Show More
| @@ -20,6 +20,7 b' news' | |||
|
|
20 | 20 | - created rcextensions module with additional mappings (ref #322) and |
|
|
21 | 21 | post push/pull/create repo hooks callbacks |
|
|
22 | 22 | - implemented #377 Users view for his own permissions on account page |
|
|
23 | - #399 added inheritance of permissions for users group on repos groups | |
|
|
23 | 24 | |
|
|
24 | 25 | fixes |
|
|
25 | 26 | +++++ |
| @@ -35,7 +35,8 b' from rhodecode.lib.caching_query import ' | |||
|
|
35 | 35 | from rhodecode.model import BaseModel |
|
|
36 | 36 | from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
|
|
37 | 37 | UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ |
|
|
38 | Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup | |
|
|
38 | Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup,\ | |
|
|
39 | UsersGroupRepoGroupToPerm | |
|
|
39 | 40 | from rhodecode.lib.exceptions import DefaultUserException, \ |
|
|
40 | 41 | UserOwnsReposException |
|
|
41 | 42 | |
| @@ -410,7 +411,7 b' class UserModel(BaseModel):' | |||
|
|
410 | 411 | for perm in default_global_perms: |
|
|
411 | 412 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
|
412 | 413 | |
|
|
413 | # default for repositories | |
|
|
414 | # defaults for repositories, taken from default user | |
|
|
414 | 415 | for perm in default_repo_perms: |
|
|
415 | 416 | r_k = perm.UserRepoToPerm.repository.repo_name |
|
|
416 | 417 | if perm.Repository.private and not (perm.Repository.user_id == uid): |
| @@ -424,17 +425,18 b' class UserModel(BaseModel):' | |||
|
|
424 | 425 | |
|
|
425 | 426 | user.permissions[RK][r_k] = p |
|
|
426 | 427 | |
|
|
427 | # default for repositories groups | |
|
|
428 | # defaults for repositories groups taken from default user permission | |
|
|
429 | # on given group | |
|
|
428 | 430 | for perm in default_repo_groups_perms: |
|
|
429 | 431 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
|
430 | 432 | p = perm.Permission.permission_name |
|
|
431 | 433 | user.permissions[GK][rg_k] = p |
|
|
432 | 434 | |
|
|
433 | 435 | #================================================================== |
|
|
434 | # overwrite default with user permissions if any | |
|
|
436 | # overwrite defaults with user permissions if any found | |
|
|
435 | 437 | #================================================================== |
|
|
436 | 438 | |
|
|
437 | # user global | |
|
|
439 | # user global permissions | |
|
|
438 | 440 | user_perms = self.sa.query(UserToPerm)\ |
|
|
439 | 441 | .options(joinedload(UserToPerm.permission))\ |
|
|
440 | 442 | .filter(UserToPerm.user_id == uid).all() |
| @@ -442,7 +444,7 b' class UserModel(BaseModel):' | |||
|
|
442 | 444 | for perm in user_perms: |
|
|
443 | 445 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
|
444 | 446 | |
|
|
445 | # user repositories | |
|
|
447 | # user explicit permissions for repositories | |
|
|
446 | 448 | user_repo_perms = \ |
|
|
447 | 449 | self.sa.query(UserRepoToPerm, Permission, Repository)\ |
|
|
448 | 450 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ |
| @@ -460,8 +462,8 b' class UserModel(BaseModel):' | |||
|
|
460 | 462 | user.permissions[RK][r_k] = p |
|
|
461 | 463 | |
|
|
462 | 464 | #================================================================== |
|
|
463 |
# check if user is part of groups for this repository and |
|
|
|
464 | # (or replace with higher) permissions | |
|
|
465 | # check if user is part of user groups for this repository and | |
|
|
466 | # fill in (or replace with higher) permissions | |
|
|
465 | 467 | #================================================================== |
|
|
466 | 468 | |
|
|
467 | 469 | # users group global |
| @@ -474,7 +476,7 b' class UserModel(BaseModel):' | |||
|
|
474 | 476 | for perm in user_perms_from_users_groups: |
|
|
475 | 477 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
|
476 | 478 | |
|
|
477 | # users group repositories | |
|
|
479 | # users group for repositories permissions | |
|
|
478 | 480 | user_repo_perms_from_users_groups = \ |
|
|
479 | 481 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ |
|
|
480 | 482 | .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ |
| @@ -496,7 +498,7 b' class UserModel(BaseModel):' | |||
|
|
496 | 498 | # get access for this user for repos group and override defaults |
|
|
497 | 499 | #================================================================== |
|
|
498 | 500 | |
|
|
499 |
# user |
|
|
|
501 | # user explicit permissions for repository | |
|
|
500 | 502 | user_repo_groups_perms = \ |
|
|
501 | 503 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
|
|
502 | 504 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
| @@ -510,6 +512,31 b' class UserModel(BaseModel):' | |||
|
|
510 | 512 | cur_perm = user.permissions[GK][rg_k] |
|
|
511 | 513 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
|
512 | 514 | user.permissions[GK][rg_k] = p |
|
|
515 | ||
|
|
516 | #================================================================== | |
|
|
517 | # check if user is part of user groups for this repo group and | |
|
|
518 | # fill in (or replace with higher) permissions | |
|
|
519 | #================================================================== | |
|
|
520 | ||
|
|
521 | # users group for repositories permissions | |
|
|
522 | user_repo_group_perms_from_users_groups = \ | |
|
|
523 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
|
|
524 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
|
|
525 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
|
|
526 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
|
|
527 | .filter(UsersGroupMember.user_id == uid)\ | |
|
|
528 | .all() | |
|
|
529 | ||
|
|
530 | for perm in user_repo_group_perms_from_users_groups: | |
|
|
531 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
|
|
532 | print perm, g_k | |
|
|
533 | p = perm.Permission.permission_name | |
|
|
534 | cur_perm = user.permissions[GK][g_k] | |
|
|
535 | # overwrite permission only if it's greater than permission | |
|
|
536 | # given from other sources | |
|
|
537 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
|
|
538 | user.permissions[GK][g_k] = p | |
|
|
539 | ||
|
|
513 | 540 | return user |
|
|
514 | 541 | |
|
|
515 | 542 | def has_perm(self, user, perm): |
| @@ -138,12 +138,12 b'' | |||
|
|
138 | 138 | <tbody> |
|
|
139 | 139 | <%namespace name="dt" file="/_data_table/_dt_elements.html"/> |
|
|
140 | 140 | %if c.user_repos: |
|
|
141 |
%for repo in c.user_repos: |
|
|
|
141 | %for repo in c.user_repos: | |
|
|
142 | 142 | <tr> |
|
|
143 | 143 | ##QUICK MENU |
|
|
144 | 144 | <td class="quick_repo_menu"> |
|
|
145 | 145 | ${dt.quick_menu(repo['name'])} |
|
|
146 |
</td> |
|
|
|
146 | </td> | |
|
|
147 | 147 | ##REPO NAME AND ICONS |
|
|
148 | 148 | <td class="reponame"> |
|
|
149 | 149 | ${dt.repo_name(repo['name'],repo['dbrepo']['repo_type'],repo['dbrepo']['private'],repo['dbrepo_fork'].get('repo_name'))} |
| @@ -175,7 +175,7 b'' | |||
|
|
175 | 175 | <div id="perms" class="table" style="display:none"> |
|
|
176 | 176 | %for section in sorted(c.rhodecode_user.permissions.keys()): |
|
|
177 | 177 | <div class="perms_section_head">${section.replace("_"," ").capitalize()}</div> |
|
|
178 | ||
|
|
178 | ||
|
|
179 | 179 | <div id='tbl_list_wrap_${section}' class="yui-skin-sam"> |
|
|
180 | 180 | <table id="tbl_list_${section}"> |
|
|
181 | 181 | <thead> |
| @@ -216,7 +216,7 b' var filter_activate = function(){' | |||
|
|
216 | 216 | var func = function(node){ |
|
|
217 | 217 | return node.parentNode.parentNode.parentNode.parentNode; |
|
|
218 | 218 | } |
|
|
219 |
q_filter('q_filter',YUQ('#my tr td a.repo_name'),func); |
|
|
|
219 | q_filter('q_filter',YUQ('#my tr td a.repo_name'),func); | |
|
|
220 | 220 | } |
|
|
221 | 221 | |
|
|
222 | 222 | YUE.on('show_my','click',function(e){ |
| @@ -5,7 +5,7 b' from rhodecode.tests import *' | |||
|
|
5 | 5 | from rhodecode.model.repos_group import ReposGroupModel |
|
|
6 | 6 | from rhodecode.model.repo import RepoModel |
|
|
7 | 7 | from rhodecode.model.db import RepoGroup, User, Notification, UserNotification, \ |
|
|
8 | UsersGroup, UsersGroupMember, Permission | |
|
|
8 | UsersGroup, UsersGroupMember, Permission, UsersGroupRepoGroupToPerm | |
|
|
9 | 9 | from sqlalchemy.exc import IntegrityError |
|
|
10 | 10 | from rhodecode.model.user import UserModel |
|
|
11 | 11 | |
| @@ -608,6 +608,7 b' class TestPermissions(unittest.TestCase)' | |||
|
|
608 | 608 | user=self.anon, |
|
|
609 | 609 | perm='group.none') |
|
|
610 | 610 | |
|
|
611 | ||
|
|
611 | 612 | u1_auth = AuthUser(user_id=self.u1.user_id) |
|
|
612 | 613 | self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
|
613 | 614 | {u'group1': u'group.none', u'group2': u'group.none'}) |
| @@ -658,3 +659,57 b' class TestPermissions(unittest.TestCase)' | |||
|
|
658 | 659 | a1_auth = AuthUser(user_id=self.anon.user_id) |
|
|
659 | 660 | self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
|
660 | 661 | {u'group1': u'group.none', u'group2': u'group.none'}) |
|
|
662 | ||
|
|
663 | def test_repo_group_user_as_user_group_member(self): | |
|
|
664 | # create Group1 | |
|
|
665 | self.g1 = _make_group('group1', skip_if_exists=True) | |
|
|
666 | Session.commit() | |
|
|
667 | a1_auth = AuthUser(user_id=self.anon.user_id) | |
|
|
668 | ||
|
|
669 | self.assertEqual(a1_auth.permissions['repositories_groups'], | |
|
|
670 | {u'group1': u'group.read'}) | |
|
|
671 | ||
|
|
672 | # set default permission to none | |
|
|
673 | ReposGroupModel().grant_user_permission(repos_group=self.g1, | |
|
|
674 | user=self.anon, | |
|
|
675 | perm='group.none') | |
|
|
676 | # make group | |
|
|
677 | self.ug1 = UsersGroupModel().create('G1') | |
|
|
678 | # add user to group | |
|
|
679 | UsersGroupModel().add_user_to_group(self.ug1, self.u1) | |
|
|
680 | Session.commit() | |
|
|
681 | ||
|
|
682 | # check if user is in the group | |
|
|
683 | membrs = [x.user_id for x in UsersGroupModel().get(self.ug1.users_group_id).members] | |
|
|
684 | self.assertEqual(membrs, [self.u1.user_id]) | |
|
|
685 | # add some user to that group | |
|
|
686 | ||
|
|
687 | # check his permissions | |
|
|
688 | a1_auth = AuthUser(user_id=self.anon.user_id) | |
|
|
689 | self.assertEqual(a1_auth.permissions['repositories_groups'], | |
|
|
690 | {u'group1': u'group.none'}) | |
|
|
691 | ||
|
|
692 | u1_auth = AuthUser(user_id=self.u1.user_id) | |
|
|
693 | self.assertEqual(u1_auth.permissions['repositories_groups'], | |
|
|
694 | {u'group1': u'group.none'}) | |
|
|
695 | ||
|
|
696 | # grant ug1 read permissions for | |
|
|
697 | ReposGroupModel().grant_users_group_permission(repos_group=self.g1, | |
|
|
698 | group_name=self.ug1, | |
|
|
699 | perm='group.read') | |
|
|
700 | Session.commit() | |
|
|
701 | # check if the | |
|
|
702 | obj = Session.query(UsersGroupRepoGroupToPerm)\ | |
|
|
703 | .filter(UsersGroupRepoGroupToPerm.group == self.g1)\ | |
|
|
704 | .filter(UsersGroupRepoGroupToPerm.users_group == self.ug1)\ | |
|
|
705 | .scalar() | |
|
|
706 | self.assertEqual(obj.permission.permission_name, 'group.read') | |
|
|
707 | ||
|
|
708 | a1_auth = AuthUser(user_id=self.anon.user_id) | |
|
|
709 | ||
|
|
710 | self.assertEqual(a1_auth.permissions['repositories_groups'], | |
|
|
711 | {u'group1': u'group.none'}) | |
|
|
712 | ||
|
|
713 | u1_auth = AuthUser(user_id=self.u1.user_id) | |
|
|
714 | self.assertEqual(u1_auth.permissions['repositories_groups'], | |
|
|
715 | {u'group1': u'group.read'}) | |
General Comments 0
You need to be logged in to leave comments.
Login now