Show More
| @@ -1,247 +1,247 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | """ |
|
2 | """ | |
| 3 | rhodecode.controllers.admin.users |
|
3 | rhodecode.controllers.admin.users | |
| 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 5 |
|
5 | |||
| 6 | Users crud controller for pylons |
|
6 | Users crud controller for pylons | |
| 7 |
|
7 | |||
| 8 | :created_on: Apr 4, 2010 |
|
8 | :created_on: Apr 4, 2010 | |
| 9 | :author: marcink |
|
9 | :author: marcink | |
| 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |
| 11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
| 12 | """ |
|
12 | """ | |
| 13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
| 14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
| 15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
| 16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
| 17 | # |
|
17 | # | |
| 18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
| 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
| 22 | # |
|
22 | # | |
| 23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
| 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 25 |
|
25 | |||
| 26 | import logging |
|
26 | import logging | |
| 27 | import traceback |
|
27 | import traceback | |
| 28 | import formencode |
|
28 | import formencode | |
| 29 |
|
29 | |||
| 30 | from formencode import htmlfill |
|
30 | from formencode import htmlfill | |
| 31 | from pylons import request, session, tmpl_context as c, url, config |
|
31 | from pylons import request, session, tmpl_context as c, url, config | |
| 32 | from pylons.controllers.util import redirect |
|
32 | from pylons.controllers.util import redirect | |
| 33 | from pylons.i18n.translation import _ |
|
33 | from pylons.i18n.translation import _ | |
| 34 |
|
34 | |||
| 35 | from rhodecode.lib.exceptions import DefaultUserException, \ |
|
35 | from rhodecode.lib.exceptions import DefaultUserException, \ | |
| 36 | UserOwnsReposException |
|
36 | UserOwnsReposException | |
| 37 | from rhodecode.lib import helpers as h |
|
37 | from rhodecode.lib import helpers as h | |
| 38 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\ |
|
38 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\ | |
| 39 | AuthUser |
|
39 | AuthUser | |
| 40 | from rhodecode.lib.base import BaseController, render |
|
40 | from rhodecode.lib.base import BaseController, render | |
| 41 |
|
41 | |||
| 42 | from rhodecode.model.db import User, Permission, UserEmailMap |
|
42 | from rhodecode.model.db import User, Permission, UserEmailMap | |
| 43 | from rhodecode.model.forms import UserForm |
|
43 | from rhodecode.model.forms import UserForm | |
| 44 | from rhodecode.model.user import UserModel |
|
44 | from rhodecode.model.user import UserModel | |
| 45 | from rhodecode.model.meta import Session |
|
45 | from rhodecode.model.meta import Session | |
| 46 | from rhodecode.lib.utils import action_logger |
|
46 | from rhodecode.lib.utils import action_logger | |
| 47 |
|
47 | |||
| 48 | log = logging.getLogger(__name__) |
|
48 | log = logging.getLogger(__name__) | |
| 49 |
|
49 | |||
| 50 |
|
50 | |||
| 51 | class UsersController(BaseController): |
|
51 | class UsersController(BaseController): | |
| 52 | """REST Controller styled on the Atom Publishing Protocol""" |
|
52 | """REST Controller styled on the Atom Publishing Protocol""" | |
| 53 | # To properly map this controller, ensure your config/routing.py |
|
53 | # To properly map this controller, ensure your config/routing.py | |
| 54 | # file has a resource setup: |
|
54 | # file has a resource setup: | |
| 55 | # map.resource('user', 'users') |
|
55 | # map.resource('user', 'users') | |
| 56 |
|
56 | |||
| 57 | @LoginRequired() |
|
57 | @LoginRequired() | |
| 58 | @HasPermissionAllDecorator('hg.admin') |
|
58 | @HasPermissionAllDecorator('hg.admin') | |
| 59 | def __before__(self): |
|
59 | def __before__(self): | |
| 60 | c.admin_user = session.get('admin_user') |
|
60 | c.admin_user = session.get('admin_user') | |
| 61 | c.admin_username = session.get('admin_username') |
|
61 | c.admin_username = session.get('admin_username') | |
| 62 | super(UsersController, self).__before__() |
|
62 | super(UsersController, self).__before__() | |
| 63 | c.available_permissions = config['available_permissions'] |
|
63 | c.available_permissions = config['available_permissions'] | |
| 64 |
|
64 | |||
| 65 | def index(self, format='html'): |
|
65 | def index(self, format='html'): | |
| 66 | """GET /users: All items in the collection""" |
|
66 | """GET /users: All items in the collection""" | |
| 67 | # url('users') |
|
67 | # url('users') | |
| 68 |
|
68 | |||
| 69 | c.users_list = self.sa.query(User).all() |
|
69 | c.users_list = self.sa.query(User).all() | |
| 70 | return render('admin/users/users.html') |
|
70 | return render('admin/users/users.html') | |
| 71 |
|
71 | |||
| 72 | def create(self): |
|
72 | def create(self): | |
| 73 | """POST /users: Create a new item""" |
|
73 | """POST /users: Create a new item""" | |
| 74 | # url('users') |
|
74 | # url('users') | |
| 75 |
|
75 | |||
| 76 | user_model = UserModel() |
|
76 | user_model = UserModel() | |
| 77 | user_form = UserForm()() |
|
77 | user_form = UserForm()() | |
| 78 | try: |
|
78 | try: | |
| 79 | form_result = user_form.to_python(dict(request.POST)) |
|
79 | form_result = user_form.to_python(dict(request.POST)) | |
| 80 | user_model.create(form_result) |
|
80 | user_model.create(form_result) | |
| 81 | usr = form_result['username'] |
|
81 | usr = form_result['username'] | |
| 82 | action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr, |
|
82 | action_logger(self.rhodecode_user, 'admin_created_user:%s' % usr, | |
| 83 | None, self.ip_addr, self.sa) |
|
83 | None, self.ip_addr, self.sa) | |
| 84 | h.flash(_('created user %s') % usr, |
|
84 | h.flash(_('created user %s') % usr, | |
| 85 | category='success') |
|
85 | category='success') | |
| 86 | Session.commit() |
|
86 | Session.commit() | |
| 87 | except formencode.Invalid, errors: |
|
87 | except formencode.Invalid, errors: | |
| 88 | return htmlfill.render( |
|
88 | return htmlfill.render( | |
| 89 | render('admin/users/user_add.html'), |
|
89 | render('admin/users/user_add.html'), | |
| 90 | defaults=errors.value, |
|
90 | defaults=errors.value, | |
| 91 | errors=errors.error_dict or {}, |
|
91 | errors=errors.error_dict or {}, | |
| 92 | prefix_error=False, |
|
92 | prefix_error=False, | |
| 93 | encoding="UTF-8") |
|
93 | encoding="UTF-8") | |
| 94 | except Exception: |
|
94 | except Exception: | |
| 95 | log.error(traceback.format_exc()) |
|
95 | log.error(traceback.format_exc()) | |
| 96 | h.flash(_('error occurred during creation of user %s') \ |
|
96 | h.flash(_('error occurred during creation of user %s') \ | |
| 97 | % request.POST.get('username'), category='error') |
|
97 | % request.POST.get('username'), category='error') | |
| 98 | return redirect(url('users')) |
|
98 | return redirect(url('users')) | |
| 99 |
|
99 | |||
| 100 | def new(self, format='html'): |
|
100 | def new(self, format='html'): | |
| 101 | """GET /users/new: Form to create a new item""" |
|
101 | """GET /users/new: Form to create a new item""" | |
| 102 | # url('new_user') |
|
102 | # url('new_user') | |
| 103 | return render('admin/users/user_add.html') |
|
103 | return render('admin/users/user_add.html') | |
| 104 |
|
104 | |||
| 105 | def update(self, id): |
|
105 | def update(self, id): | |
| 106 | """PUT /users/id: Update an existing item""" |
|
106 | """PUT /users/id: Update an existing item""" | |
| 107 | # Forms posted to this method should contain a hidden field: |
|
107 | # Forms posted to this method should contain a hidden field: | |
| 108 | # <input type="hidden" name="_method" value="PUT" /> |
|
108 | # <input type="hidden" name="_method" value="PUT" /> | |
| 109 | # Or using helpers: |
|
109 | # Or using helpers: | |
| 110 | # h.form(url('update_user', id=ID), |
|
110 | # h.form(url('update_user', id=ID), | |
| 111 | # method='put') |
|
111 | # method='put') | |
| 112 | # url('user', id=ID) |
|
112 | # url('user', id=ID) | |
| 113 | user_model = UserModel() |
|
113 | user_model = UserModel() | |
| 114 | c.user = user_model.get(id) |
|
114 | c.user = user_model.get(id) | |
| 115 | c.perm_user = AuthUser(user_id=id) |
|
115 | c.perm_user = AuthUser(user_id=id) | |
| 116 | _form = UserForm(edit=True, old_data={'user_id': id, |
|
116 | _form = UserForm(edit=True, old_data={'user_id': id, | |
| 117 | 'email': c.user.email})() |
|
117 | 'email': c.user.email})() | |
| 118 | form_result = {} |
|
118 | form_result = {} | |
| 119 | try: |
|
119 | try: | |
| 120 | form_result = _form.to_python(dict(request.POST)) |
|
120 | form_result = _form.to_python(dict(request.POST)) | |
| 121 | user_model.update(id, form_result) |
|
121 | user_model.update(id, form_result) | |
| 122 | usr = form_result['username'] |
|
122 | usr = form_result['username'] | |
| 123 | action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr, |
|
123 | action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr, | |
| 124 | None, self.ip_addr, self.sa) |
|
124 | None, self.ip_addr, self.sa) | |
| 125 | h.flash(_('User updated successfully'), category='success') |
|
125 | h.flash(_('User updated successfully'), category='success') | |
| 126 | Session.commit() |
|
126 | Session.commit() | |
| 127 | except formencode.Invalid, errors: |
|
127 | except formencode.Invalid, errors: | |
| 128 | e = errors.error_dict or {} |
|
128 | e = errors.error_dict or {} | |
| 129 | perm = Permission.get_by_key('hg.create.repository') |
|
129 | perm = Permission.get_by_key('hg.create.repository') | |
| 130 | e.update({'create_repo_perm': user_model.has_perm(id, perm)}) |
|
130 | e.update({'create_repo_perm': user_model.has_perm(id, perm)}) | |
| 131 | return htmlfill.render( |
|
131 | return htmlfill.render( | |
| 132 | render('admin/users/user_edit.html'), |
|
132 | render('admin/users/user_edit.html'), | |
| 133 | defaults=errors.value, |
|
133 | defaults=errors.value, | |
| 134 | errors=e, |
|
134 | errors=e, | |
| 135 | prefix_error=False, |
|
135 | prefix_error=False, | |
| 136 | encoding="UTF-8") |
|
136 | encoding="UTF-8") | |
| 137 | except Exception: |
|
137 | except Exception: | |
| 138 | log.error(traceback.format_exc()) |
|
138 | log.error(traceback.format_exc()) | |
| 139 | h.flash(_('error occurred during update of user %s') \ |
|
139 | h.flash(_('error occurred during update of user %s') \ | |
| 140 | % form_result.get('username'), category='error') |
|
140 | % form_result.get('username'), category='error') | |
| 141 |
|
141 | |||
| 142 | return redirect(url('users')) |
|
142 | return redirect(url('users')) | |
| 143 |
|
143 | |||
| 144 | def delete(self, id): |
|
144 | def delete(self, id): | |
| 145 | """DELETE /users/id: Delete an existing item""" |
|
145 | """DELETE /users/id: Delete an existing item""" | |
| 146 | # Forms posted to this method should contain a hidden field: |
|
146 | # Forms posted to this method should contain a hidden field: | |
| 147 | # <input type="hidden" name="_method" value="DELETE" /> |
|
147 | # <input type="hidden" name="_method" value="DELETE" /> | |
| 148 | # Or using helpers: |
|
148 | # Or using helpers: | |
| 149 | # h.form(url('delete_user', id=ID), |
|
149 | # h.form(url('delete_user', id=ID), | |
| 150 | # method='delete') |
|
150 | # method='delete') | |
| 151 | # url('user', id=ID) |
|
151 | # url('user', id=ID) | |
| 152 | user_model = UserModel() |
|
152 | user_model = UserModel() | |
| 153 | try: |
|
153 | try: | |
| 154 | user_model.delete(id) |
|
154 | user_model.delete(id) | |
| 155 | Session.commit() |
|
155 | Session.commit() | |
| 156 | h.flash(_('successfully deleted user'), category='success') |
|
156 | h.flash(_('successfully deleted user'), category='success') | |
| 157 | except (UserOwnsReposException, DefaultUserException), e: |
|
157 | except (UserOwnsReposException, DefaultUserException), e: | |
| 158 | h.flash(e, category='warning') |
|
158 | h.flash(e, category='warning') | |
| 159 | except Exception: |
|
159 | except Exception: | |
| 160 | log.error(traceback.format_exc()) |
|
160 | log.error(traceback.format_exc()) | |
| 161 | h.flash(_('An error occurred during deletion of user'), |
|
161 | h.flash(_('An error occurred during deletion of user'), | |
| 162 | category='error') |
|
162 | category='error') | |
| 163 | return redirect(url('users')) |
|
163 | return redirect(url('users')) | |
| 164 |
|
164 | |||
| 165 | def show(self, id, format='html'): |
|
165 | def show(self, id, format='html'): | |
| 166 | """GET /users/id: Show a specific item""" |
|
166 | """GET /users/id: Show a specific item""" | |
| 167 | # url('user', id=ID) |
|
167 | # url('user', id=ID) | |
| 168 |
|
168 | |||
| 169 | def edit(self, id, format='html'): |
|
169 | def edit(self, id, format='html'): | |
| 170 | """GET /users/id/edit: Form to edit an existing item""" |
|
170 | """GET /users/id/edit: Form to edit an existing item""" | |
| 171 | # url('edit_user', id=ID) |
|
171 | # url('edit_user', id=ID) | |
| 172 | c.user = User.get(id) |
|
172 | c.user = User.get(id) | |
| 173 | if not c.user: |
|
173 | if not c.user: | |
| 174 | return redirect(url('users')) |
|
174 | return redirect(url('users')) | |
| 175 | if c.user.username == 'default': |
|
175 | if c.user.username == 'default': | |
| 176 | h.flash(_("You can't edit this user"), category='warning') |
|
176 | h.flash(_("You can't edit this user"), category='warning') | |
| 177 | return redirect(url('users')) |
|
177 | return redirect(url('users')) | |
| 178 | c.perm_user = AuthUser(user_id=id) |
|
178 | c.perm_user = AuthUser(user_id=id) | |
| 179 | c.user.permissions = {} |
|
179 | c.user.permissions = {} | |
| 180 | c.granted_permissions = UserModel().fill_perms(c.user)\ |
|
180 | c.granted_permissions = UserModel().fill_perms(c.user)\ | |
| 181 | .permissions['global'] |
|
181 | .permissions['global'] | |
| 182 | c.user_email_map = UserEmailMap.query()\ |
|
182 | c.user_email_map = UserEmailMap.query()\ | |
| 183 | .filter(UserEmailMap.user == c.user).all() |
|
183 | .filter(UserEmailMap.user == c.user).all() | |
| 184 | defaults = c.user.get_dict() |
|
184 | defaults = c.user.get_dict() | |
| 185 | perm = Permission.get_by_key('hg.create.repository') |
|
185 | perm = Permission.get_by_key('hg.create.repository') | |
| 186 | defaults.update({'create_repo_perm': UserModel().has_perm(id, perm)}) |
|
186 | defaults.update({'create_repo_perm': UserModel().has_perm(id, perm)}) | |
| 187 |
|
187 | |||
| 188 | return htmlfill.render( |
|
188 | return htmlfill.render( | |
| 189 | render('admin/users/user_edit.html'), |
|
189 | render('admin/users/user_edit.html'), | |
| 190 | defaults=defaults, |
|
190 | defaults=defaults, | |
| 191 | encoding="UTF-8", |
|
191 | encoding="UTF-8", | |
| 192 | force_defaults=False |
|
192 | force_defaults=False | |
| 193 | ) |
|
193 | ) | |
| 194 |
|
194 | |||
| 195 | def update_perm(self, id): |
|
195 | def update_perm(self, id): | |
| 196 | """PUT /users_perm/id: Update an existing item""" |
|
196 | """PUT /users_perm/id: Update an existing item""" | |
| 197 | # url('user_perm', id=ID, method='put') |
|
197 | # url('user_perm', id=ID, method='put') | |
| 198 |
|
198 | |||
| 199 | grant_perm = request.POST.get('create_repo_perm', False) |
|
199 | grant_perm = request.POST.get('create_repo_perm', False) | |
| 200 | user_model = UserModel() |
|
200 | user_model = UserModel() | |
| 201 |
|
201 | |||
| 202 | if grant_perm: |
|
202 | if grant_perm: | |
| 203 | perm = Permission.get_by_key('hg.create.none') |
|
203 | perm = Permission.get_by_key('hg.create.none') | |
| 204 | user_model.revoke_perm(id, perm) |
|
204 | user_model.revoke_perm(id, perm) | |
| 205 |
|
205 | |||
| 206 | perm = Permission.get_by_key('hg.create.repository') |
|
206 | perm = Permission.get_by_key('hg.create.repository') | |
| 207 | user_model.grant_perm(id, perm) |
|
207 | user_model.grant_perm(id, perm) | |
| 208 | h.flash(_("Granted 'repository create' permission to user"), |
|
208 | h.flash(_("Granted 'repository create' permission to user"), | |
| 209 | category='success') |
|
209 | category='success') | |
| 210 | Session.commit() |
|
210 | Session.commit() | |
| 211 | else: |
|
211 | else: | |
| 212 | perm = Permission.get_by_key('hg.create.repository') |
|
212 | perm = Permission.get_by_key('hg.create.repository') | |
| 213 | user_model.revoke_perm(id, perm) |
|
213 | user_model.revoke_perm(id, perm) | |
| 214 |
|
214 | |||
| 215 | perm = Permission.get_by_key('hg.create.none') |
|
215 | perm = Permission.get_by_key('hg.create.none') | |
| 216 | user_model.grant_perm(id, perm) |
|
216 | user_model.grant_perm(id, perm) | |
| 217 | h.flash(_("Revoked 'repository create' permission to user"), |
|
217 | h.flash(_("Revoked 'repository create' permission to user"), | |
| 218 | category='success') |
|
218 | category='success') | |
| 219 | Session.commit() |
|
219 | Session.commit() | |
| 220 | return redirect(url('edit_user', id=id)) |
|
220 | return redirect(url('edit_user', id=id)) | |
| 221 |
|
221 | |||
| 222 | def add_email(self, id): |
|
222 | def add_email(self, id): | |
| 223 |
"""P |
|
223 | """POST /user_emails:Add an existing item""" | |
| 224 | # url('user_emails', id=ID, method='put') |
|
224 | # url('user_emails', id=ID, method='put') | |
| 225 |
|
225 | |||
| 226 | #TODO: validation and form !!! |
|
226 | #TODO: validation and form !!! | |
| 227 | email = request.POST.get('new_email') |
|
227 | email = request.POST.get('new_email') | |
| 228 | user_model = UserModel() |
|
228 | user_model = UserModel() | |
| 229 |
|
229 | |||
| 230 | try: |
|
230 | try: | |
| 231 | user_model.add_extra_email(id, email) |
|
231 | user_model.add_extra_email(id, email) | |
| 232 | Session.commit() |
|
232 | Session.commit() | |
| 233 | h.flash(_("Added email %s to user" % email), category='success') |
|
233 | h.flash(_("Added email %s to user" % email), category='success') | |
| 234 | except Exception: |
|
234 | except Exception: | |
| 235 | log.error(traceback.format_exc()) |
|
235 | log.error(traceback.format_exc()) | |
| 236 | h.flash(_('An error occurred during email saving'), |
|
236 | h.flash(_('An error occurred during email saving'), | |
| 237 | category='error') |
|
237 | category='error') | |
| 238 | return redirect(url('edit_user', id=id)) |
|
238 | return redirect(url('edit_user', id=id)) | |
| 239 |
|
239 | |||
| 240 | def delete_email(self, id): |
|
240 | def delete_email(self, id): | |
| 241 | """DELETE /user_emails_delete/id: Delete an existing item""" |
|
241 | """DELETE /user_emails_delete/id: Delete an existing item""" | |
| 242 | # url('user_emails_delete', id=ID, method='delete') |
|
242 | # url('user_emails_delete', id=ID, method='delete') | |
| 243 | user_model = UserModel() |
|
243 | user_model = UserModel() | |
| 244 | user_model.delete_extra_email(id, request.POST.get('del_email')) |
|
244 | user_model.delete_extra_email(id, request.POST.get('del_email')) | |
| 245 | Session.commit() |
|
245 | Session.commit() | |
| 246 | h.flash(_("Removed email from user"), category='success') |
|
246 | h.flash(_("Removed email from user"), category='success') | |
| 247 | return redirect(url('edit_user', id=id)) |
|
247 | return redirect(url('edit_user', id=id)) | |
| This diff has been collapsed as it changes many lines, (753 lines changed) Show them Hide them | |||||
| @@ -1,774 +1,301 b'' | |||||
| 1 | """ this is forms validation classes |
|
1 | """ this is forms validation classes | |
| 2 | http://formencode.org/module-formencode.validators.html |
|
2 | http://formencode.org/module-formencode.validators.html | |
| 3 | for list off all availible validators |
|
3 | for list off all availible validators | |
| 4 |
|
4 | |||
| 5 | we can create our own validators |
|
5 | we can create our own validators | |
| 6 |
|
6 | |||
| 7 | The table below outlines the options which can be used in a schema in addition to the validators themselves |
|
7 | The table below outlines the options which can be used in a schema in addition to the validators themselves | |
| 8 | pre_validators [] These validators will be applied before the schema |
|
8 | pre_validators [] These validators will be applied before the schema | |
| 9 | chained_validators [] These validators will be applied after the schema |
|
9 | chained_validators [] These validators will be applied after the schema | |
| 10 | allow_extra_fields False If True, then it is not an error when keys that aren't associated with a validator are present |
|
10 | allow_extra_fields False If True, then it is not an error when keys that aren't associated with a validator are present | |
| 11 | filter_extra_fields False If True, then keys that aren't associated with a validator are removed |
|
11 | filter_extra_fields False If True, then keys that aren't associated with a validator are removed | |
| 12 | if_key_missing NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value. |
|
12 | if_key_missing NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value. | |
| 13 | ignore_key_missing False If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already |
|
13 | ignore_key_missing False If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already | |
| 14 |
|
14 | |||
| 15 |
|
15 | |||
| 16 | <name> = formencode.validators.<name of validator> |
|
16 | <name> = formencode.validators.<name of validator> | |
| 17 | <name> must equal form name |
|
17 | <name> must equal form name | |
| 18 | list=[1,2,3,4,5] |
|
18 | list=[1,2,3,4,5] | |
| 19 | for SELECT use formencode.All(OneOf(list), Int()) |
|
19 | for SELECT use formencode.All(OneOf(list), Int()) | |
| 20 |
|
20 | |||
| 21 | """ |
|
21 | """ | |
| 22 | import os |
|
|||
| 23 | import re |
|
|||
| 24 | import logging |
|
22 | import logging | |
| 25 | import traceback |
|
|||
| 26 |
|
23 | |||
| 27 | import formencode |
|
24 | import formencode | |
| 28 | from formencode import All |
|
25 | from formencode import All | |
| 29 | from formencode.validators import UnicodeString, OneOf, Int, Number, Regex, \ |
|
|||
| 30 | Email, Bool, StringBoolean, Set |
|
|||
| 31 |
|
26 | |||
| 32 | from pylons.i18n.translation import _ |
|
27 | from pylons.i18n.translation import _ | |
| 33 | from webhelpers.pylonslib.secure_form import authentication_token |
|
|||
| 34 |
|
28 | |||
| 35 | from rhodecode.config.routing import ADMIN_PREFIX |
|
29 | from rhodecode.model import validators as v | |
| 36 | from rhodecode.lib.utils import repo_name_slug |
|
|||
| 37 | from rhodecode.lib.auth import authenticate, get_crypt_password |
|
|||
| 38 | from rhodecode.lib.exceptions import LdapImportError |
|
|||
| 39 | from rhodecode.model.db import User, UsersGroup, RepoGroup, Repository |
|
|||
| 40 | from rhodecode import BACKENDS |
|
30 | from rhodecode import BACKENDS | |
| 41 |
|
31 | |||
| 42 | log = logging.getLogger(__name__) |
|
32 | log = logging.getLogger(__name__) | |
| 43 |
|
33 | |||
| 44 |
|
34 | |||
| 45 | #this is needed to translate the messages using _() in validators |
|
|||
| 46 | class State_obj(object): |
|
|||
| 47 | _ = staticmethod(_) |
|
|||
| 48 |
|
||||
| 49 |
|
||||
| 50 | #============================================================================== |
|
|||
| 51 | # VALIDATORS |
|
|||
| 52 | #============================================================================== |
|
|||
| 53 | class ValidAuthToken(formencode.validators.FancyValidator): |
|
|||
| 54 | messages = {'invalid_token': _('Token mismatch')} |
|
|||
| 55 |
|
||||
| 56 | def validate_python(self, value, state): |
|
|||
| 57 |
|
||||
| 58 | if value != authentication_token(): |
|
|||
| 59 | raise formencode.Invalid( |
|
|||
| 60 | self.message('invalid_token', |
|
|||
| 61 | state, search_number=value), |
|
|||
| 62 | value, |
|
|||
| 63 | state |
|
|||
| 64 | ) |
|
|||
| 65 |
|
||||
| 66 |
|
||||
| 67 | def ValidUsername(edit, old_data): |
|
|||
| 68 | class _ValidUsername(formencode.validators.FancyValidator): |
|
|||
| 69 |
|
||||
| 70 | def validate_python(self, value, state): |
|
|||
| 71 | if value in ['default', 'new_user']: |
|
|||
| 72 | raise formencode.Invalid(_('Invalid username'), value, state) |
|
|||
| 73 | #check if user is unique |
|
|||
| 74 | old_un = None |
|
|||
| 75 | if edit: |
|
|||
| 76 | old_un = User.get(old_data.get('user_id')).username |
|
|||
| 77 |
|
||||
| 78 | if old_un != value or not edit: |
|
|||
| 79 | if User.get_by_username(value, case_insensitive=True): |
|
|||
| 80 | raise formencode.Invalid(_('This username already ' |
|
|||
| 81 | 'exists') , value, state) |
|
|||
| 82 |
|
||||
| 83 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: |
|
|||
| 84 | raise formencode.Invalid( |
|
|||
| 85 | _('Username may only contain alphanumeric characters ' |
|
|||
| 86 | 'underscores, periods or dashes and must begin with ' |
|
|||
| 87 | 'alphanumeric character'), |
|
|||
| 88 | value, |
|
|||
| 89 | state |
|
|||
| 90 | ) |
|
|||
| 91 |
|
||||
| 92 | return _ValidUsername |
|
|||
| 93 |
|
||||
| 94 |
|
||||
| 95 | def ValidUsersGroup(edit, old_data): |
|
|||
| 96 |
|
||||
| 97 | class _ValidUsersGroup(formencode.validators.FancyValidator): |
|
|||
| 98 |
|
||||
| 99 | def validate_python(self, value, state): |
|
|||
| 100 | if value in ['default']: |
|
|||
| 101 | raise formencode.Invalid(_('Invalid group name'), value, state) |
|
|||
| 102 | #check if group is unique |
|
|||
| 103 | old_ugname = None |
|
|||
| 104 | if edit: |
|
|||
| 105 | old_ugname = UsersGroup.get( |
|
|||
| 106 | old_data.get('users_group_id')).users_group_name |
|
|||
| 107 |
|
||||
| 108 | if old_ugname != value or not edit: |
|
|||
| 109 | if UsersGroup.get_by_group_name(value, cache=False, |
|
|||
| 110 | case_insensitive=True): |
|
|||
| 111 | raise formencode.Invalid(_('This users group ' |
|
|||
| 112 | 'already exists'), value, |
|
|||
| 113 | state) |
|
|||
| 114 |
|
||||
| 115 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: |
|
|||
| 116 | raise formencode.Invalid( |
|
|||
| 117 | _('RepoGroup name may only contain alphanumeric characters ' |
|
|||
| 118 | 'underscores, periods or dashes and must begin with ' |
|
|||
| 119 | 'alphanumeric character'), |
|
|||
| 120 | value, |
|
|||
| 121 | state |
|
|||
| 122 | ) |
|
|||
| 123 |
|
||||
| 124 | return _ValidUsersGroup |
|
|||
| 125 |
|
||||
| 126 |
|
||||
| 127 | def ValidReposGroup(edit, old_data): |
|
|||
| 128 | class _ValidReposGroup(formencode.validators.FancyValidator): |
|
|||
| 129 |
|
||||
| 130 | def validate_python(self, value, state): |
|
|||
| 131 | # TODO WRITE VALIDATIONS |
|
|||
| 132 | group_name = value.get('group_name') |
|
|||
| 133 | group_parent_id = value.get('group_parent_id') |
|
|||
| 134 |
|
||||
| 135 | # slugify repo group just in case :) |
|
|||
| 136 | slug = repo_name_slug(group_name) |
|
|||
| 137 |
|
||||
| 138 | # check for parent of self |
|
|||
| 139 | parent_of_self = lambda: ( |
|
|||
| 140 | old_data['group_id'] == int(group_parent_id) |
|
|||
| 141 | if group_parent_id else False |
|
|||
| 142 | ) |
|
|||
| 143 | if edit and parent_of_self(): |
|
|||
| 144 | e_dict = { |
|
|||
| 145 | 'group_parent_id': _('Cannot assign this group as parent') |
|
|||
| 146 | } |
|
|||
| 147 | raise formencode.Invalid('', value, state, |
|
|||
| 148 | error_dict=e_dict) |
|
|||
| 149 |
|
||||
| 150 | old_gname = None |
|
|||
| 151 | if edit: |
|
|||
| 152 | old_gname = RepoGroup.get(old_data.get('group_id')).group_name |
|
|||
| 153 |
|
||||
| 154 | if old_gname != group_name or not edit: |
|
|||
| 155 |
|
||||
| 156 | # check group |
|
|||
| 157 | gr = RepoGroup.query()\ |
|
|||
| 158 | .filter(RepoGroup.group_name == slug)\ |
|
|||
| 159 | .filter(RepoGroup.group_parent_id == group_parent_id)\ |
|
|||
| 160 | .scalar() |
|
|||
| 161 |
|
||||
| 162 | if gr: |
|
|||
| 163 | e_dict = { |
|
|||
| 164 | 'group_name': _('This group already exists') |
|
|||
| 165 | } |
|
|||
| 166 | raise formencode.Invalid('', value, state, |
|
|||
| 167 | error_dict=e_dict) |
|
|||
| 168 |
|
||||
| 169 | # check for same repo |
|
|||
| 170 | repo = Repository.query()\ |
|
|||
| 171 | .filter(Repository.repo_name == slug)\ |
|
|||
| 172 | .scalar() |
|
|||
| 173 |
|
||||
| 174 | if repo: |
|
|||
| 175 | e_dict = { |
|
|||
| 176 | 'group_name': _('Repository with this name already exists') |
|
|||
| 177 | } |
|
|||
| 178 | raise formencode.Invalid('', value, state, |
|
|||
| 179 | error_dict=e_dict) |
|
|||
| 180 |
|
||||
| 181 | return _ValidReposGroup |
|
|||
| 182 |
|
||||
| 183 |
|
||||
| 184 | class ValidPassword(formencode.validators.FancyValidator): |
|
|||
| 185 |
|
||||
| 186 | def to_python(self, value, state): |
|
|||
| 187 |
|
||||
| 188 | if not value: |
|
|||
| 189 | return |
|
|||
| 190 |
|
||||
| 191 | if value.get('password'): |
|
|||
| 192 | try: |
|
|||
| 193 | value['password'] = get_crypt_password(value['password']) |
|
|||
| 194 | except UnicodeEncodeError: |
|
|||
| 195 | e_dict = {'password': _('Invalid characters in password')} |
|
|||
| 196 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 197 |
|
||||
| 198 | if value.get('password_confirmation'): |
|
|||
| 199 | try: |
|
|||
| 200 | value['password_confirmation'] = \ |
|
|||
| 201 | get_crypt_password(value['password_confirmation']) |
|
|||
| 202 | except UnicodeEncodeError: |
|
|||
| 203 | e_dict = { |
|
|||
| 204 | 'password_confirmation': _('Invalid characters in password') |
|
|||
| 205 | } |
|
|||
| 206 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 207 |
|
||||
| 208 | if value.get('new_password'): |
|
|||
| 209 | try: |
|
|||
| 210 | value['new_password'] = \ |
|
|||
| 211 | get_crypt_password(value['new_password']) |
|
|||
| 212 | except UnicodeEncodeError: |
|
|||
| 213 | e_dict = {'new_password': _('Invalid characters in password')} |
|
|||
| 214 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 215 |
|
||||
| 216 | return value |
|
|||
| 217 |
|
||||
| 218 |
|
||||
| 219 | class ValidPasswordsMatch(formencode.validators.FancyValidator): |
|
|||
| 220 |
|
||||
| 221 | def validate_python(self, value, state): |
|
|||
| 222 |
|
||||
| 223 | pass_val = value.get('password') or value.get('new_password') |
|
|||
| 224 | if pass_val != value['password_confirmation']: |
|
|||
| 225 | e_dict = {'password_confirmation': |
|
|||
| 226 | _('Passwords do not match')} |
|
|||
| 227 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 228 |
|
||||
| 229 |
|
||||
| 230 | class ValidAuth(formencode.validators.FancyValidator): |
|
|||
| 231 | messages = { |
|
|||
| 232 | 'invalid_password':_('invalid password'), |
|
|||
| 233 | 'invalid_login':_('invalid user name'), |
|
|||
| 234 | 'disabled_account':_('Your account is disabled') |
|
|||
| 235 | } |
|
|||
| 236 |
|
||||
| 237 | # error mapping |
|
|||
| 238 | e_dict = {'username': messages['invalid_login'], |
|
|||
| 239 | 'password': messages['invalid_password']} |
|
|||
| 240 | e_dict_disable = {'username': messages['disabled_account']} |
|
|||
| 241 |
|
||||
| 242 | def validate_python(self, value, state): |
|
|||
| 243 | password = value['password'] |
|
|||
| 244 | username = value['username'] |
|
|||
| 245 | user = User.get_by_username(username) |
|
|||
| 246 |
|
||||
| 247 | if authenticate(username, password): |
|
|||
| 248 | return value |
|
|||
| 249 | else: |
|
|||
| 250 | if user and user.active is False: |
|
|||
| 251 | log.warning('user %s is disabled' % username) |
|
|||
| 252 | raise formencode.Invalid( |
|
|||
| 253 | self.message('disabled_account', |
|
|||
| 254 | state=State_obj), |
|
|||
| 255 | value, state, |
|
|||
| 256 | error_dict=self.e_dict_disable |
|
|||
| 257 | ) |
|
|||
| 258 | else: |
|
|||
| 259 | log.warning('user %s failed to authenticate' % username) |
|
|||
| 260 | raise formencode.Invalid( |
|
|||
| 261 | self.message('invalid_password', |
|
|||
| 262 | state=State_obj), value, state, |
|
|||
| 263 | error_dict=self.e_dict |
|
|||
| 264 | ) |
|
|||
| 265 |
|
||||
| 266 |
|
||||
| 267 | class ValidRepoUser(formencode.validators.FancyValidator): |
|
|||
| 268 |
|
||||
| 269 | def to_python(self, value, state): |
|
|||
| 270 | try: |
|
|||
| 271 | User.query().filter(User.active == True)\ |
|
|||
| 272 | .filter(User.username == value).one() |
|
|||
| 273 | except Exception: |
|
|||
| 274 | raise formencode.Invalid(_('This username is not valid'), |
|
|||
| 275 | value, state) |
|
|||
| 276 | return value |
|
|||
| 277 |
|
||||
| 278 |
|
||||
| 279 | def ValidRepoName(edit, old_data): |
|
|||
| 280 | class _ValidRepoName(formencode.validators.FancyValidator): |
|
|||
| 281 | def to_python(self, value, state): |
|
|||
| 282 |
|
||||
| 283 | repo_name = value.get('repo_name') |
|
|||
| 284 |
|
||||
| 285 | slug = repo_name_slug(repo_name) |
|
|||
| 286 | if slug in [ADMIN_PREFIX, '']: |
|
|||
| 287 | e_dict = {'repo_name': _('This repository name is disallowed')} |
|
|||
| 288 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 289 |
|
||||
| 290 | if value.get('repo_group'): |
|
|||
| 291 | gr = RepoGroup.get(value.get('repo_group')) |
|
|||
| 292 | group_path = gr.full_path |
|
|||
| 293 | # value needs to be aware of group name in order to check |
|
|||
| 294 | # db key This is an actual just the name to store in the |
|
|||
| 295 | # database |
|
|||
| 296 | repo_name_full = group_path + RepoGroup.url_sep() + repo_name |
|
|||
| 297 |
|
||||
| 298 | else: |
|
|||
| 299 | group_path = '' |
|
|||
| 300 | repo_name_full = repo_name |
|
|||
| 301 |
|
||||
| 302 | value['repo_name_full'] = repo_name_full |
|
|||
| 303 | rename = old_data.get('repo_name') != repo_name_full |
|
|||
| 304 | create = not edit |
|
|||
| 305 | if rename or create: |
|
|||
| 306 |
|
||||
| 307 | if group_path != '': |
|
|||
| 308 | if Repository.get_by_repo_name(repo_name_full): |
|
|||
| 309 | e_dict = { |
|
|||
| 310 | 'repo_name': _('This repository already exists in ' |
|
|||
| 311 | 'a group "%s"') % gr.group_name |
|
|||
| 312 | } |
|
|||
| 313 | raise formencode.Invalid('', value, state, |
|
|||
| 314 | error_dict=e_dict) |
|
|||
| 315 | elif RepoGroup.get_by_group_name(repo_name_full): |
|
|||
| 316 | e_dict = { |
|
|||
| 317 | 'repo_name': _('There is a group with this name ' |
|
|||
| 318 | 'already "%s"') % repo_name_full |
|
|||
| 319 | } |
|
|||
| 320 | raise formencode.Invalid('', value, state, |
|
|||
| 321 | error_dict=e_dict) |
|
|||
| 322 |
|
||||
| 323 | elif Repository.get_by_repo_name(repo_name_full): |
|
|||
| 324 | e_dict = {'repo_name': _('This repository ' |
|
|||
| 325 | 'already exists')} |
|
|||
| 326 | raise formencode.Invalid('', value, state, |
|
|||
| 327 | error_dict=e_dict) |
|
|||
| 328 |
|
||||
| 329 | return value |
|
|||
| 330 |
|
||||
| 331 | return _ValidRepoName |
|
|||
| 332 |
|
||||
| 333 |
|
||||
| 334 | def ValidForkName(*args, **kwargs): |
|
|||
| 335 | return ValidRepoName(*args, **kwargs) |
|
|||
| 336 |
|
||||
| 337 |
|
||||
| 338 | def SlugifyName(): |
|
|||
| 339 | class _SlugifyName(formencode.validators.FancyValidator): |
|
|||
| 340 |
|
||||
| 341 | def to_python(self, value, state): |
|
|||
| 342 | return repo_name_slug(value) |
|
|||
| 343 |
|
||||
| 344 | return _SlugifyName |
|
|||
| 345 |
|
||||
| 346 |
|
||||
| 347 | def ValidCloneUri(): |
|
|||
| 348 | from rhodecode.lib.utils import make_ui |
|
|||
| 349 |
|
||||
| 350 | def url_handler(repo_type, url, proto, ui=None): |
|
|||
| 351 | if repo_type == 'hg': |
|
|||
| 352 | from mercurial.httprepo import httprepository, httpsrepository |
|
|||
| 353 | if proto == 'https': |
|
|||
| 354 | httpsrepository(make_ui('db'), url).capabilities |
|
|||
| 355 | elif proto == 'http': |
|
|||
| 356 | httprepository(make_ui('db'), url).capabilities |
|
|||
| 357 | elif repo_type == 'git': |
|
|||
| 358 | #TODO: write a git url validator |
|
|||
| 359 | pass |
|
|||
| 360 |
|
||||
| 361 | class _ValidCloneUri(formencode.validators.FancyValidator): |
|
|||
| 362 |
|
||||
| 363 | def to_python(self, value, state): |
|
|||
| 364 |
|
||||
| 365 | repo_type = value.get('repo_type') |
|
|||
| 366 | url = value.get('clone_uri') |
|
|||
| 367 | e_dict = {'clone_uri': _('invalid clone url')} |
|
|||
| 368 |
|
||||
| 369 | if not url: |
|
|||
| 370 | pass |
|
|||
| 371 | elif url.startswith('https'): |
|
|||
| 372 | try: |
|
|||
| 373 | url_handler(repo_type, url, 'https', make_ui('db')) |
|
|||
| 374 | except Exception: |
|
|||
| 375 | log.error(traceback.format_exc()) |
|
|||
| 376 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 377 | elif url.startswith('http'): |
|
|||
| 378 | try: |
|
|||
| 379 | url_handler(repo_type, url, 'http', make_ui('db')) |
|
|||
| 380 | except Exception: |
|
|||
| 381 | log.error(traceback.format_exc()) |
|
|||
| 382 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 383 | else: |
|
|||
| 384 | e_dict = {'clone_uri': _('Invalid clone url, provide a ' |
|
|||
| 385 | 'valid clone http\s url')} |
|
|||
| 386 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
|||
| 387 |
|
||||
| 388 | return value |
|
|||
| 389 |
|
||||
| 390 | return _ValidCloneUri |
|
|||
| 391 |
|
||||
| 392 |
|
||||
| 393 | def ValidForkType(old_data): |
|
|||
| 394 | class _ValidForkType(formencode.validators.FancyValidator): |
|
|||
| 395 |
|
||||
| 396 | def to_python(self, value, state): |
|
|||
| 397 | if old_data['repo_type'] != value: |
|
|||
| 398 | raise formencode.Invalid(_('Fork have to be the same ' |
|
|||
| 399 | 'type as original'), value, state) |
|
|||
| 400 |
|
||||
| 401 | return value |
|
|||
| 402 | return _ValidForkType |
|
|||
| 403 |
|
||||
| 404 |
|
||||
| 405 | def ValidPerms(type_='repo'): |
|
|||
| 406 | if type_ == 'group': |
|
|||
| 407 | EMPTY_PERM = 'group.none' |
|
|||
| 408 | elif type_ == 'repo': |
|
|||
| 409 | EMPTY_PERM = 'repository.none' |
|
|||
| 410 |
|
||||
| 411 | class _ValidPerms(formencode.validators.FancyValidator): |
|
|||
| 412 | messages = { |
|
|||
| 413 | 'perm_new_member_name': |
|
|||
| 414 | _('This username or users group name is not valid') |
|
|||
| 415 | } |
|
|||
| 416 |
|
||||
| 417 | def to_python(self, value, state): |
|
|||
| 418 | perms_update = [] |
|
|||
| 419 | perms_new = [] |
|
|||
| 420 | # build a list of permission to update and new permission to create |
|
|||
| 421 | for k, v in value.items(): |
|
|||
| 422 | # means new added member to permissions |
|
|||
| 423 | if k.startswith('perm_new_member'): |
|
|||
| 424 | new_perm = value.get('perm_new_member', False) |
|
|||
| 425 | new_member = value.get('perm_new_member_name', False) |
|
|||
| 426 | new_type = value.get('perm_new_member_type') |
|
|||
| 427 |
|
||||
| 428 | if new_member and new_perm: |
|
|||
| 429 | if (new_member, new_perm, new_type) not in perms_new: |
|
|||
| 430 | perms_new.append((new_member, new_perm, new_type)) |
|
|||
| 431 | elif k.startswith('u_perm_') or k.startswith('g_perm_'): |
|
|||
| 432 | member = k[7:] |
|
|||
| 433 | t = {'u': 'user', |
|
|||
| 434 | 'g': 'users_group' |
|
|||
| 435 | }[k[0]] |
|
|||
| 436 | if member == 'default': |
|
|||
| 437 | if value.get('private'): |
|
|||
| 438 | # set none for default when updating to private repo |
|
|||
| 439 | v = EMPTY_PERM |
|
|||
| 440 | perms_update.append((member, v, t)) |
|
|||
| 441 |
|
||||
| 442 | value['perms_updates'] = perms_update |
|
|||
| 443 | value['perms_new'] = perms_new |
|
|||
| 444 |
|
||||
| 445 | # update permissions |
|
|||
| 446 | for k, v, t in perms_new: |
|
|||
| 447 | try: |
|
|||
| 448 | if t is 'user': |
|
|||
| 449 | self.user_db = User.query()\ |
|
|||
| 450 | .filter(User.active == True)\ |
|
|||
| 451 | .filter(User.username == k).one() |
|
|||
| 452 | if t is 'users_group': |
|
|||
| 453 | self.user_db = UsersGroup.query()\ |
|
|||
| 454 | .filter(UsersGroup.users_group_active == True)\ |
|
|||
| 455 | .filter(UsersGroup.users_group_name == k).one() |
|
|||
| 456 |
|
||||
| 457 | except Exception: |
|
|||
| 458 | msg = self.message('perm_new_member_name', |
|
|||
| 459 | state=State_obj) |
|
|||
| 460 | raise formencode.Invalid( |
|
|||
| 461 | msg, value, state, error_dict={'perm_new_member_name': msg} |
|
|||
| 462 | ) |
|
|||
| 463 | return value |
|
|||
| 464 | return _ValidPerms |
|
|||
| 465 |
|
||||
| 466 |
|
||||
| 467 | class ValidSettings(formencode.validators.FancyValidator): |
|
|||
| 468 |
|
||||
| 469 | def to_python(self, value, state): |
|
|||
| 470 | # settings form can't edit user |
|
|||
| 471 | if 'user' in value: |
|
|||
| 472 | del['value']['user'] |
|
|||
| 473 | return value |
|
|||
| 474 |
|
||||
| 475 |
|
||||
| 476 | class ValidPath(formencode.validators.FancyValidator): |
|
|||
| 477 | def to_python(self, value, state): |
|
|||
| 478 |
|
||||
| 479 | if not os.path.isdir(value): |
|
|||
| 480 | msg = _('This is not a valid path') |
|
|||
| 481 | raise formencode.Invalid(msg, value, state, |
|
|||
| 482 | error_dict={'paths_root_path': msg}) |
|
|||
| 483 | return value |
|
|||
| 484 |
|
||||
| 485 |
|
||||
| 486 | def UniqSystemEmail(old_data): |
|
|||
| 487 | class _UniqSystemEmail(formencode.validators.FancyValidator): |
|
|||
| 488 | def to_python(self, value, state): |
|
|||
| 489 | value = value.lower() |
|
|||
| 490 | if (old_data.get('email') or '').lower() != value: |
|
|||
| 491 | user = User.get_by_email(value, case_insensitive=True) |
|
|||
| 492 | if user: |
|
|||
| 493 | raise formencode.Invalid( |
|
|||
| 494 | _("This e-mail address is already taken"), value, state |
|
|||
| 495 | ) |
|
|||
| 496 | return value |
|
|||
| 497 |
|
||||
| 498 | return _UniqSystemEmail |
|
|||
| 499 |
|
||||
| 500 |
|
||||
| 501 | class ValidSystemEmail(formencode.validators.FancyValidator): |
|
|||
| 502 | def to_python(self, value, state): |
|
|||
| 503 | value = value.lower() |
|
|||
| 504 | user = User.get_by_email(value, case_insensitive=True) |
|
|||
| 505 | if user is None: |
|
|||
| 506 | raise formencode.Invalid( |
|
|||
| 507 | _("This e-mail address doesn't exist."), value, state |
|
|||
| 508 | ) |
|
|||
| 509 |
|
||||
| 510 | return value |
|
|||
| 511 |
|
||||
| 512 |
|
||||
| 513 | class LdapLibValidator(formencode.validators.FancyValidator): |
|
|||
| 514 |
|
||||
| 515 | def to_python(self, value, state): |
|
|||
| 516 |
|
||||
| 517 | try: |
|
|||
| 518 | import ldap |
|
|||
| 519 | except ImportError: |
|
|||
| 520 | raise LdapImportError |
|
|||
| 521 | return value |
|
|||
| 522 |
|
||||
| 523 |
|
||||
| 524 | class AttrLoginValidator(formencode.validators.FancyValidator): |
|
|||
| 525 |
|
||||
| 526 | def to_python(self, value, state): |
|
|||
| 527 |
|
||||
| 528 | if not value or not isinstance(value, (str, unicode)): |
|
|||
| 529 | raise formencode.Invalid( |
|
|||
| 530 | _("The LDAP Login attribute of the CN must be specified - " |
|
|||
| 531 | "this is the name of the attribute that is equivalent " |
|
|||
| 532 | "to 'username'"), value, state |
|
|||
| 533 | ) |
|
|||
| 534 |
|
||||
| 535 | return value |
|
|||
| 536 |
|
||||
| 537 |
|
||||
| 538 | #============================================================================== |
|
|||
| 539 | # FORMS |
|
|||
| 540 | #============================================================================== |
|
|||
| 541 | class LoginForm(formencode.Schema): |
|
35 | class LoginForm(formencode.Schema): | |
| 542 | allow_extra_fields = True |
|
36 | allow_extra_fields = True | |
| 543 | filter_extra_fields = True |
|
37 | filter_extra_fields = True | |
| 544 | username = UnicodeString( |
|
38 | username = v.UnicodeString( | |
| 545 | strip=True, |
|
39 | strip=True, | |
| 546 | min=1, |
|
40 | min=1, | |
| 547 | not_empty=True, |
|
41 | not_empty=True, | |
| 548 | messages={ |
|
42 | messages={ | |
| 549 | 'empty': _('Please enter a login'), |
|
43 | 'empty': _(u'Please enter a login'), | |
| 550 | 'tooShort': _('Enter a value %(min)i characters long or more')} |
|
44 | 'tooShort': _(u'Enter a value %(min)i characters long or more')} | |
| 551 | ) |
|
45 | ) | |
| 552 |
|
46 | |||
| 553 | password = UnicodeString( |
|
47 | password = v.UnicodeString( | |
| 554 | strip=False, |
|
48 | strip=False, | |
| 555 | min=3, |
|
49 | min=3, | |
| 556 | not_empty=True, |
|
50 | not_empty=True, | |
| 557 | messages={ |
|
51 | messages={ | |
| 558 | 'empty': _('Please enter a password'), |
|
52 | 'empty': _(u'Please enter a password'), | |
| 559 | 'tooShort': _('Enter %(min)i characters or more')} |
|
53 | 'tooShort': _(u'Enter %(min)i characters or more')} | |
| 560 | ) |
|
54 | ) | |
| 561 |
|
55 | |||
| 562 | remember = StringBoolean(if_missing=False) |
|
56 | remember = v.StringBoolean(if_missing=False) | |
| 563 |
|
57 | |||
| 564 | chained_validators = [ValidAuth] |
|
58 | chained_validators = [v.ValidAuth()] | |
| 565 |
|
59 | |||
| 566 |
|
60 | |||
| 567 | def UserForm(edit=False, old_data={}): |
|
61 | def UserForm(edit=False, old_data={}): | |
| 568 | class _UserForm(formencode.Schema): |
|
62 | class _UserForm(formencode.Schema): | |
| 569 | allow_extra_fields = True |
|
63 | allow_extra_fields = True | |
| 570 | filter_extra_fields = True |
|
64 | filter_extra_fields = True | |
| 571 | username = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
65 | username = All(v.UnicodeString(strip=True, min=1, not_empty=True), | |
| 572 | ValidUsername(edit, old_data)) |
|
66 | v.ValidUsername(edit, old_data)) | |
| 573 | if edit: |
|
67 | if edit: | |
| 574 | new_password = All(UnicodeString(strip=False, min=6, not_empty=False)) |
|
68 | new_password = All( | |
| 575 |
|
|
69 | v.UnicodeString(strip=False, min=6, not_empty=False) | |
| 576 | not_empty=False)) |
|
70 | ) | |
| 577 | admin = StringBoolean(if_missing=False) |
|
71 | password_confirmation = All( | |
|
|
72 | v.ValidPassword(), | |||
|
|
73 | v.UnicodeString(strip=False, min=6, not_empty=False), | |||
|
|
74 | ) | |||
|
|
75 | admin = v.StringBoolean(if_missing=False) | |||
| 578 | else: |
|
76 | else: | |
| 579 | password = All(UnicodeString(strip=False, min=6, not_empty=True)) |
|
77 | password = All( | |
| 580 | password_confirmation = All(UnicodeString(strip=False, min=6, |
|
78 | v.ValidPassword(), | |
| 581 | not_empty=False)) |
|
79 | v.UnicodeString(strip=False, min=6, not_empty=True) | |
|
|
80 | ) | |||
|
|
81 | password_confirmation = All( | |||
|
|
82 | v.ValidPassword(), | |||
|
|
83 | v.UnicodeString(strip=False, min=6, not_empty=False) | |||
|
|
84 | ) | |||
| 582 |
|
85 | |||
| 583 | active = StringBoolean(if_missing=False) |
|
86 | active = v.StringBoolean(if_missing=False) | |
| 584 | name = UnicodeString(strip=True, min=1, not_empty=False) |
|
87 | name = v.UnicodeString(strip=True, min=1, not_empty=False) | |
| 585 | lastname = UnicodeString(strip=True, min=1, not_empty=False) |
|
88 | lastname = v.UnicodeString(strip=True, min=1, not_empty=False) | |
| 586 | email = All(Email(not_empty=True), UniqSystemEmail(old_data)) |
|
89 | email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data)) | |
| 587 |
|
90 | |||
| 588 |
chained_validators = [ValidPasswordsMatch |
|
91 | chained_validators = [v.ValidPasswordsMatch()] | |
| 589 |
|
92 | |||
| 590 | return _UserForm |
|
93 | return _UserForm | |
| 591 |
|
94 | |||
| 592 |
|
95 | |||
| 593 | def UsersGroupForm(edit=False, old_data={}, available_members=[]): |
|
96 | def UsersGroupForm(edit=False, old_data={}, available_members=[]): | |
| 594 | class _UsersGroupForm(formencode.Schema): |
|
97 | class _UsersGroupForm(formencode.Schema): | |
| 595 | allow_extra_fields = True |
|
98 | allow_extra_fields = True | |
| 596 | filter_extra_fields = True |
|
99 | filter_extra_fields = True | |
| 597 |
|
100 | |||
| 598 | users_group_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
101 | users_group_name = All( | |
| 599 | ValidUsersGroup(edit, old_data)) |
|
102 | v.UnicodeString(strip=True, min=1, not_empty=True), | |
|
|
103 | v.ValidUsersGroup(edit, old_data) | |||
|
|
104 | ) | |||
| 600 |
|
105 | |||
| 601 | users_group_active = StringBoolean(if_missing=False) |
|
106 | users_group_active = v.StringBoolean(if_missing=False) | |
| 602 |
|
107 | |||
| 603 | if edit: |
|
108 | if edit: | |
| 604 |
users_group_members = OneOf( |
|
109 | users_group_members = v.OneOf( | |
| 605 | testValueList=True, |
|
110 | available_members, hideList=False, testValueList=True, | |
| 606 |
|
|
111 | if_missing=None, not_empty=False | |
|
|
112 | ) | |||
| 607 |
|
113 | |||
| 608 | return _UsersGroupForm |
|
114 | return _UsersGroupForm | |
| 609 |
|
115 | |||
| 610 |
|
116 | |||
| 611 | def ReposGroupForm(edit=False, old_data={}, available_groups=[]): |
|
117 | def ReposGroupForm(edit=False, old_data={}, available_groups=[]): | |
| 612 | class _ReposGroupForm(formencode.Schema): |
|
118 | class _ReposGroupForm(formencode.Schema): | |
| 613 | allow_extra_fields = True |
|
119 | allow_extra_fields = True | |
| 614 | filter_extra_fields = False |
|
120 | filter_extra_fields = False | |
| 615 |
|
121 | |||
| 616 | group_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
122 | group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), | |
| 617 | SlugifyName()) |
|
123 | v.SlugifyName()) | |
| 618 | group_description = UnicodeString(strip=True, min=1, |
|
124 | group_description = v.UnicodeString(strip=True, min=1, | |
| 619 | not_empty=True) |
|
125 | not_empty=True) | |
| 620 | group_parent_id = OneOf(available_groups, hideList=False, |
|
126 | group_parent_id = v.OneOf(available_groups, hideList=False, | |
| 621 | testValueList=True, |
|
127 | testValueList=True, | |
| 622 | if_missing=None, not_empty=False) |
|
128 | if_missing=None, not_empty=False) | |
| 623 |
|
129 | |||
| 624 |
chained_validators = [ValidReposGroup(edit, old_data), |
|
130 | chained_validators = [v.ValidReposGroup(edit, old_data), | |
|
|
131 | v.ValidPerms('group')] | |||
| 625 |
|
132 | |||
| 626 | return _ReposGroupForm |
|
133 | return _ReposGroupForm | |
| 627 |
|
134 | |||
| 628 |
|
135 | |||
| 629 | def RegisterForm(edit=False, old_data={}): |
|
136 | def RegisterForm(edit=False, old_data={}): | |
| 630 | class _RegisterForm(formencode.Schema): |
|
137 | class _RegisterForm(formencode.Schema): | |
| 631 | allow_extra_fields = True |
|
138 | allow_extra_fields = True | |
| 632 | filter_extra_fields = True |
|
139 | filter_extra_fields = True | |
| 633 |
username = All( |
|
140 | username = All( | |
| 634 | UnicodeString(strip=True, min=1, not_empty=True)) |
|
141 | v.ValidUsername(edit, old_data), | |
| 635 |
|
|
142 | v.UnicodeString(strip=True, min=1, not_empty=True) | |
| 636 | password_confirmation = All(UnicodeString(strip=False, min=6, not_empty=True)) |
|
143 | ) | |
| 637 | active = StringBoolean(if_missing=False) |
|
144 | password = All( | |
| 638 | name = UnicodeString(strip=True, min=1, not_empty=False) |
|
145 | v.ValidPassword(), | |
| 639 |
|
|
146 | v.UnicodeString(strip=False, min=6, not_empty=True) | |
| 640 | email = All(Email(not_empty=True), UniqSystemEmail(old_data)) |
|
147 | ) | |
|
|
148 | password_confirmation = All( | |||
|
|
149 | v.ValidPassword(), | |||
|
|
150 | v.UnicodeString(strip=False, min=6, not_empty=True) | |||
|
|
151 | ) | |||
|
|
152 | active = v.StringBoolean(if_missing=False) | |||
|
|
153 | name = v.UnicodeString(strip=True, min=1, not_empty=False) | |||
|
|
154 | lastname = v.UnicodeString(strip=True, min=1, not_empty=False) | |||
|
|
155 | email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data)) | |||
| 641 |
|
156 | |||
| 642 |
chained_validators = [ValidPasswordsMatch |
|
157 | chained_validators = [v.ValidPasswordsMatch()] | |
| 643 |
|
158 | |||
| 644 | return _RegisterForm |
|
159 | return _RegisterForm | |
| 645 |
|
160 | |||
| 646 |
|
161 | |||
| 647 | def PasswordResetForm(): |
|
162 | def PasswordResetForm(): | |
| 648 | class _PasswordResetForm(formencode.Schema): |
|
163 | class _PasswordResetForm(formencode.Schema): | |
| 649 | allow_extra_fields = True |
|
164 | allow_extra_fields = True | |
| 650 | filter_extra_fields = True |
|
165 | filter_extra_fields = True | |
| 651 | email = All(ValidSystemEmail(), Email(not_empty=True)) |
|
166 | email = All(v.ValidSystemEmail(), v.Email(not_empty=True)) | |
| 652 | return _PasswordResetForm |
|
167 | return _PasswordResetForm | |
| 653 |
|
168 | |||
| 654 |
|
169 | |||
| 655 | def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(), |
|
170 | def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(), | |
| 656 | repo_groups=[], landing_revs=[]): |
|
171 | repo_groups=[], landing_revs=[]): | |
| 657 | class _RepoForm(formencode.Schema): |
|
172 | class _RepoForm(formencode.Schema): | |
| 658 | allow_extra_fields = True |
|
173 | allow_extra_fields = True | |
| 659 | filter_extra_fields = False |
|
174 | filter_extra_fields = False | |
| 660 | repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
175 | repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), | |
| 661 | SlugifyName()) |
|
176 | v.SlugifyName()) | |
| 662 | clone_uri = All(UnicodeString(strip=True, min=1, not_empty=False)) |
|
177 | clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False)) | |
| 663 | repo_group = OneOf(repo_groups, hideList=True) |
|
178 | repo_group = v.OneOf(repo_groups, hideList=True) | |
| 664 | repo_type = OneOf(supported_backends) |
|
179 | repo_type = v.OneOf(supported_backends) | |
| 665 | description = UnicodeString(strip=True, min=1, not_empty=False) |
|
180 | description = v.UnicodeString(strip=True, min=1, not_empty=False) | |
| 666 | private = StringBoolean(if_missing=False) |
|
181 | private = v.StringBoolean(if_missing=False) | |
| 667 | enable_statistics = StringBoolean(if_missing=False) |
|
182 | enable_statistics = v.StringBoolean(if_missing=False) | |
| 668 | enable_downloads = StringBoolean(if_missing=False) |
|
183 | enable_downloads = v.StringBoolean(if_missing=False) | |
| 669 | landing_rev = OneOf(landing_revs, hideList=True) |
|
184 | landing_rev = v.OneOf(landing_revs, hideList=True) | |
| 670 |
|
185 | |||
| 671 | if edit: |
|
186 | if edit: | |
| 672 | #this is repo owner |
|
187 | #this is repo owner | |
| 673 | user = All(UnicodeString(not_empty=True), ValidRepoUser) |
|
188 | user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser()) | |
| 674 |
|
189 | |||
| 675 |
chained_validators = [ValidCloneUri |
|
190 | chained_validators = [v.ValidCloneUri(), | |
| 676 | ValidRepoName(edit, old_data), |
|
191 | v.ValidRepoName(edit, old_data), | |
| 677 | ValidPerms()] |
|
192 | v.ValidPerms()] | |
| 678 | return _RepoForm |
|
193 | return _RepoForm | |
| 679 |
|
194 | |||
| 680 |
|
195 | |||
| 681 | def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(), |
|
196 | def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(), | |
| 682 | repo_groups=[]): |
|
197 | repo_groups=[]): | |
| 683 | class _RepoForkForm(formencode.Schema): |
|
198 | class _RepoForkForm(formencode.Schema): | |
| 684 | allow_extra_fields = True |
|
199 | allow_extra_fields = True | |
| 685 | filter_extra_fields = False |
|
200 | filter_extra_fields = False | |
| 686 | repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
201 | repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), | |
| 687 | SlugifyName()) |
|
202 | v.SlugifyName()) | |
| 688 | repo_group = OneOf(repo_groups, hideList=True) |
|
203 | repo_group = v.OneOf(repo_groups, hideList=True) | |
| 689 | repo_type = All(ValidForkType(old_data), OneOf(supported_backends)) |
|
204 | repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends)) | |
| 690 | description = UnicodeString(strip=True, min=1, not_empty=True) |
|
205 | description = v.UnicodeString(strip=True, min=1, not_empty=True) | |
| 691 | private = StringBoolean(if_missing=False) |
|
206 | private = v.StringBoolean(if_missing=False) | |
| 692 | copy_permissions = StringBoolean(if_missing=False) |
|
207 | copy_permissions = v.StringBoolean(if_missing=False) | |
| 693 | update_after_clone = StringBoolean(if_missing=False) |
|
208 | update_after_clone = v.StringBoolean(if_missing=False) | |
| 694 | fork_parent_id = UnicodeString() |
|
209 | fork_parent_id = v.UnicodeString() | |
| 695 | chained_validators = [ValidForkName(edit, old_data)] |
|
210 | chained_validators = [v.ValidForkName(edit, old_data)] | |
| 696 |
|
211 | |||
| 697 | return _RepoForkForm |
|
212 | return _RepoForkForm | |
| 698 |
|
213 | |||
| 699 |
|
214 | |||
| 700 |
def RepoSettingsForm(edit=False, old_data={}, |
|
215 | def RepoSettingsForm(edit=False, old_data={}, | |
| 701 | repo_groups=[], landing_revs=[]): |
|
216 | supported_backends=BACKENDS.keys(), repo_groups=[], | |
|
|
217 | landing_revs=[]): | |||
| 702 | class _RepoForm(formencode.Schema): |
|
218 | class _RepoForm(formencode.Schema): | |
| 703 | allow_extra_fields = True |
|
219 | allow_extra_fields = True | |
| 704 | filter_extra_fields = False |
|
220 | filter_extra_fields = False | |
| 705 | repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
221 | repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True), | |
| 706 | SlugifyName()) |
|
222 | v.SlugifyName()) | |
| 707 | description = UnicodeString(strip=True, min=1, not_empty=True) |
|
223 | description = v.UnicodeString(strip=True, min=1, not_empty=True) | |
| 708 | repo_group = OneOf(repo_groups, hideList=True) |
|
224 | repo_group = v.OneOf(repo_groups, hideList=True) | |
| 709 | private = StringBoolean(if_missing=False) |
|
225 | private = v.StringBoolean(if_missing=False) | |
| 710 | landing_rev = OneOf(landing_revs, hideList=True) |
|
226 | landing_rev = v.OneOf(landing_revs, hideList=True) | |
| 711 | chained_validators = [ValidRepoName(edit, old_data), ValidPerms(), |
|
227 | chained_validators = [v.ValidRepoName(edit, old_data), v.ValidPerms(), | |
| 712 | ValidSettings] |
|
228 | v.ValidSettings()] | |
| 713 | return _RepoForm |
|
229 | return _RepoForm | |
| 714 |
|
230 | |||
| 715 |
|
231 | |||
| 716 | def ApplicationSettingsForm(): |
|
232 | def ApplicationSettingsForm(): | |
| 717 | class _ApplicationSettingsForm(formencode.Schema): |
|
233 | class _ApplicationSettingsForm(formencode.Schema): | |
| 718 | allow_extra_fields = True |
|
234 | allow_extra_fields = True | |
| 719 | filter_extra_fields = False |
|
235 | filter_extra_fields = False | |
| 720 | rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True) |
|
236 | rhodecode_title = v.UnicodeString(strip=True, min=1, not_empty=True) | |
| 721 | rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True) |
|
237 | rhodecode_realm = v.UnicodeString(strip=True, min=1, not_empty=True) | |
| 722 | rhodecode_ga_code = UnicodeString(strip=True, min=1, not_empty=False) |
|
238 | rhodecode_ga_code = v.UnicodeString(strip=True, min=1, not_empty=False) | |
| 723 |
|
239 | |||
| 724 | return _ApplicationSettingsForm |
|
240 | return _ApplicationSettingsForm | |
| 725 |
|
241 | |||
| 726 |
|
242 | |||
| 727 | def ApplicationUiSettingsForm(): |
|
243 | def ApplicationUiSettingsForm(): | |
| 728 | class _ApplicationUiSettingsForm(formencode.Schema): |
|
244 | class _ApplicationUiSettingsForm(formencode.Schema): | |
| 729 | allow_extra_fields = True |
|
245 | allow_extra_fields = True | |
| 730 | filter_extra_fields = False |
|
246 | filter_extra_fields = False | |
| 731 | web_push_ssl = OneOf(['true', 'false'], if_missing='false') |
|
247 | web_push_ssl = v.OneOf(['true', 'false'], if_missing='false') | |
| 732 | paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True)) |
|
248 | paths_root_path = All( | |
| 733 | hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False) |
|
249 | v.ValidPath(), | |
| 734 | hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False) |
|
250 | v.UnicodeString(strip=True, min=1, not_empty=True) | |
| 735 | hooks_changegroup_push_logger = OneOf(['True', 'False'], if_missing=False) |
|
251 | ) | |
| 736 |
hooks_ |
|
252 | hooks_changegroup_update = v.OneOf(['True', 'False'], | |
|
|
253 | if_missing=False) | |||
|
|
254 | hooks_changegroup_repo_size = v.OneOf(['True', 'False'], | |||
|
|
255 | if_missing=False) | |||
|
|
256 | hooks_changegroup_push_logger = v.OneOf(['True', 'False'], | |||
|
|
257 | if_missing=False) | |||
|
|
258 | hooks_preoutgoing_pull_logger = v.OneOf(['True', 'False'], | |||
|
|
259 | if_missing=False) | |||
| 737 |
|
260 | |||
| 738 | return _ApplicationUiSettingsForm |
|
261 | return _ApplicationUiSettingsForm | |
| 739 |
|
262 | |||
| 740 |
|
263 | |||
| 741 | def DefaultPermissionsForm(perms_choices, register_choices, create_choices): |
|
264 | def DefaultPermissionsForm(perms_choices, register_choices, create_choices): | |
| 742 | class _DefaultPermissionsForm(formencode.Schema): |
|
265 | class _DefaultPermissionsForm(formencode.Schema): | |
| 743 | allow_extra_fields = True |
|
266 | allow_extra_fields = True | |
| 744 | filter_extra_fields = True |
|
267 | filter_extra_fields = True | |
| 745 | overwrite_default = StringBoolean(if_missing=False) |
|
268 | overwrite_default = v.StringBoolean(if_missing=False) | |
| 746 | anonymous = OneOf(['True', 'False'], if_missing=False) |
|
269 | anonymous = v.OneOf(['True', 'False'], if_missing=False) | |
| 747 | default_perm = OneOf(perms_choices) |
|
270 | default_perm = v.OneOf(perms_choices) | |
| 748 | default_register = OneOf(register_choices) |
|
271 | default_register = v.OneOf(register_choices) | |
| 749 | default_create = OneOf(create_choices) |
|
272 | default_create = v.OneOf(create_choices) | |
| 750 |
|
273 | |||
| 751 | return _DefaultPermissionsForm |
|
274 | return _DefaultPermissionsForm | |
| 752 |
|
275 | |||
| 753 |
|
276 | |||
| 754 |
def LdapSettingsForm(tls_reqcert_choices, search_scope_choices, |
|
277 | def LdapSettingsForm(tls_reqcert_choices, search_scope_choices, | |
|
|
278 | tls_kind_choices): | |||
| 755 | class _LdapSettingsForm(formencode.Schema): |
|
279 | class _LdapSettingsForm(formencode.Schema): | |
| 756 | allow_extra_fields = True |
|
280 | allow_extra_fields = True | |
| 757 | filter_extra_fields = True |
|
281 | filter_extra_fields = True | |
| 758 | #pre_validators = [LdapLibValidator] |
|
282 | #pre_validators = [LdapLibValidator] | |
| 759 | ldap_active = StringBoolean(if_missing=False) |
|
283 | ldap_active = v.StringBoolean(if_missing=False) | |
| 760 | ldap_host = UnicodeString(strip=True,) |
|
284 | ldap_host = v.UnicodeString(strip=True,) | |
| 761 | ldap_port = Number(strip=True,) |
|
285 | ldap_port = v.Number(strip=True,) | |
| 762 | ldap_tls_kind = OneOf(tls_kind_choices) |
|
286 | ldap_tls_kind = v.OneOf(tls_kind_choices) | |
| 763 | ldap_tls_reqcert = OneOf(tls_reqcert_choices) |
|
287 | ldap_tls_reqcert = v.OneOf(tls_reqcert_choices) | |
| 764 | ldap_dn_user = UnicodeString(strip=True,) |
|
288 | ldap_dn_user = v.UnicodeString(strip=True,) | |
| 765 | ldap_dn_pass = UnicodeString(strip=True,) |
|
289 | ldap_dn_pass = v.UnicodeString(strip=True,) | |
| 766 | ldap_base_dn = UnicodeString(strip=True,) |
|
290 | ldap_base_dn = v.UnicodeString(strip=True,) | |
| 767 | ldap_filter = UnicodeString(strip=True,) |
|
291 | ldap_filter = v.UnicodeString(strip=True,) | |
| 768 | ldap_search_scope = OneOf(search_scope_choices) |
|
292 | ldap_search_scope = v.OneOf(search_scope_choices) | |
| 769 | ldap_attr_login = All(AttrLoginValidator, UnicodeString(strip=True,)) |
|
293 | ldap_attr_login = All( | |
| 770 | ldap_attr_firstname = UnicodeString(strip=True,) |
|
294 | v.AttrLoginValidator(), | |
| 771 |
|
|
295 | v.UnicodeString(strip=True,) | |
| 772 | ldap_attr_email = UnicodeString(strip=True,) |
|
296 | ) | |
|
|
297 | ldap_attr_firstname = v.UnicodeString(strip=True,) | |||
|
|
298 | ldap_attr_lastname = v.UnicodeString(strip=True,) | |||
|
|
299 | ldap_attr_email = v.UnicodeString(strip=True,) | |||
| 773 |
|
300 | |||
| 774 | return _LdapSettingsForm |
|
301 | return _LdapSettingsForm | |
| @@ -1,303 +1,303 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | """ |
|
2 | """ | |
| 3 | rhodecode.model.user_group |
|
3 | rhodecode.model.user_group | |
| 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 5 |
|
5 | |||
| 6 | users groups model for RhodeCode |
|
6 | users groups model for RhodeCode | |
| 7 |
|
7 | |||
| 8 | :created_on: Jan 25, 2011 |
|
8 | :created_on: Jan 25, 2011 | |
| 9 | :author: marcink |
|
9 | :author: marcink | |
| 10 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> | |
| 11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
| 12 | """ |
|
12 | """ | |
| 13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
| 14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
| 15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
| 16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
| 17 | # |
|
17 | # | |
| 18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
| 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
| 22 | # |
|
22 | # | |
| 23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
| 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 25 |
|
25 | |||
| 26 | import os |
|
26 | import os | |
| 27 | import logging |
|
27 | import logging | |
| 28 | import traceback |
|
28 | import traceback | |
| 29 | import shutil |
|
29 | import shutil | |
| 30 |
|
30 | |||
| 31 | from rhodecode.lib.utils2 import LazyProperty |
|
31 | from rhodecode.lib.utils2 import LazyProperty | |
| 32 |
|
32 | |||
| 33 | from rhodecode.model import BaseModel |
|
33 | from rhodecode.model import BaseModel | |
| 34 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ |
|
34 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ | |
| 35 | User, Permission, UsersGroupRepoGroupToPerm, UsersGroup |
|
35 | User, Permission, UsersGroupRepoGroupToPerm, UsersGroup | |
| 36 |
|
36 | |||
| 37 | log = logging.getLogger(__name__) |
|
37 | log = logging.getLogger(__name__) | |
| 38 |
|
38 | |||
| 39 |
|
39 | |||
| 40 | class ReposGroupModel(BaseModel): |
|
40 | class ReposGroupModel(BaseModel): | |
| 41 |
|
41 | |||
| 42 | def __get_users_group(self, users_group): |
|
42 | def __get_users_group(self, users_group): | |
| 43 | return self._get_instance(UsersGroup, users_group, |
|
43 | return self._get_instance(UsersGroup, users_group, | |
| 44 | callback=UsersGroup.get_by_group_name) |
|
44 | callback=UsersGroup.get_by_group_name) | |
| 45 |
|
45 | |||
| 46 | def __get_repos_group(self, repos_group): |
|
46 | def __get_repos_group(self, repos_group): | |
| 47 | return self._get_instance(RepoGroup, repos_group, |
|
47 | return self._get_instance(RepoGroup, repos_group, | |
| 48 | callback=RepoGroup.get_by_group_name) |
|
48 | callback=RepoGroup.get_by_group_name) | |
| 49 |
|
49 | |||
| 50 | @LazyProperty |
|
50 | @LazyProperty | |
| 51 | def repos_path(self): |
|
51 | def repos_path(self): | |
| 52 | """ |
|
52 | """ | |
| 53 | Get's the repositories root path from database |
|
53 | Get's the repositories root path from database | |
| 54 | """ |
|
54 | """ | |
| 55 |
|
55 | |||
| 56 | q = RhodeCodeUi.get_by_key('/').one() |
|
56 | q = RhodeCodeUi.get_by_key('/').one() | |
| 57 | return q.ui_value |
|
57 | return q.ui_value | |
| 58 |
|
58 | |||
| 59 | def _create_default_perms(self, new_group): |
|
59 | def _create_default_perms(self, new_group): | |
| 60 | # create default permission |
|
60 | # create default permission | |
| 61 | repo_group_to_perm = UserRepoGroupToPerm() |
|
61 | repo_group_to_perm = UserRepoGroupToPerm() | |
| 62 | default_perm = 'group.read' |
|
62 | default_perm = 'group.read' | |
| 63 | for p in User.get_by_username('default').user_perms: |
|
63 | for p in User.get_by_username('default').user_perms: | |
| 64 | if p.permission.permission_name.startswith('group.'): |
|
64 | if p.permission.permission_name.startswith('group.'): | |
| 65 | default_perm = p.permission.permission_name |
|
65 | default_perm = p.permission.permission_name | |
| 66 | break |
|
66 | break | |
| 67 |
|
67 | |||
| 68 | repo_group_to_perm.permission_id = self.sa.query(Permission)\ |
|
68 | repo_group_to_perm.permission_id = self.sa.query(Permission)\ | |
| 69 | .filter(Permission.permission_name == default_perm)\ |
|
69 | .filter(Permission.permission_name == default_perm)\ | |
| 70 | .one().permission_id |
|
70 | .one().permission_id | |
| 71 |
|
71 | |||
| 72 | repo_group_to_perm.group = new_group |
|
72 | repo_group_to_perm.group = new_group | |
| 73 | repo_group_to_perm.user_id = User.get_by_username('default').user_id |
|
73 | repo_group_to_perm.user_id = User.get_by_username('default').user_id | |
| 74 |
|
74 | |||
| 75 | self.sa.add(repo_group_to_perm) |
|
75 | self.sa.add(repo_group_to_perm) | |
| 76 |
|
76 | |||
| 77 | def __create_group(self, group_name): |
|
77 | def __create_group(self, group_name): | |
| 78 | """ |
|
78 | """ | |
| 79 | makes repositories group on filesystem |
|
79 | makes repositories group on filesystem | |
| 80 |
|
80 | |||
| 81 | :param repo_name: |
|
81 | :param repo_name: | |
| 82 | :param parent_id: |
|
82 | :param parent_id: | |
| 83 | """ |
|
83 | """ | |
| 84 |
|
84 | |||
| 85 | create_path = os.path.join(self.repos_path, group_name) |
|
85 | create_path = os.path.join(self.repos_path, group_name) | |
| 86 | log.debug('creating new group in %s' % create_path) |
|
86 | log.debug('creating new group in %s' % create_path) | |
| 87 |
|
87 | |||
| 88 | if os.path.isdir(create_path): |
|
88 | if os.path.isdir(create_path): | |
| 89 | raise Exception('That directory already exists !') |
|
89 | raise Exception('That directory already exists !') | |
| 90 |
|
90 | |||
| 91 | os.makedirs(create_path) |
|
91 | os.makedirs(create_path) | |
| 92 |
|
92 | |||
| 93 | def __rename_group(self, old, new): |
|
93 | def __rename_group(self, old, new): | |
| 94 | """ |
|
94 | """ | |
| 95 | Renames a group on filesystem |
|
95 | Renames a group on filesystem | |
| 96 |
|
96 | |||
| 97 | :param group_name: |
|
97 | :param group_name: | |
| 98 | """ |
|
98 | """ | |
| 99 |
|
99 | |||
| 100 | if old == new: |
|
100 | if old == new: | |
| 101 | log.debug('skipping group rename') |
|
101 | log.debug('skipping group rename') | |
| 102 | return |
|
102 | return | |
| 103 |
|
103 | |||
| 104 | log.debug('renaming repos group from %s to %s' % (old, new)) |
|
104 | log.debug('renaming repos group from %s to %s' % (old, new)) | |
| 105 |
|
105 | |||
| 106 | old_path = os.path.join(self.repos_path, old) |
|
106 | old_path = os.path.join(self.repos_path, old) | |
| 107 | new_path = os.path.join(self.repos_path, new) |
|
107 | new_path = os.path.join(self.repos_path, new) | |
| 108 |
|
108 | |||
| 109 | log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) |
|
109 | log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) | |
| 110 |
|
110 | |||
| 111 | if os.path.isdir(new_path): |
|
111 | if os.path.isdir(new_path): | |
| 112 | raise Exception('Was trying to rename to already ' |
|
112 | raise Exception('Was trying to rename to already ' | |
| 113 | 'existing dir %s' % new_path) |
|
113 | 'existing dir %s' % new_path) | |
| 114 | shutil.move(old_path, new_path) |
|
114 | shutil.move(old_path, new_path) | |
| 115 |
|
115 | |||
| 116 | def __delete_group(self, group): |
|
116 | def __delete_group(self, group): | |
| 117 | """ |
|
117 | """ | |
| 118 | Deletes a group from a filesystem |
|
118 | Deletes a group from a filesystem | |
| 119 |
|
119 | |||
| 120 | :param group: instance of group from database |
|
120 | :param group: instance of group from database | |
| 121 | """ |
|
121 | """ | |
| 122 | paths = group.full_path.split(RepoGroup.url_sep()) |
|
122 | paths = group.full_path.split(RepoGroup.url_sep()) | |
| 123 | paths = os.sep.join(paths) |
|
123 | paths = os.sep.join(paths) | |
| 124 |
|
124 | |||
| 125 | rm_path = os.path.join(self.repos_path, paths) |
|
125 | rm_path = os.path.join(self.repos_path, paths) | |
| 126 | if os.path.isdir(rm_path): |
|
126 | if os.path.isdir(rm_path): | |
| 127 | # delete only if that path really exists |
|
127 | # delete only if that path really exists | |
| 128 | os.rmdir(rm_path) |
|
128 | os.rmdir(rm_path) | |
| 129 |
|
129 | |||
| 130 | def create(self, group_name, group_description, parent, just_db=False): |
|
130 | def create(self, group_name, group_description, parent, just_db=False): | |
| 131 | try: |
|
131 | try: | |
| 132 | new_repos_group = RepoGroup() |
|
132 | new_repos_group = RepoGroup() | |
| 133 | new_repos_group.group_description = group_description |
|
133 | new_repos_group.group_description = group_description | |
| 134 | new_repos_group.parent_group = self.__get_repos_group(parent) |
|
134 | new_repos_group.parent_group = self.__get_repos_group(parent) | |
| 135 | new_repos_group.group_name = new_repos_group.get_new_name(group_name) |
|
135 | new_repos_group.group_name = new_repos_group.get_new_name(group_name) | |
| 136 |
|
136 | |||
| 137 | self.sa.add(new_repos_group) |
|
137 | self.sa.add(new_repos_group) | |
| 138 | self._create_default_perms(new_repos_group) |
|
138 | self._create_default_perms(new_repos_group) | |
| 139 |
|
139 | |||
| 140 | if not just_db: |
|
140 | if not just_db: | |
| 141 | # we need to flush here, in order to check if database won't |
|
141 | # we need to flush here, in order to check if database won't | |
| 142 | # throw any exceptions, create filesystem dirs at the very end |
|
142 | # throw any exceptions, create filesystem dirs at the very end | |
| 143 | self.sa.flush() |
|
143 | self.sa.flush() | |
| 144 | self.__create_group(new_repos_group.group_name) |
|
144 | self.__create_group(new_repos_group.group_name) | |
| 145 |
|
145 | |||
| 146 | return new_repos_group |
|
146 | return new_repos_group | |
| 147 | except: |
|
147 | except: | |
| 148 | log.error(traceback.format_exc()) |
|
148 | log.error(traceback.format_exc()) | |
| 149 | raise |
|
149 | raise | |
| 150 |
|
150 | |||
| 151 | def update(self, repos_group_id, form_data): |
|
151 | def update(self, repos_group_id, form_data): | |
| 152 |
|
152 | |||
| 153 | try: |
|
153 | try: | |
| 154 | repos_group = RepoGroup.get(repos_group_id) |
|
154 | repos_group = RepoGroup.get(repos_group_id) | |
| 155 |
|
155 | |||
| 156 | # update permissions |
|
156 | # update permissions | |
| 157 | for member, perm, member_type in form_data['perms_updates']: |
|
157 | for member, perm, member_type in form_data['perms_updates']: | |
| 158 | if member_type == 'user': |
|
158 | if member_type == 'user': | |
| 159 | # this updates also current one if found |
|
159 | # this updates also current one if found | |
| 160 | ReposGroupModel().grant_user_permission( |
|
160 | ReposGroupModel().grant_user_permission( | |
| 161 | repos_group=repos_group, user=member, perm=perm |
|
161 | repos_group=repos_group, user=member, perm=perm | |
| 162 | ) |
|
162 | ) | |
| 163 | else: |
|
163 | else: | |
| 164 | ReposGroupModel().grant_users_group_permission( |
|
164 | ReposGroupModel().grant_users_group_permission( | |
| 165 | repos_group=repos_group, group_name=member, perm=perm |
|
165 | repos_group=repos_group, group_name=member, perm=perm | |
| 166 | ) |
|
166 | ) | |
| 167 | # set new permissions |
|
167 | # set new permissions | |
| 168 | for member, perm, member_type in form_data['perms_new']: |
|
168 | for member, perm, member_type in form_data['perms_new']: | |
| 169 | if member_type == 'user': |
|
169 | if member_type == 'user': | |
| 170 | ReposGroupModel().grant_user_permission( |
|
170 | ReposGroupModel().grant_user_permission( | |
| 171 | repos_group=repos_group, user=member, perm=perm |
|
171 | repos_group=repos_group, user=member, perm=perm | |
| 172 | ) |
|
172 | ) | |
| 173 | else: |
|
173 | else: | |
| 174 | ReposGroupModel().grant_users_group_permission( |
|
174 | ReposGroupModel().grant_users_group_permission( | |
| 175 | repos_group=repos_group, group_name=member, perm=perm |
|
175 | repos_group=repos_group, group_name=member, perm=perm | |
| 176 | ) |
|
176 | ) | |
| 177 |
|
177 | |||
| 178 | old_path = repos_group.full_path |
|
178 | old_path = repos_group.full_path | |
| 179 |
|
179 | |||
| 180 | # change properties |
|
180 | # change properties | |
| 181 | repos_group.group_description = form_data['group_description'] |
|
181 | repos_group.group_description = form_data['group_description'] | |
| 182 | repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) |
|
182 | repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) | |
| 183 | repos_group.group_parent_id = form_data['group_parent_id'] |
|
183 | repos_group.group_parent_id = form_data['group_parent_id'] | |
| 184 | repos_group.group_name = repos_group.get_new_name(form_data['group_name']) |
|
184 | repos_group.group_name = repos_group.get_new_name(form_data['group_name']) | |
| 185 | new_path = repos_group.full_path |
|
185 | new_path = repos_group.full_path | |
| 186 |
|
186 | |||
| 187 | self.sa.add(repos_group) |
|
187 | self.sa.add(repos_group) | |
| 188 |
|
188 | |||
| 189 | # we need to get all repositories from this new group and |
|
189 | # we need to get all repositories from this new group and | |
| 190 | # rename them accordingly to new group path |
|
190 | # rename them accordingly to new group path | |
| 191 | for r in repos_group.repositories: |
|
191 | for r in repos_group.repositories: | |
| 192 | r.repo_name = r.get_new_name(r.just_name) |
|
192 | r.repo_name = r.get_new_name(r.just_name) | |
| 193 | self.sa.add(r) |
|
193 | self.sa.add(r) | |
| 194 |
|
194 | |||
| 195 | self.__rename_group(old_path, new_path) |
|
195 | self.__rename_group(old_path, new_path) | |
| 196 |
|
196 | |||
| 197 | return repos_group |
|
197 | return repos_group | |
| 198 | except: |
|
198 | except: | |
| 199 | log.error(traceback.format_exc()) |
|
199 | log.error(traceback.format_exc()) | |
| 200 | raise |
|
200 | raise | |
| 201 |
|
201 | |||
| 202 |
def delete(self, |
|
202 | def delete(self, repos_group): | |
|
|
203 | repos_group = self.__get_repos_group(repos_group) | |||
| 203 | try: |
|
204 | try: | |
| 204 | users_group = RepoGroup.get(users_group_id) |
|
205 | self.sa.delete(repos_group) | |
| 205 |
self. |
|
206 | self.__delete_group(repos_group) | |
| 206 | self.__delete_group(users_group) |
|
|||
| 207 | except: |
|
207 | except: | |
| 208 | log.error(traceback.format_exc()) |
|
208 | log.exception('Error removing repos_group %s' % repos_group) | |
| 209 | raise |
|
209 | raise | |
| 210 |
|
210 | |||
| 211 | def grant_user_permission(self, repos_group, user, perm): |
|
211 | def grant_user_permission(self, repos_group, user, perm): | |
| 212 | """ |
|
212 | """ | |
| 213 | Grant permission for user on given repositories group, or update |
|
213 | Grant permission for user on given repositories group, or update | |
| 214 | existing one if found |
|
214 | existing one if found | |
| 215 |
|
215 | |||
| 216 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
216 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 217 | or repositories_group name |
|
217 | or repositories_group name | |
| 218 | :param user: Instance of User, user_id or username |
|
218 | :param user: Instance of User, user_id or username | |
| 219 | :param perm: Instance of Permission, or permission_name |
|
219 | :param perm: Instance of Permission, or permission_name | |
| 220 | """ |
|
220 | """ | |
| 221 |
|
221 | |||
| 222 | repos_group = self.__get_repos_group(repos_group) |
|
222 | repos_group = self.__get_repos_group(repos_group) | |
| 223 | user = self._get_user(user) |
|
223 | user = self._get_user(user) | |
| 224 | permission = self._get_perm(perm) |
|
224 | permission = self._get_perm(perm) | |
| 225 |
|
225 | |||
| 226 | # check if we have that permission already |
|
226 | # check if we have that permission already | |
| 227 | obj = self.sa.query(UserRepoGroupToPerm)\ |
|
227 | obj = self.sa.query(UserRepoGroupToPerm)\ | |
| 228 | .filter(UserRepoGroupToPerm.user == user)\ |
|
228 | .filter(UserRepoGroupToPerm.user == user)\ | |
| 229 | .filter(UserRepoGroupToPerm.group == repos_group)\ |
|
229 | .filter(UserRepoGroupToPerm.group == repos_group)\ | |
| 230 | .scalar() |
|
230 | .scalar() | |
| 231 | if obj is None: |
|
231 | if obj is None: | |
| 232 | # create new ! |
|
232 | # create new ! | |
| 233 | obj = UserRepoGroupToPerm() |
|
233 | obj = UserRepoGroupToPerm() | |
| 234 | obj.group = repos_group |
|
234 | obj.group = repos_group | |
| 235 | obj.user = user |
|
235 | obj.user = user | |
| 236 | obj.permission = permission |
|
236 | obj.permission = permission | |
| 237 | self.sa.add(obj) |
|
237 | self.sa.add(obj) | |
| 238 |
|
238 | |||
| 239 | def revoke_user_permission(self, repos_group, user): |
|
239 | def revoke_user_permission(self, repos_group, user): | |
| 240 | """ |
|
240 | """ | |
| 241 | Revoke permission for user on given repositories group |
|
241 | Revoke permission for user on given repositories group | |
| 242 |
|
242 | |||
| 243 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
243 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 244 | or repositories_group name |
|
244 | or repositories_group name | |
| 245 | :param user: Instance of User, user_id or username |
|
245 | :param user: Instance of User, user_id or username | |
| 246 | """ |
|
246 | """ | |
| 247 |
|
247 | |||
| 248 | repos_group = self.__get_repos_group(repos_group) |
|
248 | repos_group = self.__get_repos_group(repos_group) | |
| 249 | user = self._get_user(user) |
|
249 | user = self._get_user(user) | |
| 250 |
|
250 | |||
| 251 | obj = self.sa.query(UserRepoGroupToPerm)\ |
|
251 | obj = self.sa.query(UserRepoGroupToPerm)\ | |
| 252 | .filter(UserRepoGroupToPerm.user == user)\ |
|
252 | .filter(UserRepoGroupToPerm.user == user)\ | |
| 253 | .filter(UserRepoGroupToPerm.group == repos_group)\ |
|
253 | .filter(UserRepoGroupToPerm.group == repos_group)\ | |
| 254 | .one() |
|
254 | .one() | |
| 255 | self.sa.delete(obj) |
|
255 | self.sa.delete(obj) | |
| 256 |
|
256 | |||
| 257 | def grant_users_group_permission(self, repos_group, group_name, perm): |
|
257 | def grant_users_group_permission(self, repos_group, group_name, perm): | |
| 258 | """ |
|
258 | """ | |
| 259 | Grant permission for users group on given repositories group, or update |
|
259 | Grant permission for users group on given repositories group, or update | |
| 260 | existing one if found |
|
260 | existing one if found | |
| 261 |
|
261 | |||
| 262 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
262 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 263 | or repositories_group name |
|
263 | or repositories_group name | |
| 264 | :param group_name: Instance of UserGroup, users_group_id, |
|
264 | :param group_name: Instance of UserGroup, users_group_id, | |
| 265 | or users group name |
|
265 | or users group name | |
| 266 | :param perm: Instance of Permission, or permission_name |
|
266 | :param perm: Instance of Permission, or permission_name | |
| 267 | """ |
|
267 | """ | |
| 268 | repos_group = self.__get_repos_group(repos_group) |
|
268 | repos_group = self.__get_repos_group(repos_group) | |
| 269 | group_name = self.__get_users_group(group_name) |
|
269 | group_name = self.__get_users_group(group_name) | |
| 270 | permission = self._get_perm(perm) |
|
270 | permission = self._get_perm(perm) | |
| 271 |
|
271 | |||
| 272 | # check if we have that permission already |
|
272 | # check if we have that permission already | |
| 273 | obj = self.sa.query(UsersGroupRepoGroupToPerm)\ |
|
273 | obj = self.sa.query(UsersGroupRepoGroupToPerm)\ | |
| 274 | .filter(UsersGroupRepoGroupToPerm.group == repos_group)\ |
|
274 | .filter(UsersGroupRepoGroupToPerm.group == repos_group)\ | |
| 275 | .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\ |
|
275 | .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\ | |
| 276 | .scalar() |
|
276 | .scalar() | |
| 277 |
|
277 | |||
| 278 | if obj is None: |
|
278 | if obj is None: | |
| 279 | # create new |
|
279 | # create new | |
| 280 | obj = UsersGroupRepoGroupToPerm() |
|
280 | obj = UsersGroupRepoGroupToPerm() | |
| 281 |
|
281 | |||
| 282 | obj.group = repos_group |
|
282 | obj.group = repos_group | |
| 283 | obj.users_group = group_name |
|
283 | obj.users_group = group_name | |
| 284 | obj.permission = permission |
|
284 | obj.permission = permission | |
| 285 | self.sa.add(obj) |
|
285 | self.sa.add(obj) | |
| 286 |
|
286 | |||
| 287 | def revoke_users_group_permission(self, repos_group, group_name): |
|
287 | def revoke_users_group_permission(self, repos_group, group_name): | |
| 288 | """ |
|
288 | """ | |
| 289 | Revoke permission for users group on given repositories group |
|
289 | Revoke permission for users group on given repositories group | |
| 290 |
|
290 | |||
| 291 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
291 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 292 | or repositories_group name |
|
292 | or repositories_group name | |
| 293 | :param group_name: Instance of UserGroup, users_group_id, |
|
293 | :param group_name: Instance of UserGroup, users_group_id, | |
| 294 | or users group name |
|
294 | or users group name | |
| 295 | """ |
|
295 | """ | |
| 296 | repos_group = self.__get_repos_group(repos_group) |
|
296 | repos_group = self.__get_repos_group(repos_group) | |
| 297 | group_name = self.__get_users_group(group_name) |
|
297 | group_name = self.__get_users_group(group_name) | |
| 298 |
|
298 | |||
| 299 | obj = self.sa.query(UsersGroupRepoGroupToPerm)\ |
|
299 | obj = self.sa.query(UsersGroupRepoGroupToPerm)\ | |
| 300 | .filter(UsersGroupRepoGroupToPerm.group == repos_group)\ |
|
300 | .filter(UsersGroupRepoGroupToPerm.group == repos_group)\ | |
| 301 | .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\ |
|
301 | .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\ | |
| 302 | .one() |
|
302 | .one() | |
| 303 | self.sa.delete(obj) |
|
303 | self.sa.delete(obj) | |
| @@ -1,608 +1,613 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | """ |
|
2 | """ | |
| 3 | rhodecode.model.user |
|
3 | rhodecode.model.user | |
| 4 | ~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~ | |
| 5 |
|
5 | |||
| 6 | users model for RhodeCode |
|
6 | users model for RhodeCode | |
| 7 |
|
7 | |||
| 8 | :created_on: Apr 9, 2010 |
|
8 | :created_on: Apr 9, 2010 | |
| 9 | :author: marcink |
|
9 | :author: marcink | |
| 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |
| 11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
| 12 | """ |
|
12 | """ | |
| 13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
| 14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
| 15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
| 16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
| 17 | # |
|
17 | # | |
| 18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
| 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
| 22 | # |
|
22 | # | |
| 23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
| 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 25 |
|
25 | |||
| 26 | import logging |
|
26 | import logging | |
| 27 | import traceback |
|
27 | import traceback | |
| 28 |
|
28 | |||
| 29 | from pylons import url |
|
29 | from pylons import url | |
| 30 | from pylons.i18n.translation import _ |
|
30 | from pylons.i18n.translation import _ | |
| 31 |
|
31 | |||
| 32 | from rhodecode.lib.utils2 import safe_unicode, generate_api_key |
|
32 | from rhodecode.lib.utils2 import safe_unicode, generate_api_key | |
| 33 | from rhodecode.lib.caching_query import FromCache |
|
33 | from rhodecode.lib.caching_query import FromCache | |
| 34 |
|
34 | |||
| 35 | from rhodecode.model import BaseModel |
|
35 | from rhodecode.model import BaseModel | |
| 36 | from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
|
36 | from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ | |
| 37 | UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ |
|
37 | UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ | |
| 38 | Notification, RepoGroup, UserRepoGroupToPerm, UsersGroupRepoGroupToPerm, \ |
|
38 | Notification, RepoGroup, UserRepoGroupToPerm, UsersGroupRepoGroupToPerm, \ | |
| 39 | UserEmailMap |
|
39 | UserEmailMap | |
| 40 | from rhodecode.lib.exceptions import DefaultUserException, \ |
|
40 | from rhodecode.lib.exceptions import DefaultUserException, \ | |
| 41 | UserOwnsReposException |
|
41 | UserOwnsReposException | |
| 42 |
|
42 | |||
| 43 | from sqlalchemy.exc import DatabaseError |
|
43 | from sqlalchemy.exc import DatabaseError | |
| 44 |
|
44 | |||
| 45 | from sqlalchemy.orm import joinedload |
|
45 | from sqlalchemy.orm import joinedload | |
| 46 |
|
46 | |||
| 47 | log = logging.getLogger(__name__) |
|
47 | log = logging.getLogger(__name__) | |
| 48 |
|
48 | |||
| 49 |
|
49 | |||
| 50 | PERM_WEIGHTS = { |
|
50 | PERM_WEIGHTS = { | |
| 51 | 'repository.none': 0, |
|
51 | 'repository.none': 0, | |
| 52 | 'repository.read': 1, |
|
52 | 'repository.read': 1, | |
| 53 | 'repository.write': 3, |
|
53 | 'repository.write': 3, | |
| 54 | 'repository.admin': 4, |
|
54 | 'repository.admin': 4, | |
| 55 | 'group.none': 0, |
|
55 | 'group.none': 0, | |
| 56 | 'group.read': 1, |
|
56 | 'group.read': 1, | |
| 57 | 'group.write': 3, |
|
57 | 'group.write': 3, | |
| 58 | 'group.admin': 4, |
|
58 | 'group.admin': 4, | |
| 59 | } |
|
59 | } | |
| 60 |
|
60 | |||
| 61 |
|
61 | |||
| 62 | class UserModel(BaseModel): |
|
62 | class UserModel(BaseModel): | |
| 63 |
|
63 | |||
| 64 | def get(self, user_id, cache=False): |
|
64 | def get(self, user_id, cache=False): | |
| 65 | user = self.sa.query(User) |
|
65 | user = self.sa.query(User) | |
| 66 | if cache: |
|
66 | if cache: | |
| 67 | user = user.options(FromCache("sql_cache_short", |
|
67 | user = user.options(FromCache("sql_cache_short", | |
| 68 | "get_user_%s" % user_id)) |
|
68 | "get_user_%s" % user_id)) | |
| 69 | return user.get(user_id) |
|
69 | return user.get(user_id) | |
| 70 |
|
70 | |||
| 71 | def get_user(self, user): |
|
71 | def get_user(self, user): | |
| 72 | return self._get_user(user) |
|
72 | return self._get_user(user) | |
| 73 |
|
73 | |||
| 74 | def get_by_username(self, username, cache=False, case_insensitive=False): |
|
74 | def get_by_username(self, username, cache=False, case_insensitive=False): | |
| 75 |
|
75 | |||
| 76 | if case_insensitive: |
|
76 | if case_insensitive: | |
| 77 | user = self.sa.query(User).filter(User.username.ilike(username)) |
|
77 | user = self.sa.query(User).filter(User.username.ilike(username)) | |
| 78 | else: |
|
78 | else: | |
| 79 | user = self.sa.query(User)\ |
|
79 | user = self.sa.query(User)\ | |
| 80 | .filter(User.username == username) |
|
80 | .filter(User.username == username) | |
| 81 | if cache: |
|
81 | if cache: | |
| 82 | user = user.options(FromCache("sql_cache_short", |
|
82 | user = user.options(FromCache("sql_cache_short", | |
| 83 | "get_user_%s" % username)) |
|
83 | "get_user_%s" % username)) | |
| 84 | return user.scalar() |
|
84 | return user.scalar() | |
| 85 |
|
85 | |||
| 86 | def get_by_api_key(self, api_key, cache=False): |
|
86 | def get_by_api_key(self, api_key, cache=False): | |
| 87 | return User.get_by_api_key(api_key, cache) |
|
87 | return User.get_by_api_key(api_key, cache) | |
| 88 |
|
88 | |||
| 89 | def create(self, form_data): |
|
89 | def create(self, form_data): | |
|
|
90 | from rhodecode.lib.auth import get_crypt_password | |||
| 90 | try: |
|
91 | try: | |
| 91 | new_user = User() |
|
92 | new_user = User() | |
| 92 | for k, v in form_data.items(): |
|
93 | for k, v in form_data.items(): | |
|
|
94 | if k == 'password': | |||
|
|
95 | v = get_crypt_password(v) | |||
| 93 | setattr(new_user, k, v) |
|
96 | setattr(new_user, k, v) | |
| 94 |
|
97 | |||
| 95 | new_user.api_key = generate_api_key(form_data['username']) |
|
98 | new_user.api_key = generate_api_key(form_data['username']) | |
| 96 | self.sa.add(new_user) |
|
99 | self.sa.add(new_user) | |
| 97 | return new_user |
|
100 | return new_user | |
| 98 | except: |
|
101 | except: | |
| 99 | log.error(traceback.format_exc()) |
|
102 | log.error(traceback.format_exc()) | |
| 100 | raise |
|
103 | raise | |
| 101 |
|
104 | |||
| 102 | def create_or_update(self, username, password, email, name, lastname, |
|
105 | def create_or_update(self, username, password, email, name, lastname, | |
| 103 | active=True, admin=False, ldap_dn=None): |
|
106 | active=True, admin=False, ldap_dn=None): | |
| 104 | """ |
|
107 | """ | |
| 105 | Creates a new instance if not found, or updates current one |
|
108 | Creates a new instance if not found, or updates current one | |
| 106 |
|
109 | |||
| 107 | :param username: |
|
110 | :param username: | |
| 108 | :param password: |
|
111 | :param password: | |
| 109 | :param email: |
|
112 | :param email: | |
| 110 | :param active: |
|
113 | :param active: | |
| 111 | :param name: |
|
114 | :param name: | |
| 112 | :param lastname: |
|
115 | :param lastname: | |
| 113 | :param active: |
|
116 | :param active: | |
| 114 | :param admin: |
|
117 | :param admin: | |
| 115 | :param ldap_dn: |
|
118 | :param ldap_dn: | |
| 116 | """ |
|
119 | """ | |
| 117 |
|
120 | |||
| 118 | from rhodecode.lib.auth import get_crypt_password |
|
121 | from rhodecode.lib.auth import get_crypt_password | |
| 119 |
|
122 | |||
| 120 | log.debug('Checking for %s account in RhodeCode database' % username) |
|
123 | log.debug('Checking for %s account in RhodeCode database' % username) | |
| 121 | user = User.get_by_username(username, case_insensitive=True) |
|
124 | user = User.get_by_username(username, case_insensitive=True) | |
| 122 | if user is None: |
|
125 | if user is None: | |
| 123 | log.debug('creating new user %s' % username) |
|
126 | log.debug('creating new user %s' % username) | |
| 124 | new_user = User() |
|
127 | new_user = User() | |
| 125 | else: |
|
128 | else: | |
| 126 | log.debug('updating user %s' % username) |
|
129 | log.debug('updating user %s' % username) | |
| 127 | new_user = user |
|
130 | new_user = user | |
| 128 |
|
131 | |||
| 129 | try: |
|
132 | try: | |
| 130 | new_user.username = username |
|
133 | new_user.username = username | |
| 131 | new_user.admin = admin |
|
134 | new_user.admin = admin | |
| 132 | new_user.password = get_crypt_password(password) |
|
135 | new_user.password = get_crypt_password(password) | |
| 133 | new_user.api_key = generate_api_key(username) |
|
136 | new_user.api_key = generate_api_key(username) | |
| 134 | new_user.email = email |
|
137 | new_user.email = email | |
| 135 | new_user.active = active |
|
138 | new_user.active = active | |
| 136 | new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None |
|
139 | new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None | |
| 137 | new_user.name = name |
|
140 | new_user.name = name | |
| 138 | new_user.lastname = lastname |
|
141 | new_user.lastname = lastname | |
| 139 | self.sa.add(new_user) |
|
142 | self.sa.add(new_user) | |
| 140 | return new_user |
|
143 | return new_user | |
| 141 | except (DatabaseError,): |
|
144 | except (DatabaseError,): | |
| 142 | log.error(traceback.format_exc()) |
|
145 | log.error(traceback.format_exc()) | |
| 143 | raise |
|
146 | raise | |
| 144 |
|
147 | |||
| 145 | def create_for_container_auth(self, username, attrs): |
|
148 | def create_for_container_auth(self, username, attrs): | |
| 146 | """ |
|
149 | """ | |
| 147 | Creates the given user if it's not already in the database |
|
150 | Creates the given user if it's not already in the database | |
| 148 |
|
151 | |||
| 149 | :param username: |
|
152 | :param username: | |
| 150 | :param attrs: |
|
153 | :param attrs: | |
| 151 | """ |
|
154 | """ | |
| 152 | if self.get_by_username(username, case_insensitive=True) is None: |
|
155 | if self.get_by_username(username, case_insensitive=True) is None: | |
| 153 |
|
156 | |||
| 154 | # autogenerate email for container account without one |
|
157 | # autogenerate email for container account without one | |
| 155 | generate_email = lambda usr: '%s@container_auth.account' % usr |
|
158 | generate_email = lambda usr: '%s@container_auth.account' % usr | |
| 156 |
|
159 | |||
| 157 | try: |
|
160 | try: | |
| 158 | new_user = User() |
|
161 | new_user = User() | |
| 159 | new_user.username = username |
|
162 | new_user.username = username | |
| 160 | new_user.password = None |
|
163 | new_user.password = None | |
| 161 | new_user.api_key = generate_api_key(username) |
|
164 | new_user.api_key = generate_api_key(username) | |
| 162 | new_user.email = attrs['email'] |
|
165 | new_user.email = attrs['email'] | |
| 163 | new_user.active = attrs.get('active', True) |
|
166 | new_user.active = attrs.get('active', True) | |
| 164 | new_user.name = attrs['name'] or generate_email(username) |
|
167 | new_user.name = attrs['name'] or generate_email(username) | |
| 165 | new_user.lastname = attrs['lastname'] |
|
168 | new_user.lastname = attrs['lastname'] | |
| 166 |
|
169 | |||
| 167 | self.sa.add(new_user) |
|
170 | self.sa.add(new_user) | |
| 168 | return new_user |
|
171 | return new_user | |
| 169 | except (DatabaseError,): |
|
172 | except (DatabaseError,): | |
| 170 | log.error(traceback.format_exc()) |
|
173 | log.error(traceback.format_exc()) | |
| 171 | self.sa.rollback() |
|
174 | self.sa.rollback() | |
| 172 | raise |
|
175 | raise | |
| 173 | log.debug('User %s already exists. Skipping creation of account' |
|
176 | log.debug('User %s already exists. Skipping creation of account' | |
| 174 | ' for container auth.', username) |
|
177 | ' for container auth.', username) | |
| 175 | return None |
|
178 | return None | |
| 176 |
|
179 | |||
| 177 | def create_ldap(self, username, password, user_dn, attrs): |
|
180 | def create_ldap(self, username, password, user_dn, attrs): | |
| 178 | """ |
|
181 | """ | |
| 179 | Checks if user is in database, if not creates this user marked |
|
182 | Checks if user is in database, if not creates this user marked | |
| 180 | as ldap user |
|
183 | as ldap user | |
| 181 |
|
184 | |||
| 182 | :param username: |
|
185 | :param username: | |
| 183 | :param password: |
|
186 | :param password: | |
| 184 | :param user_dn: |
|
187 | :param user_dn: | |
| 185 | :param attrs: |
|
188 | :param attrs: | |
| 186 | """ |
|
189 | """ | |
| 187 | from rhodecode.lib.auth import get_crypt_password |
|
190 | from rhodecode.lib.auth import get_crypt_password | |
| 188 | log.debug('Checking for such ldap account in RhodeCode database') |
|
191 | log.debug('Checking for such ldap account in RhodeCode database') | |
| 189 | if self.get_by_username(username, case_insensitive=True) is None: |
|
192 | if self.get_by_username(username, case_insensitive=True) is None: | |
| 190 |
|
193 | |||
| 191 | # autogenerate email for ldap account without one |
|
194 | # autogenerate email for ldap account without one | |
| 192 | generate_email = lambda usr: '%s@ldap.account' % usr |
|
195 | generate_email = lambda usr: '%s@ldap.account' % usr | |
| 193 |
|
196 | |||
| 194 | try: |
|
197 | try: | |
| 195 | new_user = User() |
|
198 | new_user = User() | |
| 196 | username = username.lower() |
|
199 | username = username.lower() | |
| 197 | # add ldap account always lowercase |
|
200 | # add ldap account always lowercase | |
| 198 | new_user.username = username |
|
201 | new_user.username = username | |
| 199 | new_user.password = get_crypt_password(password) |
|
202 | new_user.password = get_crypt_password(password) | |
| 200 | new_user.api_key = generate_api_key(username) |
|
203 | new_user.api_key = generate_api_key(username) | |
| 201 | new_user.email = attrs['email'] or generate_email(username) |
|
204 | new_user.email = attrs['email'] or generate_email(username) | |
| 202 | new_user.active = attrs.get('active', True) |
|
205 | new_user.active = attrs.get('active', True) | |
| 203 | new_user.ldap_dn = safe_unicode(user_dn) |
|
206 | new_user.ldap_dn = safe_unicode(user_dn) | |
| 204 | new_user.name = attrs['name'] |
|
207 | new_user.name = attrs['name'] | |
| 205 | new_user.lastname = attrs['lastname'] |
|
208 | new_user.lastname = attrs['lastname'] | |
| 206 |
|
209 | |||
| 207 | self.sa.add(new_user) |
|
210 | self.sa.add(new_user) | |
| 208 | return new_user |
|
211 | return new_user | |
| 209 | except (DatabaseError,): |
|
212 | except (DatabaseError,): | |
| 210 | log.error(traceback.format_exc()) |
|
213 | log.error(traceback.format_exc()) | |
| 211 | self.sa.rollback() |
|
214 | self.sa.rollback() | |
| 212 | raise |
|
215 | raise | |
| 213 | log.debug('this %s user exists skipping creation of ldap account', |
|
216 | log.debug('this %s user exists skipping creation of ldap account', | |
| 214 | username) |
|
217 | username) | |
| 215 | return None |
|
218 | return None | |
| 216 |
|
219 | |||
| 217 | def create_registration(self, form_data): |
|
220 | def create_registration(self, form_data): | |
| 218 | from rhodecode.model.notification import NotificationModel |
|
221 | from rhodecode.model.notification import NotificationModel | |
| 219 |
|
222 | |||
| 220 | try: |
|
223 | try: | |
| 221 | form_data['admin'] = False |
|
224 | form_data['admin'] = False | |
| 222 | new_user = self.create(form_data) |
|
225 | new_user = self.create(form_data) | |
| 223 |
|
226 | |||
| 224 | self.sa.add(new_user) |
|
227 | self.sa.add(new_user) | |
| 225 | self.sa.flush() |
|
228 | self.sa.flush() | |
| 226 |
|
229 | |||
| 227 | # notification to admins |
|
230 | # notification to admins | |
| 228 | subject = _('new user registration') |
|
231 | subject = _('new user registration') | |
| 229 | body = ('New user registration\n' |
|
232 | body = ('New user registration\n' | |
| 230 | '---------------------\n' |
|
233 | '---------------------\n' | |
| 231 | '- Username: %s\n' |
|
234 | '- Username: %s\n' | |
| 232 | '- Full Name: %s\n' |
|
235 | '- Full Name: %s\n' | |
| 233 | '- Email: %s\n') |
|
236 | '- Email: %s\n') | |
| 234 | body = body % (new_user.username, new_user.full_name, |
|
237 | body = body % (new_user.username, new_user.full_name, | |
| 235 | new_user.email) |
|
238 | new_user.email) | |
| 236 | edit_url = url('edit_user', id=new_user.user_id, qualified=True) |
|
239 | edit_url = url('edit_user', id=new_user.user_id, qualified=True) | |
| 237 | kw = {'registered_user_url': edit_url} |
|
240 | kw = {'registered_user_url': edit_url} | |
| 238 | NotificationModel().create(created_by=new_user, subject=subject, |
|
241 | NotificationModel().create(created_by=new_user, subject=subject, | |
| 239 | body=body, recipients=None, |
|
242 | body=body, recipients=None, | |
| 240 | type_=Notification.TYPE_REGISTRATION, |
|
243 | type_=Notification.TYPE_REGISTRATION, | |
| 241 | email_kwargs=kw) |
|
244 | email_kwargs=kw) | |
| 242 |
|
245 | |||
| 243 | except: |
|
246 | except: | |
| 244 | log.error(traceback.format_exc()) |
|
247 | log.error(traceback.format_exc()) | |
| 245 | raise |
|
248 | raise | |
| 246 |
|
249 | |||
| 247 | def update(self, user_id, form_data): |
|
250 | def update(self, user_id, form_data): | |
| 248 | try: |
|
251 | try: | |
| 249 | user = self.get(user_id, cache=False) |
|
252 | user = self.get(user_id, cache=False) | |
| 250 | if user.username == 'default': |
|
253 | if user.username == 'default': | |
| 251 | raise DefaultUserException( |
|
254 | raise DefaultUserException( | |
| 252 | _("You can't Edit this user since it's" |
|
255 | _("You can't Edit this user since it's" | |
| 253 | " crucial for entire application")) |
|
256 | " crucial for entire application")) | |
| 254 |
|
257 | |||
| 255 | for k, v in form_data.items(): |
|
258 | for k, v in form_data.items(): | |
| 256 | if k == 'new_password' and v != '': |
|
259 | if k == 'new_password' and v != '': | |
| 257 | user.password = v |
|
260 | user.password = v | |
| 258 | user.api_key = generate_api_key(user.username) |
|
261 | user.api_key = generate_api_key(user.username) | |
| 259 | else: |
|
262 | else: | |
| 260 | setattr(user, k, v) |
|
263 | setattr(user, k, v) | |
| 261 |
|
264 | |||
| 262 | self.sa.add(user) |
|
265 | self.sa.add(user) | |
| 263 | except: |
|
266 | except: | |
| 264 | log.error(traceback.format_exc()) |
|
267 | log.error(traceback.format_exc()) | |
| 265 | raise |
|
268 | raise | |
| 266 |
|
269 | |||
| 267 | def update_my_account(self, user_id, form_data): |
|
270 | def update_my_account(self, user_id, form_data): | |
|
|
271 | from rhodecode.lib.auth import get_crypt_password | |||
| 268 | try: |
|
272 | try: | |
| 269 | user = self.get(user_id, cache=False) |
|
273 | user = self.get(user_id, cache=False) | |
| 270 | if user.username == 'default': |
|
274 | if user.username == 'default': | |
| 271 | raise DefaultUserException( |
|
275 | raise DefaultUserException( | |
| 272 |
|
|
276 | _("You can't Edit this user since it's" | |
| 273 |
|
|
277 | " crucial for entire application") | |
|
|
278 | ) | |||
| 274 | for k, v in form_data.items(): |
|
279 | for k, v in form_data.items(): | |
| 275 | if k == 'new_password' and v != '': |
|
280 | if k == 'new_password' and v != '': | |
| 276 | user.password = v |
|
281 | user.password = get_crypt_password(v) | |
| 277 | user.api_key = generate_api_key(user.username) |
|
282 | user.api_key = generate_api_key(user.username) | |
| 278 | else: |
|
283 | else: | |
| 279 | if k not in ['admin', 'active']: |
|
284 | if k not in ['admin', 'active']: | |
| 280 | setattr(user, k, v) |
|
285 | setattr(user, k, v) | |
| 281 |
|
286 | |||
| 282 | self.sa.add(user) |
|
287 | self.sa.add(user) | |
| 283 | except: |
|
288 | except: | |
| 284 | log.error(traceback.format_exc()) |
|
289 | log.error(traceback.format_exc()) | |
| 285 | raise |
|
290 | raise | |
| 286 |
|
291 | |||
| 287 | def delete(self, user): |
|
292 | def delete(self, user): | |
| 288 | user = self._get_user(user) |
|
293 | user = self._get_user(user) | |
| 289 |
|
294 | |||
| 290 | try: |
|
295 | try: | |
| 291 | if user.username == 'default': |
|
296 | if user.username == 'default': | |
| 292 | raise DefaultUserException( |
|
297 | raise DefaultUserException( | |
| 293 | _(u"You can't remove this user since it's" |
|
298 | _(u"You can't remove this user since it's" | |
| 294 | " crucial for entire application") |
|
299 | " crucial for entire application") | |
| 295 | ) |
|
300 | ) | |
| 296 | if user.repositories: |
|
301 | if user.repositories: | |
| 297 | repos = [x.repo_name for x in user.repositories] |
|
302 | repos = [x.repo_name for x in user.repositories] | |
| 298 | raise UserOwnsReposException( |
|
303 | raise UserOwnsReposException( | |
| 299 | _(u'user "%s" still owns %s repositories and cannot be ' |
|
304 | _(u'user "%s" still owns %s repositories and cannot be ' | |
| 300 | 'removed. Switch owners or remove those repositories. %s') |
|
305 | 'removed. Switch owners or remove those repositories. %s') | |
| 301 | % (user.username, len(repos), ', '.join(repos)) |
|
306 | % (user.username, len(repos), ', '.join(repos)) | |
| 302 | ) |
|
307 | ) | |
| 303 | self.sa.delete(user) |
|
308 | self.sa.delete(user) | |
| 304 | except: |
|
309 | except: | |
| 305 | log.error(traceback.format_exc()) |
|
310 | log.error(traceback.format_exc()) | |
| 306 | raise |
|
311 | raise | |
| 307 |
|
312 | |||
| 308 | def reset_password_link(self, data): |
|
313 | def reset_password_link(self, data): | |
| 309 | from rhodecode.lib.celerylib import tasks, run_task |
|
314 | from rhodecode.lib.celerylib import tasks, run_task | |
| 310 | run_task(tasks.send_password_link, data['email']) |
|
315 | run_task(tasks.send_password_link, data['email']) | |
| 311 |
|
316 | |||
| 312 | def reset_password(self, data): |
|
317 | def reset_password(self, data): | |
| 313 | from rhodecode.lib.celerylib import tasks, run_task |
|
318 | from rhodecode.lib.celerylib import tasks, run_task | |
| 314 | run_task(tasks.reset_user_password, data['email']) |
|
319 | run_task(tasks.reset_user_password, data['email']) | |
| 315 |
|
320 | |||
| 316 | def fill_data(self, auth_user, user_id=None, api_key=None): |
|
321 | def fill_data(self, auth_user, user_id=None, api_key=None): | |
| 317 | """ |
|
322 | """ | |
| 318 | Fetches auth_user by user_id,or api_key if present. |
|
323 | Fetches auth_user by user_id,or api_key if present. | |
| 319 | Fills auth_user attributes with those taken from database. |
|
324 | Fills auth_user attributes with those taken from database. | |
| 320 | Additionally set's is_authenitated if lookup fails |
|
325 | Additionally set's is_authenitated if lookup fails | |
| 321 | present in database |
|
326 | present in database | |
| 322 |
|
327 | |||
| 323 | :param auth_user: instance of user to set attributes |
|
328 | :param auth_user: instance of user to set attributes | |
| 324 | :param user_id: user id to fetch by |
|
329 | :param user_id: user id to fetch by | |
| 325 | :param api_key: api key to fetch by |
|
330 | :param api_key: api key to fetch by | |
| 326 | """ |
|
331 | """ | |
| 327 | if user_id is None and api_key is None: |
|
332 | if user_id is None and api_key is None: | |
| 328 | raise Exception('You need to pass user_id or api_key') |
|
333 | raise Exception('You need to pass user_id or api_key') | |
| 329 |
|
334 | |||
| 330 | try: |
|
335 | try: | |
| 331 | if api_key: |
|
336 | if api_key: | |
| 332 | dbuser = self.get_by_api_key(api_key) |
|
337 | dbuser = self.get_by_api_key(api_key) | |
| 333 | else: |
|
338 | else: | |
| 334 | dbuser = self.get(user_id) |
|
339 | dbuser = self.get(user_id) | |
| 335 |
|
340 | |||
| 336 | if dbuser is not None and dbuser.active: |
|
341 | if dbuser is not None and dbuser.active: | |
| 337 | log.debug('filling %s data' % dbuser) |
|
342 | log.debug('filling %s data' % dbuser) | |
| 338 | for k, v in dbuser.get_dict().items(): |
|
343 | for k, v in dbuser.get_dict().items(): | |
| 339 | setattr(auth_user, k, v) |
|
344 | setattr(auth_user, k, v) | |
| 340 | else: |
|
345 | else: | |
| 341 | return False |
|
346 | return False | |
| 342 |
|
347 | |||
| 343 | except: |
|
348 | except: | |
| 344 | log.error(traceback.format_exc()) |
|
349 | log.error(traceback.format_exc()) | |
| 345 | auth_user.is_authenticated = False |
|
350 | auth_user.is_authenticated = False | |
| 346 | return False |
|
351 | return False | |
| 347 |
|
352 | |||
| 348 | return True |
|
353 | return True | |
| 349 |
|
354 | |||
| 350 | def fill_perms(self, user): |
|
355 | def fill_perms(self, user): | |
| 351 | """ |
|
356 | """ | |
| 352 | Fills user permission attribute with permissions taken from database |
|
357 | Fills user permission attribute with permissions taken from database | |
| 353 | works for permissions given for repositories, and for permissions that |
|
358 | works for permissions given for repositories, and for permissions that | |
| 354 | are granted to groups |
|
359 | are granted to groups | |
| 355 |
|
360 | |||
| 356 | :param user: user instance to fill his perms |
|
361 | :param user: user instance to fill his perms | |
| 357 | """ |
|
362 | """ | |
| 358 | RK = 'repositories' |
|
363 | RK = 'repositories' | |
| 359 | GK = 'repositories_groups' |
|
364 | GK = 'repositories_groups' | |
| 360 | GLOBAL = 'global' |
|
365 | GLOBAL = 'global' | |
| 361 | user.permissions[RK] = {} |
|
366 | user.permissions[RK] = {} | |
| 362 | user.permissions[GK] = {} |
|
367 | user.permissions[GK] = {} | |
| 363 | user.permissions[GLOBAL] = set() |
|
368 | user.permissions[GLOBAL] = set() | |
| 364 |
|
369 | |||
| 365 | #====================================================================== |
|
370 | #====================================================================== | |
| 366 | # fetch default permissions |
|
371 | # fetch default permissions | |
| 367 | #====================================================================== |
|
372 | #====================================================================== | |
| 368 | default_user = User.get_by_username('default', cache=True) |
|
373 | default_user = User.get_by_username('default', cache=True) | |
| 369 | default_user_id = default_user.user_id |
|
374 | default_user_id = default_user.user_id | |
| 370 |
|
375 | |||
| 371 | default_repo_perms = Permission.get_default_perms(default_user_id) |
|
376 | default_repo_perms = Permission.get_default_perms(default_user_id) | |
| 372 | default_repo_groups_perms = Permission.get_default_group_perms(default_user_id) |
|
377 | default_repo_groups_perms = Permission.get_default_group_perms(default_user_id) | |
| 373 |
|
378 | |||
| 374 | if user.is_admin: |
|
379 | if user.is_admin: | |
| 375 | #================================================================== |
|
380 | #================================================================== | |
| 376 | # admin user have all default rights for repositories |
|
381 | # admin user have all default rights for repositories | |
| 377 | # and groups set to admin |
|
382 | # and groups set to admin | |
| 378 | #================================================================== |
|
383 | #================================================================== | |
| 379 | user.permissions[GLOBAL].add('hg.admin') |
|
384 | user.permissions[GLOBAL].add('hg.admin') | |
| 380 |
|
385 | |||
| 381 | # repositories |
|
386 | # repositories | |
| 382 | for perm in default_repo_perms: |
|
387 | for perm in default_repo_perms: | |
| 383 | r_k = perm.UserRepoToPerm.repository.repo_name |
|
388 | r_k = perm.UserRepoToPerm.repository.repo_name | |
| 384 | p = 'repository.admin' |
|
389 | p = 'repository.admin' | |
| 385 | user.permissions[RK][r_k] = p |
|
390 | user.permissions[RK][r_k] = p | |
| 386 |
|
391 | |||
| 387 | # repositories groups |
|
392 | # repositories groups | |
| 388 | for perm in default_repo_groups_perms: |
|
393 | for perm in default_repo_groups_perms: | |
| 389 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
394 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
| 390 | p = 'group.admin' |
|
395 | p = 'group.admin' | |
| 391 | user.permissions[GK][rg_k] = p |
|
396 | user.permissions[GK][rg_k] = p | |
| 392 | return user |
|
397 | return user | |
| 393 |
|
398 | |||
| 394 | #================================================================== |
|
399 | #================================================================== | |
| 395 | # set default permissions first for repositories and groups |
|
400 | # set default permissions first for repositories and groups | |
| 396 | #================================================================== |
|
401 | #================================================================== | |
| 397 | uid = user.user_id |
|
402 | uid = user.user_id | |
| 398 |
|
403 | |||
| 399 | # default global permissions |
|
404 | # default global permissions | |
| 400 | default_global_perms = self.sa.query(UserToPerm)\ |
|
405 | default_global_perms = self.sa.query(UserToPerm)\ | |
| 401 | .filter(UserToPerm.user_id == default_user_id) |
|
406 | .filter(UserToPerm.user_id == default_user_id) | |
| 402 |
|
407 | |||
| 403 | for perm in default_global_perms: |
|
408 | for perm in default_global_perms: | |
| 404 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
409 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
| 405 |
|
410 | |||
| 406 | # defaults for repositories, taken from default user |
|
411 | # defaults for repositories, taken from default user | |
| 407 | for perm in default_repo_perms: |
|
412 | for perm in default_repo_perms: | |
| 408 | r_k = perm.UserRepoToPerm.repository.repo_name |
|
413 | r_k = perm.UserRepoToPerm.repository.repo_name | |
| 409 | if perm.Repository.private and not (perm.Repository.user_id == uid): |
|
414 | if perm.Repository.private and not (perm.Repository.user_id == uid): | |
| 410 | # disable defaults for private repos, |
|
415 | # disable defaults for private repos, | |
| 411 | p = 'repository.none' |
|
416 | p = 'repository.none' | |
| 412 | elif perm.Repository.user_id == uid: |
|
417 | elif perm.Repository.user_id == uid: | |
| 413 | # set admin if owner |
|
418 | # set admin if owner | |
| 414 | p = 'repository.admin' |
|
419 | p = 'repository.admin' | |
| 415 | else: |
|
420 | else: | |
| 416 | p = perm.Permission.permission_name |
|
421 | p = perm.Permission.permission_name | |
| 417 |
|
422 | |||
| 418 | user.permissions[RK][r_k] = p |
|
423 | user.permissions[RK][r_k] = p | |
| 419 |
|
424 | |||
| 420 | # defaults for repositories groups taken from default user permission |
|
425 | # defaults for repositories groups taken from default user permission | |
| 421 | # on given group |
|
426 | # on given group | |
| 422 | for perm in default_repo_groups_perms: |
|
427 | for perm in default_repo_groups_perms: | |
| 423 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
428 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
| 424 | p = perm.Permission.permission_name |
|
429 | p = perm.Permission.permission_name | |
| 425 | user.permissions[GK][rg_k] = p |
|
430 | user.permissions[GK][rg_k] = p | |
| 426 |
|
431 | |||
| 427 | #================================================================== |
|
432 | #================================================================== | |
| 428 | # overwrite defaults with user permissions if any found |
|
433 | # overwrite defaults with user permissions if any found | |
| 429 | #================================================================== |
|
434 | #================================================================== | |
| 430 |
|
435 | |||
| 431 | # user global permissions |
|
436 | # user global permissions | |
| 432 | user_perms = self.sa.query(UserToPerm)\ |
|
437 | user_perms = self.sa.query(UserToPerm)\ | |
| 433 | .options(joinedload(UserToPerm.permission))\ |
|
438 | .options(joinedload(UserToPerm.permission))\ | |
| 434 | .filter(UserToPerm.user_id == uid).all() |
|
439 | .filter(UserToPerm.user_id == uid).all() | |
| 435 |
|
440 | |||
| 436 | for perm in user_perms: |
|
441 | for perm in user_perms: | |
| 437 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
442 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
| 438 |
|
443 | |||
| 439 | # user explicit permissions for repositories |
|
444 | # user explicit permissions for repositories | |
| 440 | user_repo_perms = \ |
|
445 | user_repo_perms = \ | |
| 441 | self.sa.query(UserRepoToPerm, Permission, Repository)\ |
|
446 | self.sa.query(UserRepoToPerm, Permission, Repository)\ | |
| 442 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ |
|
447 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ | |
| 443 | .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ |
|
448 | .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ | |
| 444 | .filter(UserRepoToPerm.user_id == uid)\ |
|
449 | .filter(UserRepoToPerm.user_id == uid)\ | |
| 445 | .all() |
|
450 | .all() | |
| 446 |
|
451 | |||
| 447 | for perm in user_repo_perms: |
|
452 | for perm in user_repo_perms: | |
| 448 | # set admin if owner |
|
453 | # set admin if owner | |
| 449 | r_k = perm.UserRepoToPerm.repository.repo_name |
|
454 | r_k = perm.UserRepoToPerm.repository.repo_name | |
| 450 | if perm.Repository.user_id == uid: |
|
455 | if perm.Repository.user_id == uid: | |
| 451 | p = 'repository.admin' |
|
456 | p = 'repository.admin' | |
| 452 | else: |
|
457 | else: | |
| 453 | p = perm.Permission.permission_name |
|
458 | p = perm.Permission.permission_name | |
| 454 | user.permissions[RK][r_k] = p |
|
459 | user.permissions[RK][r_k] = p | |
| 455 |
|
460 | |||
| 456 | # USER GROUP |
|
461 | # USER GROUP | |
| 457 | #================================================================== |
|
462 | #================================================================== | |
| 458 | # check if user is part of user groups for this repository and |
|
463 | # check if user is part of user groups for this repository and | |
| 459 | # fill in (or replace with higher) permissions |
|
464 | # fill in (or replace with higher) permissions | |
| 460 | #================================================================== |
|
465 | #================================================================== | |
| 461 |
|
466 | |||
| 462 | # users group global |
|
467 | # users group global | |
| 463 | user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ |
|
468 | user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ | |
| 464 | .options(joinedload(UsersGroupToPerm.permission))\ |
|
469 | .options(joinedload(UsersGroupToPerm.permission))\ | |
| 465 | .join((UsersGroupMember, UsersGroupToPerm.users_group_id == |
|
470 | .join((UsersGroupMember, UsersGroupToPerm.users_group_id == | |
| 466 | UsersGroupMember.users_group_id))\ |
|
471 | UsersGroupMember.users_group_id))\ | |
| 467 | .filter(UsersGroupMember.user_id == uid).all() |
|
472 | .filter(UsersGroupMember.user_id == uid).all() | |
| 468 |
|
473 | |||
| 469 | for perm in user_perms_from_users_groups: |
|
474 | for perm in user_perms_from_users_groups: | |
| 470 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
475 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
| 471 |
|
476 | |||
| 472 | # users group for repositories permissions |
|
477 | # users group for repositories permissions | |
| 473 | user_repo_perms_from_users_groups = \ |
|
478 | user_repo_perms_from_users_groups = \ | |
| 474 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ |
|
479 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ | |
| 475 | .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ |
|
480 | .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ | |
| 476 | .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ |
|
481 | .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ | |
| 477 | .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
|
482 | .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
| 478 | .filter(UsersGroupMember.user_id == uid)\ |
|
483 | .filter(UsersGroupMember.user_id == uid)\ | |
| 479 | .all() |
|
484 | .all() | |
| 480 |
|
485 | |||
| 481 | for perm in user_repo_perms_from_users_groups: |
|
486 | for perm in user_repo_perms_from_users_groups: | |
| 482 | r_k = perm.UsersGroupRepoToPerm.repository.repo_name |
|
487 | r_k = perm.UsersGroupRepoToPerm.repository.repo_name | |
| 483 | p = perm.Permission.permission_name |
|
488 | p = perm.Permission.permission_name | |
| 484 | cur_perm = user.permissions[RK][r_k] |
|
489 | cur_perm = user.permissions[RK][r_k] | |
| 485 | # overwrite permission only if it's greater than permission |
|
490 | # overwrite permission only if it's greater than permission | |
| 486 | # given from other sources |
|
491 | # given from other sources | |
| 487 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
492 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
| 488 | user.permissions[RK][r_k] = p |
|
493 | user.permissions[RK][r_k] = p | |
| 489 |
|
494 | |||
| 490 | # REPO GROUP |
|
495 | # REPO GROUP | |
| 491 | #================================================================== |
|
496 | #================================================================== | |
| 492 | # get access for this user for repos group and override defaults |
|
497 | # get access for this user for repos group and override defaults | |
| 493 | #================================================================== |
|
498 | #================================================================== | |
| 494 |
|
499 | |||
| 495 | # user explicit permissions for repository |
|
500 | # user explicit permissions for repository | |
| 496 | user_repo_groups_perms = \ |
|
501 | user_repo_groups_perms = \ | |
| 497 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
|
502 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ | |
| 498 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
503 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
| 499 | .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ |
|
504 | .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
| 500 | .filter(UserRepoGroupToPerm.user_id == uid)\ |
|
505 | .filter(UserRepoGroupToPerm.user_id == uid)\ | |
| 501 | .all() |
|
506 | .all() | |
| 502 |
|
507 | |||
| 503 | for perm in user_repo_groups_perms: |
|
508 | for perm in user_repo_groups_perms: | |
| 504 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
509 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
| 505 | p = perm.Permission.permission_name |
|
510 | p = perm.Permission.permission_name | |
| 506 | cur_perm = user.permissions[GK][rg_k] |
|
511 | cur_perm = user.permissions[GK][rg_k] | |
| 507 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
512 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
| 508 | user.permissions[GK][rg_k] = p |
|
513 | user.permissions[GK][rg_k] = p | |
| 509 |
|
514 | |||
| 510 | # REPO GROUP + USER GROUP |
|
515 | # REPO GROUP + USER GROUP | |
| 511 | #================================================================== |
|
516 | #================================================================== | |
| 512 | # check if user is part of user groups for this repo group and |
|
517 | # check if user is part of user groups for this repo group and | |
| 513 | # fill in (or replace with higher) permissions |
|
518 | # fill in (or replace with higher) permissions | |
| 514 | #================================================================== |
|
519 | #================================================================== | |
| 515 |
|
520 | |||
| 516 | # users group for repositories permissions |
|
521 | # users group for repositories permissions | |
| 517 | user_repo_group_perms_from_users_groups = \ |
|
522 | user_repo_group_perms_from_users_groups = \ | |
| 518 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ |
|
523 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
| 519 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
524 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
| 520 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ |
|
525 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
| 521 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
|
526 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
| 522 | .filter(UsersGroupMember.user_id == uid)\ |
|
527 | .filter(UsersGroupMember.user_id == uid)\ | |
| 523 | .all() |
|
528 | .all() | |
| 524 |
|
529 | |||
| 525 | for perm in user_repo_group_perms_from_users_groups: |
|
530 | for perm in user_repo_group_perms_from_users_groups: | |
| 526 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name |
|
531 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
| 527 | p = perm.Permission.permission_name |
|
532 | p = perm.Permission.permission_name | |
| 528 | cur_perm = user.permissions[GK][g_k] |
|
533 | cur_perm = user.permissions[GK][g_k] | |
| 529 | # overwrite permission only if it's greater than permission |
|
534 | # overwrite permission only if it's greater than permission | |
| 530 | # given from other sources |
|
535 | # given from other sources | |
| 531 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
536 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
| 532 | user.permissions[GK][g_k] = p |
|
537 | user.permissions[GK][g_k] = p | |
| 533 |
|
538 | |||
| 534 | return user |
|
539 | return user | |
| 535 |
|
540 | |||
| 536 | def has_perm(self, user, perm): |
|
541 | def has_perm(self, user, perm): | |
| 537 | if not isinstance(perm, Permission): |
|
542 | if not isinstance(perm, Permission): | |
| 538 | raise Exception('perm needs to be an instance of Permission class ' |
|
543 | raise Exception('perm needs to be an instance of Permission class ' | |
| 539 | 'got %s instead' % type(perm)) |
|
544 | 'got %s instead' % type(perm)) | |
| 540 |
|
545 | |||
| 541 | user = self._get_user(user) |
|
546 | user = self._get_user(user) | |
| 542 |
|
547 | |||
| 543 | return UserToPerm.query().filter(UserToPerm.user == user)\ |
|
548 | return UserToPerm.query().filter(UserToPerm.user == user)\ | |
| 544 | .filter(UserToPerm.permission == perm).scalar() is not None |
|
549 | .filter(UserToPerm.permission == perm).scalar() is not None | |
| 545 |
|
550 | |||
| 546 | def grant_perm(self, user, perm): |
|
551 | def grant_perm(self, user, perm): | |
| 547 | """ |
|
552 | """ | |
| 548 | Grant user global permissions |
|
553 | Grant user global permissions | |
| 549 |
|
554 | |||
| 550 | :param user: |
|
555 | :param user: | |
| 551 | :param perm: |
|
556 | :param perm: | |
| 552 | """ |
|
557 | """ | |
| 553 | user = self._get_user(user) |
|
558 | user = self._get_user(user) | |
| 554 | perm = self._get_perm(perm) |
|
559 | perm = self._get_perm(perm) | |
| 555 | # if this permission is already granted skip it |
|
560 | # if this permission is already granted skip it | |
| 556 | _perm = UserToPerm.query()\ |
|
561 | _perm = UserToPerm.query()\ | |
| 557 | .filter(UserToPerm.user == user)\ |
|
562 | .filter(UserToPerm.user == user)\ | |
| 558 | .filter(UserToPerm.permission == perm)\ |
|
563 | .filter(UserToPerm.permission == perm)\ | |
| 559 | .scalar() |
|
564 | .scalar() | |
| 560 | if _perm: |
|
565 | if _perm: | |
| 561 | return |
|
566 | return | |
| 562 | new = UserToPerm() |
|
567 | new = UserToPerm() | |
| 563 | new.user = user |
|
568 | new.user = user | |
| 564 | new.permission = perm |
|
569 | new.permission = perm | |
| 565 | self.sa.add(new) |
|
570 | self.sa.add(new) | |
| 566 |
|
571 | |||
| 567 | def revoke_perm(self, user, perm): |
|
572 | def revoke_perm(self, user, perm): | |
| 568 | """ |
|
573 | """ | |
| 569 | Revoke users global permissions |
|
574 | Revoke users global permissions | |
| 570 |
|
575 | |||
| 571 | :param user: |
|
576 | :param user: | |
| 572 | :param perm: |
|
577 | :param perm: | |
| 573 | """ |
|
578 | """ | |
| 574 | user = self._get_user(user) |
|
579 | user = self._get_user(user) | |
| 575 | perm = self._get_perm(perm) |
|
580 | perm = self._get_perm(perm) | |
| 576 |
|
581 | |||
| 577 | obj = UserToPerm.query()\ |
|
582 | obj = UserToPerm.query()\ | |
| 578 | .filter(UserToPerm.user == user)\ |
|
583 | .filter(UserToPerm.user == user)\ | |
| 579 | .filter(UserToPerm.permission == perm)\ |
|
584 | .filter(UserToPerm.permission == perm)\ | |
| 580 | .scalar() |
|
585 | .scalar() | |
| 581 | if obj: |
|
586 | if obj: | |
| 582 | self.sa.delete(obj) |
|
587 | self.sa.delete(obj) | |
| 583 |
|
588 | |||
| 584 | def add_extra_email(self, user, email): |
|
589 | def add_extra_email(self, user, email): | |
| 585 | """ |
|
590 | """ | |
| 586 | Adds email address to UserEmailMap |
|
591 | Adds email address to UserEmailMap | |
| 587 |
|
592 | |||
| 588 | :param user: |
|
593 | :param user: | |
| 589 | :param email: |
|
594 | :param email: | |
| 590 | """ |
|
595 | """ | |
| 591 | user = self._get_user(user) |
|
596 | user = self._get_user(user) | |
| 592 | obj = UserEmailMap() |
|
597 | obj = UserEmailMap() | |
| 593 | obj.user = user |
|
598 | obj.user = user | |
| 594 | obj.email = email |
|
599 | obj.email = email | |
| 595 | self.sa.add(obj) |
|
600 | self.sa.add(obj) | |
| 596 | return obj |
|
601 | return obj | |
| 597 |
|
602 | |||
| 598 | def delete_extra_email(self, user, email_id): |
|
603 | def delete_extra_email(self, user, email_id): | |
| 599 | """ |
|
604 | """ | |
| 600 | Removes email address from UserEmailMap |
|
605 | Removes email address from UserEmailMap | |
| 601 |
|
606 | |||
| 602 | :param user: |
|
607 | :param user: | |
| 603 | :param email_id: |
|
608 | :param email_id: | |
| 604 | """ |
|
609 | """ | |
| 605 | user = self._get_user(user) |
|
610 | user = self._get_user(user) | |
| 606 | obj = UserEmailMap.query().get(email_id) |
|
611 | obj = UserEmailMap.query().get(email_id) | |
| 607 | if obj: |
|
612 | if obj: | |
| 608 | self.sa.delete(obj) No newline at end of file |
|
613 | self.sa.delete(obj) | |
| @@ -1,212 +1,215 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 |
|
2 | |||
| 3 | from rhodecode.lib.auth import get_crypt_password, check_password |
|
3 | from rhodecode.lib.auth import get_crypt_password, check_password | |
| 4 | from rhodecode.model.db import User, RhodeCodeSetting |
|
4 | from rhodecode.model.db import User, RhodeCodeSetting | |
| 5 | from rhodecode.tests import * |
|
5 | from rhodecode.tests import * | |
|
|
6 | from rhodecode.lib import helpers as h | |||
|
|
7 | ||||
| 6 |
|
8 | |||
| 7 | class TestAdminSettingsController(TestController): |
|
9 | class TestAdminSettingsController(TestController): | |
| 8 |
|
10 | |||
| 9 | def test_index(self): |
|
11 | def test_index(self): | |
| 10 | response = self.app.get(url('admin_settings')) |
|
12 | response = self.app.get(url('admin_settings')) | |
| 11 | # Test response... |
|
13 | # Test response... | |
| 12 |
|
14 | |||
| 13 | def test_index_as_xml(self): |
|
15 | def test_index_as_xml(self): | |
| 14 | response = self.app.get(url('formatted_admin_settings', format='xml')) |
|
16 | response = self.app.get(url('formatted_admin_settings', format='xml')) | |
| 15 |
|
17 | |||
| 16 | def test_create(self): |
|
18 | def test_create(self): | |
| 17 | response = self.app.post(url('admin_settings')) |
|
19 | response = self.app.post(url('admin_settings')) | |
| 18 |
|
20 | |||
| 19 | def test_new(self): |
|
21 | def test_new(self): | |
| 20 | response = self.app.get(url('admin_new_setting')) |
|
22 | response = self.app.get(url('admin_new_setting')) | |
| 21 |
|
23 | |||
| 22 | def test_new_as_xml(self): |
|
24 | def test_new_as_xml(self): | |
| 23 | response = self.app.get(url('formatted_admin_new_setting', format='xml')) |
|
25 | response = self.app.get(url('formatted_admin_new_setting', format='xml')) | |
| 24 |
|
26 | |||
| 25 | def test_update(self): |
|
27 | def test_update(self): | |
| 26 | response = self.app.put(url('admin_setting', setting_id=1)) |
|
28 | response = self.app.put(url('admin_setting', setting_id=1)) | |
| 27 |
|
29 | |||
| 28 | def test_update_browser_fakeout(self): |
|
30 | def test_update_browser_fakeout(self): | |
| 29 | response = self.app.post(url('admin_setting', setting_id=1), params=dict(_method='put')) |
|
31 | response = self.app.post(url('admin_setting', setting_id=1), params=dict(_method='put')) | |
| 30 |
|
32 | |||
| 31 | def test_delete(self): |
|
33 | def test_delete(self): | |
| 32 | response = self.app.delete(url('admin_setting', setting_id=1)) |
|
34 | response = self.app.delete(url('admin_setting', setting_id=1)) | |
| 33 |
|
35 | |||
| 34 | def test_delete_browser_fakeout(self): |
|
36 | def test_delete_browser_fakeout(self): | |
| 35 | response = self.app.post(url('admin_setting', setting_id=1), params=dict(_method='delete')) |
|
37 | response = self.app.post(url('admin_setting', setting_id=1), params=dict(_method='delete')) | |
| 36 |
|
38 | |||
| 37 | def test_show(self): |
|
39 | def test_show(self): | |
| 38 | response = self.app.get(url('admin_setting', setting_id=1)) |
|
40 | response = self.app.get(url('admin_setting', setting_id=1)) | |
| 39 |
|
41 | |||
| 40 | def test_show_as_xml(self): |
|
42 | def test_show_as_xml(self): | |
| 41 | response = self.app.get(url('formatted_admin_setting', setting_id=1, format='xml')) |
|
43 | response = self.app.get(url('formatted_admin_setting', setting_id=1, format='xml')) | |
| 42 |
|
44 | |||
| 43 | def test_edit(self): |
|
45 | def test_edit(self): | |
| 44 | response = self.app.get(url('admin_edit_setting', setting_id=1)) |
|
46 | response = self.app.get(url('admin_edit_setting', setting_id=1)) | |
| 45 |
|
47 | |||
| 46 | def test_edit_as_xml(self): |
|
48 | def test_edit_as_xml(self): | |
| 47 | response = self.app.get(url('formatted_admin_edit_setting', |
|
49 | response = self.app.get(url('formatted_admin_edit_setting', | |
| 48 | setting_id=1, format='xml')) |
|
50 | setting_id=1, format='xml')) | |
| 49 |
|
51 | |||
| 50 |
|
||||
| 51 | def test_ga_code_active(self): |
|
52 | def test_ga_code_active(self): | |
| 52 | self.log_user() |
|
53 | self.log_user() | |
| 53 | old_title = 'RhodeCode' |
|
54 | old_title = 'RhodeCode' | |
| 54 | old_realm = 'RhodeCode authentication' |
|
55 | old_realm = 'RhodeCode authentication' | |
| 55 | new_ga_code = 'ga-test-123456789' |
|
56 | new_ga_code = 'ga-test-123456789' | |
| 56 | response = self.app.post(url('admin_setting', setting_id='global'), |
|
57 | response = self.app.post(url('admin_setting', setting_id='global'), | |
| 57 | params=dict( |
|
58 | params=dict( | |
| 58 | _method='put', |
|
59 | _method='put', | |
| 59 | rhodecode_title=old_title, |
|
60 | rhodecode_title=old_title, | |
| 60 | rhodecode_realm=old_realm, |
|
61 | rhodecode_realm=old_realm, | |
| 61 | rhodecode_ga_code=new_ga_code |
|
62 | rhodecode_ga_code=new_ga_code | |
| 62 | )) |
|
63 | )) | |
| 63 |
|
64 | |||
| 64 | self.checkSessionFlash(response, 'Updated application settings') |
|
65 | self.checkSessionFlash(response, 'Updated application settings') | |
| 65 |
|
66 | |||
| 66 | self.assertEqual(RhodeCodeSetting |
|
67 | self.assertEqual(RhodeCodeSetting | |
| 67 | .get_app_settings()['rhodecode_ga_code'], new_ga_code) |
|
68 | .get_app_settings()['rhodecode_ga_code'], new_ga_code) | |
| 68 |
|
69 | |||
| 69 | response = response.follow() |
|
70 | response = response.follow() | |
| 70 | self.assertTrue("""_gaq.push(['_setAccount', '%s']);""" % new_ga_code |
|
71 | self.assertTrue("""_gaq.push(['_setAccount', '%s']);""" % new_ga_code | |
| 71 | in response.body) |
|
72 | in response.body) | |
| 72 |
|
73 | |||
| 73 | def test_ga_code_inactive(self): |
|
74 | def test_ga_code_inactive(self): | |
| 74 | self.log_user() |
|
75 | self.log_user() | |
| 75 | old_title = 'RhodeCode' |
|
76 | old_title = 'RhodeCode' | |
| 76 | old_realm = 'RhodeCode authentication' |
|
77 | old_realm = 'RhodeCode authentication' | |
| 77 | new_ga_code = '' |
|
78 | new_ga_code = '' | |
| 78 | response = self.app.post(url('admin_setting', setting_id='global'), |
|
79 | response = self.app.post(url('admin_setting', setting_id='global'), | |
| 79 | params=dict( |
|
80 | params=dict( | |
| 80 | _method='put', |
|
81 | _method='put', | |
| 81 | rhodecode_title=old_title, |
|
82 | rhodecode_title=old_title, | |
| 82 | rhodecode_realm=old_realm, |
|
83 | rhodecode_realm=old_realm, | |
| 83 | rhodecode_ga_code=new_ga_code |
|
84 | rhodecode_ga_code=new_ga_code | |
| 84 | )) |
|
85 | )) | |
| 85 |
|
86 | |||
| 86 | self.assertTrue('Updated application settings' in |
|
87 | self.assertTrue('Updated application settings' in | |
| 87 | response.session['flash'][0][1]) |
|
88 | response.session['flash'][0][1]) | |
| 88 | self.assertEqual(RhodeCodeSetting |
|
89 | self.assertEqual(RhodeCodeSetting | |
| 89 | .get_app_settings()['rhodecode_ga_code'], new_ga_code) |
|
90 | .get_app_settings()['rhodecode_ga_code'], new_ga_code) | |
| 90 |
|
91 | |||
| 91 | response = response.follow() |
|
92 | response = response.follow() | |
| 92 | self.assertTrue("""_gaq.push(['_setAccount', '%s']);""" % new_ga_code |
|
93 | self.assertTrue("""_gaq.push(['_setAccount', '%s']);""" % new_ga_code | |
| 93 | not in response.body) |
|
94 | not in response.body) | |
| 94 |
|
95 | |||
| 95 |
|
||||
| 96 | def test_title_change(self): |
|
96 | def test_title_change(self): | |
| 97 | self.log_user() |
|
97 | self.log_user() | |
| 98 | old_title = 'RhodeCode' |
|
98 | old_title = 'RhodeCode' | |
| 99 | new_title = old_title + '_changed' |
|
99 | new_title = old_title + '_changed' | |
| 100 | old_realm = 'RhodeCode authentication' |
|
100 | old_realm = 'RhodeCode authentication' | |
| 101 |
|
101 | |||
| 102 | for new_title in ['Changed', 'Ε»Γ³Εwik', old_title]: |
|
102 | for new_title in ['Changed', 'Ε»Γ³Εwik', old_title]: | |
| 103 | response = self.app.post(url('admin_setting', setting_id='global'), |
|
103 | response = self.app.post(url('admin_setting', setting_id='global'), | |
| 104 | params=dict( |
|
104 | params=dict( | |
| 105 | _method='put', |
|
105 | _method='put', | |
| 106 | rhodecode_title=new_title, |
|
106 | rhodecode_title=new_title, | |
| 107 | rhodecode_realm=old_realm, |
|
107 | rhodecode_realm=old_realm, | |
| 108 | rhodecode_ga_code='' |
|
108 | rhodecode_ga_code='' | |
| 109 | )) |
|
109 | )) | |
| 110 |
|
110 | |||
| 111 | self.checkSessionFlash(response, 'Updated application settings') |
|
111 | self.checkSessionFlash(response, 'Updated application settings') | |
| 112 | self.assertEqual(RhodeCodeSetting |
|
112 | self.assertEqual(RhodeCodeSetting | |
| 113 | .get_app_settings()['rhodecode_title'], |
|
113 | .get_app_settings()['rhodecode_title'], | |
| 114 | new_title.decode('utf-8')) |
|
114 | new_title.decode('utf-8')) | |
| 115 |
|
115 | |||
| 116 | response = response.follow() |
|
116 | response = response.follow() | |
| 117 | self.assertTrue("""<h1><a href="/">%s</a></h1>""" % new_title |
|
117 | self.assertTrue("""<h1><a href="/">%s</a></h1>""" % new_title | |
| 118 | in response.body) |
|
118 | in response.body) | |
| 119 |
|
119 | |||
| 120 |
|
||||
| 121 | def test_my_account(self): |
|
120 | def test_my_account(self): | |
| 122 | self.log_user() |
|
121 | self.log_user() | |
| 123 | response = self.app.get(url('admin_settings_my_account')) |
|
122 | response = self.app.get(url('admin_settings_my_account')) | |
| 124 |
|
123 | |||
| 125 | self.assertTrue('value="test_admin' in response.body) |
|
124 | self.assertTrue('value="test_admin' in response.body) | |
| 126 |
|
125 | |||
| 127 | def test_my_account_update(self): |
|
126 | def test_my_account_update(self): | |
| 128 | self.log_user() |
|
127 | self.log_user() | |
| 129 |
|
128 | |||
| 130 | new_email = 'new@mail.pl' |
|
129 | new_email = 'new@mail.pl' | |
| 131 | new_name = 'NewName' |
|
130 | new_name = 'NewName' | |
| 132 | new_lastname = 'NewLastname' |
|
131 | new_lastname = 'NewLastname' | |
| 133 | new_password = 'test123' |
|
132 | new_password = 'test123' | |
| 134 |
|
133 | |||
| 135 |
|
||||
| 136 | response = self.app.post(url('admin_settings_my_account_update'), |
|
134 | response = self.app.post(url('admin_settings_my_account_update'), | |
| 137 | params=dict(_method='put', |
|
135 | params=dict(_method='put', | |
| 138 | username='test_admin', |
|
136 | username='test_admin', | |
| 139 | new_password=new_password, |
|
137 | new_password=new_password, | |
| 140 |
password_confirmation |
|
138 | password_confirmation=new_password, | |
| 141 | password='', |
|
139 | password='', | |
| 142 | name=new_name, |
|
140 | name=new_name, | |
| 143 | lastname=new_lastname, |
|
141 | lastname=new_lastname, | |
| 144 | email=new_email,)) |
|
142 | email=new_email,)) | |
| 145 | response.follow() |
|
143 | response.follow() | |
| 146 |
|
144 | |||
| 147 | assert 'Your account was updated successfully' in response.session['flash'][0][1], 'no flash message about success of change' |
|
145 | assert 'Your account was updated successfully' in response.session['flash'][0][1], 'no flash message about success of change' | |
| 148 | user = self.Session.query(User).filter(User.username == 'test_admin').one() |
|
146 | user = self.Session.query(User).filter(User.username == 'test_admin').one() | |
| 149 |
assert user.email == new_email |
|
147 | assert user.email == new_email, 'incorrect user email after update got %s vs %s' % (user.email, new_email) | |
| 150 | assert user.name == new_name, 'updated field mismatch %s vs %s' % (user.name, new_name) |
|
148 | assert user.name == new_name, 'updated field mismatch %s vs %s' % (user.name, new_name) | |
| 151 | assert user.lastname == new_lastname, 'updated field mismatch %s vs %s' % (user.lastname, new_lastname) |
|
149 | assert user.lastname == new_lastname, 'updated field mismatch %s vs %s' % (user.lastname, new_lastname) | |
| 152 | assert check_password(new_password, user.password) is True, 'password field mismatch %s vs %s' % (user.password, new_password) |
|
150 | assert check_password(new_password, user.password) is True, 'password field mismatch %s vs %s' % (user.password, new_password) | |
| 153 |
|
151 | |||
| 154 | #bring back the admin settings |
|
152 | #bring back the admin settings | |
| 155 | old_email = 'test_admin@mail.com' |
|
153 | old_email = 'test_admin@mail.com' | |
| 156 | old_name = 'RhodeCode' |
|
154 | old_name = 'RhodeCode' | |
| 157 | old_lastname = 'Admin' |
|
155 | old_lastname = 'Admin' | |
| 158 | old_password = 'test12' |
|
156 | old_password = 'test12' | |
| 159 |
|
157 | |||
| 160 | response = self.app.post(url('admin_settings_my_account_update'), params=dict( |
|
158 | response = self.app.post(url('admin_settings_my_account_update'), params=dict( | |
| 161 | _method='put', |
|
159 | _method='put', | |
| 162 | username='test_admin', |
|
160 | username='test_admin', | |
| 163 | new_password=old_password, |
|
161 | new_password=old_password, | |
| 164 |
password_confirmation |
|
162 | password_confirmation=old_password, | |
| 165 | password='', |
|
163 | password='', | |
| 166 | name=old_name, |
|
164 | name=old_name, | |
| 167 | lastname=old_lastname, |
|
165 | lastname=old_lastname, | |
| 168 | email=old_email,)) |
|
166 | email=old_email,)) | |
| 169 |
|
167 | |||
| 170 | response.follow() |
|
168 | response.follow() | |
| 171 | self.checkSessionFlash(response, |
|
169 | self.checkSessionFlash(response, | |
| 172 | 'Your account was updated successfully') |
|
170 | 'Your account was updated successfully') | |
| 173 |
|
171 | |||
| 174 | user = self.Session.query(User).filter(User.username == 'test_admin').one() |
|
172 | user = self.Session.query(User).filter(User.username == 'test_admin').one() | |
| 175 |
assert user.email == old_email |
|
173 | assert user.email == old_email, 'incorrect user email after update got %s vs %s' % (user.email, old_email) | |
| 176 |
|
174 | |||
| 177 |
assert user.email == old_email |
|
175 | assert user.email == old_email, 'incorrect user email after update got %s vs %s' % (user.email, old_email) | |
| 178 | assert user.name == old_name, 'updated field mismatch %s vs %s' % (user.name, old_name) |
|
176 | assert user.name == old_name, 'updated field mismatch %s vs %s' % (user.name, old_name) | |
| 179 | assert user.lastname == old_lastname, 'updated field mismatch %s vs %s' % (user.lastname, old_lastname) |
|
177 | assert user.lastname == old_lastname, 'updated field mismatch %s vs %s' % (user.lastname, old_lastname) | |
| 180 |
assert check_password(old_password, user.password) is True |
|
178 | assert check_password(old_password, user.password) is True, 'password updated field mismatch %s vs %s' % (user.password, old_password) | |
| 181 |
|
179 | |||
| 182 |
|
||||
| 183 | def test_my_account_update_err_email_exists(self): |
|
180 | def test_my_account_update_err_email_exists(self): | |
| 184 | self.log_user() |
|
181 | self.log_user() | |
| 185 |
|
182 | |||
| 186 | new_email = 'test_regular@mail.com'#already exisitn email |
|
183 | new_email = 'test_regular@mail.com' # already exisitn email | |
| 187 | response = self.app.post(url('admin_settings_my_account_update'), params=dict( |
|
184 | response = self.app.post(url('admin_settings_my_account_update'), params=dict( | |
| 188 | _method='put', |
|
185 | _method='put', | |
| 189 | username='test_admin', |
|
186 | username='test_admin', | |
| 190 | new_password='test12', |
|
187 | new_password='test12', | |
| 191 |
password_confirmation |
|
188 | password_confirmation='test122', | |
| 192 | name='NewName', |
|
189 | name='NewName', | |
| 193 | lastname='NewLastname', |
|
190 | lastname='NewLastname', | |
| 194 | email=new_email,)) |
|
191 | email=new_email,)) | |
| 195 |
|
192 | |||
| 196 | assert 'This e-mail address is already taken' in response.body, 'Missing error message about existing email' |
|
193 | assert 'This e-mail address is already taken' in response.body, 'Missing error message about existing email' | |
| 197 |
|
194 | |||
| 198 |
|
||||
| 199 | def test_my_account_update_err(self): |
|
195 | def test_my_account_update_err(self): | |
| 200 | self.log_user('test_regular2', 'test12') |
|
196 | self.log_user('test_regular2', 'test12') | |
| 201 |
|
197 | |||
| 202 | new_email = 'newmail.pl' |
|
198 | new_email = 'newmail.pl' | |
| 203 |
response = self.app.post(url('admin_settings_my_account_update'), |
|
199 | response = self.app.post(url('admin_settings_my_account_update'), | |
|
|
200 | params=dict( | |||
| 204 |
|
|
201 | _method='put', | |
| 205 |
|
|
202 | username='test_admin', | |
| 206 |
|
|
203 | new_password='test12', | |
| 207 |
|
|
204 | password_confirmation='test122', | |
| 208 |
|
|
205 | name='NewName', | |
| 209 |
|
|
206 | lastname='NewLastname', | |
| 210 |
|
|
207 | email=new_email,) | |
| 211 | assert 'An email address must contain a single @' in response.body, 'Missing error message about wrong email' |
|
208 | ) | |
| 212 | assert 'This username already exists' in response.body, 'Missing error message about existing user' |
|
209 | ||
|
|
210 | response.mustcontain('An email address must contain a single @') | |||
|
|
211 | from rhodecode.model import validators | |||
|
|
212 | msg = validators.ValidUsername(edit=False, | |||
|
|
213 | old_data={})._messages['username_exists'] | |||
|
|
214 | msg = h.html_escape(msg % {'username': 'test_admin'}) | |||
|
|
215 | response.mustcontain(u"%s" % msg) | |||
| @@ -1,179 +1,180 b'' | |||||
|
|
1 | from sqlalchemy.orm.exc import NoResultFound | |||
|
|
2 | ||||
| 1 | from rhodecode.tests import * |
|
3 | from rhodecode.tests import * | |
| 2 | from rhodecode.model.db import User, Permission |
|
4 | from rhodecode.model.db import User, Permission | |
| 3 | from rhodecode.lib.auth import check_password |
|
5 | from rhodecode.lib.auth import check_password | |
| 4 | from sqlalchemy.orm.exc import NoResultFound |
|
|||
| 5 | from rhodecode.model.user import UserModel |
|
6 | from rhodecode.model.user import UserModel | |
|
|
7 | from rhodecode.model import validators | |||
|
|
8 | from rhodecode.lib import helpers as h | |||
|
|
9 | ||||
| 6 |
|
10 | |||
| 7 | class TestAdminUsersController(TestController): |
|
11 | class TestAdminUsersController(TestController): | |
| 8 |
|
12 | |||
| 9 | def test_index(self): |
|
13 | def test_index(self): | |
| 10 | self.log_user() |
|
14 | self.log_user() | |
| 11 | response = self.app.get(url('users')) |
|
15 | response = self.app.get(url('users')) | |
| 12 | # Test response... |
|
16 | # Test response... | |
| 13 |
|
17 | |||
| 14 | def test_index_as_xml(self): |
|
18 | def test_index_as_xml(self): | |
| 15 | response = self.app.get(url('formatted_users', format='xml')) |
|
19 | response = self.app.get(url('formatted_users', format='xml')) | |
| 16 |
|
20 | |||
| 17 | def test_create(self): |
|
21 | def test_create(self): | |
| 18 | self.log_user() |
|
22 | self.log_user() | |
| 19 | username = 'newtestuser' |
|
23 | username = 'newtestuser' | |
| 20 | password = 'test12' |
|
24 | password = 'test12' | |
| 21 | password_confirmation = password |
|
25 | password_confirmation = password | |
| 22 | name = 'name' |
|
26 | name = 'name' | |
| 23 | lastname = 'lastname' |
|
27 | lastname = 'lastname' | |
| 24 | email = 'mail@mail.com' |
|
28 | email = 'mail@mail.com' | |
| 25 |
|
29 | |||
| 26 | response = self.app.post(url('users'), |
|
30 | response = self.app.post(url('users'), | |
| 27 |
|
|
31 | {'username': username, | |
| 28 |
|
|
32 | 'password': password, | |
| 29 |
|
|
33 | 'password_confirmation': password_confirmation, | |
| 30 |
|
|
34 | 'name': name, | |
| 31 |
|
|
35 | 'active': True, | |
| 32 |
|
|
36 | 'lastname': lastname, | |
| 33 |
|
|
37 | 'email': email}) | |
| 34 |
|
38 | |||
|
|
39 | self.checkSessionFlash(response, '''created user %s''' % (username)) | |||
| 35 |
|
40 | |||
| 36 | self.assertTrue('''created user %s''' % (username) in |
|
|||
| 37 | response.session['flash'][0]) |
|
|||
| 38 |
|
41 | |||
| 39 | new_user = self.Session.query(User).\ |
|
42 | new_user = self.Session.query(User).\ | |
| 40 | filter(User.username == username).one() |
|
43 | filter(User.username == username).one() | |
| 41 |
|
44 | |||
| 42 | self.assertEqual(new_user.username,username) |
|
45 | self.assertEqual(new_user.username, username) | |
| 43 | self.assertEqual(check_password(password, new_user.password),True) |
|
46 | self.assertEqual(check_password(password, new_user.password), True) | |
| 44 | self.assertEqual(new_user.name,name) |
|
47 | self.assertEqual(new_user.name, name) | |
| 45 | self.assertEqual(new_user.lastname,lastname) |
|
48 | self.assertEqual(new_user.lastname, lastname) | |
| 46 | self.assertEqual(new_user.email,email) |
|
49 | self.assertEqual(new_user.email, email) | |
| 47 |
|
50 | |||
| 48 | response.follow() |
|
51 | response.follow() | |
| 49 | response = response.follow() |
|
52 | response = response.follow() | |
| 50 | self.assertTrue("""edit">newtestuser</a>""" in response.body) |
|
53 | self.assertTrue("""edit">newtestuser</a>""" in response.body) | |
| 51 |
|
54 | |||
| 52 | def test_create_err(self): |
|
55 | def test_create_err(self): | |
| 53 | self.log_user() |
|
56 | self.log_user() | |
| 54 | username = 'new_user' |
|
57 | username = 'new_user' | |
| 55 | password = '' |
|
58 | password = '' | |
| 56 | name = 'name' |
|
59 | name = 'name' | |
| 57 | lastname = 'lastname' |
|
60 | lastname = 'lastname' | |
| 58 | email = 'errmail.com' |
|
61 | email = 'errmail.com' | |
| 59 |
|
62 | |||
| 60 | response = self.app.post(url('users'), {'username':username, |
|
63 | response = self.app.post(url('users'), {'username': username, | |
| 61 | 'password':password, |
|
64 | 'password': password, | |
| 62 | 'name':name, |
|
65 | 'name': name, | |
| 63 | 'active':False, |
|
66 | 'active': False, | |
| 64 | 'lastname':lastname, |
|
67 | 'lastname': lastname, | |
| 65 | 'email':email}) |
|
68 | 'email': email}) | |
| 66 |
|
69 | |||
| 67 | self.assertTrue("""<span class="error-message">Invalid username</span>""" in response.body) |
|
70 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] | |
| 68 | self.assertTrue("""<span class="error-message">Please enter a value</span>""" in response.body) |
|
71 | msg = h.html_escape(msg % {'username': 'new_user'}) | |
| 69 | self.assertTrue("""<span class="error-message">An email address must contain a single @</span>""" in response.body) |
|
72 | response.mustcontain("""<span class="error-message">%s</span>""" % msg) | |
|
|
73 | response.mustcontain("""<span class="error-message">Please enter a value</span>""") | |||
|
|
74 | response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""") | |||
| 70 |
|
75 | |||
| 71 | def get_user(): |
|
76 | def get_user(): | |
| 72 | self.Session.query(User).filter(User.username == username).one() |
|
77 | self.Session.query(User).filter(User.username == username).one() | |
| 73 |
|
78 | |||
| 74 | self.assertRaises(NoResultFound, get_user), 'found user in database' |
|
79 | self.assertRaises(NoResultFound, get_user), 'found user in database' | |
| 75 |
|
80 | |||
| 76 | def test_new(self): |
|
81 | def test_new(self): | |
| 77 | self.log_user() |
|
82 | self.log_user() | |
| 78 | response = self.app.get(url('new_user')) |
|
83 | response = self.app.get(url('new_user')) | |
| 79 |
|
84 | |||
| 80 | def test_new_as_xml(self): |
|
85 | def test_new_as_xml(self): | |
| 81 | response = self.app.get(url('formatted_new_user', format='xml')) |
|
86 | response = self.app.get(url('formatted_new_user', format='xml')) | |
| 82 |
|
87 | |||
| 83 | def test_update(self): |
|
88 | def test_update(self): | |
| 84 | response = self.app.put(url('user', id=1)) |
|
89 | response = self.app.put(url('user', id=1)) | |
| 85 |
|
90 | |||
| 86 | def test_update_browser_fakeout(self): |
|
91 | def test_update_browser_fakeout(self): | |
| 87 | response = self.app.post(url('user', id=1), params=dict(_method='put')) |
|
92 | response = self.app.post(url('user', id=1), params=dict(_method='put')) | |
| 88 |
|
93 | |||
| 89 | def test_delete(self): |
|
94 | def test_delete(self): | |
| 90 | self.log_user() |
|
95 | self.log_user() | |
| 91 | username = 'newtestuserdeleteme' |
|
96 | username = 'newtestuserdeleteme' | |
| 92 | password = 'test12' |
|
97 | password = 'test12' | |
| 93 | name = 'name' |
|
98 | name = 'name' | |
| 94 | lastname = 'lastname' |
|
99 | lastname = 'lastname' | |
| 95 | email = 'todeletemail@mail.com' |
|
100 | email = 'todeletemail@mail.com' | |
| 96 |
|
101 | |||
| 97 | response = self.app.post(url('users'), {'username':username, |
|
102 | response = self.app.post(url('users'), {'username': username, | |
| 98 | 'password':password, |
|
103 | 'password': password, | |
| 99 | 'password_confirmation':password, |
|
104 | 'password_confirmation': password, | |
| 100 | 'name':name, |
|
105 | 'name': name, | |
| 101 | 'active':True, |
|
106 | 'active': True, | |
| 102 | 'lastname':lastname, |
|
107 | 'lastname': lastname, | |
| 103 | 'email':email}) |
|
108 | 'email': email}) | |
| 104 |
|
109 | |||
| 105 | response = response.follow() |
|
110 | response = response.follow() | |
| 106 |
|
111 | |||
| 107 | new_user = self.Session.query(User)\ |
|
112 | new_user = self.Session.query(User)\ | |
| 108 | .filter(User.username == username).one() |
|
113 | .filter(User.username == username).one() | |
| 109 | response = self.app.delete(url('user', id=new_user.user_id)) |
|
114 | response = self.app.delete(url('user', id=new_user.user_id)) | |
| 110 |
|
115 | |||
| 111 | self.assertTrue("""successfully deleted user""" in |
|
116 | self.assertTrue("""successfully deleted user""" in | |
| 112 | response.session['flash'][0]) |
|
117 | response.session['flash'][0]) | |
| 113 |
|
118 | |||
| 114 |
|
||||
| 115 | def test_delete_browser_fakeout(self): |
|
119 | def test_delete_browser_fakeout(self): | |
| 116 | response = self.app.post(url('user', id=1), |
|
120 | response = self.app.post(url('user', id=1), | |
| 117 | params=dict(_method='delete')) |
|
121 | params=dict(_method='delete')) | |
| 118 |
|
122 | |||
| 119 | def test_show(self): |
|
123 | def test_show(self): | |
| 120 | response = self.app.get(url('user', id=1)) |
|
124 | response = self.app.get(url('user', id=1)) | |
| 121 |
|
125 | |||
| 122 | def test_show_as_xml(self): |
|
126 | def test_show_as_xml(self): | |
| 123 | response = self.app.get(url('formatted_user', id=1, format='xml')) |
|
127 | response = self.app.get(url('formatted_user', id=1, format='xml')) | |
| 124 |
|
128 | |||
| 125 | def test_edit(self): |
|
129 | def test_edit(self): | |
| 126 | self.log_user() |
|
130 | self.log_user() | |
| 127 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) |
|
131 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) | |
| 128 | response = self.app.get(url('edit_user', id=user.user_id)) |
|
132 | response = self.app.get(url('edit_user', id=user.user_id)) | |
| 129 |
|
133 | |||
| 130 |
|
||||
| 131 | def test_add_perm_create_repo(self): |
|
134 | def test_add_perm_create_repo(self): | |
| 132 | self.log_user() |
|
135 | self.log_user() | |
| 133 | perm_none = Permission.get_by_key('hg.create.none') |
|
136 | perm_none = Permission.get_by_key('hg.create.none') | |
| 134 | perm_create = Permission.get_by_key('hg.create.repository') |
|
137 | perm_create = Permission.get_by_key('hg.create.repository') | |
| 135 |
|
138 | |||
| 136 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
139 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
| 137 |
|
140 | |||
| 138 |
|
||||
| 139 | #User should have None permission on creation repository |
|
141 | #User should have None permission on creation repository | |
| 140 | self.assertEqual(UserModel().has_perm(user, perm_none), False) |
|
142 | self.assertEqual(UserModel().has_perm(user, perm_none), False) | |
| 141 | self.assertEqual(UserModel().has_perm(user, perm_create), False) |
|
143 | self.assertEqual(UserModel().has_perm(user, perm_create), False) | |
| 142 |
|
144 | |||
| 143 | response = self.app.post(url('user_perm', id=user.user_id), |
|
145 | response = self.app.post(url('user_perm', id=user.user_id), | |
| 144 | params=dict(_method='put', |
|
146 | params=dict(_method='put', | |
| 145 | create_repo_perm=True)) |
|
147 | create_repo_perm=True)) | |
| 146 |
|
148 | |||
| 147 | perm_none = Permission.get_by_key('hg.create.none') |
|
149 | perm_none = Permission.get_by_key('hg.create.none') | |
| 148 | perm_create = Permission.get_by_key('hg.create.repository') |
|
150 | perm_create = Permission.get_by_key('hg.create.repository') | |
| 149 |
|
151 | |||
| 150 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
152 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
| 151 | #User should have None permission on creation repository |
|
153 | #User should have None permission on creation repository | |
| 152 | self.assertEqual(UserModel().has_perm(user, perm_none), False) |
|
154 | self.assertEqual(UserModel().has_perm(user, perm_none), False) | |
| 153 | self.assertEqual(UserModel().has_perm(user, perm_create), True) |
|
155 | self.assertEqual(UserModel().has_perm(user, perm_create), True) | |
| 154 |
|
156 | |||
| 155 | def test_revoke_perm_create_repo(self): |
|
157 | def test_revoke_perm_create_repo(self): | |
| 156 | self.log_user() |
|
158 | self.log_user() | |
| 157 | perm_none = Permission.get_by_key('hg.create.none') |
|
159 | perm_none = Permission.get_by_key('hg.create.none') | |
| 158 | perm_create = Permission.get_by_key('hg.create.repository') |
|
160 | perm_create = Permission.get_by_key('hg.create.repository') | |
| 159 |
|
161 | |||
| 160 | user = User.get_by_username(TEST_USER_REGULAR2_LOGIN) |
|
162 | user = User.get_by_username(TEST_USER_REGULAR2_LOGIN) | |
| 161 |
|
163 | |||
| 162 |
|
||||
| 163 | #User should have None permission on creation repository |
|
164 | #User should have None permission on creation repository | |
| 164 | self.assertEqual(UserModel().has_perm(user, perm_none), False) |
|
165 | self.assertEqual(UserModel().has_perm(user, perm_none), False) | |
| 165 | self.assertEqual(UserModel().has_perm(user, perm_create), False) |
|
166 | self.assertEqual(UserModel().has_perm(user, perm_create), False) | |
| 166 |
|
167 | |||
| 167 | response = self.app.post(url('user_perm', id=user.user_id), |
|
168 | response = self.app.post(url('user_perm', id=user.user_id), | |
| 168 | params=dict(_method='put')) |
|
169 | params=dict(_method='put')) | |
| 169 |
|
170 | |||
| 170 | perm_none = Permission.get_by_key('hg.create.none') |
|
171 | perm_none = Permission.get_by_key('hg.create.none') | |
| 171 | perm_create = Permission.get_by_key('hg.create.repository') |
|
172 | perm_create = Permission.get_by_key('hg.create.repository') | |
| 172 |
|
173 | |||
| 173 | user = User.get_by_username(TEST_USER_REGULAR2_LOGIN) |
|
174 | user = User.get_by_username(TEST_USER_REGULAR2_LOGIN) | |
| 174 | #User should have None permission on creation repository |
|
175 | #User should have None permission on creation repository | |
| 175 | self.assertEqual(UserModel().has_perm(user, perm_none), True) |
|
176 | self.assertEqual(UserModel().has_perm(user, perm_none), True) | |
| 176 | self.assertEqual(UserModel().has_perm(user, perm_create), False) |
|
177 | self.assertEqual(UserModel().has_perm(user, perm_create), False) | |
| 177 |
|
178 | |||
| 178 | def test_edit_as_xml(self): |
|
179 | def test_edit_as_xml(self): | |
| 179 | response = self.app.get(url('formatted_edit_user', id=1, format='xml')) |
|
180 | response = self.app.get(url('formatted_edit_user', id=1, format='xml')) | |
| @@ -1,267 +1,273 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | from rhodecode.tests import * |
|
2 | from rhodecode.tests import * | |
| 3 | from rhodecode.model.db import User, Notification |
|
3 | from rhodecode.model.db import User, Notification | |
| 4 | from rhodecode.lib.utils2 import generate_api_key |
|
4 | from rhodecode.lib.utils2 import generate_api_key | |
| 5 | from rhodecode.lib.auth import check_password |
|
5 | from rhodecode.lib.auth import check_password | |
| 6 | from rhodecode.model.meta import Session |
|
6 | from rhodecode.model.meta import Session | |
|
|
7 | from rhodecode.lib import helpers as h | |||
|
|
8 | from rhodecode.model import validators | |||
| 7 |
|
9 | |||
| 8 |
|
10 | |||
| 9 | class TestLoginController(TestController): |
|
11 | class TestLoginController(TestController): | |
| 10 |
|
12 | |||
| 11 | def tearDown(self): |
|
13 | def tearDown(self): | |
| 12 | for n in Notification.query().all(): |
|
14 | for n in Notification.query().all(): | |
| 13 | Session.delete(n) |
|
15 | Session.delete(n) | |
| 14 |
|
16 | |||
| 15 | Session.commit() |
|
17 | Session.commit() | |
| 16 | self.assertEqual(Notification.query().all(), []) |
|
18 | self.assertEqual(Notification.query().all(), []) | |
| 17 |
|
19 | |||
| 18 | def test_index(self): |
|
20 | def test_index(self): | |
| 19 | response = self.app.get(url(controller='login', action='index')) |
|
21 | response = self.app.get(url(controller='login', action='index')) | |
| 20 | self.assertEqual(response.status, '200 OK') |
|
22 | self.assertEqual(response.status, '200 OK') | |
| 21 | # Test response... |
|
23 | # Test response... | |
| 22 |
|
24 | |||
| 23 | def test_login_admin_ok(self): |
|
25 | def test_login_admin_ok(self): | |
| 24 | response = self.app.post(url(controller='login', action='index'), |
|
26 | response = self.app.post(url(controller='login', action='index'), | |
| 25 | {'username':'test_admin', |
|
27 | {'username': 'test_admin', | |
| 26 | 'password':'test12'}) |
|
28 | 'password': 'test12'}) | |
| 27 | self.assertEqual(response.status, '302 Found') |
|
29 | self.assertEqual(response.status, '302 Found') | |
| 28 |
self.assertEqual(response.session['rhodecode_user'].get('username') |
|
30 | self.assertEqual(response.session['rhodecode_user'].get('username'), | |
| 29 | 'test_admin') |
|
31 | 'test_admin') | |
| 30 | response = response.follow() |
|
32 | response = response.follow() | |
| 31 | self.assertTrue('%s repository' % HG_REPO in response.body) |
|
33 | self.assertTrue('%s repository' % HG_REPO in response.body) | |
| 32 |
|
34 | |||
| 33 | def test_login_regular_ok(self): |
|
35 | def test_login_regular_ok(self): | |
| 34 | response = self.app.post(url(controller='login', action='index'), |
|
36 | response = self.app.post(url(controller='login', action='index'), | |
| 35 | {'username':'test_regular', |
|
37 | {'username': 'test_regular', | |
| 36 | 'password':'test12'}) |
|
38 | 'password': 'test12'}) | |
| 37 |
|
39 | |||
| 38 | self.assertEqual(response.status, '302 Found') |
|
40 | self.assertEqual(response.status, '302 Found') | |
| 39 |
self.assertEqual(response.session['rhodecode_user'].get('username') |
|
41 | self.assertEqual(response.session['rhodecode_user'].get('username'), | |
| 40 | 'test_regular') |
|
42 | 'test_regular') | |
| 41 | response = response.follow() |
|
43 | response = response.follow() | |
| 42 | self.assertTrue('%s repository' % HG_REPO in response.body) |
|
44 | self.assertTrue('%s repository' % HG_REPO in response.body) | |
| 43 | self.assertTrue('<a title="Admin" href="/_admin">' not in response.body) |
|
45 | self.assertTrue('<a title="Admin" href="/_admin">' not in response.body) | |
| 44 |
|
46 | |||
| 45 | def test_login_ok_came_from(self): |
|
47 | def test_login_ok_came_from(self): | |
| 46 | test_came_from = '/_admin/users' |
|
48 | test_came_from = '/_admin/users' | |
| 47 | response = self.app.post(url(controller='login', action='index', |
|
49 | response = self.app.post(url(controller='login', action='index', | |
| 48 | came_from=test_came_from), |
|
50 | came_from=test_came_from), | |
| 49 | {'username':'test_admin', |
|
51 | {'username': 'test_admin', | |
| 50 | 'password':'test12'}) |
|
52 | 'password': 'test12'}) | |
| 51 | self.assertEqual(response.status, '302 Found') |
|
53 | self.assertEqual(response.status, '302 Found') | |
| 52 | response = response.follow() |
|
54 | response = response.follow() | |
| 53 |
|
55 | |||
| 54 | self.assertEqual(response.status, '200 OK') |
|
56 | self.assertEqual(response.status, '200 OK') | |
| 55 | self.assertTrue('Users administration' in response.body) |
|
57 | self.assertTrue('Users administration' in response.body) | |
| 56 |
|
58 | |||
| 57 | def test_login_short_password(self): |
|
59 | def test_login_short_password(self): | |
| 58 | response = self.app.post(url(controller='login', action='index'), |
|
60 | response = self.app.post(url(controller='login', action='index'), | |
| 59 | {'username':'test_admin', |
|
61 | {'username': 'test_admin', | |
| 60 | 'password':'as'}) |
|
62 | 'password': 'as'}) | |
| 61 | self.assertEqual(response.status, '200 OK') |
|
63 | self.assertEqual(response.status, '200 OK') | |
| 62 |
|
64 | |||
| 63 | self.assertTrue('Enter 3 characters or more' in response.body) |
|
65 | self.assertTrue('Enter 3 characters or more' in response.body) | |
| 64 |
|
66 | |||
| 65 | def test_login_wrong_username_password(self): |
|
67 | def test_login_wrong_username_password(self): | |
| 66 | response = self.app.post(url(controller='login', action='index'), |
|
68 | response = self.app.post(url(controller='login', action='index'), | |
| 67 | {'username':'error', |
|
69 | {'username': 'error', | |
| 68 | 'password':'test12'}) |
|
70 | 'password': 'test12'}) | |
| 69 | self.assertEqual(response.status , '200 OK') |
|
|||
| 70 |
|
71 | |||
| 71 | self.assertTrue('invalid user name' in response.body) |
|
72 | self.assertTrue('invalid user name' in response.body) | |
| 72 | self.assertTrue('invalid password' in response.body) |
|
73 | self.assertTrue('invalid password' in response.body) | |
| 73 |
|
74 | |||
| 74 | #========================================================================== |
|
75 | #========================================================================== | |
| 75 | # REGISTRATIONS |
|
76 | # REGISTRATIONS | |
| 76 | #========================================================================== |
|
77 | #========================================================================== | |
| 77 | def test_register(self): |
|
78 | def test_register(self): | |
| 78 | response = self.app.get(url(controller='login', action='register')) |
|
79 | response = self.app.get(url(controller='login', action='register')) | |
| 79 | self.assertTrue('Sign Up to RhodeCode' in response.body) |
|
80 | self.assertTrue('Sign Up to RhodeCode' in response.body) | |
| 80 |
|
81 | |||
| 81 | def test_register_err_same_username(self): |
|
82 | def test_register_err_same_username(self): | |
|
|
83 | uname = 'test_admin' | |||
| 82 | response = self.app.post(url(controller='login', action='register'), |
|
84 | response = self.app.post(url(controller='login', action='register'), | |
| 83 |
{'username': |
|
85 | {'username': uname, | |
| 84 | 'password':'test12', |
|
86 | 'password': 'test12', | |
| 85 | 'password_confirmation':'test12', |
|
87 | 'password_confirmation': 'test12', | |
| 86 | 'email':'goodmail@domain.com', |
|
88 | 'email': 'goodmail@domain.com', | |
| 87 | 'name':'test', |
|
89 | 'name': 'test', | |
| 88 | 'lastname':'test'}) |
|
90 | 'lastname': 'test'}) | |
| 89 |
|
91 | |||
| 90 | self.assertEqual(response.status , '200 OK') |
|
92 | msg = validators.ValidUsername()._messages['username_exists'] | |
| 91 | self.assertTrue('This username already exists' in response.body) |
|
93 | msg = h.html_escape(msg % {'username': uname}) | |
|
|
94 | response.mustcontain(msg) | |||
| 92 |
|
95 | |||
| 93 | def test_register_err_same_email(self): |
|
96 | def test_register_err_same_email(self): | |
| 94 | response = self.app.post(url(controller='login', action='register'), |
|
97 | response = self.app.post(url(controller='login', action='register'), | |
| 95 | {'username':'test_admin_0', |
|
98 | {'username': 'test_admin_0', | |
| 96 | 'password':'test12', |
|
99 | 'password': 'test12', | |
| 97 | 'password_confirmation':'test12', |
|
100 | 'password_confirmation': 'test12', | |
| 98 | 'email':'test_admin@mail.com', |
|
101 | 'email': 'test_admin@mail.com', | |
| 99 | 'name':'test', |
|
102 | 'name': 'test', | |
| 100 | 'lastname':'test'}) |
|
103 | 'lastname': 'test'}) | |
| 101 |
|
104 | |||
| 102 | self.assertEqual(response.status , '200 OK') |
|
105 | msg = validators.UniqSystemEmail()()._messages['email_taken'] | |
| 103 |
response.mustcontain( |
|
106 | response.mustcontain(msg) | |
| 104 |
|
107 | |||
| 105 | def test_register_err_same_email_case_sensitive(self): |
|
108 | def test_register_err_same_email_case_sensitive(self): | |
| 106 | response = self.app.post(url(controller='login', action='register'), |
|
109 | response = self.app.post(url(controller='login', action='register'), | |
| 107 | {'username':'test_admin_1', |
|
110 | {'username': 'test_admin_1', | |
| 108 | 'password':'test12', |
|
111 | 'password': 'test12', | |
| 109 | 'password_confirmation':'test12', |
|
112 | 'password_confirmation': 'test12', | |
| 110 | 'email':'TesT_Admin@mail.COM', |
|
113 | 'email': 'TesT_Admin@mail.COM', | |
| 111 | 'name':'test', |
|
114 | 'name': 'test', | |
| 112 | 'lastname':'test'}) |
|
115 | 'lastname': 'test'}) | |
| 113 | self.assertEqual(response.status , '200 OK') |
|
116 | msg = validators.UniqSystemEmail()()._messages['email_taken'] | |
| 114 |
response.mustcontain( |
|
117 | response.mustcontain(msg) | |
| 115 |
|
118 | |||
| 116 | def test_register_err_wrong_data(self): |
|
119 | def test_register_err_wrong_data(self): | |
| 117 | response = self.app.post(url(controller='login', action='register'), |
|
120 | response = self.app.post(url(controller='login', action='register'), | |
| 118 | {'username':'xs', |
|
121 | {'username': 'xs', | |
| 119 | 'password':'test', |
|
122 | 'password': 'test', | |
| 120 | 'password_confirmation':'test', |
|
123 | 'password_confirmation': 'test', | |
| 121 | 'email':'goodmailm', |
|
124 | 'email': 'goodmailm', | |
| 122 | 'name':'test', |
|
125 | 'name': 'test', | |
| 123 | 'lastname':'test'}) |
|
126 | 'lastname': 'test'}) | |
| 124 |
self.assertEqual(response.status |
|
127 | self.assertEqual(response.status, '200 OK') | |
| 125 | response.mustcontain('An email address must contain a single @') |
|
128 | response.mustcontain('An email address must contain a single @') | |
| 126 | response.mustcontain('Enter a value 6 characters long or more') |
|
129 | response.mustcontain('Enter a value 6 characters long or more') | |
| 127 |
|
130 | |||
| 128 | def test_register_err_username(self): |
|
131 | def test_register_err_username(self): | |
| 129 | response = self.app.post(url(controller='login', action='register'), |
|
132 | response = self.app.post(url(controller='login', action='register'), | |
| 130 | {'username':'error user', |
|
133 | {'username': 'error user', | |
| 131 | 'password':'test12', |
|
134 | 'password': 'test12', | |
| 132 | 'password_confirmation':'test12', |
|
135 | 'password_confirmation': 'test12', | |
| 133 | 'email':'goodmailm', |
|
136 | 'email': 'goodmailm', | |
| 134 | 'name':'test', |
|
137 | 'name': 'test', | |
| 135 | 'lastname':'test'}) |
|
138 | 'lastname': 'test'}) | |
| 136 |
|
139 | |||
| 137 | self.assertEqual(response.status , '200 OK') |
|
|||
| 138 | response.mustcontain('An email address must contain a single @') |
|
140 | response.mustcontain('An email address must contain a single @') | |
| 139 | response.mustcontain('Username may only contain ' |
|
141 | response.mustcontain('Username may only contain ' | |
| 140 | 'alphanumeric characters underscores, ' |
|
142 | 'alphanumeric characters underscores, ' | |
| 141 | 'periods or dashes and must begin with ' |
|
143 | 'periods or dashes and must begin with ' | |
| 142 | 'alphanumeric character') |
|
144 | 'alphanumeric character') | |
| 143 |
|
145 | |||
| 144 | def test_register_err_case_sensitive(self): |
|
146 | def test_register_err_case_sensitive(self): | |
|
|
147 | usr = 'Test_Admin' | |||
| 145 | response = self.app.post(url(controller='login', action='register'), |
|
148 | response = self.app.post(url(controller='login', action='register'), | |
| 146 |
{'username': |
|
149 | {'username': usr, | |
| 147 | 'password':'test12', |
|
150 | 'password': 'test12', | |
| 148 | 'password_confirmation':'test12', |
|
151 | 'password_confirmation': 'test12', | |
| 149 | 'email':'goodmailm', |
|
152 | 'email': 'goodmailm', | |
| 150 | 'name':'test', |
|
153 | 'name': 'test', | |
| 151 | 'lastname':'test'}) |
|
154 | 'lastname': 'test'}) | |
| 152 |
|
155 | |||
| 153 | self.assertEqual(response.status , '200 OK') |
|
156 | response.mustcontain('An email address must contain a single @') | |
| 154 | self.assertTrue('An email address must contain a single @' in response.body) |
|
157 | msg = validators.ValidUsername()._messages['username_exists'] | |
| 155 | self.assertTrue('This username already exists' in response.body) |
|
158 | msg = h.html_escape(msg % {'username': usr}) | |
|
|
159 | response.mustcontain(msg) | |||
| 156 |
|
160 | |||
| 157 | def test_register_special_chars(self): |
|
161 | def test_register_special_chars(self): | |
| 158 | response = self.app.post(url(controller='login', action='register'), |
|
162 | response = self.app.post(url(controller='login', action='register'), | |
| 159 |
|
|
163 | {'username': 'xxxaxn', | |
| 160 |
|
|
164 | 'password': 'Δ ΔΕΊΕΌΔ ΕΕΕΕ', | |
| 161 |
|
|
165 | 'password_confirmation': 'Δ ΔΕΊΕΌΔ ΕΕΕΕ', | |
| 162 |
|
|
166 | 'email': 'goodmailm@test.plx', | |
| 163 |
|
|
167 | 'name': 'test', | |
| 164 |
|
|
168 | 'lastname': 'test'}) | |
| 165 |
|
169 | |||
| 166 | self.assertEqual(response.status , '200 OK') |
|
170 | msg = validators.ValidPassword()._messages['invalid_password'] | |
| 167 | self.assertTrue('Invalid characters in password' in response.body) |
|
171 | response.mustcontain(msg) | |
| 168 |
|
172 | |||
| 169 | def test_register_password_mismatch(self): |
|
173 | def test_register_password_mismatch(self): | |
| 170 | response = self.app.post(url(controller='login', action='register'), |
|
174 | response = self.app.post(url(controller='login', action='register'), | |
| 171 | {'username':'xs', |
|
175 | {'username': 'xs', | |
| 172 | 'password':'123qwe', |
|
176 | 'password': '123qwe', | |
| 173 | 'password_confirmation':'qwe123', |
|
177 | 'password_confirmation': 'qwe123', | |
| 174 | 'email':'goodmailm@test.plxa', |
|
178 | 'email': 'goodmailm@test.plxa', | |
| 175 | 'name':'test', |
|
179 | 'name': 'test', | |
| 176 | 'lastname':'test'}) |
|
180 | 'lastname': 'test'}) | |
| 177 |
|
181 | msg = validators.ValidPasswordsMatch()._messages['password_mismatch'] | ||
| 178 | self.assertEqual(response.status, '200 OK') |
|
182 | response.mustcontain(msg) | |
| 179 | response.mustcontain('Passwords do not match') |
|
|||
| 180 |
|
183 | |||
| 181 | def test_register_ok(self): |
|
184 | def test_register_ok(self): | |
| 182 | username = 'test_regular4' |
|
185 | username = 'test_regular4' | |
| 183 | password = 'qweqwe' |
|
186 | password = 'qweqwe' | |
| 184 | email = 'marcin@test.com' |
|
187 | email = 'marcin@test.com' | |
| 185 | name = 'testname' |
|
188 | name = 'testname' | |
| 186 | lastname = 'testlastname' |
|
189 | lastname = 'testlastname' | |
| 187 |
|
190 | |||
| 188 | response = self.app.post(url(controller='login', action='register'), |
|
191 | response = self.app.post(url(controller='login', action='register'), | |
| 189 | {'username':username, |
|
192 | {'username': username, | |
| 190 | 'password':password, |
|
193 | 'password': password, | |
| 191 | 'password_confirmation':password, |
|
194 | 'password_confirmation': password, | |
| 192 | 'email':email, |
|
195 | 'email': email, | |
| 193 | 'name':name, |
|
196 | 'name': name, | |
| 194 | 'lastname':lastname, |
|
197 | 'lastname': lastname, | |
| 195 | 'admin':True}) # This should be overriden |
|
198 | 'admin': True}) # This should be overriden | |
| 196 | self.assertEqual(response.status, '302 Found') |
|
199 | self.assertEqual(response.status, '302 Found') | |
| 197 | self.checkSessionFlash(response, 'You have successfully registered into rhodecode') |
|
200 | self.checkSessionFlash(response, 'You have successfully registered into rhodecode') | |
| 198 |
|
201 | |||
| 199 | ret = self.Session.query(User).filter(User.username == 'test_regular4').one() |
|
202 | ret = self.Session.query(User).filter(User.username == 'test_regular4').one() | |
| 200 | self.assertEqual(ret.username, username) |
|
203 | self.assertEqual(ret.username, username) | |
| 201 | self.assertEqual(check_password(password, ret.password), True) |
|
204 | self.assertEqual(check_password(password, ret.password), True) | |
| 202 | self.assertEqual(ret.email, email) |
|
205 | self.assertEqual(ret.email, email) | |
| 203 | self.assertEqual(ret.name, name) |
|
206 | self.assertEqual(ret.name, name) | |
| 204 | self.assertEqual(ret.lastname, lastname) |
|
207 | self.assertEqual(ret.lastname, lastname) | |
| 205 | self.assertNotEqual(ret.api_key, None) |
|
208 | self.assertNotEqual(ret.api_key, None) | |
| 206 | self.assertEqual(ret.admin, False) |
|
209 | self.assertEqual(ret.admin, False) | |
| 207 |
|
210 | |||
| 208 | def test_forgot_password_wrong_mail(self): |
|
211 | def test_forgot_password_wrong_mail(self): | |
|
|
212 | bad_email = 'marcin@wrongmail.org' | |||
| 209 | response = self.app.post( |
|
213 | response = self.app.post( | |
| 210 | url(controller='login', action='password_reset'), |
|
214 | url(controller='login', action='password_reset'), | |
| 211 |
{'email': |
|
215 | {'email': bad_email, } | |
| 212 | ) |
|
216 | ) | |
| 213 |
|
217 | |||
| 214 | response.mustcontain("This e-mail address doesn't exist") |
|
218 | msg = validators.ValidSystemEmail()._messages['non_existing_email'] | |
|
|
219 | msg = h.html_escape(msg % {'email': bad_email}) | |||
|
|
220 | response.mustcontain() | |||
| 215 |
|
221 | |||
| 216 | def test_forgot_password(self): |
|
222 | def test_forgot_password(self): | |
| 217 | response = self.app.get(url(controller='login', |
|
223 | response = self.app.get(url(controller='login', | |
| 218 | action='password_reset')) |
|
224 | action='password_reset')) | |
| 219 | self.assertEqual(response.status, '200 OK') |
|
225 | self.assertEqual(response.status, '200 OK') | |
| 220 |
|
226 | |||
| 221 | username = 'test_password_reset_1' |
|
227 | username = 'test_password_reset_1' | |
| 222 | password = 'qweqwe' |
|
228 | password = 'qweqwe' | |
| 223 | email = 'marcin@python-works.com' |
|
229 | email = 'marcin@python-works.com' | |
| 224 | name = 'passwd' |
|
230 | name = 'passwd' | |
| 225 | lastname = 'reset' |
|
231 | lastname = 'reset' | |
| 226 |
|
232 | |||
| 227 | new = User() |
|
233 | new = User() | |
| 228 | new.username = username |
|
234 | new.username = username | |
| 229 | new.password = password |
|
235 | new.password = password | |
| 230 | new.email = email |
|
236 | new.email = email | |
| 231 | new.name = name |
|
237 | new.name = name | |
| 232 | new.lastname = lastname |
|
238 | new.lastname = lastname | |
| 233 | new.api_key = generate_api_key(username) |
|
239 | new.api_key = generate_api_key(username) | |
| 234 | self.Session.add(new) |
|
240 | self.Session.add(new) | |
| 235 | self.Session.commit() |
|
241 | self.Session.commit() | |
| 236 |
|
242 | |||
| 237 | response = self.app.post(url(controller='login', |
|
243 | response = self.app.post(url(controller='login', | |
| 238 | action='password_reset'), |
|
244 | action='password_reset'), | |
| 239 | {'email':email, }) |
|
245 | {'email': email, }) | |
| 240 |
|
246 | |||
| 241 | self.checkSessionFlash(response, 'Your password reset link was sent') |
|
247 | self.checkSessionFlash(response, 'Your password reset link was sent') | |
| 242 |
|
248 | |||
| 243 | response = response.follow() |
|
249 | response = response.follow() | |
| 244 |
|
250 | |||
| 245 | # BAD KEY |
|
251 | # BAD KEY | |
| 246 |
|
252 | |||
| 247 | key = "bad" |
|
253 | key = "bad" | |
| 248 | response = self.app.get(url(controller='login', |
|
254 | response = self.app.get(url(controller='login', | |
| 249 | action='password_reset_confirmation', |
|
255 | action='password_reset_confirmation', | |
| 250 | key=key)) |
|
256 | key=key)) | |
| 251 | self.assertEqual(response.status, '302 Found') |
|
257 | self.assertEqual(response.status, '302 Found') | |
| 252 | self.assertTrue(response.location.endswith(url('reset_password'))) |
|
258 | self.assertTrue(response.location.endswith(url('reset_password'))) | |
| 253 |
|
259 | |||
| 254 | # GOOD KEY |
|
260 | # GOOD KEY | |
| 255 |
|
261 | |||
| 256 | key = User.get_by_username(username).api_key |
|
262 | key = User.get_by_username(username).api_key | |
| 257 | response = self.app.get(url(controller='login', |
|
263 | response = self.app.get(url(controller='login', | |
| 258 | action='password_reset_confirmation', |
|
264 | action='password_reset_confirmation', | |
| 259 | key=key)) |
|
265 | key=key)) | |
| 260 | self.assertEqual(response.status, '302 Found') |
|
266 | self.assertEqual(response.status, '302 Found') | |
| 261 | self.assertTrue(response.location.endswith(url('login_home'))) |
|
267 | self.assertTrue(response.location.endswith(url('login_home'))) | |
| 262 |
|
268 | |||
| 263 | self.checkSessionFlash(response, |
|
269 | self.checkSessionFlash(response, | |
| 264 | ('Your password reset was successful, ' |
|
270 | ('Your password reset was successful, ' | |
| 265 | 'new password has been sent to your email')) |
|
271 | 'new password has been sent to your email')) | |
| 266 |
|
272 | |||
| 267 | response = response.follow() |
|
273 | response = response.follow() | |
General Comments 0
You need to be logged in to leave comments.
Login now