RepoModel
314 repos_group = self._get_repo_group(repos_group)
317 repos_group = self._get_repo_group(repos_group)
315
318
316 for el in repos_group.recursive_groups_and_repos():
319 for el in repos_group.recursive_groups_and_repos():
317 if not recursive:
320 if not recursive:
318 # if we don't recurse set the permission on only the top level
321 # if we don't recurse set the permission on only the top level
319 # object
322 # object
320 el = repos_group
323 el = repos_group
321
324
322 if isinstance(el, RepoGroup):
325 if isinstance(el, RepoGroup):
323 if obj_type == 'user':
326 if obj_type == 'user':
324 ReposGroupModel().revoke_user_permission(el, user=obj)
327 ReposGroupModel().revoke_user_permission(el, user=obj)
325 elif obj_type == 'users_group':
328 elif obj_type == 'users_group':
326 ReposGroupModel().revoke_users_group_permission(el, group_name=obj)
329 ReposGroupModel().revoke_users_group_permission(el, group_name=obj)
327 else:
330 else:
328 raise Exception('undefined object type %s' % obj_type)
331 raise Exception('undefined object type %s' % obj_type)
329 elif isinstance(el, Repository):
332 elif isinstance(el, Repository):
330 if obj_type == 'user':
333 if obj_type == 'user':
331 RepoModel().revoke_user_permission(el, user=obj)
334 RepoModel().revoke_user_permission(el, user=obj)
332 elif obj_type == 'users_group':
335 elif obj_type == 'users_group':
333 RepoModel().revoke_users_group_permission(el, group_name=obj)
336 RepoModel().revoke_users_group_permission(el, group_name=obj)
334 else:
337 else:
335 raise Exception('undefined object type %s' % obj_type)
338 raise Exception('undefined object type %s' % obj_type)
336
339
337 #if it's not recursive call
340 #if it's not recursive call
338 # break the loop and don't proceed with other changes
341 # break the loop and don't proceed with other changes
339 if not recursive:
342 if not recursive:
340 break
343 break
341
344
342 def grant_user_permission(self, repos_group, user, perm):
345 def grant_user_permission(self, repos_group, user, perm):
343 """
346 """
344 Grant permission for user on given repository group, or update
347 Grant permission for user on given repository group, or update
345 existing one if found
348 existing one if found
346
349
347 :param repos_group: Instance of ReposGroup, repositories_group_id,
350 :param repos_group: Instance of ReposGroup, repositories_group_id,
348 or repositories_group name
351 or repositories_group name
349 :param user: Instance of User, user_id or username
352 :param user: Instance of User, user_id or username
350 :param perm: Instance of Permission, or permission_name
353 :param perm: Instance of Permission, or permission_name
351 """
354 """
352
355
353 repos_group = self._get_repo_group(repos_group)
356 repos_group = self._get_repo_group(repos_group)
354 user = self._get_user(user)
357 user = self._get_user(user)
355 permission = self._get_perm(perm)
358 permission = self._get_perm(perm)
356
359
357 # check if we have that permission already
360 # check if we have that permission already
358 obj = self.sa.query(UserRepoGroupToPerm)\
361 obj = self.sa.query(UserRepoGroupToPerm)\
359 .filter(UserRepoGroupToPerm.user == user)\
362 .filter(UserRepoGroupToPerm.user == user)\
360 .filter(UserRepoGroupToPerm.group == repos_group)\
363 .filter(UserRepoGroupToPerm.group == repos_group)\
361 .scalar()
364 .scalar()
362 if obj is None:
365 if obj is None:
363 # create new !
366 # create new !
364 obj = UserRepoGroupToPerm()
367 obj = UserRepoGroupToPerm()
365 obj.group = repos_group
368 obj.group = repos_group
366 obj.user = user
369 obj.user = user
367 obj.permission = permission
370 obj.permission = permission
368 self.sa.add(obj)
371 self.sa.add(obj)
369 log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
372 log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group))
370
373
371 def revoke_user_permission(self, repos_group, user):
374 def revoke_user_permission(self, repos_group, user):
372 """
375 """
373 Revoke permission for user on given repository group
376 Revoke permission for user on given repository group
374
377
375 :param repos_group: Instance of ReposGroup, repositories_group_id,
378 :param repos_group: Instance of ReposGroup, repositories_group_id,
376 or repositories_group name
379 or repositories_group name
377 :param user: Instance of User, user_id or username
380 :param user: Instance of User, user_id or username
378 """
381 """
379
382
380 repos_group = self._get_repo_group(repos_group)
383 repos_group = self._get_repo_group(repos_group)
381 user = self._get_user(user)
384 user = self._get_user(user)
382
385
383 obj = self.sa.query(UserRepoGroupToPerm)\
386 obj = self.sa.query(UserRepoGroupToPerm)\
384 .filter(UserRepoGroupToPerm.user == user)\
387 .filter(UserRepoGroupToPerm.user == user)\
385 .filter(UserRepoGroupToPerm.group == repos_group)\
388 .filter(UserRepoGroupToPerm.group == repos_group)\
386 .scalar()
389 .scalar()
387 if obj:
390 if obj:
388 self.sa.delete(obj)
391 self.sa.delete(obj)
389 log.debug('Revoked perm on %s on %s' % (repos_group, user))
392 log.debug('Revoked perm on %s on %s' % (repos_group, user))
390
393
391 def grant_users_group_permission(self, repos_group, group_name, perm):
394 def grant_users_group_permission(self, repos_group, group_name, perm):
392 """
395 """
393 Grant permission for user group on given repository group, or update
396 Grant permission for user group on given repository group, or update
394 existing one if found
397 existing one if found
395
398
396 :param repos_group: Instance of ReposGroup, repositories_group_id,
399 :param repos_group: Instance of ReposGroup, repositories_group_id,
397 or repositories_group name
400 or repositories_group name
398 :param group_name: Instance of UserGroup, users_group_id,
401 :param group_name: Instance of UserGroup, users_group_id,
399 or user group name
402 or user group name
400 :param perm: Instance of Permission, or permission_name
403 :param perm: Instance of Permission, or permission_name
401 """
404 """
402 repos_group = self._get_repo_group(repos_group)
405 repos_group = self._get_repo_group(repos_group)
403 group_name = self._get_user_group(group_name)
406 group_name = self._get_user_group(group_name)
404 permission = self._get_perm(perm)
407 permission = self._get_perm(perm)
405
408
406 # check if we have that permission already
409 # check if we have that permission already
407 obj = self.sa.query(UserGroupRepoGroupToPerm)\
410 obj = self.sa.query(UserGroupRepoGroupToPerm)\
408 .filter(UserGroupRepoGroupToPerm.group == repos_group)\
411 .filter(UserGroupRepoGroupToPerm.group == repos_group)\
409 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
412 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
410 .scalar()
413 .scalar()
411
414
412 if obj is None:
415 if obj is None:
413 # create new
416 # create new
414 obj = UserGroupRepoGroupToPerm()
417 obj = UserGroupRepoGroupToPerm()
415
418
416 obj.group = repos_group
419 obj.group = repos_group
417 obj.users_group = group_name
420 obj.users_group = group_name
418 obj.permission = permission
421 obj.permission = permission
419 self.sa.add(obj)
422 self.sa.add(obj)
420 log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
423 log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group))
421
424
422 def revoke_users_group_permission(self, repos_group, group_name):
425 def revoke_users_group_permission(self, repos_group, group_name):
423 """
426 """
424 Revoke permission for user group on given repository group
427 Revoke permission for user group on given repository group
425
428
426 :param repos_group: Instance of ReposGroup, repositories_group_id,
429 :param repos_group: Instance of ReposGroup, repositories_group_id,
427 or repositories_group name
430 or repositories_group name
428 :param group_name: Instance of UserGroup, users_group_id,
431 :param group_name: Instance of UserGroup, users_group_id,
429 or user group name
432 or user group name
430 """
433 """
431 repos_group = self._get_repo_group(repos_group)
434 repos_group = self._get_repo_group(repos_group)
432 group_name = self._get_user_group(group_name)
435 group_name = self._get_user_group(group_name)
433
436
434 obj = self.sa.query(UserGroupRepoGroupToPerm)\
437 obj = self.sa.query(UserGroupRepoGroupToPerm)\
435 .filter(UserGroupRepoGroupToPerm.group == repos_group)\
438 .filter(UserGroupRepoGroupToPerm.group == repos_group)\
436 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
439 .filter(UserGroupRepoGroupToPerm.users_group == group_name)\
437 .scalar()
440 .scalar()
438 if obj:
441 if obj:
439 self.sa.delete(obj)
442 self.sa.delete(obj)
440 log.debug('Revoked perm to %s on %s' % (repos_group, group_name))
443 log.debug('Revoked perm to %s on %s' % (repos_group, group_name))
General Comments 0
You need to be logged in to leave comments. Login now