##// END OF EJS Templates
repo group: use lazy string formatting when logging...
Mads Kiilerich -
r8749:4b5ab042 stable
parent child Browse files
Show More
@@ -1,530 +1,528 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2 # This program is free software: you can redistribute it and/or modify
2 # This program is free software: you can redistribute it and/or modify
3 # it under the terms of the GNU General Public License as published by
3 # it under the terms of the GNU General Public License as published by
4 # the Free Software Foundation, either version 3 of the License, or
4 # the Free Software Foundation, either version 3 of the License, or
5 # (at your option) any later version.
5 # (at your option) any later version.
6 #
6 #
7 # This program is distributed in the hope that it will be useful,
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
10 # GNU General Public License for more details.
11 #
11 #
12 # You should have received a copy of the GNU General Public License
12 # You should have received a copy of the GNU General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 """
14 """
15 kallithea.model.repo_group
15 kallithea.model.repo_group
16 ~~~~~~~~~~~~~~~~~~~~~~~~~~
16 ~~~~~~~~~~~~~~~~~~~~~~~~~~
17
17
18 repo group model for Kallithea
18 repo group model for Kallithea
19
19
20 This file was forked by the Kallithea project in July 2014.
20 This file was forked by the Kallithea project in July 2014.
21 Original author and date, and relevant copyright and licensing information is below:
21 Original author and date, and relevant copyright and licensing information is below:
22 :created_on: Jan 25, 2011
22 :created_on: Jan 25, 2011
23 :author: marcink
23 :author: marcink
24 :copyright: (c) 2013 RhodeCode GmbH, and others.
24 :copyright: (c) 2013 RhodeCode GmbH, and others.
25 :license: GPLv3, see LICENSE.md for more details.
25 :license: GPLv3, see LICENSE.md for more details.
26 """
26 """
27
27
28
28
29 import datetime
29 import datetime
30 import logging
30 import logging
31 import os
31 import os
32 import shutil
32 import shutil
33 import traceback
33 import traceback
34
34
35 import kallithea.lib.utils2
35 import kallithea.lib.utils2
36 from kallithea.lib.utils2 import LazyProperty
36 from kallithea.lib.utils2 import LazyProperty
37 from kallithea.model import db, meta, repo
37 from kallithea.model import db, meta, repo
38
38
39
39
40 log = logging.getLogger(__name__)
40 log = logging.getLogger(__name__)
41
41
42
42
43 class RepoGroupModel(object):
43 class RepoGroupModel(object):
44
44
45 @LazyProperty
45 @LazyProperty
46 def repos_path(self):
46 def repos_path(self):
47 """
47 """
48 Gets the repositories root path from database
48 Gets the repositories root path from database
49 """
49 """
50
50
51 q = db.Ui.get_by_key('paths', '/')
51 q = db.Ui.get_by_key('paths', '/')
52 return q.ui_value
52 return q.ui_value
53
53
54 def _create_default_perms(self, new_group):
54 def _create_default_perms(self, new_group):
55 # create default permission
55 # create default permission
56 default_perm = 'group.read'
56 default_perm = 'group.read'
57 def_user = db.User.get_default_user()
57 def_user = db.User.get_default_user()
58 for p in def_user.user_perms:
58 for p in def_user.user_perms:
59 if p.permission.permission_name.startswith('group.'):
59 if p.permission.permission_name.startswith('group.'):
60 default_perm = p.permission.permission_name
60 default_perm = p.permission.permission_name
61 break
61 break
62
62
63 repo_group_to_perm = db.UserRepoGroupToPerm()
63 repo_group_to_perm = db.UserRepoGroupToPerm()
64 repo_group_to_perm.permission = db.Permission.get_by_key(default_perm)
64 repo_group_to_perm.permission = db.Permission.get_by_key(default_perm)
65
65
66 repo_group_to_perm.group = new_group
66 repo_group_to_perm.group = new_group
67 repo_group_to_perm.user_id = def_user.user_id
67 repo_group_to_perm.user_id = def_user.user_id
68 meta.Session().add(repo_group_to_perm)
68 meta.Session().add(repo_group_to_perm)
69 return repo_group_to_perm
69 return repo_group_to_perm
70
70
71 def _create_group(self, group_name):
71 def _create_group(self, group_name):
72 """
72 """
73 makes repository group on filesystem
73 makes repository group on filesystem
74
74
75 :param repo_name:
75 :param repo_name:
76 :param parent_id:
76 :param parent_id:
77 """
77 """
78
78
79 create_path = os.path.join(self.repos_path, group_name)
79 create_path = os.path.join(self.repos_path, group_name)
80 log.debug('creating new group in %s', create_path)
80 log.debug('creating new group in %s', create_path)
81
81
82 if os.path.isdir(create_path):
82 if os.path.isdir(create_path):
83 raise Exception('That directory already exists !')
83 raise Exception('That directory already exists !')
84
84
85 os.makedirs(create_path)
85 os.makedirs(create_path)
86 log.debug('Created group in %s', create_path)
86 log.debug('Created group in %s', create_path)
87
87
88 def _rename_group(self, old, new):
88 def _rename_group(self, old, new):
89 """
89 """
90 Renames a group on filesystem
90 Renames a group on filesystem
91
91
92 :param group_name:
92 :param group_name:
93 """
93 """
94
94
95 if old == new:
95 if old == new:
96 log.debug('skipping group rename')
96 log.debug('skipping group rename')
97 return
97 return
98
98
99 log.debug('renaming repository group from %s to %s', old, new)
99 log.debug('renaming repository group from %s to %s', old, new)
100
100
101 old_path = os.path.join(self.repos_path, old)
101 old_path = os.path.join(self.repos_path, old)
102 new_path = os.path.join(self.repos_path, new)
102 new_path = os.path.join(self.repos_path, new)
103
103
104 log.debug('renaming repos paths from %s to %s', old_path, new_path)
104 log.debug('renaming repos paths from %s to %s', old_path, new_path)
105
105
106 if os.path.isdir(new_path):
106 if os.path.isdir(new_path):
107 raise Exception('Was trying to rename to already '
107 raise Exception('Was trying to rename to already '
108 'existing dir %s' % new_path)
108 'existing dir %s' % new_path)
109 shutil.move(old_path, new_path)
109 shutil.move(old_path, new_path)
110
110
111 def _delete_group(self, group, force_delete=False):
111 def _delete_group(self, group, force_delete=False):
112 """
112 """
113 Deletes a group from a filesystem
113 Deletes a group from a filesystem
114
114
115 :param group: instance of group from database
115 :param group: instance of group from database
116 :param force_delete: use shutil rmtree to remove all objects
116 :param force_delete: use shutil rmtree to remove all objects
117 """
117 """
118 paths = group.full_path.split(kallithea.URL_SEP)
118 paths = group.full_path.split(kallithea.URL_SEP)
119 paths = os.sep.join(paths)
119 paths = os.sep.join(paths)
120
120
121 rm_path = os.path.join(self.repos_path, paths)
121 rm_path = os.path.join(self.repos_path, paths)
122 log.info("Removing group %s", rm_path)
122 log.info("Removing group %s", rm_path)
123 # delete only if that path really exists
123 # delete only if that path really exists
124 if os.path.isdir(rm_path):
124 if os.path.isdir(rm_path):
125 if force_delete:
125 if force_delete:
126 shutil.rmtree(rm_path)
126 shutil.rmtree(rm_path)
127 else:
127 else:
128 # archive that group
128 # archive that group
129 _now = datetime.datetime.now()
129 _now = datetime.datetime.now()
130 _ms = str(_now.microsecond).rjust(6, '0')
130 _ms = str(_now.microsecond).rjust(6, '0')
131 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
131 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
132 group.name)
132 group.name)
133 shutil.move(rm_path, os.path.join(self.repos_path, _d))
133 shutil.move(rm_path, os.path.join(self.repos_path, _d))
134
134
135 def create(self, group_name, group_description, owner, parent=None,
135 def create(self, group_name, group_description, owner, parent=None,
136 just_db=False, copy_permissions=False):
136 just_db=False, copy_permissions=False):
137 try:
137 try:
138 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
138 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
139 raise Exception('invalid repo group name %s' % group_name)
139 raise Exception('invalid repo group name %s' % group_name)
140
140
141 owner = db.User.guess_instance(owner)
141 owner = db.User.guess_instance(owner)
142 parent_group = db.RepoGroup.guess_instance(parent)
142 parent_group = db.RepoGroup.guess_instance(parent)
143 new_repo_group = db.RepoGroup()
143 new_repo_group = db.RepoGroup()
144 new_repo_group.owner = owner
144 new_repo_group.owner = owner
145 new_repo_group.group_description = group_description or group_name
145 new_repo_group.group_description = group_description or group_name
146 new_repo_group.parent_group = parent_group
146 new_repo_group.parent_group = parent_group
147 new_repo_group.group_name = new_repo_group.get_new_name(group_name)
147 new_repo_group.group_name = new_repo_group.get_new_name(group_name)
148
148
149 meta.Session().add(new_repo_group)
149 meta.Session().add(new_repo_group)
150
150
151 # create an ADMIN permission for owner except if we're super admin,
151 # create an ADMIN permission for owner except if we're super admin,
152 # later owner should go into the owner field of groups
152 # later owner should go into the owner field of groups
153 if not owner.is_admin:
153 if not owner.is_admin:
154 self.grant_user_permission(repo_group=new_repo_group,
154 self.grant_user_permission(repo_group=new_repo_group,
155 user=owner, perm='group.admin')
155 user=owner, perm='group.admin')
156
156
157 if parent_group and copy_permissions:
157 if parent_group and copy_permissions:
158 # copy permissions from parent
158 # copy permissions from parent
159 user_perms = db.UserRepoGroupToPerm.query() \
159 user_perms = db.UserRepoGroupToPerm.query() \
160 .filter(db.UserRepoGroupToPerm.group == parent_group).all()
160 .filter(db.UserRepoGroupToPerm.group == parent_group).all()
161
161
162 group_perms = db.UserGroupRepoGroupToPerm.query() \
162 group_perms = db.UserGroupRepoGroupToPerm.query() \
163 .filter(db.UserGroupRepoGroupToPerm.group == parent_group).all()
163 .filter(db.UserGroupRepoGroupToPerm.group == parent_group).all()
164
164
165 for perm in user_perms:
165 for perm in user_perms:
166 # don't copy over the permission for user who is creating
166 # don't copy over the permission for user who is creating
167 # this group, if he is not super admin he get's admin
167 # this group, if he is not super admin he get's admin
168 # permission set above
168 # permission set above
169 if perm.user != owner or owner.is_admin:
169 if perm.user != owner or owner.is_admin:
170 db.UserRepoGroupToPerm.create(perm.user, new_repo_group, perm.permission)
170 db.UserRepoGroupToPerm.create(perm.user, new_repo_group, perm.permission)
171
171
172 for perm in group_perms:
172 for perm in group_perms:
173 db.UserGroupRepoGroupToPerm.create(perm.users_group, new_repo_group, perm.permission)
173 db.UserGroupRepoGroupToPerm.create(perm.users_group, new_repo_group, perm.permission)
174 else:
174 else:
175 self._create_default_perms(new_repo_group)
175 self._create_default_perms(new_repo_group)
176
176
177 if not just_db:
177 if not just_db:
178 # we need to flush here, in order to check if database won't
178 # we need to flush here, in order to check if database won't
179 # throw any exceptions, create filesystem dirs at the very end
179 # throw any exceptions, create filesystem dirs at the very end
180 meta.Session().flush()
180 meta.Session().flush()
181 self._create_group(new_repo_group.group_name)
181 self._create_group(new_repo_group.group_name)
182
182
183 return new_repo_group
183 return new_repo_group
184 except Exception:
184 except Exception:
185 log.error(traceback.format_exc())
185 log.error(traceback.format_exc())
186 raise
186 raise
187
187
188 def _update_permissions(self, repo_group, perms_new=None,
188 def _update_permissions(self, repo_group, perms_new=None,
189 perms_updates=None, recursive=None,
189 perms_updates=None, recursive=None,
190 check_perms=True):
190 check_perms=True):
191 from kallithea.lib.auth import HasUserGroupPermissionLevel
191 from kallithea.lib.auth import HasUserGroupPermissionLevel
192
192
193 if not perms_new:
193 if not perms_new:
194 perms_new = []
194 perms_new = []
195 if not perms_updates:
195 if not perms_updates:
196 perms_updates = []
196 perms_updates = []
197
197
198 def _set_perm_user(obj, user, perm):
198 def _set_perm_user(obj, user, perm):
199 if isinstance(obj, db.RepoGroup):
199 if isinstance(obj, db.RepoGroup):
200 self.grant_user_permission(repo_group=obj, user=user, perm=perm)
200 self.grant_user_permission(repo_group=obj, user=user, perm=perm)
201 elif isinstance(obj, db.Repository):
201 elif isinstance(obj, db.Repository):
202 user = db.User.guess_instance(user)
202 user = db.User.guess_instance(user)
203
203
204 # private repos will not allow to change the default permissions
204 # private repos will not allow to change the default permissions
205 # using recursive mode
205 # using recursive mode
206 if obj.private and user.is_default_user:
206 if obj.private and user.is_default_user:
207 return
207 return
208
208
209 # we set group permission but we have to switch to repo
209 # we set group permission but we have to switch to repo
210 # permission
210 # permission
211 perm = perm.replace('group.', 'repository.')
211 perm = perm.replace('group.', 'repository.')
212 repo.RepoModel().grant_user_permission(
212 repo.RepoModel().grant_user_permission(
213 repo=obj, user=user, perm=perm
213 repo=obj, user=user, perm=perm
214 )
214 )
215
215
216 def _set_perm_group(obj, users_group, perm):
216 def _set_perm_group(obj, users_group, perm):
217 if isinstance(obj, db.RepoGroup):
217 if isinstance(obj, db.RepoGroup):
218 self.grant_user_group_permission(repo_group=obj,
218 self.grant_user_group_permission(repo_group=obj,
219 group_name=users_group,
219 group_name=users_group,
220 perm=perm)
220 perm=perm)
221 elif isinstance(obj, db.Repository):
221 elif isinstance(obj, db.Repository):
222 # we set group permission but we have to switch to repo
222 # we set group permission but we have to switch to repo
223 # permission
223 # permission
224 perm = perm.replace('group.', 'repository.')
224 perm = perm.replace('group.', 'repository.')
225 repo.RepoModel().grant_user_group_permission(
225 repo.RepoModel().grant_user_group_permission(
226 repo=obj, group_name=users_group, perm=perm
226 repo=obj, group_name=users_group, perm=perm
227 )
227 )
228
228
229 # start updates
229 # start updates
230 updates = []
230 updates = []
231 log.debug('Now updating permissions for %s in recursive mode:%s',
231 log.debug('Now updating permissions for %s in recursive mode:%s',
232 repo_group, recursive)
232 repo_group, recursive)
233
233
234 for obj in repo_group.recursive_groups_and_repos():
234 for obj in repo_group.recursive_groups_and_repos():
235 # iterated obj is an instance of a repos group or repository in
235 # iterated obj is an instance of a repos group or repository in
236 # that group, recursive option can be: none, repos, groups, all
236 # that group, recursive option can be: none, repos, groups, all
237 if recursive == 'all':
237 if recursive == 'all':
238 pass
238 pass
239 elif recursive == 'repos':
239 elif recursive == 'repos':
240 # skip groups, other than this one
240 # skip groups, other than this one
241 if isinstance(obj, db.RepoGroup) and not obj == repo_group:
241 if isinstance(obj, db.RepoGroup) and not obj == repo_group:
242 continue
242 continue
243 elif recursive == 'groups':
243 elif recursive == 'groups':
244 # skip repos
244 # skip repos
245 if isinstance(obj, db.Repository):
245 if isinstance(obj, db.Repository):
246 continue
246 continue
247 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
247 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
248 obj = repo_group
248 obj = repo_group
249 # also we do a break at the end of this loop.
249 # also we do a break at the end of this loop.
250
250
251 # update permissions
251 # update permissions
252 for member, perm, member_type in perms_updates:
252 for member, perm, member_type in perms_updates:
253 ## set for user
253 ## set for user
254 if member_type == 'user':
254 if member_type == 'user':
255 # this updates also current one if found
255 # this updates also current one if found
256 _set_perm_user(obj, user=member, perm=perm)
256 _set_perm_user(obj, user=member, perm=perm)
257 ## set for user group
257 ## set for user group
258 else:
258 else:
259 # check if we have permissions to alter this usergroup's access
259 # check if we have permissions to alter this usergroup's access
260 if not check_perms or HasUserGroupPermissionLevel('read')(member):
260 if not check_perms or HasUserGroupPermissionLevel('read')(member):
261 _set_perm_group(obj, users_group=member, perm=perm)
261 _set_perm_group(obj, users_group=member, perm=perm)
262 # set new permissions
262 # set new permissions
263 for member, perm, member_type in perms_new:
263 for member, perm, member_type in perms_new:
264 if member_type == 'user':
264 if member_type == 'user':
265 _set_perm_user(obj, user=member, perm=perm)
265 _set_perm_user(obj, user=member, perm=perm)
266 else:
266 else:
267 # check if we have permissions to alter this usergroup's access
267 # check if we have permissions to alter this usergroup's access
268 if not check_perms or HasUserGroupPermissionLevel('read')(member):
268 if not check_perms or HasUserGroupPermissionLevel('read')(member):
269 _set_perm_group(obj, users_group=member, perm=perm)
269 _set_perm_group(obj, users_group=member, perm=perm)
270 updates.append(obj)
270 updates.append(obj)
271 # if it's not recursive call for all,repos,groups
271 # if it's not recursive call for all,repos,groups
272 # break the loop and don't proceed with other changes
272 # break the loop and don't proceed with other changes
273 if recursive not in ['all', 'repos', 'groups']:
273 if recursive not in ['all', 'repos', 'groups']:
274 break
274 break
275
275
276 return updates
276 return updates
277
277
278 def update(self, repo_group, repo_group_args):
278 def update(self, repo_group, repo_group_args):
279 try:
279 try:
280 repo_group = db.RepoGroup.guess_instance(repo_group)
280 repo_group = db.RepoGroup.guess_instance(repo_group)
281 old_path = repo_group.full_path # aka .group_name
281 old_path = repo_group.full_path # aka .group_name
282
282
283 if 'owner' in repo_group_args:
283 if 'owner' in repo_group_args:
284 repo_group.owner = db.User.get_by_username(repo_group_args['owner'])
284 repo_group.owner = db.User.get_by_username(repo_group_args['owner'])
285 if 'group_description' in repo_group_args:
285 if 'group_description' in repo_group_args:
286 repo_group.group_description = repo_group_args['group_description']
286 repo_group.group_description = repo_group_args['group_description']
287 if 'parent_group_id' in repo_group_args:
287 if 'parent_group_id' in repo_group_args:
288 assert repo_group_args['parent_group_id'] != '-1', repo_group_args # RepoGroupForm should have converted to None
288 assert repo_group_args['parent_group_id'] != '-1', repo_group_args # RepoGroupForm should have converted to None
289 repo_group.parent_group = db.RepoGroup.get(repo_group_args['parent_group_id'])
289 repo_group.parent_group = db.RepoGroup.get(repo_group_args['parent_group_id'])
290 repo_group.group_name = repo_group.get_new_name(repo_group.name)
290 repo_group.group_name = repo_group.get_new_name(repo_group.name)
291 if 'group_name' in repo_group_args:
291 if 'group_name' in repo_group_args:
292 group_name = repo_group_args['group_name']
292 group_name = repo_group_args['group_name']
293 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
293 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
294 raise Exception('invalid repo group name %s' % group_name)
294 raise Exception('invalid repo group name %s' % group_name)
295 repo_group.group_name = repo_group.get_new_name(group_name)
295 repo_group.group_name = repo_group.get_new_name(group_name)
296 new_path = repo_group.full_path
296 new_path = repo_group.full_path
297 meta.Session().add(repo_group)
297 meta.Session().add(repo_group)
298
298
299 # Iterate over all members of this repo group and update the full
299 # Iterate over all members of this repo group and update the full
300 # path (repo_name and group_name) based on the (already updated)
300 # path (repo_name and group_name) based on the (already updated)
301 # full path of the parent.
301 # full path of the parent.
302 # This can potentially be a heavy operation.
302 # This can potentially be a heavy operation.
303 for obj in repo_group.recursive_groups_and_repos():
303 for obj in repo_group.recursive_groups_and_repos():
304 if isinstance(obj, db.RepoGroup):
304 if isinstance(obj, db.RepoGroup):
305 new_name = obj.get_new_name(obj.name)
305 new_name = obj.get_new_name(obj.name)
306 log.debug('Fixing group %s to new name %s'
306 log.debug('Fixing repo group %s to new name %s', obj.group_name, new_name)
307 % (obj.group_name, new_name))
308 obj.group_name = new_name
307 obj.group_name = new_name
309 elif isinstance(obj, db.Repository):
308 elif isinstance(obj, db.Repository):
310 new_name = obj.get_new_name(obj.just_name)
309 new_name = obj.get_new_name(obj.just_name)
311 log.debug('Fixing repo %s to new name %s'
310 log.debug('Fixing repo %s to new name %s', obj.repo_name, new_name)
312 % (obj.repo_name, new_name))
313 obj.repo_name = new_name
311 obj.repo_name = new_name
314
312
315 # Rename in file system
313 # Rename in file system
316 self._rename_group(old_path, new_path)
314 self._rename_group(old_path, new_path)
317
315
318 return repo_group
316 return repo_group
319 except Exception:
317 except Exception:
320 log.error(traceback.format_exc())
318 log.error(traceback.format_exc())
321 raise
319 raise
322
320
323 def delete(self, repo_group, force_delete=False):
321 def delete(self, repo_group, force_delete=False):
324 repo_group = db.RepoGroup.guess_instance(repo_group)
322 repo_group = db.RepoGroup.guess_instance(repo_group)
325 try:
323 try:
326 meta.Session().delete(repo_group)
324 meta.Session().delete(repo_group)
327 self._delete_group(repo_group, force_delete)
325 self._delete_group(repo_group, force_delete)
328 except Exception:
326 except Exception:
329 log.error('Error removing repo_group %s', repo_group)
327 log.error('Error removing repo_group %s', repo_group)
330 raise
328 raise
331
329
332 def add_permission(self, repo_group, obj, obj_type, perm, recursive):
330 def add_permission(self, repo_group, obj, obj_type, perm, recursive):
333 repo_group = db.RepoGroup.guess_instance(repo_group)
331 repo_group = db.RepoGroup.guess_instance(repo_group)
334 perm = db.Permission.guess_instance(perm)
332 perm = db.Permission.guess_instance(perm)
335
333
336 for el in repo_group.recursive_groups_and_repos():
334 for el in repo_group.recursive_groups_and_repos():
337 # iterated obj is an instance of a repos group or repository in
335 # iterated obj is an instance of a repos group or repository in
338 # that group, recursive option can be: none, repos, groups, all
336 # that group, recursive option can be: none, repos, groups, all
339 if recursive == 'all':
337 if recursive == 'all':
340 pass
338 pass
341 elif recursive == 'repos':
339 elif recursive == 'repos':
342 # skip groups, other than this one
340 # skip groups, other than this one
343 if isinstance(el, db.RepoGroup) and not el == repo_group:
341 if isinstance(el, db.RepoGroup) and not el == repo_group:
344 continue
342 continue
345 elif recursive == 'groups':
343 elif recursive == 'groups':
346 # skip repos
344 # skip repos
347 if isinstance(el, db.Repository):
345 if isinstance(el, db.Repository):
348 continue
346 continue
349 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
347 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
350 el = repo_group
348 el = repo_group
351 # also we do a break at the end of this loop.
349 # also we do a break at the end of this loop.
352
350
353 if isinstance(el, db.RepoGroup):
351 if isinstance(el, db.RepoGroup):
354 if obj_type == 'user':
352 if obj_type == 'user':
355 RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)
353 RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)
356 elif obj_type == 'user_group':
354 elif obj_type == 'user_group':
357 RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)
355 RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)
358 else:
356 else:
359 raise Exception('undefined object type %s' % obj_type)
357 raise Exception('undefined object type %s' % obj_type)
360 elif isinstance(el, db.Repository):
358 elif isinstance(el, db.Repository):
361 # for repos we need to hotfix the name of permission
359 # for repos we need to hotfix the name of permission
362 _perm = perm.permission_name.replace('group.', 'repository.')
360 _perm = perm.permission_name.replace('group.', 'repository.')
363 if obj_type == 'user':
361 if obj_type == 'user':
364 repo.RepoModel().grant_user_permission(el, user=obj, perm=_perm)
362 repo.RepoModel().grant_user_permission(el, user=obj, perm=_perm)
365 elif obj_type == 'user_group':
363 elif obj_type == 'user_group':
366 repo.RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)
364 repo.RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)
367 else:
365 else:
368 raise Exception('undefined object type %s' % obj_type)
366 raise Exception('undefined object type %s' % obj_type)
369 else:
367 else:
370 raise Exception('el should be instance of Repository or '
368 raise Exception('el should be instance of Repository or '
371 'RepositoryGroup got %s instead' % type(el))
369 'RepositoryGroup got %s instead' % type(el))
372
370
373 # if it's not recursive call for all,repos,groups
371 # if it's not recursive call for all,repos,groups
374 # break the loop and don't proceed with other changes
372 # break the loop and don't proceed with other changes
375 if recursive not in ['all', 'repos', 'groups']:
373 if recursive not in ['all', 'repos', 'groups']:
376 break
374 break
377
375
378 def delete_permission(self, repo_group, obj, obj_type, recursive):
376 def delete_permission(self, repo_group, obj, obj_type, recursive):
379 """
377 """
380 Revokes permission for repo_group for given obj(user or users_group),
378 Revokes permission for repo_group for given obj(user or users_group),
381 obj_type can be user or user group
379 obj_type can be user or user group
382
380
383 :param repo_group:
381 :param repo_group:
384 :param obj: user or user group id
382 :param obj: user or user group id
385 :param obj_type: user or user group type
383 :param obj_type: user or user group type
386 :param recursive: recurse to all children of group
384 :param recursive: recurse to all children of group
387 """
385 """
388 repo_group = db.RepoGroup.guess_instance(repo_group)
386 repo_group = db.RepoGroup.guess_instance(repo_group)
389
387
390 for el in repo_group.recursive_groups_and_repos():
388 for el in repo_group.recursive_groups_and_repos():
391 # iterated obj is an instance of a repos group or repository in
389 # iterated obj is an instance of a repos group or repository in
392 # that group, recursive option can be: none, repos, groups, all
390 # that group, recursive option can be: none, repos, groups, all
393 if recursive == 'all':
391 if recursive == 'all':
394 pass
392 pass
395 elif recursive == 'repos':
393 elif recursive == 'repos':
396 # skip groups, other than this one
394 # skip groups, other than this one
397 if isinstance(el, db.RepoGroup) and not el == repo_group:
395 if isinstance(el, db.RepoGroup) and not el == repo_group:
398 continue
396 continue
399 elif recursive == 'groups':
397 elif recursive == 'groups':
400 # skip repos
398 # skip repos
401 if isinstance(el, db.Repository):
399 if isinstance(el, db.Repository):
402 continue
400 continue
403 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
401 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
404 el = repo_group
402 el = repo_group
405 # also we do a break at the end of this loop.
403 # also we do a break at the end of this loop.
406
404
407 if isinstance(el, db.RepoGroup):
405 if isinstance(el, db.RepoGroup):
408 if obj_type == 'user':
406 if obj_type == 'user':
409 RepoGroupModel().revoke_user_permission(el, user=obj)
407 RepoGroupModel().revoke_user_permission(el, user=obj)
410 elif obj_type == 'user_group':
408 elif obj_type == 'user_group':
411 RepoGroupModel().revoke_user_group_permission(el, group_name=obj)
409 RepoGroupModel().revoke_user_group_permission(el, group_name=obj)
412 else:
410 else:
413 raise Exception('undefined object type %s' % obj_type)
411 raise Exception('undefined object type %s' % obj_type)
414 elif isinstance(el, db.Repository):
412 elif isinstance(el, db.Repository):
415 if obj_type == 'user':
413 if obj_type == 'user':
416 repo.RepoModel().revoke_user_permission(el, user=obj)
414 repo.RepoModel().revoke_user_permission(el, user=obj)
417 elif obj_type == 'user_group':
415 elif obj_type == 'user_group':
418 repo.RepoModel().revoke_user_group_permission(el, group_name=obj)
416 repo.RepoModel().revoke_user_group_permission(el, group_name=obj)
419 else:
417 else:
420 raise Exception('undefined object type %s' % obj_type)
418 raise Exception('undefined object type %s' % obj_type)
421 else:
419 else:
422 raise Exception('el should be instance of Repository or '
420 raise Exception('el should be instance of Repository or '
423 'RepositoryGroup got %s instead' % type(el))
421 'RepositoryGroup got %s instead' % type(el))
424
422
425 # if it's not recursive call for all,repos,groups
423 # if it's not recursive call for all,repos,groups
426 # break the loop and don't proceed with other changes
424 # break the loop and don't proceed with other changes
427 if recursive not in ['all', 'repos', 'groups']:
425 if recursive not in ['all', 'repos', 'groups']:
428 break
426 break
429
427
430 def grant_user_permission(self, repo_group, user, perm):
428 def grant_user_permission(self, repo_group, user, perm):
431 """
429 """
432 Grant permission for user on given repository group, or update
430 Grant permission for user on given repository group, or update
433 existing one if found
431 existing one if found
434
432
435 :param repo_group: Instance of RepoGroup, repositories_group_id,
433 :param repo_group: Instance of RepoGroup, repositories_group_id,
436 or repositories_group name
434 or repositories_group name
437 :param user: Instance of User, user_id or username
435 :param user: Instance of User, user_id or username
438 :param perm: Instance of Permission, or permission_name
436 :param perm: Instance of Permission, or permission_name
439 """
437 """
440
438
441 repo_group = db.RepoGroup.guess_instance(repo_group)
439 repo_group = db.RepoGroup.guess_instance(repo_group)
442 user = db.User.guess_instance(user)
440 user = db.User.guess_instance(user)
443 permission = db.Permission.guess_instance(perm)
441 permission = db.Permission.guess_instance(perm)
444
442
445 # check if we have that permission already
443 # check if we have that permission already
446 obj = db.UserRepoGroupToPerm.query() \
444 obj = db.UserRepoGroupToPerm.query() \
447 .filter(db.UserRepoGroupToPerm.user == user) \
445 .filter(db.UserRepoGroupToPerm.user == user) \
448 .filter(db.UserRepoGroupToPerm.group == repo_group) \
446 .filter(db.UserRepoGroupToPerm.group == repo_group) \
449 .scalar()
447 .scalar()
450 if obj is None:
448 if obj is None:
451 # create new !
449 # create new !
452 obj = db.UserRepoGroupToPerm()
450 obj = db.UserRepoGroupToPerm()
453 meta.Session().add(obj)
451 meta.Session().add(obj)
454 obj.group = repo_group
452 obj.group = repo_group
455 obj.user = user
453 obj.user = user
456 obj.permission = permission
454 obj.permission = permission
457 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
455 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
458 return obj
456 return obj
459
457
460 def revoke_user_permission(self, repo_group, user):
458 def revoke_user_permission(self, repo_group, user):
461 """
459 """
462 Revoke permission for user on given repository group
460 Revoke permission for user on given repository group
463
461
464 :param repo_group: Instance of RepoGroup, repositories_group_id,
462 :param repo_group: Instance of RepoGroup, repositories_group_id,
465 or repositories_group name
463 or repositories_group name
466 :param user: Instance of User, user_id or username
464 :param user: Instance of User, user_id or username
467 """
465 """
468
466
469 repo_group = db.RepoGroup.guess_instance(repo_group)
467 repo_group = db.RepoGroup.guess_instance(repo_group)
470 user = db.User.guess_instance(user)
468 user = db.User.guess_instance(user)
471
469
472 obj = db.UserRepoGroupToPerm.query() \
470 obj = db.UserRepoGroupToPerm.query() \
473 .filter(db.UserRepoGroupToPerm.user == user) \
471 .filter(db.UserRepoGroupToPerm.user == user) \
474 .filter(db.UserRepoGroupToPerm.group == repo_group) \
472 .filter(db.UserRepoGroupToPerm.group == repo_group) \
475 .scalar()
473 .scalar()
476 if obj is not None:
474 if obj is not None:
477 meta.Session().delete(obj)
475 meta.Session().delete(obj)
478 log.debug('Revoked perm on %s on %s', repo_group, user)
476 log.debug('Revoked perm on %s on %s', repo_group, user)
479
477
480 def grant_user_group_permission(self, repo_group, group_name, perm):
478 def grant_user_group_permission(self, repo_group, group_name, perm):
481 """
479 """
482 Grant permission for user group on given repository group, or update
480 Grant permission for user group on given repository group, or update
483 existing one if found
481 existing one if found
484
482
485 :param repo_group: Instance of RepoGroup, repositories_group_id,
483 :param repo_group: Instance of RepoGroup, repositories_group_id,
486 or repositories_group name
484 or repositories_group name
487 :param group_name: Instance of UserGroup, users_group_id,
485 :param group_name: Instance of UserGroup, users_group_id,
488 or user group name
486 or user group name
489 :param perm: Instance of Permission, or permission_name
487 :param perm: Instance of Permission, or permission_name
490 """
488 """
491 repo_group = db.RepoGroup.guess_instance(repo_group)
489 repo_group = db.RepoGroup.guess_instance(repo_group)
492 group_name = db.UserGroup.guess_instance(group_name)
490 group_name = db.UserGroup.guess_instance(group_name)
493 permission = db.Permission.guess_instance(perm)
491 permission = db.Permission.guess_instance(perm)
494
492
495 # check if we have that permission already
493 # check if we have that permission already
496 obj = db.UserGroupRepoGroupToPerm.query() \
494 obj = db.UserGroupRepoGroupToPerm.query() \
497 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
495 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
498 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
496 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
499 .scalar()
497 .scalar()
500
498
501 if obj is None:
499 if obj is None:
502 # create new
500 # create new
503 obj = db.UserGroupRepoGroupToPerm()
501 obj = db.UserGroupRepoGroupToPerm()
504 meta.Session().add(obj)
502 meta.Session().add(obj)
505
503
506 obj.group = repo_group
504 obj.group = repo_group
507 obj.users_group = group_name
505 obj.users_group = group_name
508 obj.permission = permission
506 obj.permission = permission
509 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
507 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
510 return obj
508 return obj
511
509
512 def revoke_user_group_permission(self, repo_group, group_name):
510 def revoke_user_group_permission(self, repo_group, group_name):
513 """
511 """
514 Revoke permission for user group on given repository group
512 Revoke permission for user group on given repository group
515
513
516 :param repo_group: Instance of RepoGroup, repositories_group_id,
514 :param repo_group: Instance of RepoGroup, repositories_group_id,
517 or repositories_group name
515 or repositories_group name
518 :param group_name: Instance of UserGroup, users_group_id,
516 :param group_name: Instance of UserGroup, users_group_id,
519 or user group name
517 or user group name
520 """
518 """
521 repo_group = db.RepoGroup.guess_instance(repo_group)
519 repo_group = db.RepoGroup.guess_instance(repo_group)
522 group_name = db.UserGroup.guess_instance(group_name)
520 group_name = db.UserGroup.guess_instance(group_name)
523
521
524 obj = db.UserGroupRepoGroupToPerm.query() \
522 obj = db.UserGroupRepoGroupToPerm.query() \
525 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
523 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
526 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
524 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
527 .scalar()
525 .scalar()
528 if obj is not None:
526 if obj is not None:
529 meta.Session().delete(obj)
527 meta.Session().delete(obj)
530 log.debug('Revoked perm to %s on %s', repo_group, group_name)
528 log.debug('Revoked perm to %s on %s', repo_group, group_name)
General Comments 0
You need to be logged in to leave comments. Login now