Show More
@@ -1,473 +1,473 b'' | |||
|
1 | 1 | .. _api: |
|
2 | 2 | |
|
3 | 3 | |
|
4 | 4 | API |
|
5 | 5 | === |
|
6 | 6 | |
|
7 | 7 | |
|
8 | 8 | Starting from RhodeCode version 1.2 a simple API was implemented. |
|
9 | 9 | There's a single schema for calling all api methods. API is implemented |
|
10 | 10 | with JSON protocol both ways. An url to send API request in RhodeCode is |
|
11 | 11 | <your_server>/_admin/api |
|
12 | 12 | |
|
13 | 13 | API ACCESS FOR WEB VIEWS |
|
14 | 14 | ++++++++++++++++++++++++ |
|
15 | 15 | |
|
16 | 16 | API access can also be turned on for each web view in RhodeCode that is |
|
17 | 17 | decorated with `@LoginRequired` decorator. To enable API access simple change |
|
18 | 18 | the standard login decorator to `@LoginRequired(api_access=True)`. |
|
19 | 19 | After this change, a rhodecode view can be accessed without login by adding a |
|
20 | 20 | GET parameter `?api_key=<api_key>` to url. By default this is only |
|
21 | 21 | enabled on RSS/ATOM feed views. |
|
22 | 22 | |
|
23 | 23 | |
|
24 | 24 | API ACCESS |
|
25 | 25 | ++++++++++ |
|
26 | 26 | |
|
27 | 27 | All clients are required to send JSON-RPC spec JSON data:: |
|
28 | 28 | |
|
29 | 29 | { |
|
30 | 30 | "id:<id>, |
|
31 | 31 | "api_key":"<api_key>", |
|
32 | 32 | "method":"<method_name>", |
|
33 | 33 | "args":{"<arg_key>":"<arg_val>"} |
|
34 | 34 | } |
|
35 | 35 | |
|
36 | 36 | Example call for autopulling remotes repos using curl:: |
|
37 | 37 | curl https://server.com/_admin/api -X POST -H 'content-type:text/plain' --data-binary '{"id":1,"api_key":"xe7cdb2v278e4evbdf5vs04v832v0efvcbcve4a3","method":"pull","args":{"repo":"CPython"}}' |
|
38 | 38 | |
|
39 | 39 | Simply provide |
|
40 | 40 | - *id* A value of any type, which is used to match the response with the request that it is replying to. |
|
41 | 41 | - *api_key* for access and permission validation. |
|
42 | 42 | - *method* is name of method to call |
|
43 | 43 | - *args* is an key:value list of arguments to pass to method |
|
44 | 44 | |
|
45 | 45 | .. note:: |
|
46 | 46 | |
|
47 | 47 | api_key can be found in your user account page |
|
48 | 48 | |
|
49 | 49 | |
|
50 | 50 | RhodeCode API will return always a JSON-RPC response:: |
|
51 | 51 | |
|
52 | 52 | { |
|
53 | 53 | "id":<id>, |
|
54 | 54 | "result": "<result>", |
|
55 | 55 | "error": null |
|
56 | 56 | } |
|
57 | 57 | |
|
58 | 58 | All responses from API will be `HTTP/1.0 200 OK`, if there's an error while |
|
59 | 59 | calling api *error* key from response will contain failure description |
|
60 | 60 | and result will be null. |
|
61 | 61 | |
|
62 | 62 | API METHODS |
|
63 | 63 | +++++++++++ |
|
64 | 64 | |
|
65 | 65 | |
|
66 | 66 | pull |
|
67 | 67 | ---- |
|
68 | 68 | |
|
69 | 69 | Pulls given repo from remote location. Can be used to automatically keep |
|
70 | 70 | remote repos up to date. This command can be executed only using api_key |
|
71 | 71 | belonging to user with admin rights |
|
72 | 72 | |
|
73 | 73 | INPUT:: |
|
74 | 74 | |
|
75 | 75 | api_key : "<api_key>" |
|
76 | 76 | method : "pull" |
|
77 | 77 | args : { |
|
78 | 78 | "repo_name" : "<reponame>" |
|
79 | 79 | } |
|
80 | 80 | |
|
81 | 81 | OUTPUT:: |
|
82 | 82 | |
|
83 | 83 | result : "Pulled from <reponame>" |
|
84 | 84 | error : null |
|
85 | 85 | |
|
86 | 86 | |
|
87 | 87 | get_user |
|
88 | 88 | -------- |
|
89 | 89 | |
|
90 | 90 | Get's an user by username, Returns empty result if user is not found. |
|
91 | 91 | This command can be executed only using api_key belonging to user with admin |
|
92 | 92 | rights. |
|
93 | 93 | |
|
94 | 94 | INPUT:: |
|
95 | 95 | |
|
96 | 96 | api_key : "<api_key>" |
|
97 | 97 | method : "get_user" |
|
98 | 98 | args : { |
|
99 | 99 | "username" : "<username>" |
|
100 | 100 | } |
|
101 | 101 | |
|
102 | 102 | OUTPUT:: |
|
103 | 103 | |
|
104 | 104 | result: None if user does not exist or |
|
105 | 105 | { |
|
106 | 106 | "id" : "<id>", |
|
107 | 107 | "username" : "<username>", |
|
108 | 108 | "firstname": "<firstname>", |
|
109 | 109 | "lastname" : "<lastname>", |
|
110 | 110 | "email" : "<email>", |
|
111 | 111 | "active" : "<bool>", |
|
112 | 112 | "admin" :Β "<bool>", |
|
113 | 113 | "ldap" : "<ldap_dn>" |
|
114 | 114 | } |
|
115 | 115 | |
|
116 | 116 | error: null |
|
117 | 117 | |
|
118 | 118 | |
|
119 | 119 | get_users |
|
120 | 120 | --------- |
|
121 | 121 | |
|
122 | 122 | Lists all existing users. This command can be executed only using api_key |
|
123 | 123 | belonging to user with admin rights. |
|
124 | 124 | |
|
125 | 125 | INPUT:: |
|
126 | 126 | |
|
127 | 127 | api_key : "<api_key>" |
|
128 | 128 | method : "get_users" |
|
129 | 129 | args : { } |
|
130 | 130 | |
|
131 | 131 | OUTPUT:: |
|
132 | 132 | |
|
133 | 133 | result: [ |
|
134 | 134 | { |
|
135 | 135 | "id" : "<id>", |
|
136 | 136 | "username" : "<username>", |
|
137 | 137 | "firstname": "<firstname>", |
|
138 | 138 | "lastname" : "<lastname>", |
|
139 | 139 | "email" : "<email>", |
|
140 | 140 | "active" : "<bool>", |
|
141 | 141 | "admin" :Β "<bool>", |
|
142 | 142 | "ldap" : "<ldap_dn>" |
|
143 | 143 | }, |
|
144 | 144 | β¦ |
|
145 | 145 | ] |
|
146 | 146 | error: null |
|
147 | 147 | |
|
148 | 148 | create_user |
|
149 | 149 | ----------- |
|
150 | 150 | |
|
151 | 151 | Creates new user or updates current one if such user exists. This command can |
|
152 | 152 | be executed only using api_key belonging to user with admin rights. |
|
153 | 153 | |
|
154 | 154 | INPUT:: |
|
155 | 155 | |
|
156 | 156 | api_key : "<api_key>" |
|
157 | 157 | method : "create_user" |
|
158 | 158 | args : { |
|
159 | 159 | "username" : "<username>", |
|
160 | 160 | "password" : "<password>", |
|
161 |
" |
|
|
162 |
" |
|
|
163 |
" |
|
|
161 | "email" : "<useremail>", | |
|
162 | "firstname" : "<firstname> = None", | |
|
163 | "lastname" : "<lastname> = None", | |
|
164 | 164 | "active" : "<bool> = True", |
|
165 | 165 | "admin" : "<bool> = False", |
|
166 | 166 | "ldap_dn" : "<ldap_dn> = None" |
|
167 | 167 | } |
|
168 | 168 | |
|
169 | 169 | OUTPUT:: |
|
170 | 170 | |
|
171 | 171 | result: { |
|
172 | 172 | "id" : "<new_user_id>", |
|
173 | 173 | "msg" : "created new user <username>" |
|
174 | 174 | } |
|
175 | 175 | error: null |
|
176 | 176 | |
|
177 | 177 | get_users_group |
|
178 | 178 | --------------- |
|
179 | 179 | |
|
180 | 180 | Gets an existing users group. This command can be executed only using api_key |
|
181 | 181 | belonging to user with admin rights. |
|
182 | 182 | |
|
183 | 183 | INPUT:: |
|
184 | 184 | |
|
185 | 185 | api_key : "<api_key>" |
|
186 | 186 | method : "get_users_group" |
|
187 | 187 | args : { |
|
188 | 188 | "group_name" : "<name>" |
|
189 | 189 | } |
|
190 | 190 | |
|
191 | 191 | OUTPUT:: |
|
192 | 192 | |
|
193 | 193 | result : None if group not exist |
|
194 | 194 | { |
|
195 | 195 | "id" : "<id>", |
|
196 | 196 | "group_name" : "<groupname>", |
|
197 | 197 | "active": "<bool>", |
|
198 | 198 | "members" : [ |
|
199 | 199 | { "id" : "<userid>", |
|
200 | 200 | "username" : "<username>", |
|
201 | 201 | "firstname": "<firstname>", |
|
202 | 202 | "lastname" : "<lastname>", |
|
203 | 203 | "email" : "<email>", |
|
204 | 204 | "active" : "<bool>", |
|
205 | 205 | "admin" :Β "<bool>", |
|
206 | 206 | "ldap" : "<ldap_dn>" |
|
207 | 207 | }, |
|
208 | 208 | β¦ |
|
209 | 209 | ] |
|
210 | 210 | } |
|
211 | 211 | error : null |
|
212 | 212 | |
|
213 | 213 | get_users_groups |
|
214 | 214 | ---------------- |
|
215 | 215 | |
|
216 | 216 | Lists all existing users groups. This command can be executed only using |
|
217 | 217 | api_key belonging to user with admin rights. |
|
218 | 218 | |
|
219 | 219 | INPUT:: |
|
220 | 220 | |
|
221 | 221 | api_key : "<api_key>" |
|
222 | 222 | method : "get_users_groups" |
|
223 | 223 | args : { } |
|
224 | 224 | |
|
225 | 225 | OUTPUT:: |
|
226 | 226 | |
|
227 | 227 | result : [ |
|
228 | 228 | { |
|
229 | 229 | "id" : "<id>", |
|
230 | 230 | "group_name" : "<groupname>", |
|
231 | 231 | "active": "<bool>", |
|
232 | 232 | "members" : [ |
|
233 | 233 | { |
|
234 | 234 | "id" : "<userid>", |
|
235 | 235 | "username" : "<username>", |
|
236 | 236 | "firstname": "<firstname>", |
|
237 | 237 | "lastname" : "<lastname>", |
|
238 | 238 | "email" : "<email>", |
|
239 | 239 | "active" : "<bool>", |
|
240 | 240 | "admin" :Β "<bool>", |
|
241 | 241 | "ldap" : "<ldap_dn>" |
|
242 | 242 | }, |
|
243 | 243 | β¦ |
|
244 | 244 | ] |
|
245 | 245 | } |
|
246 | 246 | ] |
|
247 | 247 | error : null |
|
248 | 248 | |
|
249 | 249 | |
|
250 | 250 | create_users_group |
|
251 | 251 | ------------------ |
|
252 | 252 | |
|
253 | 253 | Creates new users group. This command can be executed only using api_key |
|
254 | 254 | belonging to user with admin rights |
|
255 | 255 | |
|
256 | 256 | INPUT:: |
|
257 | 257 | |
|
258 | 258 | api_key : "<api_key>" |
|
259 | 259 | method : "create_users_group" |
|
260 | 260 | args: { |
|
261 | 261 | "group_name": "<groupname>", |
|
262 | 262 | "active":"<bool> = True" |
|
263 | 263 | } |
|
264 | 264 | |
|
265 | 265 | OUTPUT:: |
|
266 | 266 | |
|
267 | 267 | result: { |
|
268 | 268 | "id": "<newusersgroupid>", |
|
269 | 269 | "msg": "created new users group <groupname>" |
|
270 | 270 | } |
|
271 | 271 | error: null |
|
272 | 272 | |
|
273 | 273 | add_user_to_users_group |
|
274 | 274 | ----------------------- |
|
275 | 275 | |
|
276 | 276 | Adds a user to a users group. This command can be executed only using api_key |
|
277 | 277 | belonging to user with admin rights |
|
278 | 278 | |
|
279 | 279 | INPUT:: |
|
280 | 280 | |
|
281 | 281 | api_key : "<api_key>" |
|
282 | 282 | method : "add_user_users_group" |
|
283 | 283 | args: { |
|
284 | 284 | "group_name" : "<groupname>", |
|
285 | 285 | "username" : "<username>" |
|
286 | 286 | } |
|
287 | 287 | |
|
288 | 288 | OUTPUT:: |
|
289 | 289 | |
|
290 | 290 | result: { |
|
291 | 291 | "id": "<newusersgroupmemberid>", |
|
292 | 292 | "msg": "created new users group member" |
|
293 | 293 | } |
|
294 | 294 | error: null |
|
295 | 295 | |
|
296 | 296 | get_repo |
|
297 | 297 | -------- |
|
298 | 298 | |
|
299 | 299 | Gets an existing repository. This command can be executed only using api_key |
|
300 | 300 | belonging to user with admin rights |
|
301 | 301 | |
|
302 | 302 | INPUT:: |
|
303 | 303 | |
|
304 | 304 | api_key : "<api_key>" |
|
305 | 305 | method : "get_repo" |
|
306 | 306 | args: { |
|
307 | 307 | "repo_name" : "<reponame>" |
|
308 | 308 | } |
|
309 | 309 | |
|
310 | 310 | OUTPUT:: |
|
311 | 311 | |
|
312 | 312 | result: None if repository does not exist or |
|
313 | 313 | { |
|
314 | 314 | "id" : "<id>", |
|
315 | 315 | "repo_name" : "<reponame>" |
|
316 | 316 | "type" : "<type>", |
|
317 | 317 | "description" : "<description>", |
|
318 | 318 | "members" : [ |
|
319 | 319 | { "id" : "<userid>", |
|
320 | 320 | "username" : "<username>", |
|
321 | 321 | "firstname": "<firstname>", |
|
322 | 322 | "lastname" : "<lastname>", |
|
323 | 323 | "email" : "<email>", |
|
324 | 324 | "active" : "<bool>", |
|
325 | 325 | "admin" :Β "<bool>", |
|
326 | 326 | "ldap" : "<ldap_dn>", |
|
327 | 327 | "permission" : "repository.(read|write|admin)" |
|
328 | 328 | }, |
|
329 | 329 | β¦ |
|
330 | 330 | { |
|
331 | 331 | "id" : "<usersgroupid>", |
|
332 | 332 | "name" : "<usersgroupname>", |
|
333 | 333 | "active": "<bool>", |
|
334 | 334 | "permission" : "repository.(read|write|admin)" |
|
335 | 335 | }, |
|
336 | 336 | β¦ |
|
337 | 337 | ] |
|
338 | 338 | } |
|
339 | 339 | error: null |
|
340 | 340 | |
|
341 | 341 | get_repos |
|
342 | 342 | --------- |
|
343 | 343 | |
|
344 | 344 | Lists all existing repositories. This command can be executed only using api_key |
|
345 | 345 | belonging to user with admin rights |
|
346 | 346 | |
|
347 | 347 | INPUT:: |
|
348 | 348 | |
|
349 | 349 | api_key : "<api_key>" |
|
350 | 350 | method : "get_repos" |
|
351 | 351 | args: { } |
|
352 | 352 | |
|
353 | 353 | OUTPUT:: |
|
354 | 354 | |
|
355 | 355 | result: [ |
|
356 | 356 | { |
|
357 | 357 | "id" : "<id>", |
|
358 | 358 | "repo_name" : "<reponame>" |
|
359 | 359 | "type" : "<type>", |
|
360 | 360 | "description" : "<description>" |
|
361 | 361 | }, |
|
362 | 362 | β¦ |
|
363 | 363 | ] |
|
364 | 364 | error: null |
|
365 | 365 | |
|
366 | 366 | |
|
367 | 367 | get_repo_nodes |
|
368 | 368 | -------------- |
|
369 | 369 | |
|
370 | 370 | returns a list of nodes and it's children in a flat list for a given path |
|
371 | 371 | at given revision. It's possible to specify ret_type to show only `files` or |
|
372 | 372 | `dirs`. This command can be executed only using api_key belonging to user |
|
373 | 373 | with admin rights |
|
374 | 374 | |
|
375 | 375 | INPUT:: |
|
376 | 376 | |
|
377 | 377 | api_key : "<api_key>" |
|
378 | 378 | method : "get_repo_nodes" |
|
379 | 379 | args: { |
|
380 | 380 | "repo_name" : "<reponame>", |
|
381 | 381 | "revision" : "<revision>", |
|
382 | 382 | "root_path" : "<root_path>", |
|
383 | 383 | "ret_type" : "<ret_type>" = 'all' |
|
384 | 384 | } |
|
385 | 385 | |
|
386 | 386 | OUTPUT:: |
|
387 | 387 | |
|
388 | 388 | result: [ |
|
389 | 389 | { |
|
390 | 390 | "name" : "<name>" |
|
391 | 391 | "type" : "<type>", |
|
392 | 392 | }, |
|
393 | 393 | β¦ |
|
394 | 394 | ] |
|
395 | 395 | error: null |
|
396 | 396 | |
|
397 | 397 | |
|
398 | 398 | |
|
399 | 399 | create_repo |
|
400 | 400 | ----------- |
|
401 | 401 | |
|
402 | 402 | Creates a repository. This command can be executed only using api_key |
|
403 | 403 | belonging to user with admin rights. |
|
404 | 404 | If repository name contains "/", all needed repository groups will be created. |
|
405 | 405 | For example "foo/bar/baz" will create groups "foo", "bar" (with "foo" as parent), |
|
406 | 406 | and create "baz" repository with "bar" as group. |
|
407 | 407 | |
|
408 | 408 | INPUT:: |
|
409 | 409 | |
|
410 | 410 | api_key : "<api_key>" |
|
411 | 411 | method : "create_repo" |
|
412 | 412 | args: { |
|
413 | 413 | "repo_name" : "<reponame>", |
|
414 | 414 | "owner_name" : "<ownername>", |
|
415 | 415 | "description" : "<description> = ''", |
|
416 | 416 | "repo_type" : "<type> = 'hg'", |
|
417 | 417 | "private" : "<bool> = False" |
|
418 | 418 | } |
|
419 | 419 | |
|
420 | 420 | OUTPUT:: |
|
421 | 421 | |
|
422 | 422 | result: { |
|
423 | 423 | "id": "<newrepoid>", |
|
424 | 424 | "msg": "Created new repository <reponame>", |
|
425 | 425 | } |
|
426 | 426 | error: null |
|
427 | 427 | |
|
428 | 428 | add_user_to_repo |
|
429 | 429 | ---------------- |
|
430 | 430 | |
|
431 | 431 | Add a user to a repository. This command can be executed only using api_key |
|
432 | 432 | belonging to user with admin rights. |
|
433 | 433 | If "perm" is None, user will be removed from the repository. |
|
434 | 434 | |
|
435 | 435 | INPUT:: |
|
436 | 436 | |
|
437 | 437 | api_key : "<api_key>" |
|
438 | 438 | method : "add_user_to_repo" |
|
439 | 439 | args: { |
|
440 | 440 | "repo_name" : "<reponame>", |
|
441 | 441 | "username" : "<username>", |
|
442 | 442 | "perm" : "(None|repository.(read|write|admin))", |
|
443 | 443 | } |
|
444 | 444 | |
|
445 | 445 | OUTPUT:: |
|
446 | 446 | |
|
447 | 447 | result: { |
|
448 | 448 | "msg" : "Added perm: <perm> for <username> in repo: <reponame>" |
|
449 | 449 | } |
|
450 | 450 | error: null |
|
451 | 451 | |
|
452 | 452 | add_users_group_to_repo |
|
453 | 453 | ----------------------- |
|
454 | 454 | |
|
455 | 455 | Add a users group to a repository. This command can be executed only using |
|
456 | 456 | api_key belonging to user with admin rights. If "perm" is None, group will |
|
457 | 457 | be removed from the repository. |
|
458 | 458 | |
|
459 | 459 | INPUT:: |
|
460 | 460 | |
|
461 | 461 | api_key : "<api_key>" |
|
462 | 462 | method : "add_users_group_to_repo" |
|
463 | 463 | args: { |
|
464 | 464 | "repo_name" : "<reponame>", |
|
465 | 465 | "group_name" : "<groupname>", |
|
466 | 466 | "perm" : "(None|repository.(read|write|admin))", |
|
467 | 467 | } |
|
468 | 468 | OUTPUT:: |
|
469 | 469 | |
|
470 | 470 | result: { |
|
471 | 471 | "msg" : Added perm: <perm> for <groupname> in repo: <reponame>" |
|
472 | 472 | } |
|
473 | 473 |
@@ -1,478 +1,479 b'' | |||
|
1 | 1 | .. _changelog: |
|
2 | 2 | |
|
3 | 3 | Changelog |
|
4 | 4 | ========= |
|
5 | 5 | |
|
6 | 6 | |
|
7 | 7 | 1.3.0 (**XXXX-XX-XX**) |
|
8 | 8 | ====================== |
|
9 | 9 | |
|
10 | 10 | :status: in-progress |
|
11 | 11 | :branch: beta |
|
12 | 12 | |
|
13 | 13 | news |
|
14 | 14 | ---- |
|
15 | 15 | |
|
16 | 16 | - code review, inspired by github code-comments |
|
17 | 17 | - #215 rst and markdown README files support |
|
18 | 18 | - #252 Container-based and proxy pass-through authentication support |
|
19 | 19 | - #44 branch browser. Filtering of changelog by branches |
|
20 | 20 | - mercurial bookmarks support |
|
21 | 21 | - new hover top menu, optimized to add maximum size for important views |
|
22 | 22 | - configurable clone url template with possibility to specify protocol like |
|
23 | 23 | ssh:// or http:// and also manually alter other parts of clone_url. |
|
24 | 24 | - enabled largefiles extension by default |
|
25 | 25 | - optimized summary file pages and saved a lot of unused space in them |
|
26 | 26 | - #239 option to manually mark repository as fork |
|
27 | 27 | - #320 mapping of commit authors to RhodeCode users |
|
28 | 28 | - #304 hashes are displayed using monospace font |
|
29 | 29 | - diff configuration, toggle white lines and context lines |
|
30 | 30 | - #307 configurable diffs, whitespace toggle, increasing context lines |
|
31 | 31 | - sorting on branches, tags and bookmarks using YUI datatable |
|
32 | 32 | - improved file filter on files page |
|
33 | 33 | - implements #330 api method for listing nodes ar particular revision |
|
34 | 34 | - #73 added linking issues in commit messages to chosen issue tracker url |
|
35 | 35 | based on user defined regular expression |
|
36 | 36 | - added linking of changesets in commit messages |
|
37 | 37 | - new compact changelog with expandable commit messages |
|
38 | - firstname and lastname are optional in user creation | |
|
38 | 39 | |
|
39 | 40 | fixes |
|
40 | 41 | ----- |
|
41 | 42 | |
|
42 | 43 | - rewrote dbsession management for atomic operations, and better error handling |
|
43 | 44 | - fixed sorting of repo tables |
|
44 | 45 | - #326 escape of special html entities in diffs |
|
45 | 46 | - normalized user_name => username in api attributes |
|
46 | 47 | - fixes #298 ldap created users with mixed case emails created conflicts |
|
47 | 48 | on saving a form |
|
48 | 49 | - fixes issue when owner of a repo couldn't revoke permissions for users |
|
49 | 50 | and groups |
|
50 | 51 | - fixes #271 rare JSON serialization problem with statistics |
|
51 | 52 | - fixes #337 missing validation check for conflicting names of a group with a |
|
52 | 53 | repositories group |
|
53 | 54 | - #340 fixed session problem for mysql and celery tasks |
|
54 | 55 | - fixed #331 RhodeCode mangles repository names if the a repository group |
|
55 | 56 | contains the "full path" to the repositories |
|
56 | 57 | |
|
57 | 58 | |
|
58 | 59 | 1.2.4 (**2012-01-19**) |
|
59 | 60 | ====================== |
|
60 | 61 | |
|
61 | 62 | news |
|
62 | 63 | ---- |
|
63 | 64 | |
|
64 | 65 | - RhodeCode is bundled with mercurial series 2.0.X by default, with |
|
65 | 66 | full support to largefiles extension. Enabled by default in new installations |
|
66 | 67 | - #329 Ability to Add/Remove Groups to/from a Repository via AP |
|
67 | 68 | - added requires.txt file with requirements |
|
68 | 69 | |
|
69 | 70 | fixes |
|
70 | 71 | ----- |
|
71 | 72 | |
|
72 | 73 | - fixes db session issues with celery when emailing admins |
|
73 | 74 | - #331 RhodeCode mangles repository names if the a repository group |
|
74 | 75 | contains the "full path" to the repositories |
|
75 | 76 | - #298 Conflicting e-mail addresses for LDAP and RhodeCode users |
|
76 | 77 | - DB session cleanup after hg protocol operations, fixes issues with |
|
77 | 78 | `mysql has gone away` errors |
|
78 | 79 | - #333 doc fixes for get_repo api function |
|
79 | 80 | - #271 rare JSON serialization problem with statistics enabled |
|
80 | 81 | - #337 Fixes issues with validation of repository name conflicting with |
|
81 | 82 | a group name. A proper message is now displayed. |
|
82 | 83 | - #292 made ldap_dn in user edit readonly, to get rid of confusion that field |
|
83 | 84 | doesn't work |
|
84 | 85 | - #316 fixes issues with web description in hgrc files |
|
85 | 86 | |
|
86 | 87 | 1.2.3 (**2011-11-02**) |
|
87 | 88 | ====================== |
|
88 | 89 | |
|
89 | 90 | news |
|
90 | 91 | ---- |
|
91 | 92 | |
|
92 | 93 | - added option to manage repos group for non admin users |
|
93 | 94 | - added following API methods for get_users, create_user, get_users_groups, |
|
94 | 95 | get_users_group, create_users_group, add_user_to_users_groups, get_repos, |
|
95 | 96 | get_repo, create_repo, add_user_to_repo |
|
96 | 97 | - implements #237 added password confirmation for my account |
|
97 | 98 | and admin edit user. |
|
98 | 99 | - implements #291 email notification for global events are now sent to all |
|
99 | 100 | administrator users, and global config email. |
|
100 | 101 | |
|
101 | 102 | fixes |
|
102 | 103 | ----- |
|
103 | 104 | |
|
104 | 105 | - added option for passing auth method for smtp mailer |
|
105 | 106 | - #276 issue with adding a single user with id>10 to usergroups |
|
106 | 107 | - #277 fixes windows LDAP settings in which missing values breaks the ldap auth |
|
107 | 108 | - #288 fixes managing of repos in a group for non admin user |
|
108 | 109 | |
|
109 | 110 | 1.2.2 (**2011-10-17**) |
|
110 | 111 | ====================== |
|
111 | 112 | |
|
112 | 113 | news |
|
113 | 114 | ---- |
|
114 | 115 | |
|
115 | 116 | - #226 repo groups are available by path instead of numerical id |
|
116 | 117 | |
|
117 | 118 | fixes |
|
118 | 119 | ----- |
|
119 | 120 | |
|
120 | 121 | - #259 Groups with the same name but with different parent group |
|
121 | 122 | - #260 Put repo in group, then move group to another group -> repo becomes unavailable |
|
122 | 123 | - #258 RhodeCode 1.2 assumes egg folder is writable (lockfiles problems) |
|
123 | 124 | - #265 ldap save fails sometimes on converting attributes to booleans, |
|
124 | 125 | added getter and setter into model that will prevent from this on db model level |
|
125 | 126 | - fixed problems with timestamps issues #251 and #213 |
|
126 | 127 | - fixes #266 RhodeCode allows to create repo with the same name and in |
|
127 | 128 | the same parent as group |
|
128 | 129 | - fixes #245 Rescan of the repositories on Windows |
|
129 | 130 | - fixes #248 cannot edit repos inside a group on windows |
|
130 | 131 | - fixes #219 forking problems on windows |
|
131 | 132 | |
|
132 | 133 | 1.2.1 (**2011-10-08**) |
|
133 | 134 | ====================== |
|
134 | 135 | |
|
135 | 136 | news |
|
136 | 137 | ---- |
|
137 | 138 | |
|
138 | 139 | |
|
139 | 140 | fixes |
|
140 | 141 | ----- |
|
141 | 142 | |
|
142 | 143 | - fixed problems with basic auth and push problems |
|
143 | 144 | - gui fixes |
|
144 | 145 | - fixed logger |
|
145 | 146 | |
|
146 | 147 | 1.2.0 (**2011-10-07**) |
|
147 | 148 | ====================== |
|
148 | 149 | |
|
149 | 150 | news |
|
150 | 151 | ---- |
|
151 | 152 | |
|
152 | 153 | - implemented #47 repository groups |
|
153 | 154 | - implemented #89 Can setup google analytics code from settings menu |
|
154 | 155 | - implemented #91 added nicer looking archive urls with more download options |
|
155 | 156 | like tags, branches |
|
156 | 157 | - implemented #44 into file browsing, and added follow branch option |
|
157 | 158 | - implemented #84 downloads can be enabled/disabled for each repository |
|
158 | 159 | - anonymous repository can be cloned without having to pass default:default |
|
159 | 160 | into clone url |
|
160 | 161 | - fixed #90 whoosh indexer can index chooses repositories passed in command |
|
161 | 162 | line |
|
162 | 163 | - extended journal with day aggregates and paging |
|
163 | 164 | - implemented #107 source code lines highlight ranges |
|
164 | 165 | - implemented #93 customizable changelog on combined revision ranges - |
|
165 | 166 | equivalent of githubs compare view |
|
166 | 167 | - implemented #108 extended and more powerful LDAP configuration |
|
167 | 168 | - implemented #56 users groups |
|
168 | 169 | - major code rewrites optimized codes for speed and memory usage |
|
169 | 170 | - raw and diff downloads are now in git format |
|
170 | 171 | - setup command checks for write access to given path |
|
171 | 172 | - fixed many issues with international characters and unicode. It uses utf8 |
|
172 | 173 | decode with replace to provide less errors even with non utf8 encoded strings |
|
173 | 174 | - #125 added API KEY access to feeds |
|
174 | 175 | - #109 Repository can be created from external Mercurial link (aka. remote |
|
175 | 176 | repository, and manually updated (via pull) from admin panel |
|
176 | 177 | - beta git support - push/pull server + basic view for git repos |
|
177 | 178 | - added followers page and forks page |
|
178 | 179 | - server side file creation (with binary file upload interface) |
|
179 | 180 | and edition with commits powered by codemirror |
|
180 | 181 | - #111 file browser file finder, quick lookup files on whole file tree |
|
181 | 182 | - added quick login sliding menu into main page |
|
182 | 183 | - changelog uses lazy loading of affected files details, in some scenarios |
|
183 | 184 | this can improve speed of changelog page dramatically especially for |
|
184 | 185 | larger repositories. |
|
185 | 186 | - implements #214 added support for downloading subrepos in download menu. |
|
186 | 187 | - Added basic API for direct operations on rhodecode via JSON |
|
187 | 188 | - Implemented advanced hook management |
|
188 | 189 | |
|
189 | 190 | fixes |
|
190 | 191 | ----- |
|
191 | 192 | |
|
192 | 193 | - fixed file browser bug, when switching into given form revision the url was |
|
193 | 194 | not changing |
|
194 | 195 | - fixed propagation to error controller on simplehg and simplegit middlewares |
|
195 | 196 | - fixed error when trying to make a download on empty repository |
|
196 | 197 | - fixed problem with '[' chars in commit messages in journal |
|
197 | 198 | - fixed #99 Unicode errors, on file node paths with non utf-8 characters |
|
198 | 199 | - journal fork fixes |
|
199 | 200 | - removed issue with space inside renamed repository after deletion |
|
200 | 201 | - fixed strange issue on formencode imports |
|
201 | 202 | - fixed #126 Deleting repository on Windows, rename used incompatible chars. |
|
202 | 203 | - #150 fixes for errors on repositories mapped in db but corrupted in |
|
203 | 204 | filesystem |
|
204 | 205 | - fixed problem with ascendant characters in realm #181 |
|
205 | 206 | - fixed problem with sqlite file based database connection pool |
|
206 | 207 | - whoosh indexer and code stats share the same dynamic extensions map |
|
207 | 208 | - fixes #188 - relationship delete of repo_to_perm entry on user removal |
|
208 | 209 | - fixes issue #189 Trending source files shows "show more" when no more exist |
|
209 | 210 | - fixes issue #197 Relative paths for pidlocks |
|
210 | 211 | - fixes issue #198 password will require only 3 chars now for login form |
|
211 | 212 | - fixes issue #199 wrong redirection for non admin users after creating a repository |
|
212 | 213 | - fixes issues #202, bad db constraint made impossible to attach same group |
|
213 | 214 | more than one time. Affects only mysql/postgres |
|
214 | 215 | - fixes #218 os.kill patch for windows was missing sig param |
|
215 | 216 | - improved rendering of dag (they are not trimmed anymore when number of |
|
216 | 217 | heads exceeds 5) |
|
217 | 218 | |
|
218 | 219 | 1.1.8 (**2011-04-12**) |
|
219 | 220 | ====================== |
|
220 | 221 | |
|
221 | 222 | news |
|
222 | 223 | ---- |
|
223 | 224 | |
|
224 | 225 | - improved windows support |
|
225 | 226 | |
|
226 | 227 | fixes |
|
227 | 228 | ----- |
|
228 | 229 | |
|
229 | 230 | - fixed #140 freeze of python dateutil library, since new version is python2.x |
|
230 | 231 | incompatible |
|
231 | 232 | - setup-app will check for write permission in given path |
|
232 | 233 | - cleaned up license info issue #149 |
|
233 | 234 | - fixes for issues #137,#116 and problems with unicode and accented characters. |
|
234 | 235 | - fixes crashes on gravatar, when passed in email as unicode |
|
235 | 236 | - fixed tooltip flickering problems |
|
236 | 237 | - fixed came_from redirection on windows |
|
237 | 238 | - fixed logging modules, and sql formatters |
|
238 | 239 | - windows fixes for os.kill issue #133 |
|
239 | 240 | - fixes path splitting for windows issues #148 |
|
240 | 241 | - fixed issue #143 wrong import on migration to 1.1.X |
|
241 | 242 | - fixed problems with displaying binary files, thanks to Thomas Waldmann |
|
242 | 243 | - removed name from archive files since it's breaking ui for long repo names |
|
243 | 244 | - fixed issue with archive headers sent to browser, thanks to Thomas Waldmann |
|
244 | 245 | - fixed compatibility for 1024px displays, and larger dpi settings, thanks to |
|
245 | 246 | Thomas Waldmann |
|
246 | 247 | - fixed issue #166 summary pager was skipping 10 revisions on second page |
|
247 | 248 | |
|
248 | 249 | |
|
249 | 250 | 1.1.7 (**2011-03-23**) |
|
250 | 251 | ====================== |
|
251 | 252 | |
|
252 | 253 | news |
|
253 | 254 | ---- |
|
254 | 255 | |
|
255 | 256 | fixes |
|
256 | 257 | ----- |
|
257 | 258 | |
|
258 | 259 | - fixed (again) #136 installation support for FreeBSD |
|
259 | 260 | |
|
260 | 261 | |
|
261 | 262 | 1.1.6 (**2011-03-21**) |
|
262 | 263 | ====================== |
|
263 | 264 | |
|
264 | 265 | news |
|
265 | 266 | ---- |
|
266 | 267 | |
|
267 | 268 | fixes |
|
268 | 269 | ----- |
|
269 | 270 | |
|
270 | 271 | - fixed #136 installation support for FreeBSD |
|
271 | 272 | - RhodeCode will check for python version during installation |
|
272 | 273 | |
|
273 | 274 | 1.1.5 (**2011-03-17**) |
|
274 | 275 | ====================== |
|
275 | 276 | |
|
276 | 277 | news |
|
277 | 278 | ---- |
|
278 | 279 | |
|
279 | 280 | - basic windows support, by exchanging pybcrypt into sha256 for windows only |
|
280 | 281 | highly inspired by idea of mantis406 |
|
281 | 282 | |
|
282 | 283 | fixes |
|
283 | 284 | ----- |
|
284 | 285 | |
|
285 | 286 | - fixed sorting by author in main page |
|
286 | 287 | - fixed crashes with diffs on binary files |
|
287 | 288 | - fixed #131 problem with boolean values for LDAP |
|
288 | 289 | - fixed #122 mysql problems thanks to striker69 |
|
289 | 290 | - fixed problem with errors on calling raw/raw_files/annotate functions |
|
290 | 291 | with unknown revisions |
|
291 | 292 | - fixed returned rawfiles attachment names with international character |
|
292 | 293 | - cleaned out docs, big thanks to Jason Harris |
|
293 | 294 | |
|
294 | 295 | 1.1.4 (**2011-02-19**) |
|
295 | 296 | ====================== |
|
296 | 297 | |
|
297 | 298 | news |
|
298 | 299 | ---- |
|
299 | 300 | |
|
300 | 301 | fixes |
|
301 | 302 | ----- |
|
302 | 303 | |
|
303 | 304 | - fixed formencode import problem on settings page, that caused server crash |
|
304 | 305 | when that page was accessed as first after server start |
|
305 | 306 | - journal fixes |
|
306 | 307 | - fixed option to access repository just by entering http://server/<repo_name> |
|
307 | 308 | |
|
308 | 309 | 1.1.3 (**2011-02-16**) |
|
309 | 310 | ====================== |
|
310 | 311 | |
|
311 | 312 | news |
|
312 | 313 | ---- |
|
313 | 314 | |
|
314 | 315 | - implemented #102 allowing the '.' character in username |
|
315 | 316 | - added option to access repository just by entering http://server/<repo_name> |
|
316 | 317 | - celery task ignores result for better performance |
|
317 | 318 | |
|
318 | 319 | fixes |
|
319 | 320 | ----- |
|
320 | 321 | |
|
321 | 322 | - fixed ehlo command and non auth mail servers on smtp_lib. Thanks to |
|
322 | 323 | apollo13 and Johan Walles |
|
323 | 324 | - small fixes in journal |
|
324 | 325 | - fixed problems with getting setting for celery from .ini files |
|
325 | 326 | - registration, password reset and login boxes share the same title as main |
|
326 | 327 | application now |
|
327 | 328 | - fixed #113: to high permissions to fork repository |
|
328 | 329 | - fixed problem with '[' chars in commit messages in journal |
|
329 | 330 | - removed issue with space inside renamed repository after deletion |
|
330 | 331 | - db transaction fixes when filesystem repository creation failed |
|
331 | 332 | - fixed #106 relation issues on databases different than sqlite |
|
332 | 333 | - fixed static files paths links to use of url() method |
|
333 | 334 | |
|
334 | 335 | 1.1.2 (**2011-01-12**) |
|
335 | 336 | ====================== |
|
336 | 337 | |
|
337 | 338 | news |
|
338 | 339 | ---- |
|
339 | 340 | |
|
340 | 341 | |
|
341 | 342 | fixes |
|
342 | 343 | ----- |
|
343 | 344 | |
|
344 | 345 | - fixes #98 protection against float division of percentage stats |
|
345 | 346 | - fixed graph bug |
|
346 | 347 | - forced webhelpers version since it was making troubles during installation |
|
347 | 348 | |
|
348 | 349 | 1.1.1 (**2011-01-06**) |
|
349 | 350 | ====================== |
|
350 | 351 | |
|
351 | 352 | news |
|
352 | 353 | ---- |
|
353 | 354 | |
|
354 | 355 | - added force https option into ini files for easier https usage (no need to |
|
355 | 356 | set server headers with this options) |
|
356 | 357 | - small css updates |
|
357 | 358 | |
|
358 | 359 | fixes |
|
359 | 360 | ----- |
|
360 | 361 | |
|
361 | 362 | - fixed #96 redirect loop on files view on repositories without changesets |
|
362 | 363 | - fixed #97 unicode string passed into server header in special cases (mod_wsgi) |
|
363 | 364 | and server crashed with errors |
|
364 | 365 | - fixed large tooltips problems on main page |
|
365 | 366 | - fixed #92 whoosh indexer is more error proof |
|
366 | 367 | |
|
367 | 368 | 1.1.0 (**2010-12-18**) |
|
368 | 369 | ====================== |
|
369 | 370 | |
|
370 | 371 | news |
|
371 | 372 | ---- |
|
372 | 373 | |
|
373 | 374 | - rewrite of internals for vcs >=0.1.10 |
|
374 | 375 | - uses mercurial 1.7 with dotencode disabled for maintaining compatibility |
|
375 | 376 | with older clients |
|
376 | 377 | - anonymous access, authentication via ldap |
|
377 | 378 | - performance upgrade for cached repos list - each repository has its own |
|
378 | 379 | cache that's invalidated when needed. |
|
379 | 380 | - performance upgrades on repositories with large amount of commits (20K+) |
|
380 | 381 | - main page quick filter for filtering repositories |
|
381 | 382 | - user dashboards with ability to follow chosen repositories actions |
|
382 | 383 | - sends email to admin on new user registration |
|
383 | 384 | - added cache/statistics reset options into repository settings |
|
384 | 385 | - more detailed action logger (based on hooks) with pushed changesets lists |
|
385 | 386 | and options to disable those hooks from admin panel |
|
386 | 387 | - introduced new enhanced changelog for merges that shows more accurate results |
|
387 | 388 | - new improved and faster code stats (based on pygments lexers mapping tables, |
|
388 | 389 | showing up to 10 trending sources for each repository. Additionally stats |
|
389 | 390 | can be disabled in repository settings. |
|
390 | 391 | - gui optimizations, fixed application width to 1024px |
|
391 | 392 | - added cut off (for large files/changesets) limit into config files |
|
392 | 393 | - whoosh, celeryd, upgrade moved to paster command |
|
393 | 394 | - other than sqlite database backends can be used |
|
394 | 395 | |
|
395 | 396 | fixes |
|
396 | 397 | ----- |
|
397 | 398 | |
|
398 | 399 | - fixes #61 forked repo was showing only after cache expired |
|
399 | 400 | - fixes #76 no confirmation on user deletes |
|
400 | 401 | - fixes #66 Name field misspelled |
|
401 | 402 | - fixes #72 block user removal when he owns repositories |
|
402 | 403 | - fixes #69 added password confirmation fields |
|
403 | 404 | - fixes #87 RhodeCode crashes occasionally on updating repository owner |
|
404 | 405 | - fixes #82 broken annotations on files with more than 1 blank line at the end |
|
405 | 406 | - a lot of fixes and tweaks for file browser |
|
406 | 407 | - fixed detached session issues |
|
407 | 408 | - fixed when user had no repos he would see all repos listed in my account |
|
408 | 409 | - fixed ui() instance bug when global hgrc settings was loaded for server |
|
409 | 410 | instance and all hgrc options were merged with our db ui() object |
|
410 | 411 | - numerous small bugfixes |
|
411 | 412 | |
|
412 | 413 | (special thanks for TkSoh for detailed feedback) |
|
413 | 414 | |
|
414 | 415 | |
|
415 | 416 | 1.0.2 (**2010-11-12**) |
|
416 | 417 | ====================== |
|
417 | 418 | |
|
418 | 419 | news |
|
419 | 420 | ---- |
|
420 | 421 | |
|
421 | 422 | - tested under python2.7 |
|
422 | 423 | - bumped sqlalchemy and celery versions |
|
423 | 424 | |
|
424 | 425 | fixes |
|
425 | 426 | ----- |
|
426 | 427 | |
|
427 | 428 | - fixed #59 missing graph.js |
|
428 | 429 | - fixed repo_size crash when repository had broken symlinks |
|
429 | 430 | - fixed python2.5 crashes. |
|
430 | 431 | |
|
431 | 432 | |
|
432 | 433 | 1.0.1 (**2010-11-10**) |
|
433 | 434 | ====================== |
|
434 | 435 | |
|
435 | 436 | news |
|
436 | 437 | ---- |
|
437 | 438 | |
|
438 | 439 | - small css updated |
|
439 | 440 | |
|
440 | 441 | fixes |
|
441 | 442 | ----- |
|
442 | 443 | |
|
443 | 444 | - fixed #53 python2.5 incompatible enumerate calls |
|
444 | 445 | - fixed #52 disable mercurial extension for web |
|
445 | 446 | - fixed #51 deleting repositories don't delete it's dependent objects |
|
446 | 447 | |
|
447 | 448 | |
|
448 | 449 | 1.0.0 (**2010-11-02**) |
|
449 | 450 | ====================== |
|
450 | 451 | |
|
451 | 452 | - security bugfix simplehg wasn't checking for permissions on commands |
|
452 | 453 | other than pull or push. |
|
453 | 454 | - fixed doubled messages after push or pull in admin journal |
|
454 | 455 | - templating and css corrections, fixed repo switcher on chrome, updated titles |
|
455 | 456 | - admin menu accessible from options menu on repository view |
|
456 | 457 | - permissions cached queries |
|
457 | 458 | |
|
458 | 459 | 1.0.0rc4 (**2010-10-12**) |
|
459 | 460 | ========================== |
|
460 | 461 | |
|
461 | 462 | - fixed python2.5 missing simplejson imports (thanks to Jens BΓ€ckman) |
|
462 | 463 | - removed cache_manager settings from sqlalchemy meta |
|
463 | 464 | - added sqlalchemy cache settings to ini files |
|
464 | 465 | - validated password length and added second try of failure on paster setup-app |
|
465 | 466 | - fixed setup database destroy prompt even when there was no db |
|
466 | 467 | |
|
467 | 468 | |
|
468 | 469 | 1.0.0rc3 (**2010-10-11**) |
|
469 | 470 | ========================= |
|
470 | 471 | |
|
471 | 472 | - fixed i18n during installation. |
|
472 | 473 | |
|
473 | 474 | 1.0.0rc2 (**2010-10-11**) |
|
474 | 475 | ========================= |
|
475 | 476 | |
|
476 | 477 | - Disabled dirsize in file browser, it's causing nasty bug when dir renames |
|
477 | 478 | occure. After vcs is fixed it'll be put back again. |
|
478 | 479 | - templating/css rewrites, optimized css. No newline at end of file |
@@ -1,510 +1,510 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | """ |
|
3 | 3 | rhodecode.controllers.api |
|
4 | 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
5 | 5 | |
|
6 | 6 | API controller for RhodeCode |
|
7 | 7 | |
|
8 | 8 | :created_on: Aug 20, 2011 |
|
9 | 9 | :author: marcink |
|
10 | 10 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> |
|
11 | 11 | :license: GPLv3, see COPYING for more details. |
|
12 | 12 | """ |
|
13 | 13 | # This program is free software; you can redistribute it and/or |
|
14 | 14 | # modify it under the terms of the GNU General Public License |
|
15 | 15 | # as published by the Free Software Foundation; version 2 |
|
16 | 16 | # of the License or (at your opinion) any later version of the license. |
|
17 | 17 | # |
|
18 | 18 | # This program is distributed in the hope that it will be useful, |
|
19 | 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
20 | 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
21 | 21 | # GNU General Public License for more details. |
|
22 | 22 | # |
|
23 | 23 | # You should have received a copy of the GNU General Public License |
|
24 | 24 | # along with this program; if not, write to the Free Software |
|
25 | 25 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
26 | 26 | # MA 02110-1301, USA. |
|
27 | 27 | |
|
28 | 28 | import traceback |
|
29 | 29 | import logging |
|
30 | 30 | |
|
31 | 31 | from sqlalchemy.orm.exc import NoResultFound |
|
32 | 32 | |
|
33 | 33 | from rhodecode.controllers.api import JSONRPCController, JSONRPCError |
|
34 | 34 | from rhodecode.lib.auth import HasPermissionAllDecorator, \ |
|
35 | 35 | HasPermissionAnyDecorator |
|
36 | 36 | |
|
37 | 37 | from rhodecode.model.meta import Session |
|
38 | 38 | from rhodecode.model.scm import ScmModel |
|
39 | 39 | from rhodecode.model.db import User, UsersGroup, RepoGroup, Repository |
|
40 | 40 | from rhodecode.model.repo import RepoModel |
|
41 | 41 | from rhodecode.model.user import UserModel |
|
42 | 42 | from rhodecode.model.repo_permission import RepositoryPermissionModel |
|
43 | 43 | from rhodecode.model.users_group import UsersGroupModel |
|
44 | 44 | from rhodecode.model.repos_group import ReposGroupModel |
|
45 | 45 | |
|
46 | 46 | |
|
47 | 47 | log = logging.getLogger(__name__) |
|
48 | 48 | |
|
49 | 49 | |
|
50 | 50 | class ApiController(JSONRPCController): |
|
51 | 51 | """ |
|
52 | 52 | API Controller |
|
53 | 53 | |
|
54 | 54 | |
|
55 | 55 | Each method needs to have USER as argument this is then based on given |
|
56 | 56 | API_KEY propagated as instance of user object |
|
57 | 57 | |
|
58 | 58 | Preferably this should be first argument also |
|
59 | 59 | |
|
60 | 60 | |
|
61 | 61 | Each function should also **raise** JSONRPCError for any |
|
62 | 62 | errors that happens |
|
63 | 63 | |
|
64 | 64 | """ |
|
65 | 65 | |
|
66 | 66 | @HasPermissionAllDecorator('hg.admin') |
|
67 | 67 | def pull(self, apiuser, repo_name): |
|
68 | 68 | """ |
|
69 | 69 | Dispatch pull action on given repo |
|
70 | 70 | |
|
71 | 71 | |
|
72 | 72 | :param user: |
|
73 | 73 | :param repo_name: |
|
74 | 74 | """ |
|
75 | 75 | |
|
76 | 76 | if Repository.is_valid(repo_name) is False: |
|
77 | 77 | raise JSONRPCError('Unknown repo "%s"' % repo_name) |
|
78 | 78 | |
|
79 | 79 | try: |
|
80 | 80 | ScmModel().pull_changes(repo_name, self.rhodecode_user.username) |
|
81 | 81 | return 'Pulled from %s' % repo_name |
|
82 | 82 | except Exception: |
|
83 | 83 | raise JSONRPCError('Unable to pull changes from "%s"' % repo_name) |
|
84 | 84 | |
|
85 | 85 | @HasPermissionAllDecorator('hg.admin') |
|
86 | 86 | def get_user(self, apiuser, username): |
|
87 | 87 | """" |
|
88 | 88 | Get a user by username |
|
89 | 89 | |
|
90 | 90 | :param apiuser: |
|
91 | 91 | :param username: |
|
92 | 92 | """ |
|
93 | 93 | |
|
94 | 94 | user = User.get_by_username(username) |
|
95 | 95 | if not user: |
|
96 | 96 | return None |
|
97 | 97 | |
|
98 | 98 | return dict( |
|
99 | 99 | id=user.user_id, |
|
100 | 100 | username=user.username, |
|
101 | 101 | firstname=user.name, |
|
102 | 102 | lastname=user.lastname, |
|
103 | 103 | email=user.email, |
|
104 | 104 | active=user.active, |
|
105 | 105 | admin=user.admin, |
|
106 | 106 | ldap=user.ldap_dn |
|
107 | 107 | ) |
|
108 | 108 | |
|
109 | 109 | @HasPermissionAllDecorator('hg.admin') |
|
110 | 110 | def get_users(self, apiuser): |
|
111 | 111 | """" |
|
112 | 112 | Get all users |
|
113 | 113 | |
|
114 | 114 | :param apiuser: |
|
115 | 115 | """ |
|
116 | 116 | |
|
117 | 117 | result = [] |
|
118 | 118 | for user in User.getAll(): |
|
119 | 119 | result.append( |
|
120 | 120 | dict( |
|
121 | 121 | id=user.user_id, |
|
122 | 122 | username=user.username, |
|
123 | 123 | firstname=user.name, |
|
124 | 124 | lastname=user.lastname, |
|
125 | 125 | email=user.email, |
|
126 | 126 | active=user.active, |
|
127 | 127 | admin=user.admin, |
|
128 | 128 | ldap=user.ldap_dn |
|
129 | 129 | ) |
|
130 | 130 | ) |
|
131 | 131 | return result |
|
132 | 132 | |
|
133 | 133 | @HasPermissionAllDecorator('hg.admin') |
|
134 | def create_user(self, apiuser, username, password, firstname, | |
|
135 |
lastname |
|
|
134 | def create_user(self, apiuser, username, password, email, firstname=None, | |
|
135 | lastname=None, active=True, admin=False, ldap_dn=None): | |
|
136 | 136 | """ |
|
137 | 137 | Create new user or updates current one |
|
138 | 138 | |
|
139 | 139 | :param apiuser: |
|
140 | 140 | :param username: |
|
141 | 141 | :param password: |
|
142 | :param email: | |
|
142 | 143 | :param name: |
|
143 | 144 | :param lastname: |
|
144 | :param email: | |
|
145 | 145 | :param active: |
|
146 | 146 | :param admin: |
|
147 | 147 | :param ldap_dn: |
|
148 | 148 | """ |
|
149 | 149 | |
|
150 | 150 | if User.get_by_username(username): |
|
151 | 151 | raise JSONRPCError("user %s already exist" % username) |
|
152 | 152 | |
|
153 | 153 | try: |
|
154 | 154 | usr = UserModel().create_or_update( |
|
155 | 155 | username, password, email, firstname, |
|
156 | 156 | lastname, active, admin, ldap_dn |
|
157 | 157 | ) |
|
158 | 158 | Session.commit() |
|
159 | 159 | return dict( |
|
160 | 160 | id=usr.user_id, |
|
161 | 161 | msg='created new user %s' % username |
|
162 | 162 | ) |
|
163 | 163 | except Exception: |
|
164 | 164 | log.error(traceback.format_exc()) |
|
165 | 165 | raise JSONRPCError('failed to create user %s' % username) |
|
166 | 166 | |
|
167 | 167 | @HasPermissionAllDecorator('hg.admin') |
|
168 | 168 | def get_users_group(self, apiuser, group_name): |
|
169 | 169 | """" |
|
170 | 170 | Get users group by name |
|
171 | 171 | |
|
172 | 172 | :param apiuser: |
|
173 | 173 | :param group_name: |
|
174 | 174 | """ |
|
175 | 175 | |
|
176 | 176 | users_group = UsersGroup.get_by_group_name(group_name) |
|
177 | 177 | if not users_group: |
|
178 | 178 | return None |
|
179 | 179 | |
|
180 | 180 | members = [] |
|
181 | 181 | for user in users_group.members: |
|
182 | 182 | user = user.user |
|
183 | 183 | members.append(dict(id=user.user_id, |
|
184 | 184 | username=user.username, |
|
185 | 185 | firstname=user.name, |
|
186 | 186 | lastname=user.lastname, |
|
187 | 187 | email=user.email, |
|
188 | 188 | active=user.active, |
|
189 | 189 | admin=user.admin, |
|
190 | 190 | ldap=user.ldap_dn)) |
|
191 | 191 | |
|
192 | 192 | return dict(id=users_group.users_group_id, |
|
193 | 193 | group_name=users_group.users_group_name, |
|
194 | 194 | active=users_group.users_group_active, |
|
195 | 195 | members=members) |
|
196 | 196 | |
|
197 | 197 | @HasPermissionAllDecorator('hg.admin') |
|
198 | 198 | def get_users_groups(self, apiuser): |
|
199 | 199 | """" |
|
200 | 200 | Get all users groups |
|
201 | 201 | |
|
202 | 202 | :param apiuser: |
|
203 | 203 | """ |
|
204 | 204 | |
|
205 | 205 | result = [] |
|
206 | 206 | for users_group in UsersGroup.getAll(): |
|
207 | 207 | members = [] |
|
208 | 208 | for user in users_group.members: |
|
209 | 209 | user = user.user |
|
210 | 210 | members.append(dict(id=user.user_id, |
|
211 | 211 | username=user.username, |
|
212 | 212 | firstname=user.name, |
|
213 | 213 | lastname=user.lastname, |
|
214 | 214 | email=user.email, |
|
215 | 215 | active=user.active, |
|
216 | 216 | admin=user.admin, |
|
217 | 217 | ldap=user.ldap_dn)) |
|
218 | 218 | |
|
219 | 219 | result.append(dict(id=users_group.users_group_id, |
|
220 | 220 | group_name=users_group.users_group_name, |
|
221 | 221 | active=users_group.users_group_active, |
|
222 | 222 | members=members)) |
|
223 | 223 | return result |
|
224 | 224 | |
|
225 | 225 | @HasPermissionAllDecorator('hg.admin') |
|
226 | 226 | def create_users_group(self, apiuser, group_name, active=True): |
|
227 | 227 | """ |
|
228 | 228 | Creates an new usergroup |
|
229 | 229 | |
|
230 | 230 | :param group_name: |
|
231 | 231 | :param active: |
|
232 | 232 | """ |
|
233 | 233 | |
|
234 | 234 | if self.get_users_group(apiuser, group_name): |
|
235 | 235 | raise JSONRPCError("users group %s already exist" % group_name) |
|
236 | 236 | |
|
237 | 237 | try: |
|
238 | 238 | ug = UsersGroupModel().create(name=group_name, active=active) |
|
239 | 239 | Session.commit() |
|
240 | 240 | return dict(id=ug.users_group_id, |
|
241 | 241 | msg='created new users group %s' % group_name) |
|
242 | 242 | except Exception: |
|
243 | 243 | log.error(traceback.format_exc()) |
|
244 | 244 | raise JSONRPCError('failed to create group %s' % group_name) |
|
245 | 245 | |
|
246 | 246 | @HasPermissionAllDecorator('hg.admin') |
|
247 | 247 | def add_user_to_users_group(self, apiuser, group_name, username): |
|
248 | 248 | """" |
|
249 | 249 | Add a user to a group |
|
250 | 250 | |
|
251 | 251 | :param apiuser: |
|
252 | 252 | :param group_name: |
|
253 | 253 | :param username: |
|
254 | 254 | """ |
|
255 | 255 | |
|
256 | 256 | try: |
|
257 | 257 | users_group = UsersGroup.get_by_group_name(group_name) |
|
258 | 258 | if not users_group: |
|
259 | 259 | raise JSONRPCError('unknown users group %s' % group_name) |
|
260 | 260 | |
|
261 | 261 | try: |
|
262 | 262 | user = User.get_by_username(username) |
|
263 | 263 | except NoResultFound: |
|
264 | 264 | raise JSONRPCError('unknown user %s' % username) |
|
265 | 265 | |
|
266 | 266 | ugm = UsersGroupModel().add_user_to_group(users_group, user) |
|
267 | 267 | Session.commit() |
|
268 | 268 | return dict(id=ugm.users_group_member_id, |
|
269 | 269 | msg='created new users group member') |
|
270 | 270 | except Exception: |
|
271 | 271 | log.error(traceback.format_exc()) |
|
272 | 272 | raise JSONRPCError('failed to create users group member') |
|
273 | 273 | |
|
274 | 274 | @HasPermissionAnyDecorator('hg.admin') |
|
275 | 275 | def get_repo(self, apiuser, repo_name): |
|
276 | 276 | """" |
|
277 | 277 | Get repository by name |
|
278 | 278 | |
|
279 | 279 | :param apiuser: |
|
280 | 280 | :param repo_name: |
|
281 | 281 | """ |
|
282 | 282 | |
|
283 | 283 | repo = Repository.get_by_repo_name(repo_name) |
|
284 | 284 | if repo is None: |
|
285 | 285 | raise JSONRPCError('unknown repository %s' % repo) |
|
286 | 286 | |
|
287 | 287 | members = [] |
|
288 | 288 | for user in repo.repo_to_perm: |
|
289 | 289 | perm = user.permission.permission_name |
|
290 | 290 | user = user.user |
|
291 | 291 | members.append( |
|
292 | 292 | dict( |
|
293 | 293 | type_="user", |
|
294 | 294 | id=user.user_id, |
|
295 | 295 | username=user.username, |
|
296 | 296 | firstname=user.name, |
|
297 | 297 | lastname=user.lastname, |
|
298 | 298 | email=user.email, |
|
299 | 299 | active=user.active, |
|
300 | 300 | admin=user.admin, |
|
301 | 301 | ldap=user.ldap_dn, |
|
302 | 302 | permission=perm |
|
303 | 303 | ) |
|
304 | 304 | ) |
|
305 | 305 | for users_group in repo.users_group_to_perm: |
|
306 | 306 | perm = users_group.permission.permission_name |
|
307 | 307 | users_group = users_group.users_group |
|
308 | 308 | members.append( |
|
309 | 309 | dict( |
|
310 | 310 | type_="users_group", |
|
311 | 311 | id=users_group.users_group_id, |
|
312 | 312 | name=users_group.users_group_name, |
|
313 | 313 | active=users_group.users_group_active, |
|
314 | 314 | permission=perm |
|
315 | 315 | ) |
|
316 | 316 | ) |
|
317 | 317 | |
|
318 | 318 | return dict( |
|
319 | 319 | id=repo.repo_id, |
|
320 | 320 | repo_name=repo.repo_name, |
|
321 | 321 | type=repo.repo_type, |
|
322 | 322 | description=repo.description, |
|
323 | 323 | members=members |
|
324 | 324 | ) |
|
325 | 325 | |
|
326 | 326 | @HasPermissionAnyDecorator('hg.admin') |
|
327 | 327 | def get_repos(self, apiuser): |
|
328 | 328 | """" |
|
329 | 329 | Get all repositories |
|
330 | 330 | |
|
331 | 331 | :param apiuser: |
|
332 | 332 | """ |
|
333 | 333 | |
|
334 | 334 | result = [] |
|
335 | 335 | for repository in Repository.getAll(): |
|
336 | 336 | result.append( |
|
337 | 337 | dict( |
|
338 | 338 | id=repository.repo_id, |
|
339 | 339 | repo_name=repository.repo_name, |
|
340 | 340 | type=repository.repo_type, |
|
341 | 341 | description=repository.description |
|
342 | 342 | ) |
|
343 | 343 | ) |
|
344 | 344 | return result |
|
345 | 345 | |
|
346 | 346 | @HasPermissionAnyDecorator('hg.admin') |
|
347 | 347 | def get_repo_nodes(self, apiuser, repo_name, revision, root_path, |
|
348 | 348 | ret_type='all'): |
|
349 | 349 | """ |
|
350 | 350 | returns a list of nodes and it's children |
|
351 | 351 | for a given path at given revision. It's possible to specify ret_type |
|
352 | 352 | to show only files or dirs |
|
353 | 353 | |
|
354 | 354 | :param apiuser: |
|
355 | 355 | :param repo_name: name of repository |
|
356 | 356 | :param revision: revision for which listing should be done |
|
357 | 357 | :param root_path: path from which start displaying |
|
358 | 358 | :param ret_type: return type 'all|files|dirs' nodes |
|
359 | 359 | """ |
|
360 | 360 | try: |
|
361 | 361 | _d, _f = ScmModel().get_nodes(repo_name, revision, root_path, |
|
362 | 362 | flat=False) |
|
363 | 363 | _map = { |
|
364 | 364 | 'all': _d + _f, |
|
365 | 365 | 'files': _f, |
|
366 | 366 | 'dirs': _d, |
|
367 | 367 | } |
|
368 | 368 | return _map[ret_type] |
|
369 | 369 | except KeyError: |
|
370 | 370 | raise JSONRPCError('ret_type must be one of %s' % _map.keys()) |
|
371 | 371 | except Exception, e: |
|
372 | 372 | raise JSONRPCError(e) |
|
373 | 373 | |
|
374 | 374 | @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository') |
|
375 | 375 | def create_repo(self, apiuser, repo_name, owner_name, description='', |
|
376 | 376 | repo_type='hg', private=False): |
|
377 | 377 | """ |
|
378 | 378 | Create a repository |
|
379 | 379 | |
|
380 | 380 | :param apiuser: |
|
381 | 381 | :param repo_name: |
|
382 | 382 | :param description: |
|
383 | 383 | :param type: |
|
384 | 384 | :param private: |
|
385 | 385 | :param owner_name: |
|
386 | 386 | """ |
|
387 | 387 | |
|
388 | 388 | try: |
|
389 | 389 | try: |
|
390 | 390 | owner = User.get_by_username(owner_name) |
|
391 | 391 | except NoResultFound: |
|
392 | 392 | raise JSONRPCError('unknown user %s' % owner) |
|
393 | 393 | |
|
394 | 394 | if Repository.get_by_repo_name(repo_name): |
|
395 | 395 | raise JSONRPCError("repo %s already exist" % repo_name) |
|
396 | 396 | |
|
397 | 397 | groups = repo_name.split('/') |
|
398 | 398 | real_name = groups[-1] |
|
399 | 399 | groups = groups[:-1] |
|
400 | 400 | parent_id = None |
|
401 | 401 | for g in groups: |
|
402 | 402 | group = RepoGroup.get_by_group_name(g) |
|
403 | 403 | if not group: |
|
404 | 404 | group = ReposGroupModel().create( |
|
405 | 405 | dict( |
|
406 | 406 | group_name=g, |
|
407 | 407 | group_description='', |
|
408 | 408 | group_parent_id=parent_id |
|
409 | 409 | ) |
|
410 | 410 | ) |
|
411 | 411 | parent_id = group.group_id |
|
412 | 412 | |
|
413 | 413 | repo = RepoModel().create( |
|
414 | 414 | dict( |
|
415 | 415 | repo_name=real_name, |
|
416 | 416 | repo_name_full=repo_name, |
|
417 | 417 | description=description, |
|
418 | 418 | private=private, |
|
419 | 419 | repo_type=repo_type, |
|
420 | 420 | repo_group=parent_id, |
|
421 | 421 | clone_uri=None |
|
422 | 422 | ), |
|
423 | 423 | owner |
|
424 | 424 | ) |
|
425 | 425 | Session.commit() |
|
426 | 426 | |
|
427 | 427 | return dict( |
|
428 | 428 | id=repo.repo_id, |
|
429 | 429 | msg="Created new repository %s" % repo.repo_name |
|
430 | 430 | ) |
|
431 | 431 | |
|
432 | 432 | except Exception: |
|
433 | 433 | log.error(traceback.format_exc()) |
|
434 | 434 | raise JSONRPCError('failed to create repository %s' % repo_name) |
|
435 | 435 | |
|
436 | 436 | @HasPermissionAnyDecorator('hg.admin') |
|
437 | 437 | def add_user_to_repo(self, apiuser, repo_name, username, perm): |
|
438 | 438 | """ |
|
439 | 439 | Add permission for a user to a repository |
|
440 | 440 | |
|
441 | 441 | :param apiuser: |
|
442 | 442 | :param repo_name: |
|
443 | 443 | :param username: |
|
444 | 444 | :param perm: |
|
445 | 445 | """ |
|
446 | 446 | |
|
447 | 447 | try: |
|
448 | 448 | repo = Repository.get_by_repo_name(repo_name) |
|
449 | 449 | if repo is None: |
|
450 | 450 | raise JSONRPCError('unknown repository %s' % repo) |
|
451 | 451 | |
|
452 | 452 | try: |
|
453 | 453 | user = User.get_by_username(username) |
|
454 | 454 | except NoResultFound: |
|
455 | 455 | raise JSONRPCError('unknown user %s' % user) |
|
456 | 456 | |
|
457 | 457 | RepositoryPermissionModel()\ |
|
458 | 458 | .update_or_delete_user_permission(repo, user, perm) |
|
459 | 459 | Session.commit() |
|
460 | 460 | |
|
461 | 461 | return dict( |
|
462 | 462 | msg='Added perm: %s for %s in repo: %s' % ( |
|
463 | 463 | perm, username, repo_name |
|
464 | 464 | ) |
|
465 | 465 | ) |
|
466 | 466 | except Exception: |
|
467 | 467 | log.error(traceback.format_exc()) |
|
468 | 468 | raise JSONRPCError( |
|
469 | 469 | 'failed to edit permission %(repo)s for %(user)s' % dict( |
|
470 | 470 | user=username, repo=repo_name |
|
471 | 471 | ) |
|
472 | 472 | ) |
|
473 | 473 | |
|
474 | 474 | @HasPermissionAnyDecorator('hg.admin') |
|
475 | 475 | def add_users_group_to_repo(self, apiuser, repo_name, group_name, perm): |
|
476 | 476 | """ |
|
477 | 477 | Add permission for a users group to a repository |
|
478 | 478 | |
|
479 | 479 | :param apiuser: |
|
480 | 480 | :param repo_name: |
|
481 | 481 | :param group_name: |
|
482 | 482 | :param perm: |
|
483 | 483 | """ |
|
484 | 484 | |
|
485 | 485 | try: |
|
486 | 486 | repo = Repository.get_by_repo_name(repo_name) |
|
487 | 487 | if repo is None: |
|
488 | 488 | raise JSONRPCError('unknown repository %s' % repo) |
|
489 | 489 | |
|
490 | 490 | try: |
|
491 | 491 | user_group = UsersGroup.get_by_group_name(group_name) |
|
492 | 492 | except NoResultFound: |
|
493 | 493 | raise JSONRPCError('unknown users group %s' % user_group) |
|
494 | 494 | |
|
495 | 495 | RepositoryPermissionModel()\ |
|
496 | 496 | .update_or_delete_users_group_permission(repo, user_group, |
|
497 | 497 | perm) |
|
498 | 498 | Session.commit() |
|
499 | 499 | return dict( |
|
500 | 500 | msg='Added perm: %s for %s in repo: %s' % ( |
|
501 | 501 | perm, group_name, repo_name |
|
502 | 502 | ) |
|
503 | 503 | ) |
|
504 | 504 | except Exception: |
|
505 | 505 | log.error(traceback.format_exc()) |
|
506 | 506 | raise JSONRPCError( |
|
507 | 507 | 'failed to edit permission %(repo)s for %(usergr)s' % dict( |
|
508 | 508 | usergr=group_name, repo=repo_name |
|
509 | 509 | ) |
|
510 | 510 | ) |
@@ -1,699 +1,701 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | """ |
|
3 | 3 | rhodecode.lib.auth |
|
4 | 4 | ~~~~~~~~~~~~~~~~~~ |
|
5 | 5 | |
|
6 | 6 | authentication and permission libraries |
|
7 | 7 | |
|
8 | 8 | :created_on: Apr 4, 2010 |
|
9 | 9 | :author: marcink |
|
10 | 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
11 | 11 | :license: GPLv3, see COPYING for more details. |
|
12 | 12 | """ |
|
13 | 13 | # This program is free software: you can redistribute it and/or modify |
|
14 | 14 | # it under the terms of the GNU General Public License as published by |
|
15 | 15 | # the Free Software Foundation, either version 3 of the License, or |
|
16 | 16 | # (at your option) any later version. |
|
17 | 17 | # |
|
18 | 18 | # This program is distributed in the hope that it will be useful, |
|
19 | 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
20 | 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
21 | 21 | # GNU General Public License for more details. |
|
22 | 22 | # |
|
23 | 23 | # You should have received a copy of the GNU General Public License |
|
24 | 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
25 | 25 | |
|
26 | 26 | import random |
|
27 | 27 | import logging |
|
28 | 28 | import traceback |
|
29 | 29 | import hashlib |
|
30 | 30 | |
|
31 | 31 | from tempfile import _RandomNameSequence |
|
32 | 32 | from decorator import decorator |
|
33 | 33 | |
|
34 | 34 | from pylons import config, session, url, request |
|
35 | 35 | from pylons.controllers.util import abort, redirect |
|
36 | 36 | from pylons.i18n.translation import _ |
|
37 | 37 | |
|
38 | 38 | from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS |
|
39 | 39 | from rhodecode.model.meta import Session |
|
40 | 40 | |
|
41 | 41 | if __platform__ in PLATFORM_WIN: |
|
42 | 42 | from hashlib import sha256 |
|
43 | 43 | if __platform__ in PLATFORM_OTHERS: |
|
44 | 44 | import bcrypt |
|
45 | 45 | |
|
46 | 46 | from rhodecode.lib import str2bool, safe_unicode |
|
47 | 47 | from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError |
|
48 | 48 | from rhodecode.lib.utils import get_repo_slug |
|
49 | 49 | from rhodecode.lib.auth_ldap import AuthLdap |
|
50 | 50 | |
|
51 | 51 | from rhodecode.model import meta |
|
52 | 52 | from rhodecode.model.user import UserModel |
|
53 | 53 | from rhodecode.model.db import Permission, RhodeCodeSetting, User |
|
54 | 54 | |
|
55 | 55 | log = logging.getLogger(__name__) |
|
56 | 56 | |
|
57 | 57 | |
|
58 | 58 | class PasswordGenerator(object): |
|
59 | 59 | """ |
|
60 | 60 | This is a simple class for generating password from different sets of |
|
61 | 61 | characters |
|
62 | 62 | usage:: |
|
63 | 63 | |
|
64 | 64 | passwd_gen = PasswordGenerator() |
|
65 | 65 | #print 8-letter password containing only big and small letters |
|
66 | 66 | of alphabet |
|
67 | 67 | print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL) |
|
68 | 68 | """ |
|
69 | 69 | ALPHABETS_NUM = r'''1234567890''' |
|
70 | 70 | ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm''' |
|
71 | 71 | ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM''' |
|
72 | 72 | ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' |
|
73 | 73 | ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \ |
|
74 | 74 | + ALPHABETS_NUM + ALPHABETS_SPECIAL |
|
75 | 75 | ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM |
|
76 | 76 | ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL |
|
77 | 77 | ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM |
|
78 | 78 | ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM |
|
79 | 79 | |
|
80 | 80 | def __init__(self, passwd=''): |
|
81 | 81 | self.passwd = passwd |
|
82 | 82 | |
|
83 | 83 | def gen_password(self, len, type): |
|
84 | 84 | self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) |
|
85 | 85 | return self.passwd |
|
86 | 86 | |
|
87 | 87 | |
|
88 | 88 | class RhodeCodeCrypto(object): |
|
89 | 89 | |
|
90 | 90 | @classmethod |
|
91 | 91 | def hash_string(cls, str_): |
|
92 | 92 | """ |
|
93 | 93 | Cryptographic function used for password hashing based on pybcrypt |
|
94 | 94 | or pycrypto in windows |
|
95 | 95 | |
|
96 | 96 | :param password: password to hash |
|
97 | 97 | """ |
|
98 | 98 | if __platform__ in PLATFORM_WIN: |
|
99 | 99 | return sha256(str_).hexdigest() |
|
100 | 100 | elif __platform__ in PLATFORM_OTHERS: |
|
101 | 101 | return bcrypt.hashpw(str_, bcrypt.gensalt(10)) |
|
102 | 102 | else: |
|
103 | 103 | raise Exception('Unknown or unsupported platform %s' \ |
|
104 | 104 | % __platform__) |
|
105 | 105 | |
|
106 | 106 | @classmethod |
|
107 | 107 | def hash_check(cls, password, hashed): |
|
108 | 108 | """ |
|
109 | 109 | Checks matching password with it's hashed value, runs different |
|
110 | 110 | implementation based on platform it runs on |
|
111 | 111 | |
|
112 | 112 | :param password: password |
|
113 | 113 | :param hashed: password in hashed form |
|
114 | 114 | """ |
|
115 | 115 | |
|
116 | 116 | if __platform__ in PLATFORM_WIN: |
|
117 | 117 | return sha256(password).hexdigest() == hashed |
|
118 | 118 | elif __platform__ in PLATFORM_OTHERS: |
|
119 | 119 | return bcrypt.hashpw(password, hashed) == hashed |
|
120 | 120 | else: |
|
121 | 121 | raise Exception('Unknown or unsupported platform %s' \ |
|
122 | 122 | % __platform__) |
|
123 | 123 | |
|
124 | 124 | |
|
125 | 125 | def get_crypt_password(password): |
|
126 | 126 | return RhodeCodeCrypto.hash_string(password) |
|
127 | 127 | |
|
128 | 128 | |
|
129 | 129 | def check_password(password, hashed): |
|
130 | 130 | return RhodeCodeCrypto.hash_check(password, hashed) |
|
131 | 131 | |
|
132 | ||
|
132 | 133 | def generate_api_key(str_, salt=None): |
|
133 | 134 | """ |
|
134 | 135 | Generates API KEY from given string |
|
135 | 136 | |
|
136 | 137 | :param str_: |
|
137 | 138 | :param salt: |
|
138 | 139 | """ |
|
139 | 140 | |
|
140 | 141 | if salt is None: |
|
141 | 142 | salt = _RandomNameSequence().next() |
|
142 | 143 | |
|
143 | 144 | return hashlib.sha1(str_ + salt).hexdigest() |
|
144 | 145 | |
|
145 | 146 | |
|
146 | 147 | def authfunc(environ, username, password): |
|
147 | 148 | """ |
|
148 | 149 | Dummy authentication wrapper function used in Mercurial and Git for |
|
149 | 150 | access control. |
|
150 | 151 | |
|
151 | 152 | :param environ: needed only for using in Basic auth |
|
152 | 153 | """ |
|
153 | 154 | return authenticate(username, password) |
|
154 | 155 | |
|
155 | 156 | |
|
156 | 157 | def authenticate(username, password): |
|
157 | 158 | """ |
|
158 | 159 | Authentication function used for access control, |
|
159 | 160 | firstly checks for db authentication then if ldap is enabled for ldap |
|
160 | 161 | authentication, also creates ldap user if not in database |
|
161 | 162 | |
|
162 | 163 | :param username: username |
|
163 | 164 | :param password: password |
|
164 | 165 | """ |
|
165 | 166 | |
|
166 | 167 | user_model = UserModel() |
|
167 | 168 | user = User.get_by_username(username) |
|
168 | 169 | |
|
169 | 170 | log.debug('Authenticating user using RhodeCode account') |
|
170 | 171 | if user is not None and not user.ldap_dn: |
|
171 | 172 | if user.active: |
|
172 | 173 | if user.username == 'default' and user.active: |
|
173 | 174 | log.info('user %s authenticated correctly as anonymous user', |
|
174 | 175 | username) |
|
175 | 176 | return True |
|
176 | 177 | |
|
177 | 178 | elif user.username == username and check_password(password, |
|
178 | 179 | user.password): |
|
179 | 180 | log.info('user %s authenticated correctly', username) |
|
180 | 181 | return True |
|
181 | 182 | else: |
|
182 | 183 | log.warning('user %s is disabled', username) |
|
183 | 184 | |
|
184 | 185 | else: |
|
185 | 186 | log.debug('Regular authentication failed') |
|
186 | 187 | user_obj = User.get_by_username(username, case_insensitive=True) |
|
187 | 188 | |
|
188 | 189 | if user_obj is not None and not user_obj.ldap_dn: |
|
189 | 190 | log.debug('this user already exists as non ldap') |
|
190 | 191 | return False |
|
191 | 192 | |
|
192 | 193 | ldap_settings = RhodeCodeSetting.get_ldap_settings() |
|
193 | 194 | #====================================================================== |
|
194 | 195 | # FALLBACK TO LDAP AUTH IF ENABLE |
|
195 | 196 | #====================================================================== |
|
196 | 197 | if str2bool(ldap_settings.get('ldap_active')): |
|
197 | 198 | log.debug("Authenticating user using ldap") |
|
198 | 199 | kwargs = { |
|
199 | 200 | 'server': ldap_settings.get('ldap_host', ''), |
|
200 | 201 | 'base_dn': ldap_settings.get('ldap_base_dn', ''), |
|
201 | 202 | 'port': ldap_settings.get('ldap_port'), |
|
202 | 203 | 'bind_dn': ldap_settings.get('ldap_dn_user'), |
|
203 | 204 | 'bind_pass': ldap_settings.get('ldap_dn_pass'), |
|
204 | 205 | 'tls_kind': ldap_settings.get('ldap_tls_kind'), |
|
205 | 206 | 'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'), |
|
206 | 207 | 'ldap_filter': ldap_settings.get('ldap_filter'), |
|
207 | 208 | 'search_scope': ldap_settings.get('ldap_search_scope'), |
|
208 | 209 | 'attr_login': ldap_settings.get('ldap_attr_login'), |
|
209 | 210 | 'ldap_version': 3, |
|
210 | 211 | } |
|
211 | 212 | log.debug('Checking for ldap authentication') |
|
212 | 213 | try: |
|
213 | 214 | aldap = AuthLdap(**kwargs) |
|
214 | 215 | (user_dn, ldap_attrs) = aldap.authenticate_ldap(username, |
|
215 | 216 | password) |
|
216 | 217 | log.debug('Got ldap DN response %s', user_dn) |
|
217 | 218 | |
|
218 | 219 | get_ldap_attr = lambda k: ldap_attrs.get(ldap_settings\ |
|
219 | 220 | .get(k), [''])[0] |
|
220 | 221 | |
|
221 | 222 | user_attrs = { |
|
222 | 223 | 'name': safe_unicode(get_ldap_attr('ldap_attr_firstname')), |
|
223 | 224 | 'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')), |
|
224 | 225 | 'email': get_ldap_attr('ldap_attr_email'), |
|
225 | 226 | } |
|
226 | 227 | |
|
227 | 228 | if user_model.create_ldap(username, password, user_dn, |
|
228 | 229 | user_attrs): |
|
229 | 230 | log.info('created new ldap user %s', username) |
|
230 | 231 | |
|
231 | 232 | Session.commit() |
|
232 | 233 | return True |
|
233 | 234 | except (LdapUsernameError, LdapPasswordError,): |
|
234 | 235 | pass |
|
235 | 236 | except (Exception,): |
|
236 | 237 | log.error(traceback.format_exc()) |
|
237 | 238 | pass |
|
238 | 239 | return False |
|
239 | 240 | |
|
241 | ||
|
240 | 242 | def login_container_auth(username): |
|
241 | 243 | user = User.get_by_username(username) |
|
242 | 244 | if user is None: |
|
243 | 245 | user_attrs = { |
|
244 | 246 | 'name': username, |
|
245 | 247 | 'lastname': None, |
|
246 | 248 | 'email': None, |
|
247 | 249 | } |
|
248 | 250 | user = UserModel().create_for_container_auth(username, user_attrs) |
|
249 | 251 | if not user: |
|
250 | 252 | return None |
|
251 | 253 | log.info('User %s was created by container authentication', username) |
|
252 | 254 | |
|
253 | 255 | if not user.active: |
|
254 | 256 | return None |
|
255 | 257 | |
|
256 | 258 | user.update_lastlogin() |
|
257 | 259 | Session.commit() |
|
258 | 260 | |
|
259 | 261 | log.debug('User %s is now logged in by container authentication', |
|
260 | 262 | user.username) |
|
261 | 263 | return user |
|
262 | 264 | |
|
265 | ||
|
263 | 266 | def get_container_username(environ, config): |
|
264 | 267 | username = None |
|
265 | 268 | |
|
266 | 269 | if str2bool(config.get('container_auth_enabled', False)): |
|
267 | 270 | from paste.httpheaders import REMOTE_USER |
|
268 | 271 | username = REMOTE_USER(environ) |
|
269 | 272 | |
|
270 | 273 | if not username and str2bool(config.get('proxypass_auth_enabled', False)): |
|
271 | 274 | username = environ.get('HTTP_X_FORWARDED_USER') |
|
272 | 275 | |
|
273 | 276 | if username: |
|
274 | 277 | # Removing realm and domain from username |
|
275 | 278 | username = username.partition('@')[0] |
|
276 | 279 | username = username.rpartition('\\')[2] |
|
277 | 280 | log.debug('Received username %s from container', username) |
|
278 | 281 | |
|
279 | 282 | return username |
|
280 | 283 | |
|
284 | ||
|
281 | 285 | class AuthUser(object): |
|
282 | 286 | """ |
|
283 | 287 | A simple object that handles all attributes of user in RhodeCode |
|
284 | 288 | |
|
285 | 289 | It does lookup based on API key,given user, or user present in session |
|
286 | 290 | Then it fills all required information for such user. It also checks if |
|
287 | 291 | anonymous access is enabled and if so, it returns default user as logged |
|
288 | 292 | in |
|
289 | 293 | """ |
|
290 | 294 | |
|
291 | 295 | def __init__(self, user_id=None, api_key=None, username=None): |
|
292 | 296 | |
|
293 | 297 | self.user_id = user_id |
|
294 | 298 | self.api_key = None |
|
295 | 299 | self.username = username |
|
296 | 300 | |
|
297 | 301 | self.name = '' |
|
298 | 302 | self.lastname = '' |
|
299 | 303 | self.email = '' |
|
300 | 304 | self.is_authenticated = False |
|
301 | 305 | self.admin = False |
|
302 | 306 | self.permissions = {} |
|
303 | 307 | self._api_key = api_key |
|
304 | 308 | self.propagate_data() |
|
309 | self._instance = None | |
|
305 | 310 | |
|
306 | 311 | def propagate_data(self): |
|
307 | 312 | user_model = UserModel() |
|
308 | 313 | self.anonymous_user = User.get_by_username('default', cache=True) |
|
309 | 314 | is_user_loaded = False |
|
310 | 315 | |
|
311 | 316 | # try go get user by api key |
|
312 | 317 | if self._api_key and self._api_key != self.anonymous_user.api_key: |
|
313 | 318 | log.debug('Auth User lookup by API KEY %s', self._api_key) |
|
314 | 319 | is_user_loaded = user_model.fill_data(self, api_key=self._api_key) |
|
315 | 320 | # lookup by userid |
|
316 | 321 | elif (self.user_id is not None and |
|
317 | 322 | self.user_id != self.anonymous_user.user_id): |
|
318 | 323 | log.debug('Auth User lookup by USER ID %s', self.user_id) |
|
319 | 324 | is_user_loaded = user_model.fill_data(self, user_id=self.user_id) |
|
320 | 325 | # lookup by username |
|
321 | 326 | elif self.username and \ |
|
322 | 327 | str2bool(config.get('container_auth_enabled', False)): |
|
323 | 328 | |
|
324 | 329 | log.debug('Auth User lookup by USER NAME %s', self.username) |
|
325 | 330 | dbuser = login_container_auth(self.username) |
|
326 | 331 | if dbuser is not None: |
|
327 | 332 | for k, v in dbuser.get_dict().items(): |
|
328 | 333 | setattr(self, k, v) |
|
329 | 334 | self.set_authenticated() |
|
330 | 335 | is_user_loaded = True |
|
331 | 336 | |
|
332 | 337 | if not is_user_loaded: |
|
333 | 338 | # if we cannot authenticate user try anonymous |
|
334 | 339 | if self.anonymous_user.active is True: |
|
335 | 340 | user_model.fill_data(self, user_id=self.anonymous_user.user_id) |
|
336 | 341 | # then we set this user is logged in |
|
337 | 342 | self.is_authenticated = True |
|
338 | 343 | else: |
|
339 | 344 | self.user_id = None |
|
340 | 345 | self.username = None |
|
341 | 346 | self.is_authenticated = False |
|
342 | 347 | |
|
343 | 348 | if not self.username: |
|
344 | 349 | self.username = 'None' |
|
345 | 350 | |
|
346 | 351 | log.debug('Auth User is now %s', self) |
|
347 | 352 | user_model.fill_perms(self) |
|
348 | 353 | |
|
349 | 354 | @property |
|
350 | 355 | def is_admin(self): |
|
351 | 356 | return self.admin |
|
352 | 357 | |
|
353 | @property | |
|
354 | def full_contact(self): | |
|
355 | return '%s %s <%s>' % (self.name, self.lastname, self.email) | |
|
356 | ||
|
357 | 358 | def __repr__(self): |
|
358 | 359 | return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username, |
|
359 | 360 | self.is_authenticated) |
|
360 | 361 | |
|
361 | 362 | def set_authenticated(self, authenticated=True): |
|
362 | 363 | if self.user_id != self.anonymous_user.user_id: |
|
363 | 364 | self.is_authenticated = authenticated |
|
364 | 365 | |
|
365 | 366 | def get_cookie_store(self): |
|
366 | return {'username':self.username, | |
|
367 | return {'username': self.username, | |
|
367 | 368 | 'user_id': self.user_id, |
|
368 | 'is_authenticated':self.is_authenticated} | |
|
369 | 'is_authenticated': self.is_authenticated} | |
|
369 | 370 | |
|
370 | 371 | @classmethod |
|
371 | 372 | def from_cookie_store(cls, cookie_store): |
|
372 | 373 | user_id = cookie_store.get('user_id') |
|
373 | 374 | username = cookie_store.get('username') |
|
374 | 375 | api_key = cookie_store.get('api_key') |
|
375 | 376 | return AuthUser(user_id, api_key, username) |
|
376 | 377 | |
|
378 | ||
|
377 | 379 | def set_available_permissions(config): |
|
378 | 380 | """ |
|
379 | 381 | This function will propagate pylons globals with all available defined |
|
380 | 382 | permission given in db. We don't want to check each time from db for new |
|
381 | 383 | permissions since adding a new permission also requires application restart |
|
382 | 384 | ie. to decorate new views with the newly created permission |
|
383 | 385 | |
|
384 | 386 | :param config: current pylons config instance |
|
385 | 387 | |
|
386 | 388 | """ |
|
387 | 389 | log.info('getting information about all available permissions') |
|
388 | 390 | try: |
|
389 | 391 | sa = meta.Session |
|
390 | 392 | all_perms = sa.query(Permission).all() |
|
391 | except: | |
|
393 | except Exception: | |
|
392 | 394 | pass |
|
393 | 395 | finally: |
|
394 | 396 | meta.Session.remove() |
|
395 | 397 | |
|
396 | 398 | config['available_permissions'] = [x.permission_name for x in all_perms] |
|
397 | 399 | |
|
398 | 400 | |
|
399 | 401 | #============================================================================== |
|
400 | 402 | # CHECK DECORATORS |
|
401 | 403 | #============================================================================== |
|
402 | 404 | class LoginRequired(object): |
|
403 | 405 | """ |
|
404 | 406 | Must be logged in to execute this function else |
|
405 | 407 | redirect to login page |
|
406 | 408 | |
|
407 | 409 | :param api_access: if enabled this checks only for valid auth token |
|
408 | 410 | and grants access based on valid token |
|
409 | 411 | """ |
|
410 | 412 | |
|
411 | 413 | def __init__(self, api_access=False): |
|
412 | 414 | self.api_access = api_access |
|
413 | 415 | |
|
414 | 416 | def __call__(self, func): |
|
415 | 417 | return decorator(self.__wrapper, func) |
|
416 | 418 | |
|
417 | 419 | def __wrapper(self, func, *fargs, **fkwargs): |
|
418 | 420 | cls = fargs[0] |
|
419 | 421 | user = cls.rhodecode_user |
|
420 | 422 | |
|
421 | 423 | api_access_ok = False |
|
422 | 424 | if self.api_access: |
|
423 | 425 | log.debug('Checking API KEY access for %s', cls) |
|
424 | 426 | if user.api_key == request.GET.get('api_key'): |
|
425 | 427 | api_access_ok = True |
|
426 | 428 | else: |
|
427 | 429 | log.debug("API KEY token not valid") |
|
428 | 430 | |
|
429 | 431 | log.debug('Checking if %s is authenticated @ %s', user.username, cls) |
|
430 | 432 | if user.is_authenticated or api_access_ok: |
|
431 | 433 | log.debug('user %s is authenticated', user.username) |
|
432 | 434 | return func(*fargs, **fkwargs) |
|
433 | 435 | else: |
|
434 | 436 | log.warn('user %s NOT authenticated', user.username) |
|
435 | 437 | p = url.current() |
|
436 | 438 | |
|
437 | 439 | log.debug('redirecting to login page with %s', p) |
|
438 | 440 | return redirect(url('login_home', came_from=p)) |
|
439 | 441 | |
|
440 | 442 | |
|
441 | 443 | class NotAnonymous(object): |
|
442 | 444 | """ |
|
443 | 445 | Must be logged in to execute this function else |
|
444 | 446 | redirect to login page""" |
|
445 | 447 | |
|
446 | 448 | def __call__(self, func): |
|
447 | 449 | return decorator(self.__wrapper, func) |
|
448 | 450 | |
|
449 | 451 | def __wrapper(self, func, *fargs, **fkwargs): |
|
450 | 452 | cls = fargs[0] |
|
451 | 453 | self.user = cls.rhodecode_user |
|
452 | 454 | |
|
453 | 455 | log.debug('Checking if user is not anonymous @%s', cls) |
|
454 | 456 | |
|
455 | 457 | anonymous = self.user.username == 'default' |
|
456 | 458 | |
|
457 | 459 | if anonymous: |
|
458 | 460 | p = url.current() |
|
459 | 461 | |
|
460 | 462 | import rhodecode.lib.helpers as h |
|
461 | 463 | h.flash(_('You need to be a registered user to ' |
|
462 | 464 | 'perform this action'), |
|
463 | 465 | category='warning') |
|
464 | 466 | return redirect(url('login_home', came_from=p)) |
|
465 | 467 | else: |
|
466 | 468 | return func(*fargs, **fkwargs) |
|
467 | 469 | |
|
468 | 470 | |
|
469 | 471 | class PermsDecorator(object): |
|
470 | 472 | """Base class for controller decorators""" |
|
471 | 473 | |
|
472 | 474 | def __init__(self, *required_perms): |
|
473 | 475 | available_perms = config['available_permissions'] |
|
474 | 476 | for perm in required_perms: |
|
475 | 477 | if perm not in available_perms: |
|
476 | 478 | raise Exception("'%s' permission is not defined" % perm) |
|
477 | 479 | self.required_perms = set(required_perms) |
|
478 | 480 | self.user_perms = None |
|
479 | 481 | |
|
480 | 482 | def __call__(self, func): |
|
481 | 483 | return decorator(self.__wrapper, func) |
|
482 | 484 | |
|
483 | 485 | def __wrapper(self, func, *fargs, **fkwargs): |
|
484 | 486 | cls = fargs[0] |
|
485 | 487 | self.user = cls.rhodecode_user |
|
486 | 488 | self.user_perms = self.user.permissions |
|
487 | 489 | log.debug('checking %s permissions %s for %s %s', |
|
488 | 490 | self.__class__.__name__, self.required_perms, cls, |
|
489 | 491 | self.user) |
|
490 | 492 | |
|
491 | 493 | if self.check_permissions(): |
|
492 | 494 | log.debug('Permission granted for %s %s', cls, self.user) |
|
493 | 495 | return func(*fargs, **fkwargs) |
|
494 | 496 | |
|
495 | 497 | else: |
|
496 | 498 | log.warning('Permission denied for %s %s', cls, self.user) |
|
497 | 499 | anonymous = self.user.username == 'default' |
|
498 | 500 | |
|
499 | 501 | if anonymous: |
|
500 | 502 | p = url.current() |
|
501 | 503 | |
|
502 | 504 | import rhodecode.lib.helpers as h |
|
503 | 505 | h.flash(_('You need to be a signed in to ' |
|
504 | 506 | 'view this page'), |
|
505 | 507 | category='warning') |
|
506 | 508 | return redirect(url('login_home', came_from=p)) |
|
507 | 509 | |
|
508 | 510 | else: |
|
509 | 511 | # redirect with forbidden ret code |
|
510 | 512 | return abort(403) |
|
511 | 513 | |
|
512 | 514 | def check_permissions(self): |
|
513 | 515 | """Dummy function for overriding""" |
|
514 | 516 | raise Exception('You have to write this function in child class') |
|
515 | 517 | |
|
516 | 518 | |
|
517 | 519 | class HasPermissionAllDecorator(PermsDecorator): |
|
518 | 520 | """ |
|
519 | 521 | Checks for access permission for all given predicates. All of them |
|
520 | 522 | have to be meet in order to fulfill the request |
|
521 | 523 | """ |
|
522 | 524 | |
|
523 | 525 | def check_permissions(self): |
|
524 | 526 | if self.required_perms.issubset(self.user_perms.get('global')): |
|
525 | 527 | return True |
|
526 | 528 | return False |
|
527 | 529 | |
|
528 | 530 | |
|
529 | 531 | class HasPermissionAnyDecorator(PermsDecorator): |
|
530 | 532 | """ |
|
531 | 533 | Checks for access permission for any of given predicates. In order to |
|
532 | 534 | fulfill the request any of predicates must be meet |
|
533 | 535 | """ |
|
534 | 536 | |
|
535 | 537 | def check_permissions(self): |
|
536 | 538 | if self.required_perms.intersection(self.user_perms.get('global')): |
|
537 | 539 | return True |
|
538 | 540 | return False |
|
539 | 541 | |
|
540 | 542 | |
|
541 | 543 | class HasRepoPermissionAllDecorator(PermsDecorator): |
|
542 | 544 | """ |
|
543 | 545 | Checks for access permission for all given predicates for specific |
|
544 | 546 | repository. All of them have to be meet in order to fulfill the request |
|
545 | 547 | """ |
|
546 | 548 | |
|
547 | 549 | def check_permissions(self): |
|
548 | 550 | repo_name = get_repo_slug(request) |
|
549 | 551 | try: |
|
550 | 552 | user_perms = set([self.user_perms['repositories'][repo_name]]) |
|
551 | 553 | except KeyError: |
|
552 | 554 | return False |
|
553 | 555 | if self.required_perms.issubset(user_perms): |
|
554 | 556 | return True |
|
555 | 557 | return False |
|
556 | 558 | |
|
557 | 559 | |
|
558 | 560 | class HasRepoPermissionAnyDecorator(PermsDecorator): |
|
559 | 561 | """ |
|
560 | 562 | Checks for access permission for any of given predicates for specific |
|
561 | 563 | repository. In order to fulfill the request any of predicates must be meet |
|
562 | 564 | """ |
|
563 | 565 | |
|
564 | 566 | def check_permissions(self): |
|
565 | 567 | repo_name = get_repo_slug(request) |
|
566 | 568 | |
|
567 | 569 | try: |
|
568 | 570 | user_perms = set([self.user_perms['repositories'][repo_name]]) |
|
569 | 571 | except KeyError: |
|
570 | 572 | return False |
|
571 | 573 | if self.required_perms.intersection(user_perms): |
|
572 | 574 | return True |
|
573 | 575 | return False |
|
574 | 576 | |
|
575 | 577 | |
|
576 | 578 | #============================================================================== |
|
577 | 579 | # CHECK FUNCTIONS |
|
578 | 580 | #============================================================================== |
|
579 | 581 | class PermsFunction(object): |
|
580 | 582 | """Base function for other check functions""" |
|
581 | 583 | |
|
582 | 584 | def __init__(self, *perms): |
|
583 | 585 | available_perms = config['available_permissions'] |
|
584 | 586 | |
|
585 | 587 | for perm in perms: |
|
586 | 588 | if perm not in available_perms: |
|
587 | 589 | raise Exception("'%s' permission in not defined" % perm) |
|
588 | 590 | self.required_perms = set(perms) |
|
589 | 591 | self.user_perms = None |
|
590 | 592 | self.granted_for = '' |
|
591 | 593 | self.repo_name = None |
|
592 | 594 | |
|
593 | 595 | def __call__(self, check_Location=''): |
|
594 | 596 | user = request.user |
|
595 | 597 | if not user: |
|
596 | 598 | return False |
|
597 | 599 | self.user_perms = user.permissions |
|
598 | 600 | self.granted_for = user |
|
599 | 601 | log.debug('checking %s %s %s', self.__class__.__name__, |
|
600 | 602 | self.required_perms, user) |
|
601 | 603 | |
|
602 | 604 | if self.check_permissions(): |
|
603 | 605 | log.debug('Permission granted %s @ %s', self.granted_for, |
|
604 | 606 | check_Location or 'unspecified location') |
|
605 | 607 | return True |
|
606 | 608 | |
|
607 | 609 | else: |
|
608 | 610 | log.warning('Permission denied for %s @ %s', self.granted_for, |
|
609 | 611 | check_Location or 'unspecified location') |
|
610 | 612 | return False |
|
611 | 613 | |
|
612 | 614 | def check_permissions(self): |
|
613 | 615 | """Dummy function for overriding""" |
|
614 | 616 | raise Exception('You have to write this function in child class') |
|
615 | 617 | |
|
616 | 618 | |
|
617 | 619 | class HasPermissionAll(PermsFunction): |
|
618 | 620 | def check_permissions(self): |
|
619 | 621 | if self.required_perms.issubset(self.user_perms.get('global')): |
|
620 | 622 | return True |
|
621 | 623 | return False |
|
622 | 624 | |
|
623 | 625 | |
|
624 | 626 | class HasPermissionAny(PermsFunction): |
|
625 | 627 | def check_permissions(self): |
|
626 | 628 | if self.required_perms.intersection(self.user_perms.get('global')): |
|
627 | 629 | return True |
|
628 | 630 | return False |
|
629 | 631 | |
|
630 | 632 | |
|
631 | 633 | class HasRepoPermissionAll(PermsFunction): |
|
632 | 634 | |
|
633 | 635 | def __call__(self, repo_name=None, check_Location=''): |
|
634 | 636 | self.repo_name = repo_name |
|
635 | 637 | return super(HasRepoPermissionAll, self).__call__(check_Location) |
|
636 | 638 | |
|
637 | 639 | def check_permissions(self): |
|
638 | 640 | if not self.repo_name: |
|
639 | 641 | self.repo_name = get_repo_slug(request) |
|
640 | 642 | |
|
641 | 643 | try: |
|
642 | 644 | self.user_perms = set([self.user_perms['reposit' |
|
643 | 645 | 'ories'][self.repo_name]]) |
|
644 | 646 | except KeyError: |
|
645 | 647 | return False |
|
646 | 648 | self.granted_for = self.repo_name |
|
647 | 649 | if self.required_perms.issubset(self.user_perms): |
|
648 | 650 | return True |
|
649 | 651 | return False |
|
650 | 652 | |
|
651 | 653 | |
|
652 | 654 | class HasRepoPermissionAny(PermsFunction): |
|
653 | 655 | |
|
654 | 656 | def __call__(self, repo_name=None, check_Location=''): |
|
655 | 657 | self.repo_name = repo_name |
|
656 | 658 | return super(HasRepoPermissionAny, self).__call__(check_Location) |
|
657 | 659 | |
|
658 | 660 | def check_permissions(self): |
|
659 | 661 | if not self.repo_name: |
|
660 | 662 | self.repo_name = get_repo_slug(request) |
|
661 | 663 | |
|
662 | 664 | try: |
|
663 | 665 | self.user_perms = set([self.user_perms['reposi' |
|
664 | 666 | 'tories'][self.repo_name]]) |
|
665 | 667 | except KeyError: |
|
666 | 668 | return False |
|
667 | 669 | self.granted_for = self.repo_name |
|
668 | 670 | if self.required_perms.intersection(self.user_perms): |
|
669 | 671 | return True |
|
670 | 672 | return False |
|
671 | 673 | |
|
672 | 674 | |
|
673 | 675 | #============================================================================== |
|
674 | 676 | # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH |
|
675 | 677 | #============================================================================== |
|
676 | 678 | class HasPermissionAnyMiddleware(object): |
|
677 | 679 | def __init__(self, *perms): |
|
678 | 680 | self.required_perms = set(perms) |
|
679 | 681 | |
|
680 | 682 | def __call__(self, user, repo_name): |
|
681 | 683 | usr = AuthUser(user.user_id) |
|
682 | 684 | try: |
|
683 | 685 | self.user_perms = set([usr.permissions['repositories'][repo_name]]) |
|
684 | 686 | except: |
|
685 | 687 | self.user_perms = set() |
|
686 | 688 | self.granted_for = '' |
|
687 | 689 | self.username = user.username |
|
688 | 690 | self.repo_name = repo_name |
|
689 | 691 | return self.check_permissions() |
|
690 | 692 | |
|
691 | 693 | def check_permissions(self): |
|
692 | 694 | log.debug('checking mercurial protocol ' |
|
693 | 695 | 'permissions %s for user:%s repository:%s', self.user_perms, |
|
694 | 696 | self.username, self.repo_name) |
|
695 | 697 | if self.required_perms.intersection(self.user_perms): |
|
696 | 698 | log.debug('permission granted') |
|
697 | 699 | return True |
|
698 | 700 | log.debug('permission denied') |
|
699 | 701 | return False |
@@ -1,1136 +1,1146 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | """ |
|
3 | 3 | rhodecode.model.db |
|
4 | 4 | ~~~~~~~~~~~~~~~~~~ |
|
5 | 5 | |
|
6 | 6 | Database Models for RhodeCode |
|
7 | 7 | |
|
8 | 8 | :created_on: Apr 08, 2010 |
|
9 | 9 | :author: marcink |
|
10 | 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
11 | 11 | :license: GPLv3, see COPYING for more details. |
|
12 | 12 | """ |
|
13 | 13 | # This program is free software: you can redistribute it and/or modify |
|
14 | 14 | # it under the terms of the GNU General Public License as published by |
|
15 | 15 | # the Free Software Foundation, either version 3 of the License, or |
|
16 | 16 | # (at your option) any later version. |
|
17 | 17 | # |
|
18 | 18 | # This program is distributed in the hope that it will be useful, |
|
19 | 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
20 | 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
21 | 21 | # GNU General Public License for more details. |
|
22 | 22 | # |
|
23 | 23 | # You should have received a copy of the GNU General Public License |
|
24 | 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
25 | 25 | |
|
26 | 26 | import os |
|
27 | 27 | import logging |
|
28 | 28 | import datetime |
|
29 | 29 | import traceback |
|
30 | 30 | from collections import defaultdict |
|
31 | 31 | |
|
32 | 32 | from sqlalchemy import * |
|
33 | 33 | from sqlalchemy.ext.hybrid import hybrid_property |
|
34 | 34 | from sqlalchemy.orm import relationship, joinedload, class_mapper, validates |
|
35 | 35 | from beaker.cache import cache_region, region_invalidate |
|
36 | 36 | |
|
37 | 37 | from vcs import get_backend |
|
38 | 38 | from vcs.utils.helpers import get_scm |
|
39 | 39 | from vcs.exceptions import VCSError |
|
40 | 40 | from vcs.utils.lazy import LazyProperty |
|
41 | 41 | |
|
42 | 42 | from rhodecode.lib import str2bool, safe_str, get_changeset_safe, safe_unicode |
|
43 | 43 | from rhodecode.lib.exceptions import UsersGroupsAssignedException |
|
44 | 44 | from rhodecode.lib.compat import json |
|
45 | 45 | from rhodecode.lib.caching_query import FromCache |
|
46 | 46 | |
|
47 | 47 | from rhodecode.model.meta import Base, Session |
|
48 | 48 | |
|
49 | 49 | log = logging.getLogger(__name__) |
|
50 | 50 | |
|
51 | 51 | #============================================================================== |
|
52 | 52 | # BASE CLASSES |
|
53 | 53 | #============================================================================== |
|
54 | 54 | |
|
55 | 55 | |
|
56 | 56 | class ModelSerializer(json.JSONEncoder): |
|
57 | 57 | """ |
|
58 | 58 | Simple Serializer for JSON, |
|
59 | 59 | |
|
60 | 60 | usage:: |
|
61 | 61 | |
|
62 | 62 | to make object customized for serialization implement a __json__ |
|
63 | 63 | method that will return a dict for serialization into json |
|
64 | 64 | |
|
65 | 65 | example:: |
|
66 | 66 | |
|
67 | 67 | class Task(object): |
|
68 | 68 | |
|
69 | 69 | def __init__(self, name, value): |
|
70 | 70 | self.name = name |
|
71 | 71 | self.value = value |
|
72 | 72 | |
|
73 | 73 | def __json__(self): |
|
74 | 74 | return dict(name=self.name, |
|
75 | 75 | value=self.value) |
|
76 | 76 | |
|
77 | 77 | """ |
|
78 | 78 | |
|
79 | 79 | def default(self, obj): |
|
80 | 80 | |
|
81 | 81 | if hasattr(obj, '__json__'): |
|
82 | 82 | return obj.__json__() |
|
83 | 83 | else: |
|
84 | 84 | return json.JSONEncoder.default(self, obj) |
|
85 | 85 | |
|
86 | 86 | |
|
87 | 87 | class BaseModel(object): |
|
88 | 88 | """ |
|
89 | 89 | Base Model for all classess |
|
90 | 90 | """ |
|
91 | 91 | |
|
92 | 92 | @classmethod |
|
93 | 93 | def _get_keys(cls): |
|
94 | 94 | """return column names for this model """ |
|
95 | 95 | return class_mapper(cls).c.keys() |
|
96 | 96 | |
|
97 | 97 | def get_dict(self): |
|
98 | 98 | """ |
|
99 | 99 | return dict with keys and values corresponding |
|
100 | 100 | to this model data """ |
|
101 | 101 | |
|
102 | 102 | d = {} |
|
103 | 103 | for k in self._get_keys(): |
|
104 | 104 | d[k] = getattr(self, k) |
|
105 | 105 | |
|
106 | 106 | # also use __json__() if present to get additional fields |
|
107 | 107 | for k, val in getattr(self, '__json__', lambda: {})().iteritems(): |
|
108 | 108 | d[k] = val |
|
109 | 109 | return d |
|
110 | 110 | |
|
111 | 111 | def get_appstruct(self): |
|
112 | 112 | """return list with keys and values tupples corresponding |
|
113 | 113 | to this model data """ |
|
114 | 114 | |
|
115 | 115 | l = [] |
|
116 | 116 | for k in self._get_keys(): |
|
117 | 117 | l.append((k, getattr(self, k),)) |
|
118 | 118 | return l |
|
119 | 119 | |
|
120 | 120 | def populate_obj(self, populate_dict): |
|
121 | 121 | """populate model with data from given populate_dict""" |
|
122 | 122 | |
|
123 | 123 | for k in self._get_keys(): |
|
124 | 124 | if k in populate_dict: |
|
125 | 125 | setattr(self, k, populate_dict[k]) |
|
126 | 126 | |
|
127 | 127 | @classmethod |
|
128 | 128 | def query(cls): |
|
129 | 129 | return Session.query(cls) |
|
130 | 130 | |
|
131 | 131 | @classmethod |
|
132 | 132 | def get(cls, id_): |
|
133 | 133 | if id_: |
|
134 | 134 | return cls.query().get(id_) |
|
135 | 135 | |
|
136 | 136 | @classmethod |
|
137 | 137 | def getAll(cls): |
|
138 | 138 | return cls.query().all() |
|
139 | 139 | |
|
140 | 140 | @classmethod |
|
141 | 141 | def delete(cls, id_): |
|
142 | 142 | obj = cls.query().get(id_) |
|
143 | 143 | Session.delete(obj) |
|
144 | 144 | |
|
145 | 145 | |
|
146 | 146 | class RhodeCodeSetting(Base, BaseModel): |
|
147 | 147 | __tablename__ = 'rhodecode_settings' |
|
148 | 148 | __table_args__ = (UniqueConstraint('app_settings_name'), {'extend_existing': True}) |
|
149 | 149 | app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
150 | 150 | app_settings_name = Column("app_settings_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
151 | 151 | _app_settings_value = Column("app_settings_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
152 | 152 | |
|
153 | 153 | def __init__(self, k='', v=''): |
|
154 | 154 | self.app_settings_name = k |
|
155 | 155 | self.app_settings_value = v |
|
156 | 156 | |
|
157 | 157 | |
|
158 | 158 | @validates('_app_settings_value') |
|
159 | 159 | def validate_settings_value(self, key, val): |
|
160 | 160 | assert type(val) == unicode |
|
161 | 161 | return val |
|
162 | 162 | |
|
163 | 163 | @hybrid_property |
|
164 | 164 | def app_settings_value(self): |
|
165 | 165 | v = self._app_settings_value |
|
166 | 166 | if v == 'ldap_active': |
|
167 | 167 | v = str2bool(v) |
|
168 | 168 | return v |
|
169 | 169 | |
|
170 | 170 | @app_settings_value.setter |
|
171 | 171 | def app_settings_value(self, val): |
|
172 | 172 | """ |
|
173 | 173 | Setter that will always make sure we use unicode in app_settings_value |
|
174 | 174 | |
|
175 | 175 | :param val: |
|
176 | 176 | """ |
|
177 | 177 | self._app_settings_value = safe_unicode(val) |
|
178 | 178 | |
|
179 | 179 | def __repr__(self): |
|
180 | 180 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
181 | 181 | self.app_settings_name, self.app_settings_value) |
|
182 | 182 | |
|
183 | 183 | @classmethod |
|
184 | 184 | def get_by_name(cls, ldap_key): |
|
185 | 185 | return cls.query()\ |
|
186 | 186 | .filter(cls.app_settings_name == ldap_key).scalar() |
|
187 | 187 | |
|
188 | 188 | @classmethod |
|
189 | 189 | def get_app_settings(cls, cache=False): |
|
190 | 190 | |
|
191 | 191 | ret = cls.query() |
|
192 | 192 | |
|
193 | 193 | if cache: |
|
194 | 194 | ret = ret.options(FromCache("sql_cache_short", "get_hg_settings")) |
|
195 | 195 | |
|
196 | 196 | if not ret: |
|
197 | 197 | raise Exception('Could not get application settings !') |
|
198 | 198 | settings = {} |
|
199 | 199 | for each in ret: |
|
200 | 200 | settings['rhodecode_' + each.app_settings_name] = \ |
|
201 | 201 | each.app_settings_value |
|
202 | 202 | |
|
203 | 203 | return settings |
|
204 | 204 | |
|
205 | 205 | @classmethod |
|
206 | 206 | def get_ldap_settings(cls, cache=False): |
|
207 | 207 | ret = cls.query()\ |
|
208 | 208 | .filter(cls.app_settings_name.startswith('ldap_')).all() |
|
209 | 209 | fd = {} |
|
210 | 210 | for row in ret: |
|
211 | 211 | fd.update({row.app_settings_name:row.app_settings_value}) |
|
212 | 212 | |
|
213 | 213 | return fd |
|
214 | 214 | |
|
215 | 215 | |
|
216 | 216 | class RhodeCodeUi(Base, BaseModel): |
|
217 | 217 | __tablename__ = 'rhodecode_ui' |
|
218 | 218 | __table_args__ = (UniqueConstraint('ui_key'), {'extend_existing': True}) |
|
219 | 219 | |
|
220 | 220 | HOOK_UPDATE = 'changegroup.update' |
|
221 | 221 | HOOK_REPO_SIZE = 'changegroup.repo_size' |
|
222 | 222 | HOOK_PUSH = 'pretxnchangegroup.push_logger' |
|
223 | 223 | HOOK_PULL = 'preoutgoing.pull_logger' |
|
224 | 224 | |
|
225 | 225 | ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
226 | 226 | ui_section = Column("ui_section", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
227 | 227 | ui_key = Column("ui_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
228 | 228 | ui_value = Column("ui_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
229 | 229 | ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True) |
|
230 | 230 | |
|
231 | 231 | @classmethod |
|
232 | 232 | def get_by_key(cls, key): |
|
233 | 233 | return cls.query().filter(cls.ui_key == key) |
|
234 | 234 | |
|
235 | 235 | @classmethod |
|
236 | 236 | def get_builtin_hooks(cls): |
|
237 | 237 | q = cls.query() |
|
238 | 238 | q = q.filter(cls.ui_key.in_([cls.HOOK_UPDATE, |
|
239 | 239 | cls.HOOK_REPO_SIZE, |
|
240 | 240 | cls.HOOK_PUSH, cls.HOOK_PULL])) |
|
241 | 241 | return q.all() |
|
242 | 242 | |
|
243 | 243 | @classmethod |
|
244 | 244 | def get_custom_hooks(cls): |
|
245 | 245 | q = cls.query() |
|
246 | 246 | q = q.filter(~cls.ui_key.in_([cls.HOOK_UPDATE, |
|
247 | 247 | cls.HOOK_REPO_SIZE, |
|
248 | 248 | cls.HOOK_PUSH, cls.HOOK_PULL])) |
|
249 | 249 | q = q.filter(cls.ui_section == 'hooks') |
|
250 | 250 | return q.all() |
|
251 | 251 | |
|
252 | 252 | @classmethod |
|
253 | 253 | def create_or_update_hook(cls, key, val): |
|
254 | 254 | new_ui = cls.get_by_key(key).scalar() or cls() |
|
255 | 255 | new_ui.ui_section = 'hooks' |
|
256 | 256 | new_ui.ui_active = True |
|
257 | 257 | new_ui.ui_key = key |
|
258 | 258 | new_ui.ui_value = val |
|
259 | 259 | |
|
260 | 260 | Session.add(new_ui) |
|
261 | 261 | |
|
262 | 262 | |
|
263 | 263 | class User(Base, BaseModel): |
|
264 | 264 | __tablename__ = 'users' |
|
265 | 265 | __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'extend_existing': True}) |
|
266 | 266 | user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
267 | 267 | username = Column("username", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
268 | 268 | password = Column("password", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
269 | 269 | active = Column("active", Boolean(), nullable=True, unique=None, default=None) |
|
270 | 270 | admin = Column("admin", Boolean(), nullable=True, unique=None, default=False) |
|
271 | 271 | name = Column("name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
272 | 272 | lastname = Column("lastname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
273 | 273 | _email = Column("email", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
274 | 274 | last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None) |
|
275 | 275 | ldap_dn = Column("ldap_dn", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
276 | 276 | api_key = Column("api_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
277 | 277 | |
|
278 | 278 | user_log = relationship('UserLog', cascade='all') |
|
279 | 279 | user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all') |
|
280 | 280 | |
|
281 | 281 | repositories = relationship('Repository') |
|
282 | 282 | user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all') |
|
283 | 283 | repo_to_perm = relationship('UserRepoToPerm', primaryjoin='UserRepoToPerm.user_id==User.user_id', cascade='all') |
|
284 | 284 | |
|
285 | 285 | group_member = relationship('UsersGroupMember', cascade='all') |
|
286 | 286 | |
|
287 | 287 | notifications = relationship('UserNotification',) |
|
288 | 288 | |
|
289 | 289 | @hybrid_property |
|
290 | 290 | def email(self): |
|
291 | 291 | return self._email |
|
292 | 292 | |
|
293 | 293 | @email.setter |
|
294 | 294 | def email(self, val): |
|
295 | 295 | self._email = val.lower() if val else None |
|
296 | 296 | |
|
297 | 297 | @property |
|
298 | 298 | def full_name(self): |
|
299 | 299 | return '%s %s' % (self.name, self.lastname) |
|
300 | 300 | |
|
301 | 301 | @property |
|
302 | def full_name_or_username(self): | |
|
303 | return ('%s %s' % (self.name, self.lastname) | |
|
304 | if (self.name and self.lastname) else self.username) | |
|
305 | ||
|
306 | @property | |
|
302 | 307 | def full_contact(self): |
|
303 | 308 | return '%s %s <%s>' % (self.name, self.lastname, self.email) |
|
304 | 309 | |
|
305 | 310 | @property |
|
306 | 311 | def short_contact(self): |
|
307 | 312 | return '%s %s' % (self.name, self.lastname) |
|
308 | 313 | |
|
309 | 314 | @property |
|
310 | 315 | def is_admin(self): |
|
311 | 316 | return self.admin |
|
312 | 317 | |
|
313 | 318 | def __repr__(self): |
|
314 | 319 | return "<%s('id:%s:%s')>" % (self.__class__.__name__, |
|
315 | 320 | self.user_id, self.username) |
|
316 | 321 | |
|
317 | 322 | @classmethod |
|
318 | 323 | def get_by_username(cls, username, case_insensitive=False, cache=False): |
|
319 | 324 | if case_insensitive: |
|
320 | 325 | q = cls.query().filter(cls.username.ilike(username)) |
|
321 | 326 | else: |
|
322 | 327 | q = cls.query().filter(cls.username == username) |
|
323 | 328 | |
|
324 | 329 | if cache: |
|
325 | 330 | q = q.options(FromCache("sql_cache_short", |
|
326 | 331 | "get_user_%s" % username)) |
|
327 | 332 | return q.scalar() |
|
328 | 333 | |
|
329 | 334 | @classmethod |
|
330 | 335 | def get_by_api_key(cls, api_key, cache=False): |
|
331 | 336 | q = cls.query().filter(cls.api_key == api_key) |
|
332 | 337 | |
|
333 | 338 | if cache: |
|
334 | 339 | q = q.options(FromCache("sql_cache_short", |
|
335 | 340 | "get_api_key_%s" % api_key)) |
|
336 | 341 | return q.scalar() |
|
337 | 342 | |
|
338 | 343 | @classmethod |
|
339 | 344 | def get_by_email(cls, email, case_insensitive=False, cache=False): |
|
340 | 345 | if case_insensitive: |
|
341 | 346 | q = cls.query().filter(cls.email.ilike(email)) |
|
342 | 347 | else: |
|
343 | 348 | q = cls.query().filter(cls.email == email) |
|
344 | 349 | |
|
345 | 350 | if cache: |
|
346 | 351 | q = q.options(FromCache("sql_cache_short", |
|
347 | 352 | "get_api_key_%s" % email)) |
|
348 | 353 | return q.scalar() |
|
349 | 354 | |
|
350 | 355 | def update_lastlogin(self): |
|
351 | 356 | """Update user lastlogin""" |
|
352 | 357 | self.last_login = datetime.datetime.now() |
|
353 | 358 | Session.add(self) |
|
354 | 359 | log.debug('updated user %s lastlogin', self.username) |
|
355 | 360 | |
|
356 | 361 | def __json__(self): |
|
357 |
return dict( |
|
|
358 | full_name=self.full_name) | |
|
362 | return dict( | |
|
363 | email=self.email, | |
|
364 | full_name=self.full_name, | |
|
365 | full_name_or_username=self.full_name_or_username, | |
|
366 | short_contact=self.short_contact, | |
|
367 | full_contact=self.full_contact | |
|
368 | ) | |
|
359 | 369 | |
|
360 | 370 | |
|
361 | 371 | class UserLog(Base, BaseModel): |
|
362 | 372 | __tablename__ = 'user_logs' |
|
363 | 373 | __table_args__ = {'extend_existing': True} |
|
364 | 374 | user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
365 | 375 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
366 | 376 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True) |
|
367 | 377 | repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
368 | 378 | user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
369 | 379 | action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
370 | 380 | action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None) |
|
371 | 381 | |
|
372 | 382 | @property |
|
373 | 383 | def action_as_day(self): |
|
374 | 384 | return datetime.date(*self.action_date.timetuple()[:3]) |
|
375 | 385 | |
|
376 | 386 | user = relationship('User') |
|
377 | 387 | repository = relationship('Repository',cascade='') |
|
378 | 388 | |
|
379 | 389 | |
|
380 | 390 | class UsersGroup(Base, BaseModel): |
|
381 | 391 | __tablename__ = 'users_groups' |
|
382 | 392 | __table_args__ = {'extend_existing': True} |
|
383 | 393 | |
|
384 | 394 | users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
385 | 395 | users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None) |
|
386 | 396 | users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None) |
|
387 | 397 | |
|
388 | 398 | members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined") |
|
389 | 399 | |
|
390 | 400 | def __repr__(self): |
|
391 | 401 | return '<userGroup(%s)>' % (self.users_group_name) |
|
392 | 402 | |
|
393 | 403 | @classmethod |
|
394 | 404 | def get_by_group_name(cls, group_name, cache=False, |
|
395 | 405 | case_insensitive=False): |
|
396 | 406 | if case_insensitive: |
|
397 | 407 | q = cls.query().filter(cls.users_group_name.ilike(group_name)) |
|
398 | 408 | else: |
|
399 | 409 | q = cls.query().filter(cls.users_group_name == group_name) |
|
400 | 410 | if cache: |
|
401 | 411 | q = q.options(FromCache("sql_cache_short", |
|
402 | 412 | "get_user_%s" % group_name)) |
|
403 | 413 | return q.scalar() |
|
404 | 414 | |
|
405 | 415 | @classmethod |
|
406 | 416 | def get(cls, users_group_id, cache=False): |
|
407 | 417 | users_group = cls.query() |
|
408 | 418 | if cache: |
|
409 | 419 | users_group = users_group.options(FromCache("sql_cache_short", |
|
410 | 420 | "get_users_group_%s" % users_group_id)) |
|
411 | 421 | return users_group.get(users_group_id) |
|
412 | 422 | |
|
413 | 423 | |
|
414 | 424 | class UsersGroupMember(Base, BaseModel): |
|
415 | 425 | __tablename__ = 'users_groups_members' |
|
416 | 426 | __table_args__ = {'extend_existing': True} |
|
417 | 427 | |
|
418 | 428 | users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
419 | 429 | users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None) |
|
420 | 430 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
421 | 431 | |
|
422 | 432 | user = relationship('User', lazy='joined') |
|
423 | 433 | users_group = relationship('UsersGroup') |
|
424 | 434 | |
|
425 | 435 | def __init__(self, gr_id='', u_id=''): |
|
426 | 436 | self.users_group_id = gr_id |
|
427 | 437 | self.user_id = u_id |
|
428 | 438 | |
|
429 | 439 | @staticmethod |
|
430 | 440 | def add_user_to_group(group, user): |
|
431 | 441 | ugm = UsersGroupMember() |
|
432 | 442 | ugm.users_group = group |
|
433 | 443 | ugm.user = user |
|
434 | 444 | Session.add(ugm) |
|
435 | 445 | Session.commit() |
|
436 | 446 | return ugm |
|
437 | 447 | |
|
438 | 448 | |
|
439 | 449 | class Repository(Base, BaseModel): |
|
440 | 450 | __tablename__ = 'repositories' |
|
441 | 451 | __table_args__ = (UniqueConstraint('repo_name'), {'extend_existing': True},) |
|
442 | 452 | |
|
443 | 453 | repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
444 | 454 | repo_name = Column("repo_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None) |
|
445 | 455 | clone_uri = Column("clone_uri", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None) |
|
446 | 456 | repo_type = Column("repo_type", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg') |
|
447 | 457 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None) |
|
448 | 458 | private = Column("private", Boolean(), nullable=True, unique=None, default=None) |
|
449 | 459 | enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True) |
|
450 | 460 | enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True) |
|
451 | 461 | description = Column("description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
452 | 462 | created_on = Column('created_on', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now) |
|
453 | 463 | |
|
454 | 464 | fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None) |
|
455 | 465 | group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None) |
|
456 | 466 | |
|
457 | 467 | user = relationship('User') |
|
458 | 468 | fork = relationship('Repository', remote_side=repo_id) |
|
459 | 469 | group = relationship('RepoGroup') |
|
460 | 470 | repo_to_perm = relationship('UserRepoToPerm', cascade='all', order_by='UserRepoToPerm.repo_to_perm_id') |
|
461 | 471 | users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all') |
|
462 | 472 | stats = relationship('Statistics', cascade='all', uselist=False) |
|
463 | 473 | |
|
464 | 474 | followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all') |
|
465 | 475 | |
|
466 | 476 | logs = relationship('UserLog') |
|
467 | 477 | |
|
468 | 478 | def __repr__(self): |
|
469 | 479 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
470 | 480 | self.repo_id, self.repo_name) |
|
471 | 481 | |
|
472 | 482 | @classmethod |
|
473 | 483 | def url_sep(cls): |
|
474 | 484 | return '/' |
|
475 | 485 | |
|
476 | 486 | @classmethod |
|
477 | 487 | def get_by_repo_name(cls, repo_name): |
|
478 | 488 | q = Session.query(cls).filter(cls.repo_name == repo_name) |
|
479 | 489 | q = q.options(joinedload(Repository.fork))\ |
|
480 | 490 | .options(joinedload(Repository.user))\ |
|
481 | 491 | .options(joinedload(Repository.group)) |
|
482 | 492 | return q.scalar() |
|
483 | 493 | |
|
484 | 494 | @classmethod |
|
485 | 495 | def get_repo_forks(cls, repo_id): |
|
486 | 496 | return cls.query().filter(Repository.fork_id == repo_id) |
|
487 | 497 | |
|
488 | 498 | @classmethod |
|
489 | 499 | def base_path(cls): |
|
490 | 500 | """ |
|
491 | 501 | Returns base path when all repos are stored |
|
492 | 502 | |
|
493 | 503 | :param cls: |
|
494 | 504 | """ |
|
495 | 505 | q = Session.query(RhodeCodeUi)\ |
|
496 | 506 | .filter(RhodeCodeUi.ui_key == cls.url_sep()) |
|
497 | 507 | q = q.options(FromCache("sql_cache_short", "repository_repo_path")) |
|
498 | 508 | return q.one().ui_value |
|
499 | 509 | |
|
500 | 510 | @property |
|
501 | 511 | def just_name(self): |
|
502 | 512 | return self.repo_name.split(Repository.url_sep())[-1] |
|
503 | 513 | |
|
504 | 514 | @property |
|
505 | 515 | def groups_with_parents(self): |
|
506 | 516 | groups = [] |
|
507 | 517 | if self.group is None: |
|
508 | 518 | return groups |
|
509 | 519 | |
|
510 | 520 | cur_gr = self.group |
|
511 | 521 | groups.insert(0, cur_gr) |
|
512 | 522 | while 1: |
|
513 | 523 | gr = getattr(cur_gr, 'parent_group', None) |
|
514 | 524 | cur_gr = cur_gr.parent_group |
|
515 | 525 | if gr is None: |
|
516 | 526 | break |
|
517 | 527 | groups.insert(0, gr) |
|
518 | 528 | |
|
519 | 529 | return groups |
|
520 | 530 | |
|
521 | 531 | @property |
|
522 | 532 | def groups_and_repo(self): |
|
523 | 533 | return self.groups_with_parents, self.just_name |
|
524 | 534 | |
|
525 | 535 | @LazyProperty |
|
526 | 536 | def repo_path(self): |
|
527 | 537 | """ |
|
528 | 538 | Returns base full path for that repository means where it actually |
|
529 | 539 | exists on a filesystem |
|
530 | 540 | """ |
|
531 | 541 | q = Session.query(RhodeCodeUi).filter(RhodeCodeUi.ui_key == |
|
532 | 542 | Repository.url_sep()) |
|
533 | 543 | q = q.options(FromCache("sql_cache_short", "repository_repo_path")) |
|
534 | 544 | return q.one().ui_value |
|
535 | 545 | |
|
536 | 546 | @property |
|
537 | 547 | def repo_full_path(self): |
|
538 | 548 | p = [self.repo_path] |
|
539 | 549 | # we need to split the name by / since this is how we store the |
|
540 | 550 | # names in the database, but that eventually needs to be converted |
|
541 | 551 | # into a valid system path |
|
542 | 552 | p += self.repo_name.split(Repository.url_sep()) |
|
543 | 553 | return os.path.join(*p) |
|
544 | 554 | |
|
545 | 555 | def get_new_name(self, repo_name): |
|
546 | 556 | """ |
|
547 | 557 | returns new full repository name based on assigned group and new new |
|
548 | 558 | |
|
549 | 559 | :param group_name: |
|
550 | 560 | """ |
|
551 | 561 | path_prefix = self.group.full_path_splitted if self.group else [] |
|
552 | 562 | return Repository.url_sep().join(path_prefix + [repo_name]) |
|
553 | 563 | |
|
554 | 564 | @property |
|
555 | 565 | def _ui(self): |
|
556 | 566 | """ |
|
557 | 567 | Creates an db based ui object for this repository |
|
558 | 568 | """ |
|
559 | 569 | from mercurial import ui |
|
560 | 570 | from mercurial import config |
|
561 | 571 | baseui = ui.ui() |
|
562 | 572 | |
|
563 | 573 | #clean the baseui object |
|
564 | 574 | baseui._ocfg = config.config() |
|
565 | 575 | baseui._ucfg = config.config() |
|
566 | 576 | baseui._tcfg = config.config() |
|
567 | 577 | |
|
568 | 578 | ret = RhodeCodeUi.query()\ |
|
569 | 579 | .options(FromCache("sql_cache_short", "repository_repo_ui")).all() |
|
570 | 580 | |
|
571 | 581 | hg_ui = ret |
|
572 | 582 | for ui_ in hg_ui: |
|
573 | 583 | if ui_.ui_active: |
|
574 | 584 | log.debug('settings ui from db[%s]%s:%s', ui_.ui_section, |
|
575 | 585 | ui_.ui_key, ui_.ui_value) |
|
576 | 586 | baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value) |
|
577 | 587 | |
|
578 | 588 | return baseui |
|
579 | 589 | |
|
580 | 590 | @classmethod |
|
581 | 591 | def is_valid(cls, repo_name): |
|
582 | 592 | """ |
|
583 | 593 | returns True if given repo name is a valid filesystem repository |
|
584 | 594 | |
|
585 | 595 | :param cls: |
|
586 | 596 | :param repo_name: |
|
587 | 597 | """ |
|
588 | 598 | from rhodecode.lib.utils import is_valid_repo |
|
589 | 599 | |
|
590 | 600 | return is_valid_repo(repo_name, cls.base_path()) |
|
591 | 601 | |
|
592 | 602 | #========================================================================== |
|
593 | 603 | # SCM PROPERTIES |
|
594 | 604 | #========================================================================== |
|
595 | 605 | |
|
596 | 606 | def get_changeset(self, rev): |
|
597 | 607 | return get_changeset_safe(self.scm_instance, rev) |
|
598 | 608 | |
|
599 | 609 | @property |
|
600 | 610 | def tip(self): |
|
601 | 611 | return self.get_changeset('tip') |
|
602 | 612 | |
|
603 | 613 | @property |
|
604 | 614 | def author(self): |
|
605 | 615 | return self.tip.author |
|
606 | 616 | |
|
607 | 617 | @property |
|
608 | 618 | def last_change(self): |
|
609 | 619 | return self.scm_instance.last_change |
|
610 | 620 | |
|
611 | 621 | def comments(self, revisions=None): |
|
612 | 622 | """ |
|
613 | 623 | Returns comments for this repository grouped by revisions |
|
614 | 624 | |
|
615 | 625 | :param revisions: filter query by revisions only |
|
616 | 626 | """ |
|
617 | 627 | cmts = ChangesetComment.query()\ |
|
618 | 628 | .filter(ChangesetComment.repo == self) |
|
619 | 629 | if revisions: |
|
620 | 630 | cmts = cmts.filter(ChangesetComment.revision.in_(revisions)) |
|
621 | 631 | grouped = defaultdict(list) |
|
622 | 632 | for cmt in cmts.all(): |
|
623 | 633 | grouped[cmt.revision].append(cmt) |
|
624 | 634 | return grouped |
|
625 | 635 | |
|
626 | 636 | |
|
627 | 637 | #========================================================================== |
|
628 | 638 | # SCM CACHE INSTANCE |
|
629 | 639 | #========================================================================== |
|
630 | 640 | |
|
631 | 641 | @property |
|
632 | 642 | def invalidate(self): |
|
633 | 643 | return CacheInvalidation.invalidate(self.repo_name) |
|
634 | 644 | |
|
635 | 645 | def set_invalidate(self): |
|
636 | 646 | """ |
|
637 | 647 | set a cache for invalidation for this instance |
|
638 | 648 | """ |
|
639 | 649 | CacheInvalidation.set_invalidate(self.repo_name) |
|
640 | 650 | |
|
641 | 651 | @LazyProperty |
|
642 | 652 | def scm_instance(self): |
|
643 | 653 | return self.__get_instance() |
|
644 | 654 | |
|
645 | 655 | @property |
|
646 | 656 | def scm_instance_cached(self): |
|
647 | 657 | @cache_region('long_term') |
|
648 | 658 | def _c(repo_name): |
|
649 | 659 | return self.__get_instance() |
|
650 | 660 | rn = self.repo_name |
|
651 | 661 | log.debug('Getting cached instance of repo') |
|
652 | 662 | inv = self.invalidate |
|
653 | 663 | if inv is not None: |
|
654 | 664 | region_invalidate(_c, None, rn) |
|
655 | 665 | # update our cache |
|
656 | 666 | CacheInvalidation.set_valid(inv.cache_key) |
|
657 | 667 | return _c(rn) |
|
658 | 668 | |
|
659 | 669 | def __get_instance(self): |
|
660 | 670 | repo_full_path = self.repo_full_path |
|
661 | 671 | try: |
|
662 | 672 | alias = get_scm(repo_full_path)[0] |
|
663 | 673 | log.debug('Creating instance of %s repository', alias) |
|
664 | 674 | backend = get_backend(alias) |
|
665 | 675 | except VCSError: |
|
666 | 676 | log.error(traceback.format_exc()) |
|
667 | 677 | log.error('Perhaps this repository is in db and not in ' |
|
668 | 678 | 'filesystem run rescan repositories with ' |
|
669 | 679 | '"destroy old data " option from admin panel') |
|
670 | 680 | return |
|
671 | 681 | |
|
672 | 682 | if alias == 'hg': |
|
673 | 683 | repo = backend(safe_str(repo_full_path), create=False, |
|
674 | 684 | baseui=self._ui) |
|
675 | 685 | # skip hidden web repository |
|
676 | 686 | if repo._get_hidden(): |
|
677 | 687 | return |
|
678 | 688 | else: |
|
679 | 689 | repo = backend(repo_full_path, create=False) |
|
680 | 690 | |
|
681 | 691 | return repo |
|
682 | 692 | |
|
683 | 693 | |
|
684 | 694 | class RepoGroup(Base, BaseModel): |
|
685 | 695 | __tablename__ = 'groups' |
|
686 | 696 | __table_args__ = (UniqueConstraint('group_name', 'group_parent_id'), |
|
687 | 697 | CheckConstraint('group_id != group_parent_id'), {'extend_existing': True},) |
|
688 | 698 | __mapper_args__ = {'order_by':'group_name'} |
|
689 | 699 | |
|
690 | 700 | group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
691 | 701 | group_name = Column("group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None) |
|
692 | 702 | group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None) |
|
693 | 703 | group_description = Column("group_description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
694 | 704 | |
|
695 | 705 | parent_group = relationship('RepoGroup', remote_side=group_id) |
|
696 | 706 | |
|
697 | 707 | def __init__(self, group_name='', parent_group=None): |
|
698 | 708 | self.group_name = group_name |
|
699 | 709 | self.parent_group = parent_group |
|
700 | 710 | |
|
701 | 711 | def __repr__(self): |
|
702 | 712 | return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id, |
|
703 | 713 | self.group_name) |
|
704 | 714 | |
|
705 | 715 | @classmethod |
|
706 | 716 | def groups_choices(cls): |
|
707 | 717 | from webhelpers.html import literal as _literal |
|
708 | 718 | repo_groups = [('', '')] |
|
709 | 719 | sep = ' » ' |
|
710 | 720 | _name = lambda k: _literal(sep.join(k)) |
|
711 | 721 | |
|
712 | 722 | repo_groups.extend([(x.group_id, _name(x.full_path_splitted)) |
|
713 | 723 | for x in cls.query().all()]) |
|
714 | 724 | |
|
715 | 725 | repo_groups = sorted(repo_groups, key=lambda t: t[1].split(sep)[0]) |
|
716 | 726 | return repo_groups |
|
717 | 727 | |
|
718 | 728 | @classmethod |
|
719 | 729 | def url_sep(cls): |
|
720 | 730 | return '/' |
|
721 | 731 | |
|
722 | 732 | @classmethod |
|
723 | 733 | def get_by_group_name(cls, group_name, cache=False, case_insensitive=False): |
|
724 | 734 | if case_insensitive: |
|
725 | 735 | gr = cls.query()\ |
|
726 | 736 | .filter(cls.group_name.ilike(group_name)) |
|
727 | 737 | else: |
|
728 | 738 | gr = cls.query()\ |
|
729 | 739 | .filter(cls.group_name == group_name) |
|
730 | 740 | if cache: |
|
731 | 741 | gr = gr.options(FromCache("sql_cache_short", |
|
732 | 742 | "get_group_%s" % group_name)) |
|
733 | 743 | return gr.scalar() |
|
734 | 744 | |
|
735 | 745 | @property |
|
736 | 746 | def parents(self): |
|
737 | 747 | parents_recursion_limit = 5 |
|
738 | 748 | groups = [] |
|
739 | 749 | if self.parent_group is None: |
|
740 | 750 | return groups |
|
741 | 751 | cur_gr = self.parent_group |
|
742 | 752 | groups.insert(0, cur_gr) |
|
743 | 753 | cnt = 0 |
|
744 | 754 | while 1: |
|
745 | 755 | cnt += 1 |
|
746 | 756 | gr = getattr(cur_gr, 'parent_group', None) |
|
747 | 757 | cur_gr = cur_gr.parent_group |
|
748 | 758 | if gr is None: |
|
749 | 759 | break |
|
750 | 760 | if cnt == parents_recursion_limit: |
|
751 | 761 | # this will prevent accidental infinit loops |
|
752 | 762 | log.error('group nested more than %s' % |
|
753 | 763 | parents_recursion_limit) |
|
754 | 764 | break |
|
755 | 765 | |
|
756 | 766 | groups.insert(0, gr) |
|
757 | 767 | return groups |
|
758 | 768 | |
|
759 | 769 | @property |
|
760 | 770 | def children(self): |
|
761 | 771 | return RepoGroup.query().filter(RepoGroup.parent_group == self) |
|
762 | 772 | |
|
763 | 773 | @property |
|
764 | 774 | def name(self): |
|
765 | 775 | return self.group_name.split(RepoGroup.url_sep())[-1] |
|
766 | 776 | |
|
767 | 777 | @property |
|
768 | 778 | def full_path(self): |
|
769 | 779 | return self.group_name |
|
770 | 780 | |
|
771 | 781 | @property |
|
772 | 782 | def full_path_splitted(self): |
|
773 | 783 | return self.group_name.split(RepoGroup.url_sep()) |
|
774 | 784 | |
|
775 | 785 | @property |
|
776 | 786 | def repositories(self): |
|
777 | 787 | return Repository.query().filter(Repository.group == self) |
|
778 | 788 | |
|
779 | 789 | @property |
|
780 | 790 | def repositories_recursive_count(self): |
|
781 | 791 | cnt = self.repositories.count() |
|
782 | 792 | |
|
783 | 793 | def children_count(group): |
|
784 | 794 | cnt = 0 |
|
785 | 795 | for child in group.children: |
|
786 | 796 | cnt += child.repositories.count() |
|
787 | 797 | cnt += children_count(child) |
|
788 | 798 | return cnt |
|
789 | 799 | |
|
790 | 800 | return cnt + children_count(self) |
|
791 | 801 | |
|
792 | 802 | |
|
793 | 803 | def get_new_name(self, group_name): |
|
794 | 804 | """ |
|
795 | 805 | returns new full group name based on parent and new name |
|
796 | 806 | |
|
797 | 807 | :param group_name: |
|
798 | 808 | """ |
|
799 | 809 | path_prefix = (self.parent_group.full_path_splitted if |
|
800 | 810 | self.parent_group else []) |
|
801 | 811 | return RepoGroup.url_sep().join(path_prefix + [group_name]) |
|
802 | 812 | |
|
803 | 813 | |
|
804 | 814 | class Permission(Base, BaseModel): |
|
805 | 815 | __tablename__ = 'permissions' |
|
806 | 816 | __table_args__ = {'extend_existing': True} |
|
807 | 817 | permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
808 | 818 | permission_name = Column("permission_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
809 | 819 | permission_longname = Column("permission_longname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
810 | 820 | |
|
811 | 821 | def __repr__(self): |
|
812 | 822 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
813 | 823 | self.permission_id, self.permission_name) |
|
814 | 824 | |
|
815 | 825 | @classmethod |
|
816 | 826 | def get_by_key(cls, key): |
|
817 | 827 | return cls.query().filter(cls.permission_name == key).scalar() |
|
818 | 828 | |
|
819 | 829 | @classmethod |
|
820 | 830 | def get_default_perms(cls, default_user_id): |
|
821 | 831 | q = Session.query(UserRepoToPerm, Repository, cls)\ |
|
822 | 832 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ |
|
823 | 833 | .join((cls, UserRepoToPerm.permission_id == cls.permission_id))\ |
|
824 | 834 | .filter(UserRepoToPerm.user_id == default_user_id) |
|
825 | 835 | |
|
826 | 836 | return q.all() |
|
827 | 837 | |
|
828 | 838 | |
|
829 | 839 | class UserRepoToPerm(Base, BaseModel): |
|
830 | 840 | __tablename__ = 'repo_to_perm' |
|
831 | 841 | __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'extend_existing': True}) |
|
832 | 842 | repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
833 | 843 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
834 | 844 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
835 | 845 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None) |
|
836 | 846 | |
|
837 | 847 | user = relationship('User') |
|
838 | 848 | permission = relationship('Permission') |
|
839 | 849 | repository = relationship('Repository') |
|
840 | 850 | |
|
841 | 851 | @classmethod |
|
842 | 852 | def create(cls, user, repository, permission): |
|
843 | 853 | n = cls() |
|
844 | 854 | n.user = user |
|
845 | 855 | n.repository = repository |
|
846 | 856 | n.permission = permission |
|
847 | 857 | Session.add(n) |
|
848 | 858 | return n |
|
849 | 859 | |
|
850 | 860 | def __repr__(self): |
|
851 | 861 | return '<user:%s => %s >' % (self.user, self.repository) |
|
852 | 862 | |
|
853 | 863 | |
|
854 | 864 | class UserToPerm(Base, BaseModel): |
|
855 | 865 | __tablename__ = 'user_to_perm' |
|
856 | 866 | __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'extend_existing': True}) |
|
857 | 867 | user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
858 | 868 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
859 | 869 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
860 | 870 | |
|
861 | 871 | user = relationship('User') |
|
862 | 872 | permission = relationship('Permission', lazy='joined') |
|
863 | 873 | |
|
864 | 874 | |
|
865 | 875 | class UsersGroupRepoToPerm(Base, BaseModel): |
|
866 | 876 | __tablename__ = 'users_group_repo_to_perm' |
|
867 | 877 | __table_args__ = (UniqueConstraint('repository_id', 'users_group_id', 'permission_id'), {'extend_existing': True}) |
|
868 | 878 | users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
869 | 879 | users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None) |
|
870 | 880 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
871 | 881 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None) |
|
872 | 882 | |
|
873 | 883 | users_group = relationship('UsersGroup') |
|
874 | 884 | permission = relationship('Permission') |
|
875 | 885 | repository = relationship('Repository') |
|
876 | 886 | |
|
877 | 887 | @classmethod |
|
878 | 888 | def create(cls, users_group, repository, permission): |
|
879 | 889 | n = cls() |
|
880 | 890 | n.users_group = users_group |
|
881 | 891 | n.repository = repository |
|
882 | 892 | n.permission = permission |
|
883 | 893 | Session.add(n) |
|
884 | 894 | return n |
|
885 | 895 | |
|
886 | 896 | def __repr__(self): |
|
887 | 897 | return '<userGroup:%s => %s >' % (self.users_group, self.repository) |
|
888 | 898 | |
|
889 | 899 | |
|
890 | 900 | class UsersGroupToPerm(Base, BaseModel): |
|
891 | 901 | __tablename__ = 'users_group_to_perm' |
|
892 | 902 | users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
893 | 903 | users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None) |
|
894 | 904 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
895 | 905 | |
|
896 | 906 | users_group = relationship('UsersGroup') |
|
897 | 907 | permission = relationship('Permission') |
|
898 | 908 | |
|
899 | 909 | |
|
900 | 910 | class UserRepoGroupToPerm(Base, BaseModel): |
|
901 | 911 | __tablename__ = 'group_to_perm' |
|
902 | 912 | __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'extend_existing': True}) |
|
903 | 913 | |
|
904 | 914 | group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
905 | 915 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
906 | 916 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
907 | 917 | group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None) |
|
908 | 918 | |
|
909 | 919 | user = relationship('User') |
|
910 | 920 | permission = relationship('Permission') |
|
911 | 921 | group = relationship('RepoGroup') |
|
912 | 922 | |
|
913 | 923 | |
|
914 | 924 | class UsersGroupRepoGroupToPerm(Base, BaseModel): |
|
915 | 925 | __tablename__ = 'users_group_repo_group_to_perm' |
|
916 | 926 | __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'extend_existing': True}) |
|
917 | 927 | |
|
918 | 928 | users_group_repo_group_to_perm_id = Column("users_group_repo_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
919 | 929 | users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None) |
|
920 | 930 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
921 | 931 | group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None) |
|
922 | 932 | |
|
923 | 933 | users_group = relationship('UsersGroup') |
|
924 | 934 | permission = relationship('Permission') |
|
925 | 935 | group = relationship('RepoGroup') |
|
926 | 936 | |
|
927 | 937 | |
|
928 | 938 | class Statistics(Base, BaseModel): |
|
929 | 939 | __tablename__ = 'statistics' |
|
930 | 940 | __table_args__ = (UniqueConstraint('repository_id'), {'extend_existing': True}) |
|
931 | 941 | stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
932 | 942 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None) |
|
933 | 943 | stat_on_revision = Column("stat_on_revision", Integer(), nullable=False) |
|
934 | 944 | commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data |
|
935 | 945 | commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data |
|
936 | 946 | languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data |
|
937 | 947 | |
|
938 | 948 | repository = relationship('Repository', single_parent=True) |
|
939 | 949 | |
|
940 | 950 | |
|
941 | 951 | class UserFollowing(Base, BaseModel): |
|
942 | 952 | __tablename__ = 'user_followings' |
|
943 | 953 | __table_args__ = (UniqueConstraint('user_id', 'follows_repository_id'), |
|
944 | 954 | UniqueConstraint('user_id', 'follows_user_id') |
|
945 | 955 | , {'extend_existing': True}) |
|
946 | 956 | |
|
947 | 957 | user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
948 | 958 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
949 | 959 | follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None) |
|
950 | 960 | follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None) |
|
951 | 961 | follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now) |
|
952 | 962 | |
|
953 | 963 | user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id') |
|
954 | 964 | |
|
955 | 965 | follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id') |
|
956 | 966 | follows_repository = relationship('Repository', order_by='Repository.repo_name') |
|
957 | 967 | |
|
958 | 968 | |
|
959 | 969 | @classmethod |
|
960 | 970 | def get_repo_followers(cls, repo_id): |
|
961 | 971 | return cls.query().filter(cls.follows_repo_id == repo_id) |
|
962 | 972 | |
|
963 | 973 | |
|
964 | 974 | class CacheInvalidation(Base, BaseModel): |
|
965 | 975 | __tablename__ = 'cache_invalidation' |
|
966 | 976 | __table_args__ = (UniqueConstraint('cache_key'), {'extend_existing': True}) |
|
967 | 977 | cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
968 | 978 | cache_key = Column("cache_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
969 | 979 | cache_args = Column("cache_args", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
970 | 980 | cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False) |
|
971 | 981 | |
|
972 | 982 | |
|
973 | 983 | def __init__(self, cache_key, cache_args=''): |
|
974 | 984 | self.cache_key = cache_key |
|
975 | 985 | self.cache_args = cache_args |
|
976 | 986 | self.cache_active = False |
|
977 | 987 | |
|
978 | 988 | def __repr__(self): |
|
979 | 989 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
980 | 990 | self.cache_id, self.cache_key) |
|
981 | 991 | |
|
982 | 992 | @classmethod |
|
983 | 993 | def invalidate(cls, key): |
|
984 | 994 | """ |
|
985 | 995 | Returns Invalidation object if this given key should be invalidated |
|
986 | 996 | None otherwise. `cache_active = False` means that this cache |
|
987 | 997 | state is not valid and needs to be invalidated |
|
988 | 998 | |
|
989 | 999 | :param key: |
|
990 | 1000 | """ |
|
991 | 1001 | return cls.query()\ |
|
992 | 1002 | .filter(CacheInvalidation.cache_key == key)\ |
|
993 | 1003 | .filter(CacheInvalidation.cache_active == False)\ |
|
994 | 1004 | .scalar() |
|
995 | 1005 | |
|
996 | 1006 | @classmethod |
|
997 | 1007 | def set_invalidate(cls, key): |
|
998 | 1008 | """ |
|
999 | 1009 | Mark this Cache key for invalidation |
|
1000 | 1010 | |
|
1001 | 1011 | :param key: |
|
1002 | 1012 | """ |
|
1003 | 1013 | |
|
1004 | 1014 | log.debug('marking %s for invalidation' % key) |
|
1005 | 1015 | inv_obj = Session.query(cls)\ |
|
1006 | 1016 | .filter(cls.cache_key == key).scalar() |
|
1007 | 1017 | if inv_obj: |
|
1008 | 1018 | inv_obj.cache_active = False |
|
1009 | 1019 | else: |
|
1010 | 1020 | log.debug('cache key not found in invalidation db -> creating one') |
|
1011 | 1021 | inv_obj = CacheInvalidation(key) |
|
1012 | 1022 | |
|
1013 | 1023 | try: |
|
1014 | 1024 | Session.add(inv_obj) |
|
1015 | 1025 | Session.commit() |
|
1016 | 1026 | except Exception: |
|
1017 | 1027 | log.error(traceback.format_exc()) |
|
1018 | 1028 | Session.rollback() |
|
1019 | 1029 | |
|
1020 | 1030 | @classmethod |
|
1021 | 1031 | def set_valid(cls, key): |
|
1022 | 1032 | """ |
|
1023 | 1033 | Mark this cache key as active and currently cached |
|
1024 | 1034 | |
|
1025 | 1035 | :param key: |
|
1026 | 1036 | """ |
|
1027 | 1037 | inv_obj = CacheInvalidation.query()\ |
|
1028 | 1038 | .filter(CacheInvalidation.cache_key == key).scalar() |
|
1029 | 1039 | inv_obj.cache_active = True |
|
1030 | 1040 | Session.add(inv_obj) |
|
1031 | 1041 | Session.commit() |
|
1032 | 1042 | |
|
1033 | 1043 | |
|
1034 | 1044 | class ChangesetComment(Base, BaseModel): |
|
1035 | 1045 | __tablename__ = 'changeset_comments' |
|
1036 | 1046 | __table_args__ = ({'extend_existing': True},) |
|
1037 | 1047 | comment_id = Column('comment_id', Integer(), nullable=False, primary_key=True) |
|
1038 | 1048 | repo_id = Column('repo_id', Integer(), ForeignKey('repositories.repo_id'), nullable=False) |
|
1039 | 1049 | revision = Column('revision', String(40), nullable=False) |
|
1040 | 1050 | line_no = Column('line_no', Unicode(10), nullable=True) |
|
1041 | 1051 | f_path = Column('f_path', Unicode(1000), nullable=True) |
|
1042 | 1052 | user_id = Column('user_id', Integer(), ForeignKey('users.user_id'), nullable=False) |
|
1043 | 1053 | text = Column('text', Unicode(25000), nullable=False) |
|
1044 | 1054 | modified_at = Column('modified_at', DateTime(), nullable=False, default=datetime.datetime.now) |
|
1045 | 1055 | |
|
1046 | 1056 | author = relationship('User', lazy='joined') |
|
1047 | 1057 | repo = relationship('Repository') |
|
1048 | 1058 | |
|
1049 | 1059 | @classmethod |
|
1050 | 1060 | def get_users(cls, revision): |
|
1051 | 1061 | """ |
|
1052 | 1062 | Returns user associated with this changesetComment. ie those |
|
1053 | 1063 | who actually commented |
|
1054 | 1064 | |
|
1055 | 1065 | :param cls: |
|
1056 | 1066 | :param revision: |
|
1057 | 1067 | """ |
|
1058 | 1068 | return Session.query(User)\ |
|
1059 | 1069 | .filter(cls.revision == revision)\ |
|
1060 | 1070 | .join(ChangesetComment.author).all() |
|
1061 | 1071 | |
|
1062 | 1072 | |
|
1063 | 1073 | class Notification(Base, BaseModel): |
|
1064 | 1074 | __tablename__ = 'notifications' |
|
1065 | 1075 | __table_args__ = ({'extend_existing': True},) |
|
1066 | 1076 | |
|
1067 | 1077 | TYPE_CHANGESET_COMMENT = u'cs_comment' |
|
1068 | 1078 | TYPE_MESSAGE = u'message' |
|
1069 | 1079 | TYPE_MENTION = u'mention' |
|
1070 | 1080 | TYPE_REGISTRATION = u'registration' |
|
1071 | 1081 | |
|
1072 | 1082 | notification_id = Column('notification_id', Integer(), nullable=False, primary_key=True) |
|
1073 | 1083 | subject = Column('subject', Unicode(512), nullable=True) |
|
1074 | 1084 | body = Column('body', Unicode(50000), nullable=True) |
|
1075 | 1085 | created_by = Column("created_by", Integer(), ForeignKey('users.user_id'), nullable=True) |
|
1076 | 1086 | created_on = Column('created_on', DateTime(timezone=False), nullable=False, default=datetime.datetime.now) |
|
1077 | 1087 | type_ = Column('type', Unicode(256)) |
|
1078 | 1088 | |
|
1079 | 1089 | created_by_user = relationship('User') |
|
1080 | 1090 | notifications_to_users = relationship('UserNotification', lazy='joined', |
|
1081 | 1091 | cascade="all, delete, delete-orphan") |
|
1082 | 1092 | |
|
1083 | 1093 | @property |
|
1084 | 1094 | def recipients(self): |
|
1085 | 1095 | return [x.user for x in UserNotification.query()\ |
|
1086 | 1096 | .filter(UserNotification.notification == self).all()] |
|
1087 | 1097 | |
|
1088 | 1098 | @classmethod |
|
1089 | 1099 | def create(cls, created_by, subject, body, recipients, type_=None): |
|
1090 | 1100 | if type_ is None: |
|
1091 | 1101 | type_ = Notification.TYPE_MESSAGE |
|
1092 | 1102 | |
|
1093 | 1103 | notification = cls() |
|
1094 | 1104 | notification.created_by_user = created_by |
|
1095 | 1105 | notification.subject = subject |
|
1096 | 1106 | notification.body = body |
|
1097 | 1107 | notification.type_ = type_ |
|
1098 | 1108 | notification.created_on = datetime.datetime.now() |
|
1099 | 1109 | |
|
1100 | 1110 | for u in recipients: |
|
1101 | 1111 | assoc = UserNotification() |
|
1102 | 1112 | assoc.notification = notification |
|
1103 | 1113 | u.notifications.append(assoc) |
|
1104 | 1114 | Session.add(notification) |
|
1105 | 1115 | return notification |
|
1106 | 1116 | |
|
1107 | 1117 | @property |
|
1108 | 1118 | def description(self): |
|
1109 | 1119 | from rhodecode.model.notification import NotificationModel |
|
1110 | 1120 | return NotificationModel().make_description(self) |
|
1111 | 1121 | |
|
1112 | 1122 | |
|
1113 | 1123 | class UserNotification(Base, BaseModel): |
|
1114 | 1124 | __tablename__ = 'user_to_notification' |
|
1115 | 1125 | __table_args__ = (UniqueConstraint('user_id', 'notification_id'), |
|
1116 | 1126 | {'extend_existing': True}) |
|
1117 | 1127 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), primary_key=True) |
|
1118 | 1128 | notification_id = Column("notification_id", Integer(), ForeignKey('notifications.notification_id'), primary_key=True) |
|
1119 | 1129 | read = Column('read', Boolean, default=False) |
|
1120 | 1130 | sent_on = Column('sent_on', DateTime(timezone=False), nullable=True, unique=None) |
|
1121 | 1131 | |
|
1122 | 1132 | user = relationship('User', lazy="joined") |
|
1123 | 1133 | notification = relationship('Notification', lazy="joined", |
|
1124 | 1134 | order_by=lambda:Notification.created_on.desc(),) |
|
1125 | 1135 | |
|
1126 | 1136 | def mark_as_read(self): |
|
1127 | 1137 | self.read = True |
|
1128 | 1138 | Session.add(self) |
|
1129 | 1139 | |
|
1130 | 1140 | |
|
1131 | 1141 | class DbMigrateVersion(Base, BaseModel): |
|
1132 | 1142 | __tablename__ = 'db_migrate_version' |
|
1133 | 1143 | __table_args__ = {'extend_existing': True} |
|
1134 | 1144 | repository_id = Column('repository_id', String(250), primary_key=True) |
|
1135 | 1145 | repository_path = Column('repository_path', Text) |
|
1136 | 1146 | version = Column('version', Integer) |
@@ -1,723 +1,749 b'' | |||
|
1 | 1 | """ this is forms validation classes |
|
2 | 2 | http://formencode.org/module-formencode.validators.html |
|
3 | 3 | for list off all availible validators |
|
4 | 4 | |
|
5 | 5 | we can create our own validators |
|
6 | 6 | |
|
7 | 7 | The table below outlines the options which can be used in a schema in addition to the validators themselves |
|
8 | 8 | pre_validators [] These validators will be applied before the schema |
|
9 | 9 | chained_validators [] These validators will be applied after the schema |
|
10 | 10 | allow_extra_fields False If True, then it is not an error when keys that aren't associated with a validator are present |
|
11 | 11 | filter_extra_fields False If True, then keys that aren't associated with a validator are removed |
|
12 | 12 | if_key_missing NoDefault If this is given, then any keys that aren't available but are expected will be replaced with this value (and then validated). This does not override a present .if_missing attribute on validators. NoDefault is a special FormEncode class to mean that no default values has been specified and therefore missing keys shouldn't take a default value. |
|
13 | 13 | ignore_key_missing False If True, then missing keys will be missing in the result, if the validator doesn't have .if_missing on it already |
|
14 | 14 | |
|
15 | 15 | |
|
16 | 16 | <name> = formencode.validators.<name of validator> |
|
17 | 17 | <name> must equal form name |
|
18 | 18 | list=[1,2,3,4,5] |
|
19 | 19 | for SELECT use formencode.All(OneOf(list), Int()) |
|
20 | 20 | |
|
21 | 21 | """ |
|
22 | 22 | import os |
|
23 | 23 | import re |
|
24 | 24 | import logging |
|
25 | 25 | import traceback |
|
26 | 26 | |
|
27 | 27 | import formencode |
|
28 | 28 | from formencode import All |
|
29 | 29 | from formencode.validators import UnicodeString, OneOf, Int, Number, Regex, \ |
|
30 | 30 | Email, Bool, StringBoolean, Set |
|
31 | 31 | |
|
32 | 32 | from pylons.i18n.translation import _ |
|
33 | 33 | from webhelpers.pylonslib.secure_form import authentication_token |
|
34 | 34 | |
|
35 | 35 | from rhodecode.config.routing import ADMIN_PREFIX |
|
36 | 36 | from rhodecode.lib.utils import repo_name_slug |
|
37 | 37 | from rhodecode.lib.auth import authenticate, get_crypt_password |
|
38 | 38 | from rhodecode.lib.exceptions import LdapImportError |
|
39 | 39 | from rhodecode.model.db import User, UsersGroup, RepoGroup, Repository |
|
40 | 40 | from rhodecode import BACKENDS |
|
41 | 41 | |
|
42 | 42 | log = logging.getLogger(__name__) |
|
43 | 43 | |
|
44 | 44 | |
|
45 | 45 | #this is needed to translate the messages using _() in validators |
|
46 | 46 | class State_obj(object): |
|
47 | 47 | _ = staticmethod(_) |
|
48 | 48 | |
|
49 | 49 | |
|
50 | 50 | #============================================================================== |
|
51 | 51 | # VALIDATORS |
|
52 | 52 | #============================================================================== |
|
53 | 53 | class ValidAuthToken(formencode.validators.FancyValidator): |
|
54 | messages = {'invalid_token':_('Token mismatch')} | |
|
54 | messages = {'invalid_token': _('Token mismatch')} | |
|
55 | 55 | |
|
56 | 56 | def validate_python(self, value, state): |
|
57 | 57 | |
|
58 | 58 | if value != authentication_token(): |
|
59 |
raise formencode.Invalid( |
|
|
60 | search_number=value), value, state) | |
|
59 | raise formencode.Invalid( | |
|
60 | self.message('invalid_token', | |
|
61 | state, search_number=value), | |
|
62 | value, | |
|
63 | state | |
|
64 | ) | |
|
61 | 65 | |
|
62 | 66 | |
|
63 | 67 | def ValidUsername(edit, old_data): |
|
64 | 68 | class _ValidUsername(formencode.validators.FancyValidator): |
|
65 | 69 | |
|
66 | 70 | def validate_python(self, value, state): |
|
67 | 71 | if value in ['default', 'new_user']: |
|
68 | 72 | raise formencode.Invalid(_('Invalid username'), value, state) |
|
69 | 73 | #check if user is unique |
|
70 | 74 | old_un = None |
|
71 | 75 | if edit: |
|
72 | 76 | old_un = User.get(old_data.get('user_id')).username |
|
73 | 77 | |
|
74 | 78 | if old_un != value or not edit: |
|
75 | 79 | if User.get_by_username(value, case_insensitive=True): |
|
76 | 80 | raise formencode.Invalid(_('This username already ' |
|
77 | 81 | 'exists') , value, state) |
|
78 | 82 | |
|
79 | 83 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: |
|
80 |
raise formencode.Invalid( |
|
|
81 |
|
|
|
82 |
|
|
|
83 | 'and must begin with alphanumeric ' | |
|
84 | 'character'), value, state) | |
|
84 | raise formencode.Invalid( | |
|
85 | _('Username may only contain alphanumeric characters ' | |
|
86 | 'underscores, periods or dashes and must begin with ' | |
|
87 | 'alphanumeric character'), | |
|
88 | value, | |
|
89 | state | |
|
90 | ) | |
|
85 | 91 | |
|
86 | 92 | return _ValidUsername |
|
87 | 93 | |
|
88 | 94 | |
|
89 | 95 | def ValidUsersGroup(edit, old_data): |
|
90 | 96 | |
|
91 | 97 | class _ValidUsersGroup(formencode.validators.FancyValidator): |
|
92 | 98 | |
|
93 | 99 | def validate_python(self, value, state): |
|
94 | 100 | if value in ['default']: |
|
95 | 101 | raise formencode.Invalid(_('Invalid group name'), value, state) |
|
96 | 102 | #check if group is unique |
|
97 | 103 | old_ugname = None |
|
98 | 104 | if edit: |
|
99 | 105 | old_ugname = UsersGroup.get( |
|
100 | 106 | old_data.get('users_group_id')).users_group_name |
|
101 | 107 | |
|
102 | 108 | if old_ugname != value or not edit: |
|
103 | 109 | if UsersGroup.get_by_group_name(value, cache=False, |
|
104 | 110 | case_insensitive=True): |
|
105 | 111 | raise formencode.Invalid(_('This users group ' |
|
106 |
'already exists') |
|
|
112 | 'already exists'), value, | |
|
107 | 113 | state) |
|
108 | 114 | |
|
109 | 115 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: |
|
110 |
raise formencode.Invalid( |
|
|
111 |
|
|
|
112 |
|
|
|
113 | 'and must begin with alphanumeric ' | |
|
114 | 'character'), value, state) | |
|
116 | raise formencode.Invalid( | |
|
117 | _('RepoGroup name may only contain alphanumeric characters ' | |
|
118 | 'underscores, periods or dashes and must begin with ' | |
|
119 | 'alphanumeric character'), | |
|
120 | value, | |
|
121 | state | |
|
122 | ) | |
|
115 | 123 | |
|
116 | 124 | return _ValidUsersGroup |
|
117 | 125 | |
|
118 | 126 | |
|
119 | 127 | def ValidReposGroup(edit, old_data): |
|
120 | 128 | class _ValidReposGroup(formencode.validators.FancyValidator): |
|
121 | 129 | |
|
122 | 130 | def validate_python(self, value, state): |
|
123 | 131 | # TODO WRITE VALIDATIONS |
|
124 | 132 | group_name = value.get('group_name') |
|
125 | 133 | group_parent_id = value.get('group_parent_id') |
|
126 | 134 | |
|
127 | 135 | # slugify repo group just in case :) |
|
128 | 136 | slug = repo_name_slug(group_name) |
|
129 | 137 | |
|
130 | 138 | # check for parent of self |
|
131 | 139 | parent_of_self = lambda: ( |
|
132 | 140 | old_data['group_id'] == int(group_parent_id) |
|
133 | 141 | if group_parent_id else False |
|
134 | 142 | ) |
|
135 | 143 | if edit and parent_of_self(): |
|
136 | 144 | e_dict = { |
|
137 | 145 | 'group_parent_id': _('Cannot assign this group as parent') |
|
138 | 146 | } |
|
139 | 147 | raise formencode.Invalid('', value, state, |
|
140 | 148 | error_dict=e_dict) |
|
141 | 149 | |
|
142 | 150 | old_gname = None |
|
143 | 151 | if edit: |
|
144 | 152 | old_gname = RepoGroup.get(old_data.get('group_id')).group_name |
|
145 | 153 | |
|
146 | 154 | if old_gname != group_name or not edit: |
|
147 | 155 | |
|
148 | 156 | # check group |
|
149 | 157 | gr = RepoGroup.query()\ |
|
150 | 158 | .filter(RepoGroup.group_name == slug)\ |
|
151 | 159 | .filter(RepoGroup.group_parent_id == group_parent_id)\ |
|
152 | 160 | .scalar() |
|
153 | 161 | |
|
154 | 162 | if gr: |
|
155 | 163 | e_dict = { |
|
156 | 164 | 'group_name': _('This group already exists') |
|
157 | 165 | } |
|
158 | 166 | raise formencode.Invalid('', value, state, |
|
159 | 167 | error_dict=e_dict) |
|
160 | 168 | |
|
161 | 169 | # check for same repo |
|
162 | 170 | repo = Repository.query()\ |
|
163 | 171 | .filter(Repository.repo_name == slug)\ |
|
164 | 172 | .scalar() |
|
165 | 173 | |
|
166 | 174 | if repo: |
|
167 | 175 | e_dict = { |
|
168 | 176 | 'group_name': _('Repository with this name already exists') |
|
169 | 177 | } |
|
170 | 178 | raise formencode.Invalid('', value, state, |
|
171 | 179 | error_dict=e_dict) |
|
172 | 180 | |
|
173 | 181 | return _ValidReposGroup |
|
174 | 182 | |
|
175 | 183 | |
|
176 | 184 | class ValidPassword(formencode.validators.FancyValidator): |
|
177 | 185 | |
|
178 | 186 | def to_python(self, value, state): |
|
179 | 187 | |
|
180 | if value: | |
|
188 | if not value: | |
|
189 | return | |
|
181 | 190 | |
|
182 |
|
|
|
183 |
|
|
|
184 |
|
|
|
185 |
|
|
|
186 |
|
|
|
187 |
|
|
|
191 | if value.get('password'): | |
|
192 | try: | |
|
193 | value['password'] = get_crypt_password(value['password']) | |
|
194 | except UnicodeEncodeError: | |
|
195 | e_dict = {'password': _('Invalid characters in password')} | |
|
196 | raise formencode.Invalid('', value, state, error_dict=e_dict) | |
|
188 | 197 | |
|
189 |
|
|
|
190 |
|
|
|
191 |
|
|
|
192 |
|
|
|
193 |
|
|
|
194 | e_dict = {'password_confirmation':_('Invalid characters in password')} | |
|
195 | raise formencode.Invalid('', value, state, error_dict=e_dict) | |
|
198 | if value.get('password_confirmation'): | |
|
199 | try: | |
|
200 | value['password_confirmation'] = \ | |
|
201 | get_crypt_password(value['password_confirmation']) | |
|
202 | except UnicodeEncodeError: | |
|
203 | e_dict = { | |
|
204 | 'password_confirmation': _('Invalid characters in password') | |
|
205 | } | |
|
206 | raise formencode.Invalid('', value, state, error_dict=e_dict) | |
|
196 | 207 | |
|
197 |
|
|
|
198 |
|
|
|
199 |
|
|
|
200 |
|
|
|
201 |
|
|
|
202 |
|
|
|
203 |
|
|
|
208 | if value.get('new_password'): | |
|
209 | try: | |
|
210 | value['new_password'] = \ | |
|
211 | get_crypt_password(value['new_password']) | |
|
212 | except UnicodeEncodeError: | |
|
213 | e_dict = {'new_password': _('Invalid characters in password')} | |
|
214 | raise formencode.Invalid('', value, state, error_dict=e_dict) | |
|
204 | 215 | |
|
205 |
|
|
|
216 | return value | |
|
206 | 217 | |
|
207 | 218 | |
|
208 | 219 | class ValidPasswordsMatch(formencode.validators.FancyValidator): |
|
209 | 220 | |
|
210 | 221 | def validate_python(self, value, state): |
|
211 | 222 | |
|
212 | 223 | pass_val = value.get('password') or value.get('new_password') |
|
213 | 224 | if pass_val != value['password_confirmation']: |
|
214 | 225 | e_dict = {'password_confirmation': |
|
215 | 226 | _('Passwords do not match')} |
|
216 | 227 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
217 | 228 | |
|
218 | 229 | |
|
219 | 230 | class ValidAuth(formencode.validators.FancyValidator): |
|
220 | 231 | messages = { |
|
221 | 232 | 'invalid_password':_('invalid password'), |
|
222 | 233 | 'invalid_login':_('invalid user name'), |
|
223 | 234 | 'disabled_account':_('Your account is disabled') |
|
224 | 235 | } |
|
225 | 236 | |
|
226 | 237 | # error mapping |
|
227 | e_dict = {'username':messages['invalid_login'], | |
|
228 | 'password':messages['invalid_password']} | |
|
229 | e_dict_disable = {'username':messages['disabled_account']} | |
|
238 | e_dict = {'username': messages['invalid_login'], | |
|
239 | 'password': messages['invalid_password']} | |
|
240 | e_dict_disable = {'username': messages['disabled_account']} | |
|
230 | 241 | |
|
231 | 242 | def validate_python(self, value, state): |
|
232 | 243 | password = value['password'] |
|
233 | 244 | username = value['username'] |
|
234 | 245 | user = User.get_by_username(username) |
|
235 | 246 | |
|
236 | 247 | if authenticate(username, password): |
|
237 | 248 | return value |
|
238 | 249 | else: |
|
239 | 250 | if user and user.active is False: |
|
240 | 251 | log.warning('user %s is disabled', username) |
|
241 |
raise formencode.Invalid( |
|
|
242 | state=State_obj), | |
|
243 | value, state, | |
|
244 | error_dict=self.e_dict_disable) | |
|
252 | raise formencode.Invalid( | |
|
253 | self.message('disabled_account', | |
|
254 | state=State_obj), | |
|
255 | value, state, | |
|
256 | error_dict=self.e_dict_disable | |
|
257 | ) | |
|
245 | 258 | else: |
|
246 | 259 | log.warning('user %s not authenticated', username) |
|
247 |
raise formencode.Invalid( |
|
|
248 | state=State_obj), value, state, | |
|
249 | error_dict=self.e_dict) | |
|
260 | raise formencode.Invalid( | |
|
261 | self.message('invalid_password', | |
|
262 | state=State_obj), value, state, | |
|
263 | error_dict=self.e_dict | |
|
264 | ) | |
|
250 | 265 | |
|
251 | 266 | |
|
252 | 267 | class ValidRepoUser(formencode.validators.FancyValidator): |
|
253 | 268 | |
|
254 | 269 | def to_python(self, value, state): |
|
255 | 270 | try: |
|
256 | 271 | User.query().filter(User.active == True)\ |
|
257 | 272 | .filter(User.username == value).one() |
|
258 | 273 | except Exception: |
|
259 | 274 | raise formencode.Invalid(_('This username is not valid'), |
|
260 | 275 | value, state) |
|
261 | 276 | return value |
|
262 | 277 | |
|
263 | 278 | |
|
264 | 279 | def ValidRepoName(edit, old_data): |
|
265 | 280 | class _ValidRepoName(formencode.validators.FancyValidator): |
|
266 | 281 | def to_python(self, value, state): |
|
267 | 282 | |
|
268 | 283 | repo_name = value.get('repo_name') |
|
269 | 284 | |
|
270 | 285 | slug = repo_name_slug(repo_name) |
|
271 | 286 | if slug in [ADMIN_PREFIX, '']: |
|
272 | 287 | e_dict = {'repo_name': _('This repository name is disallowed')} |
|
273 | 288 | raise formencode.Invalid('', value, state, error_dict=e_dict) |
|
274 | 289 | |
|
275 | ||
|
276 | 290 | if value.get('repo_group'): |
|
277 | 291 | gr = RepoGroup.get(value.get('repo_group')) |
|
278 | 292 | group_path = gr.full_path |
|
279 | 293 | # value needs to be aware of group name in order to check |
|
280 | 294 | # db key This is an actual just the name to store in the |
|
281 | 295 | # database |
|
282 | 296 | repo_name_full = group_path + RepoGroup.url_sep() + repo_name |
|
283 | 297 | |
|
284 | 298 | else: |
|
285 | 299 | group_path = '' |
|
286 | 300 | repo_name_full = repo_name |
|
287 | 301 | |
|
288 | ||
|
289 | 302 | value['repo_name_full'] = repo_name_full |
|
290 | 303 | rename = old_data.get('repo_name') != repo_name_full |
|
291 | 304 | create = not edit |
|
292 | 305 | if rename or create: |
|
293 | 306 | |
|
294 | 307 | if group_path != '': |
|
295 | 308 | if Repository.get_by_repo_name(repo_name_full): |
|
296 |
e_dict = { |
|
|
297 | 'exists in a group "%s"') % | |
|
298 |
gr.group_name |
|
|
309 | e_dict = { | |
|
310 | 'repo_name': _('This repository already exists in ' | |
|
311 | 'a group "%s"') % gr.group_name | |
|
312 | } | |
|
299 | 313 | raise formencode.Invalid('', value, state, |
|
300 | 314 | error_dict=e_dict) |
|
301 | 315 | elif RepoGroup.get_by_group_name(repo_name_full): |
|
302 |
e_dict = { |
|
|
303 | ' name already "%s"') % | |
|
304 |
repo_name_full |
|
|
316 | e_dict = { | |
|
317 | 'repo_name': _('There is a group with this name ' | |
|
318 | 'already "%s"') % repo_name_full | |
|
319 | } | |
|
305 | 320 | raise formencode.Invalid('', value, state, |
|
306 | 321 | error_dict=e_dict) |
|
307 | 322 | |
|
308 | 323 | elif Repository.get_by_repo_name(repo_name_full): |
|
309 | e_dict = {'repo_name':_('This repository ' | |
|
324 | e_dict = {'repo_name': _('This repository ' | |
|
310 | 325 | 'already exists')} |
|
311 | 326 | raise formencode.Invalid('', value, state, |
|
312 | 327 | error_dict=e_dict) |
|
313 | 328 | |
|
314 | 329 | return value |
|
315 | 330 | |
|
316 | 331 | return _ValidRepoName |
|
317 | 332 | |
|
318 | 333 | |
|
319 | 334 | def ValidForkName(*args, **kwargs): |
|
320 | 335 | return ValidRepoName(*args, **kwargs) |
|
321 | 336 | |
|
322 | 337 | |
|
323 | 338 | def SlugifyName(): |
|
324 | 339 | class _SlugifyName(formencode.validators.FancyValidator): |
|
325 | 340 | |
|
326 | 341 | def to_python(self, value, state): |
|
327 | 342 | return repo_name_slug(value) |
|
328 | 343 | |
|
329 | 344 | return _SlugifyName |
|
330 | 345 | |
|
331 | 346 | |
|
332 | 347 | def ValidCloneUri(): |
|
333 | 348 | from mercurial.httprepo import httprepository, httpsrepository |
|
334 | 349 | from rhodecode.lib.utils import make_ui |
|
335 | 350 | |
|
336 | 351 | class _ValidCloneUri(formencode.validators.FancyValidator): |
|
337 | 352 | |
|
338 | 353 | def to_python(self, value, state): |
|
339 | 354 | if not value: |
|
340 | 355 | pass |
|
341 | 356 | elif value.startswith('https'): |
|
342 | 357 | try: |
|
343 | 358 | httpsrepository(make_ui('db'), value).capabilities |
|
344 |
except Exception |
|
|
359 | except Exception: | |
|
345 | 360 | log.error(traceback.format_exc()) |
|
346 | 361 | raise formencode.Invalid(_('invalid clone url'), value, |
|
347 | 362 | state) |
|
348 | 363 | elif value.startswith('http'): |
|
349 | 364 | try: |
|
350 | 365 | httprepository(make_ui('db'), value).capabilities |
|
351 |
except Exception |
|
|
366 | except Exception: | |
|
352 | 367 | log.error(traceback.format_exc()) |
|
353 | 368 | raise formencode.Invalid(_('invalid clone url'), value, |
|
354 | 369 | state) |
|
355 | 370 | else: |
|
356 | 371 | raise formencode.Invalid(_('Invalid clone url, provide a ' |
|
357 | 372 | 'valid clone http\s url'), value, |
|
358 | 373 | state) |
|
359 | 374 | return value |
|
360 | 375 | |
|
361 | 376 | return _ValidCloneUri |
|
362 | 377 | |
|
363 | 378 | |
|
364 | 379 | def ValidForkType(old_data): |
|
365 | 380 | class _ValidForkType(formencode.validators.FancyValidator): |
|
366 | 381 | |
|
367 | 382 | def to_python(self, value, state): |
|
368 | 383 | if old_data['repo_type'] != value: |
|
369 | 384 | raise formencode.Invalid(_('Fork have to be the same ' |
|
370 | 385 | 'type as original'), value, state) |
|
371 | 386 | |
|
372 | 387 | return value |
|
373 | 388 | return _ValidForkType |
|
374 | 389 | |
|
375 | 390 | |
|
376 | 391 | class ValidPerms(formencode.validators.FancyValidator): |
|
377 | messages = {'perm_new_member_name':_('This username or users group name' | |
|
392 | messages = {'perm_new_member_name': _('This username or users group name' | |
|
378 | 393 | ' is not valid')} |
|
379 | 394 | |
|
380 | 395 | def to_python(self, value, state): |
|
381 | 396 | perms_update = [] |
|
382 | 397 | perms_new = [] |
|
383 | 398 | #build a list of permission to update and new permission to create |
|
384 | 399 | for k, v in value.items(): |
|
385 | 400 | #means new added member to permissions |
|
386 | 401 | if k.startswith('perm_new_member'): |
|
387 | 402 | new_perm = value.get('perm_new_member', False) |
|
388 | 403 | new_member = value.get('perm_new_member_name', False) |
|
389 | 404 | new_type = value.get('perm_new_member_type') |
|
390 | 405 | |
|
391 | 406 | if new_member and new_perm: |
|
392 | 407 | if (new_member, new_perm, new_type) not in perms_new: |
|
393 | 408 | perms_new.append((new_member, new_perm, new_type)) |
|
394 | 409 | elif k.startswith('u_perm_') or k.startswith('g_perm_'): |
|
395 | 410 | member = k[7:] |
|
396 | t = {'u':'user', | |
|
397 |
'g':'users_group' |
|
|
411 | t = {'u': 'user', | |
|
412 | 'g': 'users_group' | |
|
413 | }[k[0]] | |
|
398 | 414 | if member == 'default': |
|
399 | 415 | if value['private']: |
|
400 | 416 | #set none for default when updating to private repo |
|
401 | 417 | v = 'repository.none' |
|
402 | 418 | perms_update.append((member, v, t)) |
|
403 | 419 | |
|
404 | 420 | value['perms_updates'] = perms_update |
|
405 | 421 | value['perms_new'] = perms_new |
|
406 | 422 | |
|
407 | 423 | #update permissions |
|
408 | 424 | for k, v, t in perms_new: |
|
409 | 425 | try: |
|
410 | 426 | if t is 'user': |
|
411 | 427 | self.user_db = User.query()\ |
|
412 | 428 | .filter(User.active == True)\ |
|
413 | 429 | .filter(User.username == k).one() |
|
414 | 430 | if t is 'users_group': |
|
415 | 431 | self.user_db = UsersGroup.query()\ |
|
416 | 432 | .filter(UsersGroup.users_group_active == True)\ |
|
417 | 433 | .filter(UsersGroup.users_group_name == k).one() |
|
418 | 434 | |
|
419 | 435 | except Exception: |
|
420 | 436 | msg = self.message('perm_new_member_name', |
|
421 | 437 | state=State_obj) |
|
422 |
raise formencode.Invalid( |
|
|
423 |
|
|
|
438 | raise formencode.Invalid( | |
|
439 | msg, value, state, error_dict={'perm_new_member_name': msg} | |
|
440 | ) | |
|
424 | 441 | return value |
|
425 | 442 | |
|
426 | 443 | |
|
427 | 444 | class ValidSettings(formencode.validators.FancyValidator): |
|
428 | 445 | |
|
429 | 446 | def to_python(self, value, state): |
|
430 | 447 | # settings form can't edit user |
|
431 |
if |
|
|
448 | if 'user' in value: | |
|
432 | 449 | del['value']['user'] |
|
433 | ||
|
434 | 450 | return value |
|
435 | 451 | |
|
436 | 452 | |
|
437 | 453 | class ValidPath(formencode.validators.FancyValidator): |
|
438 | 454 | def to_python(self, value, state): |
|
439 | 455 | |
|
440 | 456 | if not os.path.isdir(value): |
|
441 | 457 | msg = _('This is not a valid path') |
|
442 | 458 | raise formencode.Invalid(msg, value, state, |
|
443 | error_dict={'paths_root_path':msg}) | |
|
459 | error_dict={'paths_root_path': msg}) | |
|
444 | 460 | return value |
|
445 | 461 | |
|
446 | 462 | |
|
447 | 463 | def UniqSystemEmail(old_data): |
|
448 | 464 | class _UniqSystemEmail(formencode.validators.FancyValidator): |
|
449 | 465 | def to_python(self, value, state): |
|
450 | 466 | value = value.lower() |
|
451 | if old_data.get('email','').lower() != value: | |
|
467 | if old_data.get('email', '').lower() != value: | |
|
452 | 468 | user = User.get_by_email(value, case_insensitive=True) |
|
453 | 469 | if user: |
|
454 | 470 | raise formencode.Invalid( |
|
455 |
|
|
|
456 |
|
|
|
471 | _("This e-mail address is already taken"), value, state | |
|
472 | ) | |
|
457 | 473 | return value |
|
458 | 474 | |
|
459 | 475 | return _UniqSystemEmail |
|
460 | 476 | |
|
461 | 477 | |
|
462 | 478 | class ValidSystemEmail(formencode.validators.FancyValidator): |
|
463 | 479 | def to_python(self, value, state): |
|
464 | 480 | value = value.lower() |
|
465 | 481 | user = User.get_by_email(value, case_insensitive=True) |
|
466 | 482 | if user is None: |
|
467 |
raise formencode.Invalid( |
|
|
468 | value, state) | |
|
483 | raise formencode.Invalid( | |
|
484 | _("This e-mail address doesn't exist."), value, state | |
|
485 | ) | |
|
469 | 486 | |
|
470 | 487 | return value |
|
471 | 488 | |
|
472 | 489 | |
|
473 | 490 | class LdapLibValidator(formencode.validators.FancyValidator): |
|
474 | 491 | |
|
475 | 492 | def to_python(self, value, state): |
|
476 | 493 | |
|
477 | 494 | try: |
|
478 | 495 | import ldap |
|
479 | 496 | except ImportError: |
|
480 | 497 | raise LdapImportError |
|
481 | 498 | return value |
|
482 | 499 | |
|
483 | 500 | |
|
484 | 501 | class AttrLoginValidator(formencode.validators.FancyValidator): |
|
485 | 502 | |
|
486 | 503 | def to_python(self, value, state): |
|
487 | 504 | |
|
488 | 505 | if not value or not isinstance(value, (str, unicode)): |
|
489 |
raise formencode.Invalid( |
|
|
490 | "must be specified - this is the name " | |
|
491 |
|
|
|
492 |
|
|
|
493 | value, state) | |
|
506 | raise formencode.Invalid( | |
|
507 | _("The LDAP Login attribute of the CN must be specified - " | |
|
508 | "this is the name of the attribute that is equivalent " | |
|
509 | "to 'username'"), value, state | |
|
510 | ) | |
|
494 | 511 | |
|
495 | 512 | return value |
|
496 | 513 | |
|
514 | ||
|
497 | 515 | #============================================================================== |
|
498 | 516 | # FORMS |
|
499 | 517 | #============================================================================== |
|
500 | 518 | class LoginForm(formencode.Schema): |
|
501 | 519 | allow_extra_fields = True |
|
502 | 520 | filter_extra_fields = True |
|
503 | 521 | username = UnicodeString( |
|
504 |
|
|
|
505 | min=1, | |
|
506 |
|
|
|
507 |
|
|
|
508 |
|
|
|
509 |
|
|
|
510 | ) | |
|
522 | strip=True, | |
|
523 | min=1, | |
|
524 | not_empty=True, | |
|
525 | messages={ | |
|
526 | 'empty': _('Please enter a login'), | |
|
527 | 'tooShort': _('Enter a value %(min)i characters long or more')} | |
|
528 | ) | |
|
511 | 529 | |
|
512 | 530 | password = UnicodeString( |
|
513 |
|
|
|
514 | min=3, | |
|
515 |
|
|
|
516 |
|
|
|
517 |
|
|
|
518 |
|
|
|
519 | ) | |
|
531 | strip=True, | |
|
532 | min=3, | |
|
533 | not_empty=True, | |
|
534 | messages={ | |
|
535 | 'empty': _('Please enter a password'), | |
|
536 | 'tooShort': _('Enter %(min)i characters or more')} | |
|
537 | ) | |
|
520 | 538 | |
|
521 | 539 | remember = StringBoolean(if_missing=False) |
|
522 | 540 | |
|
523 | 541 | chained_validators = [ValidAuth] |
|
524 | 542 | |
|
525 | 543 | |
|
526 | 544 | def UserForm(edit=False, old_data={}): |
|
527 | 545 | class _UserForm(formencode.Schema): |
|
528 | 546 | allow_extra_fields = True |
|
529 | 547 | filter_extra_fields = True |
|
530 | 548 | username = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
531 | 549 | ValidUsername(edit, old_data)) |
|
532 | 550 | if edit: |
|
533 | 551 | new_password = All(UnicodeString(strip=True, min=6, not_empty=False)) |
|
534 |
password_confirmation = All(UnicodeString(strip=True, min=6, |
|
|
552 | password_confirmation = All(UnicodeString(strip=True, min=6, | |
|
553 | not_empty=False)) | |
|
535 | 554 | admin = StringBoolean(if_missing=False) |
|
536 | 555 | else: |
|
537 | 556 | password = All(UnicodeString(strip=True, min=6, not_empty=True)) |
|
538 |
password_confirmation = All(UnicodeString(strip=True, min=6, |
|
|
557 | password_confirmation = All(UnicodeString(strip=True, min=6, | |
|
558 | not_empty=False)) | |
|
539 | 559 | |
|
540 | 560 | active = StringBoolean(if_missing=False) |
|
541 |
name = UnicodeString(strip=True, min=1, not_empty= |
|
|
542 |
lastname = UnicodeString(strip=True, min=1, not_empty= |
|
|
561 | name = UnicodeString(strip=True, min=1, not_empty=False) | |
|
562 | lastname = UnicodeString(strip=True, min=1, not_empty=False) | |
|
543 | 563 | email = All(Email(not_empty=True), UniqSystemEmail(old_data)) |
|
544 | 564 | |
|
545 | 565 | chained_validators = [ValidPasswordsMatch, ValidPassword] |
|
546 | 566 | |
|
547 | 567 | return _UserForm |
|
548 | 568 | |
|
549 | 569 | |
|
550 | 570 | def UsersGroupForm(edit=False, old_data={}, available_members=[]): |
|
551 | 571 | class _UsersGroupForm(formencode.Schema): |
|
552 | 572 | allow_extra_fields = True |
|
553 | 573 | filter_extra_fields = True |
|
554 | 574 | |
|
555 | 575 | users_group_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
556 | 576 | ValidUsersGroup(edit, old_data)) |
|
557 | 577 | |
|
558 | 578 | users_group_active = StringBoolean(if_missing=False) |
|
559 | 579 | |
|
560 | 580 | if edit: |
|
561 | 581 | users_group_members = OneOf(available_members, hideList=False, |
|
562 | 582 | testValueList=True, |
|
563 | 583 | if_missing=None, not_empty=False) |
|
564 | 584 | |
|
565 | 585 | return _UsersGroupForm |
|
566 | 586 | |
|
567 | 587 | |
|
568 | 588 | def ReposGroupForm(edit=False, old_data={}, available_groups=[]): |
|
569 | 589 | class _ReposGroupForm(formencode.Schema): |
|
570 | 590 | allow_extra_fields = True |
|
571 | 591 | filter_extra_fields = True |
|
572 | 592 | |
|
573 | 593 | group_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
574 | 594 | SlugifyName()) |
|
575 | 595 | group_description = UnicodeString(strip=True, min=1, |
|
576 | 596 | not_empty=True) |
|
577 | 597 | group_parent_id = OneOf(available_groups, hideList=False, |
|
578 | 598 | testValueList=True, |
|
579 | 599 | if_missing=None, not_empty=False) |
|
580 | 600 | |
|
581 | 601 | chained_validators = [ValidReposGroup(edit, old_data)] |
|
582 | 602 | |
|
583 | 603 | return _ReposGroupForm |
|
584 | 604 | |
|
585 | 605 | |
|
586 | 606 | def RegisterForm(edit=False, old_data={}): |
|
587 | 607 | class _RegisterForm(formencode.Schema): |
|
588 | 608 | allow_extra_fields = True |
|
589 | 609 | filter_extra_fields = True |
|
590 | 610 | username = All(ValidUsername(edit, old_data), |
|
591 | 611 | UnicodeString(strip=True, min=1, not_empty=True)) |
|
592 | 612 | password = All(UnicodeString(strip=True, min=6, not_empty=True)) |
|
593 | 613 | password_confirmation = All(UnicodeString(strip=True, min=6, not_empty=True)) |
|
594 | 614 | active = StringBoolean(if_missing=False) |
|
595 |
name = UnicodeString(strip=True, min=1, not_empty= |
|
|
596 |
lastname = UnicodeString(strip=True, min=1, not_empty= |
|
|
615 | name = UnicodeString(strip=True, min=1, not_empty=False) | |
|
616 | lastname = UnicodeString(strip=True, min=1, not_empty=False) | |
|
597 | 617 | email = All(Email(not_empty=True), UniqSystemEmail(old_data)) |
|
598 | 618 | |
|
599 | 619 | chained_validators = [ValidPasswordsMatch, ValidPassword] |
|
600 | 620 | |
|
601 | 621 | return _RegisterForm |
|
602 | 622 | |
|
623 | ||
|
603 | 624 | def PasswordResetForm(): |
|
604 | 625 | class _PasswordResetForm(formencode.Schema): |
|
605 | 626 | allow_extra_fields = True |
|
606 | 627 | filter_extra_fields = True |
|
607 | 628 | email = All(ValidSystemEmail(), Email(not_empty=True)) |
|
608 | 629 | return _PasswordResetForm |
|
609 | 630 | |
|
631 | ||
|
610 | 632 | def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(), |
|
611 | 633 | repo_groups=[]): |
|
612 | 634 | class _RepoForm(formencode.Schema): |
|
613 | 635 | allow_extra_fields = True |
|
614 | 636 | filter_extra_fields = False |
|
615 | 637 | repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
616 | 638 | SlugifyName()) |
|
617 | 639 | clone_uri = All(UnicodeString(strip=True, min=1, not_empty=False), |
|
618 | 640 | ValidCloneUri()()) |
|
619 | 641 | repo_group = OneOf(repo_groups, hideList=True) |
|
620 | 642 | repo_type = OneOf(supported_backends) |
|
621 | 643 | description = UnicodeString(strip=True, min=1, not_empty=True) |
|
622 | 644 | private = StringBoolean(if_missing=False) |
|
623 | 645 | enable_statistics = StringBoolean(if_missing=False) |
|
624 | 646 | enable_downloads = StringBoolean(if_missing=False) |
|
625 | 647 | |
|
626 | 648 | if edit: |
|
627 | 649 | #this is repo owner |
|
628 | 650 | user = All(UnicodeString(not_empty=True), ValidRepoUser) |
|
629 | 651 | |
|
630 | 652 | chained_validators = [ValidRepoName(edit, old_data), ValidPerms] |
|
631 | 653 | return _RepoForm |
|
632 | 654 | |
|
655 | ||
|
633 | 656 | def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(), |
|
634 | 657 | repo_groups=[]): |
|
635 | 658 | class _RepoForkForm(formencode.Schema): |
|
636 | 659 | allow_extra_fields = True |
|
637 | 660 | filter_extra_fields = False |
|
638 | 661 | repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
639 | 662 | SlugifyName()) |
|
640 | 663 | repo_group = OneOf(repo_groups, hideList=True) |
|
641 | 664 | repo_type = All(ValidForkType(old_data), OneOf(supported_backends)) |
|
642 | 665 | description = UnicodeString(strip=True, min=1, not_empty=True) |
|
643 | 666 | private = StringBoolean(if_missing=False) |
|
644 | 667 | copy_permissions = StringBoolean(if_missing=False) |
|
645 | 668 | update_after_clone = StringBoolean(if_missing=False) |
|
646 | 669 | fork_parent_id = UnicodeString() |
|
647 | 670 | chained_validators = [ValidForkName(edit, old_data)] |
|
648 | 671 | |
|
649 | 672 | return _RepoForkForm |
|
650 | 673 | |
|
674 | ||
|
651 | 675 | def RepoSettingsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(), |
|
652 | 676 | repo_groups=[]): |
|
653 | 677 | class _RepoForm(formencode.Schema): |
|
654 | 678 | allow_extra_fields = True |
|
655 | 679 | filter_extra_fields = False |
|
656 | 680 | repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), |
|
657 | 681 | SlugifyName()) |
|
658 | 682 | description = UnicodeString(strip=True, min=1, not_empty=True) |
|
659 | 683 | repo_group = OneOf(repo_groups, hideList=True) |
|
660 | 684 | private = StringBoolean(if_missing=False) |
|
661 | 685 | |
|
662 | 686 | chained_validators = [ValidRepoName(edit, old_data), ValidPerms, |
|
663 | 687 | ValidSettings] |
|
664 | 688 | return _RepoForm |
|
665 | 689 | |
|
666 | 690 | |
|
667 | 691 | def ApplicationSettingsForm(): |
|
668 | 692 | class _ApplicationSettingsForm(formencode.Schema): |
|
669 | 693 | allow_extra_fields = True |
|
670 | 694 | filter_extra_fields = False |
|
671 | 695 | rhodecode_title = UnicodeString(strip=True, min=1, not_empty=True) |
|
672 | 696 | rhodecode_realm = UnicodeString(strip=True, min=1, not_empty=True) |
|
673 | 697 | rhodecode_ga_code = UnicodeString(strip=True, min=1, not_empty=False) |
|
674 | 698 | |
|
675 | 699 | return _ApplicationSettingsForm |
|
676 | 700 | |
|
701 | ||
|
677 | 702 | def ApplicationUiSettingsForm(): |
|
678 | 703 | class _ApplicationUiSettingsForm(formencode.Schema): |
|
679 | 704 | allow_extra_fields = True |
|
680 | 705 | filter_extra_fields = False |
|
681 | 706 | web_push_ssl = OneOf(['true', 'false'], if_missing='false') |
|
682 | 707 | paths_root_path = All(ValidPath(), UnicodeString(strip=True, min=1, not_empty=True)) |
|
683 | 708 | hooks_changegroup_update = OneOf(['True', 'False'], if_missing=False) |
|
684 | 709 | hooks_changegroup_repo_size = OneOf(['True', 'False'], if_missing=False) |
|
685 | 710 | hooks_pretxnchangegroup_push_logger = OneOf(['True', 'False'], if_missing=False) |
|
686 | 711 | hooks_preoutgoing_pull_logger = OneOf(['True', 'False'], if_missing=False) |
|
687 | 712 | |
|
688 | 713 | return _ApplicationUiSettingsForm |
|
689 | 714 | |
|
715 | ||
|
690 | 716 | def DefaultPermissionsForm(perms_choices, register_choices, create_choices): |
|
691 | 717 | class _DefaultPermissionsForm(formencode.Schema): |
|
692 | 718 | allow_extra_fields = True |
|
693 | 719 | filter_extra_fields = True |
|
694 | 720 | overwrite_default = StringBoolean(if_missing=False) |
|
695 | 721 | anonymous = OneOf(['True', 'False'], if_missing=False) |
|
696 | 722 | default_perm = OneOf(perms_choices) |
|
697 | 723 | default_register = OneOf(register_choices) |
|
698 | 724 | default_create = OneOf(create_choices) |
|
699 | 725 | |
|
700 | 726 | return _DefaultPermissionsForm |
|
701 | 727 | |
|
702 | 728 | |
|
703 | 729 | def LdapSettingsForm(tls_reqcert_choices, search_scope_choices, tls_kind_choices): |
|
704 | 730 | class _LdapSettingsForm(formencode.Schema): |
|
705 | 731 | allow_extra_fields = True |
|
706 | 732 | filter_extra_fields = True |
|
707 | 733 | pre_validators = [LdapLibValidator] |
|
708 | 734 | ldap_active = StringBoolean(if_missing=False) |
|
709 | 735 | ldap_host = UnicodeString(strip=True,) |
|
710 | 736 | ldap_port = Number(strip=True,) |
|
711 | 737 | ldap_tls_kind = OneOf(tls_kind_choices) |
|
712 | 738 | ldap_tls_reqcert = OneOf(tls_reqcert_choices) |
|
713 | 739 | ldap_dn_user = UnicodeString(strip=True,) |
|
714 | 740 | ldap_dn_pass = UnicodeString(strip=True,) |
|
715 | 741 | ldap_base_dn = UnicodeString(strip=True,) |
|
716 | 742 | ldap_filter = UnicodeString(strip=True,) |
|
717 | 743 | ldap_search_scope = OneOf(search_scope_choices) |
|
718 | 744 | ldap_attr_login = All(AttrLoginValidator, UnicodeString(strip=True,)) |
|
719 | 745 | ldap_attr_firstname = UnicodeString(strip=True,) |
|
720 | 746 | ldap_attr_lastname = UnicodeString(strip=True,) |
|
721 | 747 | ldap_attr_email = UnicodeString(strip=True,) |
|
722 | 748 | |
|
723 | 749 | return _LdapSettingsForm |
@@ -1,507 +1,504 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | """ |
|
3 | 3 | rhodecode.model.user |
|
4 | 4 | ~~~~~~~~~~~~~~~~~~~~ |
|
5 | 5 | |
|
6 | 6 | users model for RhodeCode |
|
7 | 7 | |
|
8 | 8 | :created_on: Apr 9, 2010 |
|
9 | 9 | :author: marcink |
|
10 | 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
11 | 11 | :license: GPLv3, see COPYING for more details. |
|
12 | 12 | """ |
|
13 | 13 | # This program is free software: you can redistribute it and/or modify |
|
14 | 14 | # it under the terms of the GNU General Public License as published by |
|
15 | 15 | # the Free Software Foundation, either version 3 of the License, or |
|
16 | 16 | # (at your option) any later version. |
|
17 | 17 | # |
|
18 | 18 | # This program is distributed in the hope that it will be useful, |
|
19 | 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
20 | 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
21 | 21 | # GNU General Public License for more details. |
|
22 | 22 | # |
|
23 | 23 | # You should have received a copy of the GNU General Public License |
|
24 | 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
25 | 25 | |
|
26 | 26 | import logging |
|
27 | 27 | import traceback |
|
28 | 28 | |
|
29 | 29 | from pylons import url |
|
30 | 30 | from pylons.i18n.translation import _ |
|
31 | 31 | |
|
32 | 32 | from rhodecode.lib import safe_unicode |
|
33 | 33 | from rhodecode.lib.caching_query import FromCache |
|
34 | 34 | |
|
35 | 35 | from rhodecode.model import BaseModel |
|
36 | 36 | from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \ |
|
37 | 37 | UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \ |
|
38 | 38 | Notification |
|
39 | 39 | from rhodecode.lib.exceptions import DefaultUserException, \ |
|
40 | 40 | UserOwnsReposException |
|
41 | 41 | |
|
42 | 42 | from sqlalchemy.exc import DatabaseError |
|
43 | 43 | from rhodecode.lib import generate_api_key |
|
44 | 44 | from sqlalchemy.orm import joinedload |
|
45 | 45 | |
|
46 | 46 | log = logging.getLogger(__name__) |
|
47 | 47 | |
|
48 | 48 | |
|
49 | 49 | PERM_WEIGHTS = {'repository.none': 0, |
|
50 | 50 | 'repository.read': 1, |
|
51 | 51 | 'repository.write': 3, |
|
52 | 52 | 'repository.admin': 3} |
|
53 | 53 | |
|
54 | 54 | |
|
55 | 55 | class UserModel(BaseModel): |
|
56 | 56 | |
|
57 | 57 | def __get_user(self, user): |
|
58 | 58 | return self._get_instance(User, user) |
|
59 | 59 | |
|
60 | 60 | def get(self, user_id, cache=False): |
|
61 | 61 | user = self.sa.query(User) |
|
62 | 62 | if cache: |
|
63 | 63 | user = user.options(FromCache("sql_cache_short", |
|
64 | 64 | "get_user_%s" % user_id)) |
|
65 | 65 | return user.get(user_id) |
|
66 | 66 | |
|
67 | 67 | def get_by_username(self, username, cache=False, case_insensitive=False): |
|
68 | 68 | |
|
69 | 69 | if case_insensitive: |
|
70 | 70 | user = self.sa.query(User).filter(User.username.ilike(username)) |
|
71 | 71 | else: |
|
72 | 72 | user = self.sa.query(User)\ |
|
73 | 73 | .filter(User.username == username) |
|
74 | 74 | if cache: |
|
75 | 75 | user = user.options(FromCache("sql_cache_short", |
|
76 | 76 | "get_user_%s" % username)) |
|
77 | 77 | return user.scalar() |
|
78 | 78 | |
|
79 | 79 | def get_by_api_key(self, api_key, cache=False): |
|
80 | 80 | return User.get_by_api_key(api_key, cache) |
|
81 | 81 | |
|
82 | 82 | def create(self, form_data): |
|
83 | 83 | try: |
|
84 | 84 | new_user = User() |
|
85 | 85 | for k, v in form_data.items(): |
|
86 | 86 | setattr(new_user, k, v) |
|
87 | 87 | |
|
88 | 88 | new_user.api_key = generate_api_key(form_data['username']) |
|
89 | 89 | self.sa.add(new_user) |
|
90 | 90 | return new_user |
|
91 | 91 | except: |
|
92 | 92 | log.error(traceback.format_exc()) |
|
93 | 93 | raise |
|
94 | 94 | |
|
95 | ||
|
96 | 95 | def create_or_update(self, username, password, email, name, lastname, |
|
97 | 96 | active=True, admin=False, ldap_dn=None): |
|
98 | 97 | """ |
|
99 | 98 | Creates a new instance if not found, or updates current one |
|
100 | 99 | |
|
101 | 100 | :param username: |
|
102 | 101 | :param password: |
|
103 | 102 | :param email: |
|
104 | 103 | :param active: |
|
105 | 104 | :param name: |
|
106 | 105 | :param lastname: |
|
107 | 106 | :param active: |
|
108 | 107 | :param admin: |
|
109 | 108 | :param ldap_dn: |
|
110 | 109 | """ |
|
111 | 110 | |
|
112 | 111 | from rhodecode.lib.auth import get_crypt_password |
|
113 | 112 | |
|
114 | 113 | log.debug('Checking for %s account in RhodeCode database', username) |
|
115 | 114 | user = User.get_by_username(username, case_insensitive=True) |
|
116 | 115 | if user is None: |
|
117 | 116 | log.debug('creating new user %s', username) |
|
118 | 117 | new_user = User() |
|
119 | 118 | else: |
|
120 | 119 | log.debug('updating user %s', username) |
|
121 | 120 | new_user = user |
|
122 | 121 | |
|
123 | 122 | try: |
|
124 | 123 | new_user.username = username |
|
125 | 124 | new_user.admin = admin |
|
126 | 125 | new_user.password = get_crypt_password(password) |
|
127 | 126 | new_user.api_key = generate_api_key(username) |
|
128 | 127 | new_user.email = email |
|
129 | 128 | new_user.active = active |
|
130 | 129 | new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None |
|
131 | 130 | new_user.name = name |
|
132 | 131 | new_user.lastname = lastname |
|
133 | 132 | self.sa.add(new_user) |
|
134 | 133 | return new_user |
|
135 | 134 | except (DatabaseError,): |
|
136 | 135 | log.error(traceback.format_exc()) |
|
137 | 136 | raise |
|
138 | 137 | |
|
139 | ||
|
140 | 138 | def create_for_container_auth(self, username, attrs): |
|
141 | 139 | """ |
|
142 | 140 | Creates the given user if it's not already in the database |
|
143 | 141 | |
|
144 | 142 | :param username: |
|
145 | 143 | :param attrs: |
|
146 | 144 | """ |
|
147 | 145 | if self.get_by_username(username, case_insensitive=True) is None: |
|
148 | 146 | |
|
149 | 147 | # autogenerate email for container account without one |
|
150 | 148 | generate_email = lambda usr: '%s@container_auth.account' % usr |
|
151 | 149 | |
|
152 | 150 | try: |
|
153 | 151 | new_user = User() |
|
154 | 152 | new_user.username = username |
|
155 | 153 | new_user.password = None |
|
156 | 154 | new_user.api_key = generate_api_key(username) |
|
157 | 155 | new_user.email = attrs['email'] |
|
158 | 156 | new_user.active = attrs.get('active', True) |
|
159 | 157 | new_user.name = attrs['name'] or generate_email(username) |
|
160 | 158 | new_user.lastname = attrs['lastname'] |
|
161 | 159 | |
|
162 | 160 | self.sa.add(new_user) |
|
163 | 161 | return new_user |
|
164 | 162 | except (DatabaseError,): |
|
165 | 163 | log.error(traceback.format_exc()) |
|
166 | 164 | self.sa.rollback() |
|
167 | 165 | raise |
|
168 | 166 | log.debug('User %s already exists. Skipping creation of account' |
|
169 | 167 | ' for container auth.', username) |
|
170 | 168 | return None |
|
171 | 169 | |
|
172 | 170 | def create_ldap(self, username, password, user_dn, attrs): |
|
173 | 171 | """ |
|
174 | 172 | Checks if user is in database, if not creates this user marked |
|
175 | 173 | as ldap user |
|
176 | 174 | |
|
177 | 175 | :param username: |
|
178 | 176 | :param password: |
|
179 | 177 | :param user_dn: |
|
180 | 178 | :param attrs: |
|
181 | 179 | """ |
|
182 | 180 | from rhodecode.lib.auth import get_crypt_password |
|
183 | 181 | log.debug('Checking for such ldap account in RhodeCode database') |
|
184 | 182 | if self.get_by_username(username, case_insensitive=True) is None: |
|
185 | 183 | |
|
186 | 184 | # autogenerate email for ldap account without one |
|
187 | 185 | generate_email = lambda usr: '%s@ldap.account' % usr |
|
188 | 186 | |
|
189 | 187 | try: |
|
190 | 188 | new_user = User() |
|
191 | 189 | username = username.lower() |
|
192 | 190 | # add ldap account always lowercase |
|
193 | 191 | new_user.username = username |
|
194 | 192 | new_user.password = get_crypt_password(password) |
|
195 | 193 | new_user.api_key = generate_api_key(username) |
|
196 | 194 | new_user.email = attrs['email'] or generate_email(username) |
|
197 | 195 | new_user.active = attrs.get('active', True) |
|
198 | 196 | new_user.ldap_dn = safe_unicode(user_dn) |
|
199 | 197 | new_user.name = attrs['name'] |
|
200 | 198 | new_user.lastname = attrs['lastname'] |
|
201 | 199 | |
|
202 | 200 | self.sa.add(new_user) |
|
203 | 201 | return new_user |
|
204 | 202 | except (DatabaseError,): |
|
205 | 203 | log.error(traceback.format_exc()) |
|
206 | 204 | self.sa.rollback() |
|
207 | 205 | raise |
|
208 | 206 | log.debug('this %s user exists skipping creation of ldap account', |
|
209 | 207 | username) |
|
210 | 208 | return None |
|
211 | 209 | |
|
212 | 210 | def create_registration(self, form_data): |
|
213 | 211 | from rhodecode.model.notification import NotificationModel |
|
214 | 212 | |
|
215 | 213 | try: |
|
216 | 214 | new_user = User() |
|
217 | 215 | for k, v in form_data.items(): |
|
218 | 216 | if k != 'admin': |
|
219 | 217 | setattr(new_user, k, v) |
|
220 | 218 | |
|
221 | 219 | self.sa.add(new_user) |
|
222 | 220 | self.sa.flush() |
|
223 | 221 | |
|
224 | 222 | # notification to admins |
|
225 | 223 | subject = _('new user registration') |
|
226 | 224 | body = ('New user registration\n' |
|
227 | 225 | '---------------------\n' |
|
228 | 226 | '- Username: %s\n' |
|
229 | 227 | '- Full Name: %s\n' |
|
230 | 228 | '- Email: %s\n') |
|
231 | 229 | body = body % (new_user.username, new_user.full_name, |
|
232 | 230 | new_user.email) |
|
233 | 231 | edit_url = url('edit_user', id=new_user.user_id, qualified=True) |
|
234 | kw = {'registered_user_url':edit_url} | |
|
232 | kw = {'registered_user_url': edit_url} | |
|
235 | 233 | NotificationModel().create(created_by=new_user, subject=subject, |
|
236 | 234 | body=body, recipients=None, |
|
237 | 235 | type_=Notification.TYPE_REGISTRATION, |
|
238 | 236 | email_kwargs=kw) |
|
239 | 237 | |
|
240 | 238 | except: |
|
241 | 239 | log.error(traceback.format_exc()) |
|
242 | 240 | raise |
|
243 | 241 | |
|
244 | 242 | def update(self, user_id, form_data): |
|
245 | 243 | try: |
|
246 | 244 | user = self.get(user_id, cache=False) |
|
247 | 245 | if user.username == 'default': |
|
248 | 246 | raise DefaultUserException( |
|
249 | 247 | _("You can't Edit this user since it's" |
|
250 | 248 | " crucial for entire application")) |
|
251 | 249 | |
|
252 | 250 | for k, v in form_data.items(): |
|
253 | 251 | if k == 'new_password' and v != '': |
|
254 | 252 | user.password = v |
|
255 | 253 | user.api_key = generate_api_key(user.username) |
|
256 | 254 | else: |
|
257 | 255 | setattr(user, k, v) |
|
258 | 256 | |
|
259 | 257 | self.sa.add(user) |
|
260 | 258 | except: |
|
261 | 259 | log.error(traceback.format_exc()) |
|
262 | 260 | raise |
|
263 | 261 | |
|
264 | 262 | def update_my_account(self, user_id, form_data): |
|
265 | 263 | try: |
|
266 | 264 | user = self.get(user_id, cache=False) |
|
267 | 265 | if user.username == 'default': |
|
268 | 266 | raise DefaultUserException( |
|
269 | 267 | _("You can't Edit this user since it's" |
|
270 | 268 | " crucial for entire application")) |
|
271 | 269 | for k, v in form_data.items(): |
|
272 | 270 | if k == 'new_password' and v != '': |
|
273 | 271 | user.password = v |
|
274 | 272 | user.api_key = generate_api_key(user.username) |
|
275 | 273 | else: |
|
276 | 274 | if k not in ['admin', 'active']: |
|
277 | 275 | setattr(user, k, v) |
|
278 | 276 | |
|
279 | 277 | self.sa.add(user) |
|
280 | 278 | except: |
|
281 | 279 | log.error(traceback.format_exc()) |
|
282 | 280 | raise |
|
283 | 281 | |
|
284 | 282 | def delete(self, user): |
|
285 | 283 | user = self.__get_user(user) |
|
286 | 284 | |
|
287 | 285 | try: |
|
288 | 286 | if user.username == 'default': |
|
289 | 287 | raise DefaultUserException( |
|
290 | 288 | _("You can't remove this user since it's" |
|
291 | 289 | " crucial for entire application")) |
|
292 | 290 | if user.repositories: |
|
293 | 291 | raise UserOwnsReposException(_('This user still owns %s ' |
|
294 | 292 | 'repositories and cannot be ' |
|
295 | 293 | 'removed. Switch owners or ' |
|
296 | 294 | 'remove those repositories') \ |
|
297 | 295 | % user.repositories) |
|
298 | 296 | self.sa.delete(user) |
|
299 | 297 | except: |
|
300 | 298 | log.error(traceback.format_exc()) |
|
301 | 299 | raise |
|
302 | 300 | |
|
303 | 301 | def reset_password_link(self, data): |
|
304 | 302 | from rhodecode.lib.celerylib import tasks, run_task |
|
305 | 303 | run_task(tasks.send_password_link, data['email']) |
|
306 | 304 | |
|
307 | 305 | def reset_password(self, data): |
|
308 | 306 | from rhodecode.lib.celerylib import tasks, run_task |
|
309 | 307 | run_task(tasks.reset_user_password, data['email']) |
|
310 | 308 | |
|
311 | 309 | def fill_data(self, auth_user, user_id=None, api_key=None): |
|
312 | 310 | """ |
|
313 | 311 | Fetches auth_user by user_id,or api_key if present. |
|
314 | 312 | Fills auth_user attributes with those taken from database. |
|
315 | 313 | Additionally set's is_authenitated if lookup fails |
|
316 | 314 | present in database |
|
317 | 315 | |
|
318 | 316 | :param auth_user: instance of user to set attributes |
|
319 | 317 | :param user_id: user id to fetch by |
|
320 | 318 | :param api_key: api key to fetch by |
|
321 | 319 | """ |
|
322 | 320 | if user_id is None and api_key is None: |
|
323 | 321 | raise Exception('You need to pass user_id or api_key') |
|
324 | 322 | |
|
325 | 323 | try: |
|
326 | 324 | if api_key: |
|
327 | 325 | dbuser = self.get_by_api_key(api_key) |
|
328 | 326 | else: |
|
329 | 327 | dbuser = self.get(user_id) |
|
330 | 328 | |
|
331 | 329 | if dbuser is not None and dbuser.active: |
|
332 | 330 | log.debug('filling %s data', dbuser) |
|
333 | 331 | for k, v in dbuser.get_dict().items(): |
|
334 | 332 | setattr(auth_user, k, v) |
|
335 | 333 | else: |
|
336 | 334 | return False |
|
337 | 335 | |
|
338 | 336 | except: |
|
339 | 337 | log.error(traceback.format_exc()) |
|
340 | 338 | auth_user.is_authenticated = False |
|
341 | 339 | return False |
|
342 | 340 | |
|
343 | 341 | return True |
|
344 | 342 | |
|
345 | 343 | def fill_perms(self, user): |
|
346 | 344 | """ |
|
347 | 345 | Fills user permission attribute with permissions taken from database |
|
348 | 346 | works for permissions given for repositories, and for permissions that |
|
349 | 347 | are granted to groups |
|
350 | 348 | |
|
351 | 349 | :param user: user instance to fill his perms |
|
352 | 350 | """ |
|
353 | 351 | |
|
354 | 352 | user.permissions['repositories'] = {} |
|
355 | 353 | user.permissions['global'] = set() |
|
356 | 354 | |
|
357 | 355 | #====================================================================== |
|
358 | 356 | # fetch default permissions |
|
359 | 357 | #====================================================================== |
|
360 | 358 | default_user = User.get_by_username('default', cache=True) |
|
361 | 359 | default_user_id = default_user.user_id |
|
362 | 360 | |
|
363 | 361 | default_perms = Permission.get_default_perms(default_user_id) |
|
364 | 362 | |
|
365 | 363 | if user.is_admin: |
|
366 | 364 | #================================================================== |
|
367 | 365 | # #admin have all default rights set to admin |
|
368 | 366 | #================================================================== |
|
369 | 367 | user.permissions['global'].add('hg.admin') |
|
370 | 368 | |
|
371 | 369 | for perm in default_perms: |
|
372 | 370 | p = 'repository.admin' |
|
373 | 371 | user.permissions['repositories'][perm.UserRepoToPerm. |
|
374 | 372 | repository.repo_name] = p |
|
375 | 373 | |
|
376 | 374 | else: |
|
377 | 375 | #================================================================== |
|
378 | 376 | # set default permissions |
|
379 | 377 | #================================================================== |
|
380 | 378 | uid = user.user_id |
|
381 | 379 | |
|
382 | 380 | # default global |
|
383 | 381 | default_global_perms = self.sa.query(UserToPerm)\ |
|
384 | 382 | .filter(UserToPerm.user_id == default_user_id) |
|
385 | 383 | |
|
386 | 384 | for perm in default_global_perms: |
|
387 | 385 | user.permissions['global'].add(perm.permission.permission_name) |
|
388 | 386 | |
|
389 | 387 | # default for repositories |
|
390 | 388 | for perm in default_perms: |
|
391 | 389 | if perm.Repository.private and not (perm.Repository.user_id == |
|
392 | 390 | uid): |
|
393 | 391 | # disable defaults for private repos, |
|
394 | 392 | p = 'repository.none' |
|
395 | 393 | elif perm.Repository.user_id == uid: |
|
396 | 394 | # set admin if owner |
|
397 | 395 | p = 'repository.admin' |
|
398 | 396 | else: |
|
399 | 397 | p = perm.Permission.permission_name |
|
400 | 398 | |
|
401 | 399 | user.permissions['repositories'][perm.UserRepoToPerm. |
|
402 | 400 | repository.repo_name] = p |
|
403 | 401 | |
|
404 | 402 | #================================================================== |
|
405 | 403 | # overwrite default with user permissions if any |
|
406 | 404 | #================================================================== |
|
407 | 405 | |
|
408 | 406 | # user global |
|
409 | 407 | user_perms = self.sa.query(UserToPerm)\ |
|
410 | 408 | .options(joinedload(UserToPerm.permission))\ |
|
411 | 409 | .filter(UserToPerm.user_id == uid).all() |
|
412 | 410 | |
|
413 | 411 | for perm in user_perms: |
|
414 | 412 | user.permissions['global'].add(perm.permission.permission_name) |
|
415 | 413 | |
|
416 | 414 | # user repositories |
|
417 | 415 | user_repo_perms = self.sa.query(UserRepoToPerm, Permission, |
|
418 | 416 | Repository)\ |
|
419 | 417 | .join((Repository, UserRepoToPerm.repository_id == |
|
420 | 418 | Repository.repo_id))\ |
|
421 | 419 | .join((Permission, UserRepoToPerm.permission_id == |
|
422 | 420 | Permission.permission_id))\ |
|
423 | 421 | .filter(UserRepoToPerm.user_id == uid).all() |
|
424 | 422 | |
|
425 | 423 | for perm in user_repo_perms: |
|
426 | 424 | # set admin if owner |
|
427 | 425 | if perm.Repository.user_id == uid: |
|
428 | 426 | p = 'repository.admin' |
|
429 | 427 | else: |
|
430 | 428 | p = perm.Permission.permission_name |
|
431 | 429 | user.permissions['repositories'][perm.UserRepoToPerm. |
|
432 | 430 | repository.repo_name] = p |
|
433 | 431 | |
|
434 | 432 | #================================================================== |
|
435 | 433 | # check if user is part of groups for this repository and fill in |
|
436 | 434 | # (or replace with higher) permissions |
|
437 | 435 | #================================================================== |
|
438 | 436 | |
|
439 | 437 | # users group global |
|
440 | 438 | user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ |
|
441 | 439 | .options(joinedload(UsersGroupToPerm.permission))\ |
|
442 | 440 | .join((UsersGroupMember, UsersGroupToPerm.users_group_id == |
|
443 | 441 | UsersGroupMember.users_group_id))\ |
|
444 | 442 | .filter(UsersGroupMember.user_id == uid).all() |
|
445 | 443 | |
|
446 | 444 | for perm in user_perms_from_users_groups: |
|
447 | 445 | user.permissions['global'].add(perm.permission.permission_name) |
|
448 | 446 | |
|
449 | 447 | # users group repositories |
|
450 | 448 | user_repo_perms_from_users_groups = self.sa.query( |
|
451 | 449 | UsersGroupRepoToPerm, |
|
452 | 450 | Permission, Repository,)\ |
|
453 | 451 | .join((Repository, UsersGroupRepoToPerm.repository_id == |
|
454 | 452 | Repository.repo_id))\ |
|
455 | 453 | .join((Permission, UsersGroupRepoToPerm.permission_id == |
|
456 | 454 | Permission.permission_id))\ |
|
457 | 455 | .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == |
|
458 | 456 | UsersGroupMember.users_group_id))\ |
|
459 | 457 | .filter(UsersGroupMember.user_id == uid).all() |
|
460 | 458 | |
|
461 | 459 | for perm in user_repo_perms_from_users_groups: |
|
462 | 460 | p = perm.Permission.permission_name |
|
463 | 461 | cur_perm = user.permissions['repositories'][perm. |
|
464 | 462 | UsersGroupRepoToPerm. |
|
465 | 463 | repository.repo_name] |
|
466 | 464 | # overwrite permission only if it's greater than permission |
|
467 | 465 | # given from other sources |
|
468 | 466 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
469 | 467 | user.permissions['repositories'][perm.UsersGroupRepoToPerm. |
|
470 | 468 | repository.repo_name] = p |
|
471 | 469 | |
|
472 | 470 | return user |
|
473 | 471 | |
|
474 | 472 | def has_perm(self, user, perm): |
|
475 | 473 | if not isinstance(perm, Permission): |
|
476 | 474 | raise Exception('perm needs to be an instance of Permission class ' |
|
477 | 475 | 'got %s instead' % type(perm)) |
|
478 | 476 | |
|
479 | 477 | user = self.__get_user(user) |
|
480 | 478 | |
|
481 | 479 | return UserToPerm.query().filter(UserToPerm.user == user)\ |
|
482 | 480 | .filter(UserToPerm.permission == perm).scalar() is not None |
|
483 | 481 | |
|
484 | 482 | def grant_perm(self, user, perm): |
|
485 | 483 | if not isinstance(perm, Permission): |
|
486 | 484 | raise Exception('perm needs to be an instance of Permission class ' |
|
487 | 485 | 'got %s instead' % type(perm)) |
|
488 | 486 | |
|
489 | 487 | user = self.__get_user(user) |
|
490 | 488 | |
|
491 | 489 | new = UserToPerm() |
|
492 | 490 | new.user = user |
|
493 | 491 | new.permission = perm |
|
494 | 492 | self.sa.add(new) |
|
495 | 493 | |
|
496 | ||
|
497 | 494 | def revoke_perm(self, user, perm): |
|
498 | 495 | if not isinstance(perm, Permission): |
|
499 | 496 | raise Exception('perm needs to be an instance of Permission class ' |
|
500 | 497 | 'got %s instead' % type(perm)) |
|
501 | 498 | |
|
502 | 499 | user = self.__get_user(user) |
|
503 | 500 | |
|
504 | 501 | obj = UserToPerm.query().filter(UserToPerm.user == user)\ |
|
505 | 502 | .filter(UserToPerm.permission == perm).scalar() |
|
506 | 503 | if obj: |
|
507 | 504 | self.sa.delete(obj) |
@@ -1,100 +1,100 b'' | |||
|
1 | 1 | ## -*- coding: utf-8 -*- |
|
2 | 2 | <%inherit file="/base/base.html"/> |
|
3 | 3 | |
|
4 | 4 | <%def name="title()"> |
|
5 | 5 | ${_('Add user')} - ${c.rhodecode_name} |
|
6 | 6 | </%def> |
|
7 | 7 | <%def name="breadcrumbs_links()"> |
|
8 | 8 | ${h.link_to(_('Admin'),h.url('admin_home'))} |
|
9 | 9 | » |
|
10 | 10 | ${h.link_to(_('Users'),h.url('users'))} |
|
11 | 11 | » |
|
12 | 12 | ${_('add new user')} |
|
13 | 13 | </%def> |
|
14 | 14 | |
|
15 | 15 | <%def name="page_nav()"> |
|
16 | 16 | ${self.menu('admin')} |
|
17 | 17 | </%def> |
|
18 | 18 | |
|
19 | 19 | <%def name="main()"> |
|
20 | 20 | <div class="box"> |
|
21 | 21 | <!-- box / title --> |
|
22 | 22 | <div class="title"> |
|
23 | 23 | ${self.breadcrumbs()} |
|
24 | 24 | </div> |
|
25 | 25 | <!-- end box / title --> |
|
26 | 26 | ${h.form(url('users'))} |
|
27 | 27 | <div class="form"> |
|
28 | 28 | <!-- fields --> |
|
29 | 29 | <div class="fields"> |
|
30 | 30 | <div class="field"> |
|
31 | 31 | <div class="label"> |
|
32 | 32 | <label for="username">${_('Username')}:</label> |
|
33 | 33 | </div> |
|
34 | 34 | <div class="input"> |
|
35 | 35 | ${h.text('username',class_='small')} |
|
36 | 36 | </div> |
|
37 | 37 | </div> |
|
38 | 38 | |
|
39 | 39 | <div class="field"> |
|
40 | 40 | <div class="label"> |
|
41 | 41 | <label for="password">${_('Password')}:</label> |
|
42 | 42 | </div> |
|
43 | 43 | <div class="input"> |
|
44 | 44 | ${h.password('password',class_='small')} |
|
45 | 45 | </div> |
|
46 | 46 | </div> |
|
47 | 47 | |
|
48 | 48 | <div class="field"> |
|
49 | 49 | <div class="label"> |
|
50 | 50 | <label for="password_confirmation">${_('Password confirmation')}:</label> |
|
51 | 51 | </div> |
|
52 | 52 | <div class="input"> |
|
53 | 53 | ${h.password('password_confirmation',class_="small",autocomplete="off")} |
|
54 | 54 | </div> |
|
55 | 55 | </div> |
|
56 | 56 | |
|
57 | 57 | <div class="field"> |
|
58 | 58 | <div class="label"> |
|
59 | 59 | <label for="name">${_('First Name')}:</label> |
|
60 | 60 | </div> |
|
61 | 61 | <div class="input"> |
|
62 | 62 | ${h.text('name',class_='small')} |
|
63 | 63 | </div> |
|
64 | 64 | </div> |
|
65 | 65 | |
|
66 | 66 | <div class="field"> |
|
67 | 67 | <div class="label"> |
|
68 | 68 | <label for="lastname">${_('Last Name')}:</label> |
|
69 | 69 | </div> |
|
70 | 70 | <div class="input"> |
|
71 | 71 | ${h.text('lastname',class_='small')} |
|
72 | 72 | </div> |
|
73 | 73 | </div> |
|
74 | 74 | |
|
75 | 75 | <div class="field"> |
|
76 | 76 | <div class="label"> |
|
77 | 77 | <label for="email">${_('Email')}:</label> |
|
78 | 78 | </div> |
|
79 | 79 | <div class="input"> |
|
80 | 80 | ${h.text('email',class_='small')} |
|
81 | 81 | </div> |
|
82 | 82 | </div> |
|
83 | 83 | |
|
84 | 84 | <div class="field"> |
|
85 | 85 | <div class="label label-checkbox"> |
|
86 | 86 | <label for="active">${_('Active')}:</label> |
|
87 | 87 | </div> |
|
88 | 88 | <div class="checkboxes"> |
|
89 | ${h.checkbox('active',value=True)} | |
|
89 | ${h.checkbox('active',value=True,checked='checked')} | |
|
90 | 90 | </div> |
|
91 | 91 | </div> |
|
92 | 92 | |
|
93 | 93 | <div class="buttons"> |
|
94 | 94 | ${h.submit('save',_('save'),class_="ui-button")} |
|
95 | 95 | </div> |
|
96 | 96 | </div> |
|
97 | 97 | </div> |
|
98 | 98 | ${h.end_form()} |
|
99 | 99 | </div> |
|
100 | 100 | </%def> |
@@ -1,336 +1,336 b'' | |||
|
1 | 1 | ## -*- coding: utf-8 -*- |
|
2 | 2 | <%inherit file="root.html"/> |
|
3 | 3 | |
|
4 | 4 | <!-- HEADER --> |
|
5 | 5 | <div id="header"> |
|
6 | 6 | <div id="header-inner" class="title"> |
|
7 | 7 | <div id="logo"> |
|
8 | 8 | <h1><a href="${h.url('home')}">${c.rhodecode_name}</a></h1> |
|
9 | 9 | </div> |
|
10 | 10 | <!-- MENU --> |
|
11 | 11 | ${self.page_nav()} |
|
12 | 12 | <!-- END MENU --> |
|
13 | 13 | ${self.body()} |
|
14 | 14 | </div> |
|
15 | 15 | </div> |
|
16 | 16 | <!-- END HEADER --> |
|
17 | 17 | |
|
18 | 18 | <!-- CONTENT --> |
|
19 | 19 | <div id="content"> |
|
20 | 20 | <div class="flash_msg"> |
|
21 | 21 | <% messages = h.flash.pop_messages() %> |
|
22 | 22 | % if messages: |
|
23 | 23 | <ul id="flash-messages"> |
|
24 | 24 | % for message in messages: |
|
25 | 25 | <li class="${message.category}_msg">${message}</li> |
|
26 | 26 | % endfor |
|
27 | 27 | </ul> |
|
28 | 28 | % endif |
|
29 | 29 | </div> |
|
30 | 30 | <div id="main"> |
|
31 | 31 | ${next.main()} |
|
32 | 32 | </div> |
|
33 | 33 | </div> |
|
34 | 34 | <!-- END CONTENT --> |
|
35 | 35 | |
|
36 | 36 | <!-- FOOTER --> |
|
37 | 37 | <div id="footer"> |
|
38 | 38 | <div id="footer-inner" class="title"> |
|
39 | 39 | <div> |
|
40 | 40 | <p class="footer-link"> |
|
41 | 41 | <a href="${h.url('bugtracker')}">${_('Submit a bug')}</a> |
|
42 | 42 | </p> |
|
43 | 43 | <p class="footer-link-right"> |
|
44 | 44 | <a href="${h.url('rhodecode_official')}">RhodeCode</a> |
|
45 | 45 | ${c.rhodecode_version} © 2010-${h.datetime.today().year} by Marcin Kuzminski |
|
46 | 46 | </p> |
|
47 | 47 | </div> |
|
48 | 48 | </div> |
|
49 | 49 | </div> |
|
50 | 50 | <!-- END FOOTER --> |
|
51 | 51 | |
|
52 | 52 | ### MAKO DEFS ### |
|
53 | 53 | <%def name="page_nav()"> |
|
54 | 54 | ${self.menu()} |
|
55 | 55 | </%def> |
|
56 | 56 | |
|
57 | 57 | <%def name="breadcrumbs()"> |
|
58 | 58 | <div class="breadcrumbs"> |
|
59 | 59 | ${self.breadcrumbs_links()} |
|
60 | 60 | </div> |
|
61 | 61 | </%def> |
|
62 | 62 | |
|
63 | 63 | <%def name="usermenu()"> |
|
64 | 64 | <div class="user-menu"> |
|
65 | 65 | <div class="container"> |
|
66 | 66 | <div class="gravatar" id="quick_login_link"> |
|
67 | 67 | <img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,24)}" /> |
|
68 | 68 | </div> |
|
69 | 69 | %if c.rhodecode_user.username != 'default' and c.unread_notifications != 0: |
|
70 | 70 | <div class="notifications"> |
|
71 | 71 | <a id="notification_counter" href="${h.url('notifications')}">${c.unread_notifications}</a> |
|
72 | 72 | </div> |
|
73 | 73 | %endif |
|
74 | 74 | </div> |
|
75 | 75 | <div id="quick_login" style="display:none"> |
|
76 | 76 | %if c.rhodecode_user.username == 'default': |
|
77 | 77 | <h4>${_('Login to your account')}</h4> |
|
78 | 78 | ${h.form(h.url('login_home',came_from=h.url.current()))} |
|
79 | 79 | <div class="form"> |
|
80 | 80 | <div class="fields"> |
|
81 | 81 | <div class="field"> |
|
82 | 82 | <div class="label"> |
|
83 | 83 | <label for="username">${_('Username')}:</label> |
|
84 | 84 | </div> |
|
85 | 85 | <div class="input"> |
|
86 | 86 | ${h.text('username',class_='focus',size=40)} |
|
87 | 87 | </div> |
|
88 | 88 | |
|
89 | 89 | </div> |
|
90 | 90 | <div class="field"> |
|
91 | 91 | <div class="label"> |
|
92 | 92 | <label for="password">${_('Password')}:</label> |
|
93 | 93 | </div> |
|
94 | 94 | <div class="input"> |
|
95 | 95 | ${h.password('password',class_='focus',size=40)} |
|
96 | 96 | </div> |
|
97 | 97 | |
|
98 | 98 | </div> |
|
99 | 99 | <div class="buttons"> |
|
100 | 100 | <div class="password_forgoten">${h.link_to(_('Forgot password ?'),h.url('reset_password'))}</div> |
|
101 | 101 | <div class="register"> |
|
102 | 102 | %if h.HasPermissionAny('hg.admin', 'hg.register.auto_activate', 'hg.register.manual_activate')(): |
|
103 | 103 | ${h.link_to(_("Don't have an account ?"),h.url('register'))} |
|
104 | 104 | %endif |
|
105 | 105 | </div> |
|
106 | 106 | <div class="submit"> |
|
107 | 107 | ${h.submit('sign_in',_('Log In'),class_="ui-btn xsmall")} |
|
108 | 108 | </div> |
|
109 | 109 | </div> |
|
110 | 110 | </div> |
|
111 | 111 | </div> |
|
112 | 112 | ${h.end_form()} |
|
113 | 113 | %else: |
|
114 | 114 | <div class="links_left"> |
|
115 | <div class="full_name">${c.rhodecode_user.full_name}</div> | |
|
115 | <div class="full_name">${c.rhodecode_user.full_name_or_username}</div> | |
|
116 | 116 | <div class="email">${c.rhodecode_user.email}</div> |
|
117 | 117 | <div class="big_gravatar"><img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,48)}" /></div> |
|
118 | 118 | </div> |
|
119 | 119 | <div class="links_right"> |
|
120 | 120 | <ol class="links"> |
|
121 | 121 | <li>${h.link_to(_(u'Home'),h.url('home'))}</li> |
|
122 | 122 | <li>${h.link_to(_(u'My account'),h.url('admin_settings_my_account'))}</li> |
|
123 | 123 | <li class="logout">${h.link_to(_(u'Log Out'),h.url('logout_home'))}</li> |
|
124 | 124 | </ol> |
|
125 | 125 | </div> |
|
126 | 126 | %endif |
|
127 | 127 | </div> |
|
128 | 128 | </div> |
|
129 | 129 | </%def> |
|
130 | 130 | |
|
131 | 131 | <%def name="menu(current=None)"> |
|
132 | 132 | <% |
|
133 | 133 | def is_current(selected): |
|
134 | 134 | if selected == current: |
|
135 | 135 | return h.literal('class="current"') |
|
136 | 136 | %> |
|
137 | 137 | %if current not in ['home','admin']: |
|
138 | 138 | ##REGULAR MENU |
|
139 | 139 | <ul id="quick"> |
|
140 | 140 | <!-- repo switcher --> |
|
141 | 141 | <li> |
|
142 | 142 | <a class="menu_link" id="repo_switcher" title="${_('Switch repository')}" href="#"> |
|
143 | 143 | <span class="icon"> |
|
144 | 144 | <img src="${h.url('/images/icons/database.png')}" alt="${_('Products')}" /> |
|
145 | 145 | </span> |
|
146 | 146 | <span>↓</span> |
|
147 | 147 | </a> |
|
148 | 148 | <ul id="repo_switcher_list" class="repo_switcher"> |
|
149 | 149 | <li> |
|
150 | 150 | <a href="#">${_('loading...')}</a> |
|
151 | 151 | </li> |
|
152 | 152 | </ul> |
|
153 | 153 | </li> |
|
154 | 154 | |
|
155 | 155 | <li ${is_current('summary')}> |
|
156 | 156 | <a class="menu_link" title="${_('Summary')}" href="${h.url('summary_home',repo_name=c.repo_name)}"> |
|
157 | 157 | <span class="icon"> |
|
158 | 158 | <img src="${h.url('/images/icons/clipboard_16.png')}" alt="${_('Summary')}" /> |
|
159 | 159 | </span> |
|
160 | 160 | <span>${_('Summary')}</span> |
|
161 | 161 | </a> |
|
162 | 162 | </li> |
|
163 | 163 | <li ${is_current('changelog')}> |
|
164 | 164 | <a class="menu_link" title="${_('Changelog')}" href="${h.url('changelog_home',repo_name=c.repo_name)}"> |
|
165 | 165 | <span class="icon"> |
|
166 | 166 | <img src="${h.url('/images/icons/time.png')}" alt="${_('Changelog')}" /> |
|
167 | 167 | </span> |
|
168 | 168 | <span>${_('Changelog')}</span> |
|
169 | 169 | </a> |
|
170 | 170 | </li> |
|
171 | 171 | |
|
172 | 172 | <li ${is_current('switch_to')}> |
|
173 | 173 | <a class="menu_link" id="branch_tag_switcher" title="${_('Switch to')}" href="#"> |
|
174 | 174 | <span class="icon"> |
|
175 | 175 | <img src="${h.url('/images/icons/arrow_switch.png')}" alt="${_('Switch to')}" /> |
|
176 | 176 | </span> |
|
177 | 177 | <span>${_('Switch to')}</span> |
|
178 | 178 | </a> |
|
179 | 179 | <ul id="switch_to_list" class="switch_to"> |
|
180 | 180 | <li><a href="#">${_('loading...')}</a></li> |
|
181 | 181 | </ul> |
|
182 | 182 | </li> |
|
183 | 183 | <li ${is_current('files')}> |
|
184 | 184 | <a class="menu_link" title="${_('Files')}" href="${h.url('files_home',repo_name=c.repo_name)}"> |
|
185 | 185 | <span class="icon"> |
|
186 | 186 | <img src="${h.url('/images/icons/file.png')}" alt="${_('Files')}" /> |
|
187 | 187 | </span> |
|
188 | 188 | <span>${_('Files')}</span> |
|
189 | 189 | </a> |
|
190 | 190 | </li> |
|
191 | 191 | |
|
192 | 192 | <li ${is_current('options')}> |
|
193 | 193 | <a class="menu_link" title="${_('Options')}" href="#"> |
|
194 | 194 | <span class="icon"> |
|
195 | 195 | <img src="${h.url('/images/icons/table_gear.png')}" alt="${_('Admin')}" /> |
|
196 | 196 | </span> |
|
197 | 197 | <span>${_('Options')}</span> |
|
198 | 198 | </a> |
|
199 | 199 | <ul> |
|
200 | 200 | %if h.HasRepoPermissionAll('repository.admin')(c.repo_name): |
|
201 | 201 | %if h.HasPermissionAll('hg.admin')('access settings on repository'): |
|
202 | 202 | <li>${h.link_to(_('settings'),h.url('edit_repo',repo_name=c.repo_name),class_='settings')}</li> |
|
203 | 203 | %else: |
|
204 | 204 | <li>${h.link_to(_('settings'),h.url('repo_settings_home',repo_name=c.repo_name),class_='settings')}</li> |
|
205 | 205 | %endif |
|
206 | 206 | %endif |
|
207 | 207 | <li>${h.link_to(_('fork'),h.url('repo_fork_home',repo_name=c.repo_name),class_='fork')}</li> |
|
208 | 208 | <li>${h.link_to(_('search'),h.url('search_repo',search_repo=c.repo_name),class_='search')}</li> |
|
209 | 209 | |
|
210 | 210 | % if h.HasPermissionAll('hg.admin')('access admin main page'): |
|
211 | 211 | <li> |
|
212 | 212 | ${h.link_to(_('admin'),h.url('admin_home'),class_='admin')} |
|
213 | 213 | <%def name="admin_menu()"> |
|
214 | 214 | <ul> |
|
215 | 215 | <li>${h.link_to(_('journal'),h.url('admin_home'),class_='journal')}</li> |
|
216 | 216 | <li>${h.link_to(_('repositories'),h.url('repos'),class_='repos')}</li> |
|
217 | 217 | <li>${h.link_to(_('repositories groups'),h.url('repos_groups'),class_='repos_groups')}</li> |
|
218 | 218 | <li>${h.link_to(_('users'),h.url('users'),class_='users')}</li> |
|
219 | 219 | <li>${h.link_to(_('users groups'),h.url('users_groups'),class_='groups')}</li> |
|
220 | 220 | <li>${h.link_to(_('permissions'),h.url('edit_permission',id='default'),class_='permissions')}</li> |
|
221 | 221 | <li>${h.link_to(_('ldap'),h.url('ldap_home'),class_='ldap')}</li> |
|
222 | 222 | <li class="last">${h.link_to(_('settings'),h.url('admin_settings'),class_='settings')}</li> |
|
223 | 223 | </ul> |
|
224 | 224 | </%def> |
|
225 | 225 | |
|
226 | 226 | ${admin_menu()} |
|
227 | 227 | </li> |
|
228 | 228 | % endif |
|
229 | 229 | </ul> |
|
230 | 230 | </li> |
|
231 | 231 | |
|
232 | 232 | <li> |
|
233 | 233 | <a class="menu_link" title="${_('Followers')}" href="${h.url('repo_followers_home',repo_name=c.repo_name)}"> |
|
234 | 234 | <span class="icon_short"> |
|
235 | 235 | <img src="${h.url('/images/icons/heart.png')}" alt="${_('Followers')}" /> |
|
236 | 236 | </span> |
|
237 | 237 | <span id="current_followers_count" class="short">${c.repository_followers}</span> |
|
238 | 238 | </a> |
|
239 | 239 | </li> |
|
240 | 240 | <li> |
|
241 | 241 | <a class="menu_link" title="${_('Forks')}" href="${h.url('repo_forks_home',repo_name=c.repo_name)}"> |
|
242 | 242 | <span class="icon_short"> |
|
243 | 243 | <img src="${h.url('/images/icons/arrow_divide.png')}" alt="${_('Forks')}" /> |
|
244 | 244 | </span> |
|
245 | 245 | <span class="short">${c.repository_forks}</span> |
|
246 | 246 | </a> |
|
247 | 247 | </li> |
|
248 | 248 | ${usermenu()} |
|
249 | 249 | </ul> |
|
250 | 250 | <script type="text/javascript"> |
|
251 | 251 | YUE.on('repo_switcher','mouseover',function(){ |
|
252 | 252 | function qfilter(){ |
|
253 | 253 | var nodes = YUQ('ul#repo_switcher_list li a.repo_name'); |
|
254 | 254 | var target = 'q_filter_rs'; |
|
255 | 255 | var func = function(node){ |
|
256 | 256 | return node.parentNode; |
|
257 | 257 | } |
|
258 | 258 | q_filter(target,nodes,func); |
|
259 | 259 | } |
|
260 | 260 | var loaded = YUD.hasClass('repo_switcher','loaded'); |
|
261 | 261 | if(!loaded){ |
|
262 | 262 | YUD.addClass('repo_switcher','loaded'); |
|
263 | 263 | ypjax("${h.url('repo_switcher')}",'repo_switcher_list', |
|
264 | 264 | function(o){qfilter();}, |
|
265 | 265 | function(o){YUD.removeClass('repo_switcher','loaded');} |
|
266 | 266 | ,null); |
|
267 | 267 | } |
|
268 | 268 | return false; |
|
269 | 269 | }); |
|
270 | 270 | |
|
271 | 271 | YUE.on('branch_tag_switcher','mouseover',function(){ |
|
272 | 272 | var loaded = YUD.hasClass('branch_tag_switcher','loaded'); |
|
273 | 273 | if(!loaded){ |
|
274 | 274 | YUD.addClass('branch_tag_switcher','loaded'); |
|
275 | 275 | ypjax("${h.url('branch_tag_switcher',repo_name=c.repo_name)}",'switch_to_list', |
|
276 | 276 | function(o){}, |
|
277 | 277 | function(o){YUD.removeClass('branch_tag_switcher','loaded');} |
|
278 | 278 | ,null); |
|
279 | 279 | } |
|
280 | 280 | return false; |
|
281 | 281 | }); |
|
282 | 282 | </script> |
|
283 | 283 | %else: |
|
284 | 284 | ##ROOT MENU |
|
285 | 285 | <ul id="quick"> |
|
286 | 286 | <li> |
|
287 | 287 | <a class="menu_link" title="${_('Home')}" href="${h.url('home')}"> |
|
288 | 288 | <span class="icon"> |
|
289 | 289 | <img src="${h.url('/images/icons/home_16.png')}" alt="${_('Home')}" /> |
|
290 | 290 | </span> |
|
291 | 291 | <span>${_('Home')}</span> |
|
292 | 292 | </a> |
|
293 | 293 | </li> |
|
294 | 294 | %if c.rhodecode_user.username != 'default': |
|
295 | 295 | <li> |
|
296 | 296 | <a class="menu_link" title="${_('Journal')}" href="${h.url('journal')}"> |
|
297 | 297 | <span class="icon"> |
|
298 | 298 | <img src="${h.url('/images/icons/book.png')}" alt="${_('Journal')}" /> |
|
299 | 299 | </span> |
|
300 | 300 | <span>${_('Journal')}</span> |
|
301 | 301 | </a> |
|
302 | 302 | </li> |
|
303 | 303 | %else: |
|
304 | 304 | <li> |
|
305 | 305 | <a class="menu_link" title="${_('Public journal')}" href="${h.url('public_journal')}"> |
|
306 | 306 | <span class="icon"> |
|
307 | 307 | <img src="${h.url('/images/icons/book.png')}" alt="${_('Public journal')}" /> |
|
308 | 308 | </span> |
|
309 | 309 | <span>${_('Public journal')}</span> |
|
310 | 310 | </a> |
|
311 | 311 | </li> |
|
312 | 312 | %endif |
|
313 | 313 | <li> |
|
314 | 314 | <a class="menu_link" title="${_('Search')}" href="${h.url('search')}"> |
|
315 | 315 | <span class="icon"> |
|
316 | 316 | <img src="${h.url('/images/icons/search_16.png')}" alt="${_('Search')}" /> |
|
317 | 317 | </span> |
|
318 | 318 | <span>${_('Search')}</span> |
|
319 | 319 | </a> |
|
320 | 320 | </li> |
|
321 | 321 | |
|
322 | 322 | %if h.HasPermissionAll('hg.admin')('access admin main page'): |
|
323 | 323 | <li ${is_current('admin')}> |
|
324 | 324 | <a class="menu_link" title="${_('Admin')}" href="${h.url('admin_home')}"> |
|
325 | 325 | <span class="icon"> |
|
326 | 326 | <img src="${h.url('/images/icons/cog_edit.png')}" alt="${_('Admin')}" /> |
|
327 | 327 | </span> |
|
328 | 328 | <span>${_('Admin')}</span> |
|
329 | 329 | </a> |
|
330 | 330 | ${admin_menu()} |
|
331 | 331 | </li> |
|
332 | 332 | %endif |
|
333 | 333 | ${usermenu()} |
|
334 | 334 | </ul> |
|
335 | 335 | %endif |
|
336 | 336 | </%def> |
General Comments 0
You need to be logged in to leave comments.
Login now