Show More
@@ -20,6 +20,7 b' news' | |||||
20 | - created rcextensions module with additional mappings (ref #322) and |
|
20 | - created rcextensions module with additional mappings (ref #322) and | |
21 | post push/pull/create repo hooks callbacks |
|
21 | post push/pull/create repo hooks callbacks | |
22 | - implemented #377 Users view for his own permissions on account page |
|
22 | - implemented #377 Users view for his own permissions on account page | |
|
23 | - #399 added inheritance of permissions for users group on repos groups | |||
23 |
|
24 | |||
24 | fixes |
|
25 | fixes | |
25 | +++++ |
|
26 | +++++ |
@@ -35,7 +35,8 b' from rhodecode.lib.caching_query import ' | |||||
35 | from rhodecode.model import BaseModel |
|
35 | from rhodecode.model import BaseModel | |
36 | from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
|
36 | from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ | |
37 | UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ |
|
37 | UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ | |
38 | Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup |
|
38 | Notification, RepoGroup, UserRepoGroupToPerm, UsersGroup,\ | |
|
39 | UsersGroupRepoGroupToPerm | |||
39 | from rhodecode.lib.exceptions import DefaultUserException, \ |
|
40 | from rhodecode.lib.exceptions import DefaultUserException, \ | |
40 | UserOwnsReposException |
|
41 | UserOwnsReposException | |
41 |
|
42 | |||
@@ -410,7 +411,7 b' class UserModel(BaseModel):' | |||||
410 | for perm in default_global_perms: |
|
411 | for perm in default_global_perms: | |
411 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
412 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
412 |
|
413 | |||
413 | # default for repositories |
|
414 | # defaults for repositories, taken from default user | |
414 | for perm in default_repo_perms: |
|
415 | for perm in default_repo_perms: | |
415 | r_k = perm.UserRepoToPerm.repository.repo_name |
|
416 | r_k = perm.UserRepoToPerm.repository.repo_name | |
416 | if perm.Repository.private and not (perm.Repository.user_id == uid): |
|
417 | if perm.Repository.private and not (perm.Repository.user_id == uid): | |
@@ -424,17 +425,18 b' class UserModel(BaseModel):' | |||||
424 |
|
425 | |||
425 | user.permissions[RK][r_k] = p |
|
426 | user.permissions[RK][r_k] = p | |
426 |
|
427 | |||
427 | # default for repositories groups |
|
428 | # defaults for repositories groups taken from default user permission | |
|
429 | # on given group | |||
428 | for perm in default_repo_groups_perms: |
|
430 | for perm in default_repo_groups_perms: | |
429 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
431 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
430 | p = perm.Permission.permission_name |
|
432 | p = perm.Permission.permission_name | |
431 | user.permissions[GK][rg_k] = p |
|
433 | user.permissions[GK][rg_k] = p | |
432 |
|
434 | |||
433 | #================================================================== |
|
435 | #================================================================== | |
434 | # overwrite default with user permissions if any |
|
436 | # overwrite defaults with user permissions if any found | |
435 | #================================================================== |
|
437 | #================================================================== | |
436 |
|
438 | |||
437 | # user global |
|
439 | # user global permissions | |
438 | user_perms = self.sa.query(UserToPerm)\ |
|
440 | user_perms = self.sa.query(UserToPerm)\ | |
439 | .options(joinedload(UserToPerm.permission))\ |
|
441 | .options(joinedload(UserToPerm.permission))\ | |
440 | .filter(UserToPerm.user_id == uid).all() |
|
442 | .filter(UserToPerm.user_id == uid).all() | |
@@ -442,7 +444,7 b' class UserModel(BaseModel):' | |||||
442 | for perm in user_perms: |
|
444 | for perm in user_perms: | |
443 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
445 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
444 |
|
446 | |||
445 | # user repositories |
|
447 | # user explicit permissions for repositories | |
446 | user_repo_perms = \ |
|
448 | user_repo_perms = \ | |
447 | self.sa.query(UserRepoToPerm, Permission, Repository)\ |
|
449 | self.sa.query(UserRepoToPerm, Permission, Repository)\ | |
448 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ |
|
450 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ | |
@@ -460,8 +462,8 b' class UserModel(BaseModel):' | |||||
460 | user.permissions[RK][r_k] = p |
|
462 | user.permissions[RK][r_k] = p | |
461 |
|
463 | |||
462 | #================================================================== |
|
464 | #================================================================== | |
463 |
# check if user is part of groups for this repository and |
|
465 | # check if user is part of user groups for this repository and | |
464 | # (or replace with higher) permissions |
|
466 | # fill in (or replace with higher) permissions | |
465 | #================================================================== |
|
467 | #================================================================== | |
466 |
|
468 | |||
467 | # users group global |
|
469 | # users group global | |
@@ -474,7 +476,7 b' class UserModel(BaseModel):' | |||||
474 | for perm in user_perms_from_users_groups: |
|
476 | for perm in user_perms_from_users_groups: | |
475 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
477 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
476 |
|
478 | |||
477 | # users group repositories |
|
479 | # users group for repositories permissions | |
478 | user_repo_perms_from_users_groups = \ |
|
480 | user_repo_perms_from_users_groups = \ | |
479 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ |
|
481 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ | |
480 | .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ |
|
482 | .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ | |
@@ -496,7 +498,7 b' class UserModel(BaseModel):' | |||||
496 | # get access for this user for repos group and override defaults |
|
498 | # get access for this user for repos group and override defaults | |
497 | #================================================================== |
|
499 | #================================================================== | |
498 |
|
500 | |||
499 |
# user |
|
501 | # user explicit permissions for repository | |
500 | user_repo_groups_perms = \ |
|
502 | user_repo_groups_perms = \ | |
501 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
|
503 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ | |
502 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
504 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
@@ -510,6 +512,31 b' class UserModel(BaseModel):' | |||||
510 | cur_perm = user.permissions[GK][rg_k] |
|
512 | cur_perm = user.permissions[GK][rg_k] | |
511 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
513 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
512 | user.permissions[GK][rg_k] = p |
|
514 | user.permissions[GK][rg_k] = p | |
|
515 | ||||
|
516 | #================================================================== | |||
|
517 | # check if user is part of user groups for this repo group and | |||
|
518 | # fill in (or replace with higher) permissions | |||
|
519 | #================================================================== | |||
|
520 | ||||
|
521 | # users group for repositories permissions | |||
|
522 | user_repo_group_perms_from_users_groups = \ | |||
|
523 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |||
|
524 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |||
|
525 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |||
|
526 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |||
|
527 | .filter(UsersGroupMember.user_id == uid)\ | |||
|
528 | .all() | |||
|
529 | ||||
|
530 | for perm in user_repo_group_perms_from_users_groups: | |||
|
531 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |||
|
532 | print perm, g_k | |||
|
533 | p = perm.Permission.permission_name | |||
|
534 | cur_perm = user.permissions[GK][g_k] | |||
|
535 | # overwrite permission only if it's greater than permission | |||
|
536 | # given from other sources | |||
|
537 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |||
|
538 | user.permissions[GK][g_k] = p | |||
|
539 | ||||
513 | return user |
|
540 | return user | |
514 |
|
541 | |||
515 | def has_perm(self, user, perm): |
|
542 | def has_perm(self, user, perm): |
@@ -5,7 +5,7 b' from rhodecode.tests import *' | |||||
5 | from rhodecode.model.repos_group import ReposGroupModel |
|
5 | from rhodecode.model.repos_group import ReposGroupModel | |
6 | from rhodecode.model.repo import RepoModel |
|
6 | from rhodecode.model.repo import RepoModel | |
7 | from rhodecode.model.db import RepoGroup, User, Notification, UserNotification, \ |
|
7 | from rhodecode.model.db import RepoGroup, User, Notification, UserNotification, \ | |
8 | UsersGroup, UsersGroupMember, Permission |
|
8 | UsersGroup, UsersGroupMember, Permission, UsersGroupRepoGroupToPerm | |
9 | from sqlalchemy.exc import IntegrityError |
|
9 | from sqlalchemy.exc import IntegrityError | |
10 | from rhodecode.model.user import UserModel |
|
10 | from rhodecode.model.user import UserModel | |
11 |
|
11 | |||
@@ -608,6 +608,7 b' class TestPermissions(unittest.TestCase)' | |||||
608 | user=self.anon, |
|
608 | user=self.anon, | |
609 | perm='group.none') |
|
609 | perm='group.none') | |
610 |
|
610 | |||
|
611 | ||||
611 | u1_auth = AuthUser(user_id=self.u1.user_id) |
|
612 | u1_auth = AuthUser(user_id=self.u1.user_id) | |
612 | self.assertEqual(u1_auth.permissions['repositories_groups'], |
|
613 | self.assertEqual(u1_auth.permissions['repositories_groups'], | |
613 | {u'group1': u'group.none', u'group2': u'group.none'}) |
|
614 | {u'group1': u'group.none', u'group2': u'group.none'}) | |
@@ -658,3 +659,57 b' class TestPermissions(unittest.TestCase)' | |||||
658 | a1_auth = AuthUser(user_id=self.anon.user_id) |
|
659 | a1_auth = AuthUser(user_id=self.anon.user_id) | |
659 | self.assertEqual(a1_auth.permissions['repositories_groups'], |
|
660 | self.assertEqual(a1_auth.permissions['repositories_groups'], | |
660 | {u'group1': u'group.none', u'group2': u'group.none'}) |
|
661 | {u'group1': u'group.none', u'group2': u'group.none'}) | |
|
662 | ||||
|
663 | def test_repo_group_user_as_user_group_member(self): | |||
|
664 | # create Group1 | |||
|
665 | self.g1 = _make_group('group1', skip_if_exists=True) | |||
|
666 | Session.commit() | |||
|
667 | a1_auth = AuthUser(user_id=self.anon.user_id) | |||
|
668 | ||||
|
669 | self.assertEqual(a1_auth.permissions['repositories_groups'], | |||
|
670 | {u'group1': u'group.read'}) | |||
|
671 | ||||
|
672 | # set default permission to none | |||
|
673 | ReposGroupModel().grant_user_permission(repos_group=self.g1, | |||
|
674 | user=self.anon, | |||
|
675 | perm='group.none') | |||
|
676 | # make group | |||
|
677 | self.ug1 = UsersGroupModel().create('G1') | |||
|
678 | # add user to group | |||
|
679 | UsersGroupModel().add_user_to_group(self.ug1, self.u1) | |||
|
680 | Session.commit() | |||
|
681 | ||||
|
682 | # check if user is in the group | |||
|
683 | membrs = [x.user_id for x in UsersGroupModel().get(self.ug1.users_group_id).members] | |||
|
684 | self.assertEqual(membrs, [self.u1.user_id]) | |||
|
685 | # add some user to that group | |||
|
686 | ||||
|
687 | # check his permissions | |||
|
688 | a1_auth = AuthUser(user_id=self.anon.user_id) | |||
|
689 | self.assertEqual(a1_auth.permissions['repositories_groups'], | |||
|
690 | {u'group1': u'group.none'}) | |||
|
691 | ||||
|
692 | u1_auth = AuthUser(user_id=self.u1.user_id) | |||
|
693 | self.assertEqual(u1_auth.permissions['repositories_groups'], | |||
|
694 | {u'group1': u'group.none'}) | |||
|
695 | ||||
|
696 | # grant ug1 read permissions for | |||
|
697 | ReposGroupModel().grant_users_group_permission(repos_group=self.g1, | |||
|
698 | group_name=self.ug1, | |||
|
699 | perm='group.read') | |||
|
700 | Session.commit() | |||
|
701 | # check if the | |||
|
702 | obj = Session.query(UsersGroupRepoGroupToPerm)\ | |||
|
703 | .filter(UsersGroupRepoGroupToPerm.group == self.g1)\ | |||
|
704 | .filter(UsersGroupRepoGroupToPerm.users_group == self.ug1)\ | |||
|
705 | .scalar() | |||
|
706 | self.assertEqual(obj.permission.permission_name, 'group.read') | |||
|
707 | ||||
|
708 | a1_auth = AuthUser(user_id=self.anon.user_id) | |||
|
709 | ||||
|
710 | self.assertEqual(a1_auth.permissions['repositories_groups'], | |||
|
711 | {u'group1': u'group.none'}) | |||
|
712 | ||||
|
713 | u1_auth = AuthUser(user_id=self.u1.user_id) | |||
|
714 | self.assertEqual(u1_auth.permissions['repositories_groups'], | |||
|
715 | {u'group1': u'group.read'}) |
General Comments 0
You need to be logged in to leave comments.
Login now