##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

repo group: fix logging of rename/move...
Mads Kiilerich -
r8750:5c7b4229 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,528 +1,535 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2 # This program is free software: you can redistribute it and/or modify
2 # This program is free software: you can redistribute it and/or modify
3 # it under the terms of the GNU General Public License as published by
3 # it under the terms of the GNU General Public License as published by
4 # the Free Software Foundation, either version 3 of the License, or
4 # the Free Software Foundation, either version 3 of the License, or
5 # (at your option) any later version.
5 # (at your option) any later version.
6 #
6 #
7 # This program is distributed in the hope that it will be useful,
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
10 # GNU General Public License for more details.
11 #
11 #
12 # You should have received a copy of the GNU General Public License
12 # You should have received a copy of the GNU General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 """
14 """
15 kallithea.model.repo_group
15 kallithea.model.repo_group
16 ~~~~~~~~~~~~~~~~~~~~~~~~~~
16 ~~~~~~~~~~~~~~~~~~~~~~~~~~
17
17
18 repo group model for Kallithea
18 repo group model for Kallithea
19
19
20 This file was forked by the Kallithea project in July 2014.
20 This file was forked by the Kallithea project in July 2014.
21 Original author and date, and relevant copyright and licensing information is below:
21 Original author and date, and relevant copyright and licensing information is below:
22 :created_on: Jan 25, 2011
22 :created_on: Jan 25, 2011
23 :author: marcink
23 :author: marcink
24 :copyright: (c) 2013 RhodeCode GmbH, and others.
24 :copyright: (c) 2013 RhodeCode GmbH, and others.
25 :license: GPLv3, see LICENSE.md for more details.
25 :license: GPLv3, see LICENSE.md for more details.
26 """
26 """
27
27
28
28
29 import datetime
29 import datetime
30 import logging
30 import logging
31 import os
31 import os
32 import shutil
32 import shutil
33 import traceback
33 import traceback
34
34
35 import kallithea.lib.utils2
35 import kallithea.lib.utils2
36 from kallithea.lib.utils2 import LazyProperty
36 from kallithea.lib.utils2 import LazyProperty
37 from kallithea.model import db, meta, repo
37 from kallithea.model import db, meta, repo
38
38
39
39
40 log = logging.getLogger(__name__)
40 log = logging.getLogger(__name__)
41
41
42
42
43 class RepoGroupModel(object):
43 class RepoGroupModel(object):
44
44
45 @LazyProperty
45 @LazyProperty
46 def repos_path(self):
46 def repos_path(self):
47 """
47 """
48 Gets the repositories root path from database
48 Gets the repositories root path from database
49 """
49 """
50
50
51 q = db.Ui.get_by_key('paths', '/')
51 q = db.Ui.get_by_key('paths', '/')
52 return q.ui_value
52 return q.ui_value
53
53
54 def _create_default_perms(self, new_group):
54 def _create_default_perms(self, new_group):
55 # create default permission
55 # create default permission
56 default_perm = 'group.read'
56 default_perm = 'group.read'
57 def_user = db.User.get_default_user()
57 def_user = db.User.get_default_user()
58 for p in def_user.user_perms:
58 for p in def_user.user_perms:
59 if p.permission.permission_name.startswith('group.'):
59 if p.permission.permission_name.startswith('group.'):
60 default_perm = p.permission.permission_name
60 default_perm = p.permission.permission_name
61 break
61 break
62
62
63 repo_group_to_perm = db.UserRepoGroupToPerm()
63 repo_group_to_perm = db.UserRepoGroupToPerm()
64 repo_group_to_perm.permission = db.Permission.get_by_key(default_perm)
64 repo_group_to_perm.permission = db.Permission.get_by_key(default_perm)
65
65
66 repo_group_to_perm.group = new_group
66 repo_group_to_perm.group = new_group
67 repo_group_to_perm.user_id = def_user.user_id
67 repo_group_to_perm.user_id = def_user.user_id
68 meta.Session().add(repo_group_to_perm)
68 meta.Session().add(repo_group_to_perm)
69 return repo_group_to_perm
69 return repo_group_to_perm
70
70
71 def _create_group(self, group_name):
71 def _create_group(self, group_name):
72 """
72 """
73 makes repository group on filesystem
73 makes repository group on filesystem
74
74
75 :param repo_name:
75 :param repo_name:
76 :param parent_id:
76 :param parent_id:
77 """
77 """
78
78
79 create_path = os.path.join(self.repos_path, group_name)
79 create_path = os.path.join(self.repos_path, group_name)
80 log.debug('creating new group in %s', create_path)
80 log.debug('creating new group in %s', create_path)
81
81
82 if os.path.isdir(create_path):
82 if os.path.isdir(create_path):
83 raise Exception('That directory already exists !')
83 raise Exception('That directory already exists !')
84
84
85 os.makedirs(create_path)
85 os.makedirs(create_path)
86 log.debug('Created group in %s', create_path)
86 log.debug('Created group in %s', create_path)
87
87
88 def _rename_group(self, old, new):
88 def _rename_group(self, old, new):
89 """
89 """
90 Renames a group on filesystem
90 Renames a group on filesystem
91
91
92 :param group_name:
92 :param group_name:
93 """
93 """
94
94
95 if old == new:
95 if old == new:
96 log.debug('skipping group rename')
96 log.debug('skipping group rename')
97 return
97 return
98
98
99 log.debug('renaming repository group from %s to %s', old, new)
99 log.debug('renaming repository group from %s to %s', old, new)
100
100
101 old_path = os.path.join(self.repos_path, old)
101 old_path = os.path.join(self.repos_path, old)
102 new_path = os.path.join(self.repos_path, new)
102 new_path = os.path.join(self.repos_path, new)
103
103
104 log.debug('renaming repos paths from %s to %s', old_path, new_path)
104 log.debug('renaming repos paths from %s to %s', old_path, new_path)
105
105
106 if os.path.isdir(new_path):
106 if os.path.isdir(new_path):
107 raise Exception('Was trying to rename to already '
107 raise Exception('Was trying to rename to already '
108 'existing dir %s' % new_path)
108 'existing dir %s' % new_path)
109 shutil.move(old_path, new_path)
109 shutil.move(old_path, new_path)
110
110
111 def _delete_group(self, group, force_delete=False):
111 def _delete_group(self, group, force_delete=False):
112 """
112 """
113 Deletes a group from a filesystem
113 Deletes a group from a filesystem
114
114
115 :param group: instance of group from database
115 :param group: instance of group from database
116 :param force_delete: use shutil rmtree to remove all objects
116 :param force_delete: use shutil rmtree to remove all objects
117 """
117 """
118 paths = group.full_path.split(kallithea.URL_SEP)
118 paths = group.full_path.split(kallithea.URL_SEP)
119 paths = os.sep.join(paths)
119 paths = os.sep.join(paths)
120
120
121 rm_path = os.path.join(self.repos_path, paths)
121 rm_path = os.path.join(self.repos_path, paths)
122 log.info("Removing group %s", rm_path)
122 log.info("Removing group %s", rm_path)
123 # delete only if that path really exists
123 # delete only if that path really exists
124 if os.path.isdir(rm_path):
124 if os.path.isdir(rm_path):
125 if force_delete:
125 if force_delete:
126 shutil.rmtree(rm_path)
126 shutil.rmtree(rm_path)
127 else:
127 else:
128 # archive that group
128 # archive that group
129 _now = datetime.datetime.now()
129 _now = datetime.datetime.now()
130 _ms = str(_now.microsecond).rjust(6, '0')
130 _ms = str(_now.microsecond).rjust(6, '0')
131 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
131 _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms),
132 group.name)
132 group.name)
133 shutil.move(rm_path, os.path.join(self.repos_path, _d))
133 shutil.move(rm_path, os.path.join(self.repos_path, _d))
134
134
135 def create(self, group_name, group_description, owner, parent=None,
135 def create(self, group_name, group_description, owner, parent=None,
136 just_db=False, copy_permissions=False):
136 just_db=False, copy_permissions=False):
137 try:
137 try:
138 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
138 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
139 raise Exception('invalid repo group name %s' % group_name)
139 raise Exception('invalid repo group name %s' % group_name)
140
140
141 owner = db.User.guess_instance(owner)
141 owner = db.User.guess_instance(owner)
142 parent_group = db.RepoGroup.guess_instance(parent)
142 parent_group = db.RepoGroup.guess_instance(parent)
143 new_repo_group = db.RepoGroup()
143 new_repo_group = db.RepoGroup()
144 new_repo_group.owner = owner
144 new_repo_group.owner = owner
145 new_repo_group.group_description = group_description or group_name
145 new_repo_group.group_description = group_description or group_name
146 new_repo_group.parent_group = parent_group
146 new_repo_group.parent_group = parent_group
147 new_repo_group.group_name = new_repo_group.get_new_name(group_name)
147 new_repo_group.group_name = new_repo_group.get_new_name(group_name)
148
148
149 meta.Session().add(new_repo_group)
149 meta.Session().add(new_repo_group)
150
150
151 # create an ADMIN permission for owner except if we're super admin,
151 # create an ADMIN permission for owner except if we're super admin,
152 # later owner should go into the owner field of groups
152 # later owner should go into the owner field of groups
153 if not owner.is_admin:
153 if not owner.is_admin:
154 self.grant_user_permission(repo_group=new_repo_group,
154 self.grant_user_permission(repo_group=new_repo_group,
155 user=owner, perm='group.admin')
155 user=owner, perm='group.admin')
156
156
157 if parent_group and copy_permissions:
157 if parent_group and copy_permissions:
158 # copy permissions from parent
158 # copy permissions from parent
159 user_perms = db.UserRepoGroupToPerm.query() \
159 user_perms = db.UserRepoGroupToPerm.query() \
160 .filter(db.UserRepoGroupToPerm.group == parent_group).all()
160 .filter(db.UserRepoGroupToPerm.group == parent_group).all()
161
161
162 group_perms = db.UserGroupRepoGroupToPerm.query() \
162 group_perms = db.UserGroupRepoGroupToPerm.query() \
163 .filter(db.UserGroupRepoGroupToPerm.group == parent_group).all()
163 .filter(db.UserGroupRepoGroupToPerm.group == parent_group).all()
164
164
165 for perm in user_perms:
165 for perm in user_perms:
166 # don't copy over the permission for user who is creating
166 # don't copy over the permission for user who is creating
167 # this group, if he is not super admin he get's admin
167 # this group, if he is not super admin he get's admin
168 # permission set above
168 # permission set above
169 if perm.user != owner or owner.is_admin:
169 if perm.user != owner or owner.is_admin:
170 db.UserRepoGroupToPerm.create(perm.user, new_repo_group, perm.permission)
170 db.UserRepoGroupToPerm.create(perm.user, new_repo_group, perm.permission)
171
171
172 for perm in group_perms:
172 for perm in group_perms:
173 db.UserGroupRepoGroupToPerm.create(perm.users_group, new_repo_group, perm.permission)
173 db.UserGroupRepoGroupToPerm.create(perm.users_group, new_repo_group, perm.permission)
174 else:
174 else:
175 self._create_default_perms(new_repo_group)
175 self._create_default_perms(new_repo_group)
176
176
177 if not just_db:
177 if not just_db:
178 # we need to flush here, in order to check if database won't
178 # we need to flush here, in order to check if database won't
179 # throw any exceptions, create filesystem dirs at the very end
179 # throw any exceptions, create filesystem dirs at the very end
180 meta.Session().flush()
180 meta.Session().flush()
181 self._create_group(new_repo_group.group_name)
181 self._create_group(new_repo_group.group_name)
182
182
183 return new_repo_group
183 return new_repo_group
184 except Exception:
184 except Exception:
185 log.error(traceback.format_exc())
185 log.error(traceback.format_exc())
186 raise
186 raise
187
187
188 def _update_permissions(self, repo_group, perms_new=None,
188 def _update_permissions(self, repo_group, perms_new=None,
189 perms_updates=None, recursive=None,
189 perms_updates=None, recursive=None,
190 check_perms=True):
190 check_perms=True):
191 from kallithea.lib.auth import HasUserGroupPermissionLevel
191 from kallithea.lib.auth import HasUserGroupPermissionLevel
192
192
193 if not perms_new:
193 if not perms_new:
194 perms_new = []
194 perms_new = []
195 if not perms_updates:
195 if not perms_updates:
196 perms_updates = []
196 perms_updates = []
197
197
198 def _set_perm_user(obj, user, perm):
198 def _set_perm_user(obj, user, perm):
199 if isinstance(obj, db.RepoGroup):
199 if isinstance(obj, db.RepoGroup):
200 self.grant_user_permission(repo_group=obj, user=user, perm=perm)
200 self.grant_user_permission(repo_group=obj, user=user, perm=perm)
201 elif isinstance(obj, db.Repository):
201 elif isinstance(obj, db.Repository):
202 user = db.User.guess_instance(user)
202 user = db.User.guess_instance(user)
203
203
204 # private repos will not allow to change the default permissions
204 # private repos will not allow to change the default permissions
205 # using recursive mode
205 # using recursive mode
206 if obj.private and user.is_default_user:
206 if obj.private and user.is_default_user:
207 return
207 return
208
208
209 # we set group permission but we have to switch to repo
209 # we set group permission but we have to switch to repo
210 # permission
210 # permission
211 perm = perm.replace('group.', 'repository.')
211 perm = perm.replace('group.', 'repository.')
212 repo.RepoModel().grant_user_permission(
212 repo.RepoModel().grant_user_permission(
213 repo=obj, user=user, perm=perm
213 repo=obj, user=user, perm=perm
214 )
214 )
215
215
216 def _set_perm_group(obj, users_group, perm):
216 def _set_perm_group(obj, users_group, perm):
217 if isinstance(obj, db.RepoGroup):
217 if isinstance(obj, db.RepoGroup):
218 self.grant_user_group_permission(repo_group=obj,
218 self.grant_user_group_permission(repo_group=obj,
219 group_name=users_group,
219 group_name=users_group,
220 perm=perm)
220 perm=perm)
221 elif isinstance(obj, db.Repository):
221 elif isinstance(obj, db.Repository):
222 # we set group permission but we have to switch to repo
222 # we set group permission but we have to switch to repo
223 # permission
223 # permission
224 perm = perm.replace('group.', 'repository.')
224 perm = perm.replace('group.', 'repository.')
225 repo.RepoModel().grant_user_group_permission(
225 repo.RepoModel().grant_user_group_permission(
226 repo=obj, group_name=users_group, perm=perm
226 repo=obj, group_name=users_group, perm=perm
227 )
227 )
228
228
229 # start updates
229 # start updates
230 updates = []
230 updates = []
231 log.debug('Now updating permissions for %s in recursive mode:%s',
231 log.debug('Now updating permissions for %s in recursive mode:%s',
232 repo_group, recursive)
232 repo_group, recursive)
233
233
234 for obj in repo_group.recursive_groups_and_repos():
234 for obj in repo_group.recursive_groups_and_repos():
235 # iterated obj is an instance of a repos group or repository in
235 # iterated obj is an instance of a repos group or repository in
236 # that group, recursive option can be: none, repos, groups, all
236 # that group, recursive option can be: none, repos, groups, all
237 if recursive == 'all':
237 if recursive == 'all':
238 pass
238 pass
239 elif recursive == 'repos':
239 elif recursive == 'repos':
240 # skip groups, other than this one
240 # skip groups, other than this one
241 if isinstance(obj, db.RepoGroup) and not obj == repo_group:
241 if isinstance(obj, db.RepoGroup) and not obj == repo_group:
242 continue
242 continue
243 elif recursive == 'groups':
243 elif recursive == 'groups':
244 # skip repos
244 # skip repos
245 if isinstance(obj, db.Repository):
245 if isinstance(obj, db.Repository):
246 continue
246 continue
247 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
247 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
248 obj = repo_group
248 obj = repo_group
249 # also we do a break at the end of this loop.
249 # also we do a break at the end of this loop.
250
250
251 # update permissions
251 # update permissions
252 for member, perm, member_type in perms_updates:
252 for member, perm, member_type in perms_updates:
253 ## set for user
253 ## set for user
254 if member_type == 'user':
254 if member_type == 'user':
255 # this updates also current one if found
255 # this updates also current one if found
256 _set_perm_user(obj, user=member, perm=perm)
256 _set_perm_user(obj, user=member, perm=perm)
257 ## set for user group
257 ## set for user group
258 else:
258 else:
259 # check if we have permissions to alter this usergroup's access
259 # check if we have permissions to alter this usergroup's access
260 if not check_perms or HasUserGroupPermissionLevel('read')(member):
260 if not check_perms or HasUserGroupPermissionLevel('read')(member):
261 _set_perm_group(obj, users_group=member, perm=perm)
261 _set_perm_group(obj, users_group=member, perm=perm)
262 # set new permissions
262 # set new permissions
263 for member, perm, member_type in perms_new:
263 for member, perm, member_type in perms_new:
264 if member_type == 'user':
264 if member_type == 'user':
265 _set_perm_user(obj, user=member, perm=perm)
265 _set_perm_user(obj, user=member, perm=perm)
266 else:
266 else:
267 # check if we have permissions to alter this usergroup's access
267 # check if we have permissions to alter this usergroup's access
268 if not check_perms or HasUserGroupPermissionLevel('read')(member):
268 if not check_perms or HasUserGroupPermissionLevel('read')(member):
269 _set_perm_group(obj, users_group=member, perm=perm)
269 _set_perm_group(obj, users_group=member, perm=perm)
270 updates.append(obj)
270 updates.append(obj)
271 # if it's not recursive call for all,repos,groups
271 # if it's not recursive call for all,repos,groups
272 # break the loop and don't proceed with other changes
272 # break the loop and don't proceed with other changes
273 if recursive not in ['all', 'repos', 'groups']:
273 if recursive not in ['all', 'repos', 'groups']:
274 break
274 break
275
275
276 return updates
276 return updates
277
277
278 def update(self, repo_group, repo_group_args):
278 def update(self, repo_group, repo_group_args):
279 try:
279 try:
280 repo_group = db.RepoGroup.guess_instance(repo_group)
280 repo_group = db.RepoGroup.guess_instance(repo_group)
281 old_path = repo_group.full_path # aka .group_name
281 old_path = repo_group.full_path # aka .group_name
282
282
283 if 'owner' in repo_group_args:
283 if 'owner' in repo_group_args:
284 repo_group.owner = db.User.get_by_username(repo_group_args['owner'])
284 repo_group.owner = db.User.get_by_username(repo_group_args['owner'])
285 if 'group_description' in repo_group_args:
285 if 'group_description' in repo_group_args:
286 repo_group.group_description = repo_group_args['group_description']
286 repo_group.group_description = repo_group_args['group_description']
287 if 'parent_group_id' in repo_group_args:
287 if 'parent_group_id' in repo_group_args:
288 assert repo_group_args['parent_group_id'] != '-1', repo_group_args # RepoGroupForm should have converted to None
288 assert repo_group_args['parent_group_id'] != '-1', repo_group_args # RepoGroupForm should have converted to None
289 repo_group.parent_group = db.RepoGroup.get(repo_group_args['parent_group_id'])
289 new_parent_group = db.RepoGroup.get(repo_group_args['parent_group_id'])
290 repo_group.group_name = repo_group.get_new_name(repo_group.name)
290 if new_parent_group is not repo_group.parent_group:
291 repo_group.parent_group = new_parent_group
292 repo_group.group_name = repo_group.get_new_name(repo_group.name)
293 log.debug('Moving repo group %s to %s', old_path, repo_group.group_name)
291 if 'group_name' in repo_group_args:
294 if 'group_name' in repo_group_args:
292 group_name = repo_group_args['group_name']
295 group_name = repo_group_args['group_name']
293 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
296 if kallithea.lib.utils2.repo_name_slug(group_name) != group_name:
294 raise Exception('invalid repo group name %s' % group_name)
297 raise Exception('invalid repo group name %s' % group_name)
295 repo_group.group_name = repo_group.get_new_name(group_name)
298 if repo_group.name != group_name:
299 repo_group.group_name = repo_group.get_new_name(group_name)
300 log.debug('Renaming repo group %s to %s', old_path, repo_group.group_name)
296 new_path = repo_group.full_path
301 new_path = repo_group.full_path
297 meta.Session().add(repo_group)
302 meta.Session().add(repo_group)
298
303
299 # Iterate over all members of this repo group and update the full
304 # Iterate over all members of this repo group and update the full
300 # path (repo_name and group_name) based on the (already updated)
305 # path (repo_name and group_name) based on the (already updated)
301 # full path of the parent.
306 # full path of the parent.
302 # This can potentially be a heavy operation.
307 # This can potentially be a heavy operation.
303 for obj in repo_group.recursive_groups_and_repos():
308 for obj in repo_group.recursive_groups_and_repos():
309 if obj is repo_group:
310 continue # already updated and logged
304 if isinstance(obj, db.RepoGroup):
311 if isinstance(obj, db.RepoGroup):
305 new_name = obj.get_new_name(obj.name)
312 new_name = obj.get_new_name(obj.name)
306 log.debug('Fixing repo group %s to new name %s', obj.group_name, new_name)
313 log.debug('Fixing repo group %s to new name %s', obj.group_name, new_name)
307 obj.group_name = new_name
314 obj.group_name = new_name
308 elif isinstance(obj, db.Repository):
315 elif isinstance(obj, db.Repository):
309 new_name = obj.get_new_name(obj.just_name)
316 new_name = obj.get_new_name(obj.just_name)
310 log.debug('Fixing repo %s to new name %s', obj.repo_name, new_name)
317 log.debug('Fixing repo %s to new name %s', obj.repo_name, new_name)
311 obj.repo_name = new_name
318 obj.repo_name = new_name
312
319
313 # Rename in file system
320 # Rename in file system
314 self._rename_group(old_path, new_path)
321 self._rename_group(old_path, new_path)
315
322
316 return repo_group
323 return repo_group
317 except Exception:
324 except Exception:
318 log.error(traceback.format_exc())
325 log.error(traceback.format_exc())
319 raise
326 raise
320
327
321 def delete(self, repo_group, force_delete=False):
328 def delete(self, repo_group, force_delete=False):
322 repo_group = db.RepoGroup.guess_instance(repo_group)
329 repo_group = db.RepoGroup.guess_instance(repo_group)
323 try:
330 try:
324 meta.Session().delete(repo_group)
331 meta.Session().delete(repo_group)
325 self._delete_group(repo_group, force_delete)
332 self._delete_group(repo_group, force_delete)
326 except Exception:
333 except Exception:
327 log.error('Error removing repo_group %s', repo_group)
334 log.error('Error removing repo_group %s', repo_group)
328 raise
335 raise
329
336
330 def add_permission(self, repo_group, obj, obj_type, perm, recursive):
337 def add_permission(self, repo_group, obj, obj_type, perm, recursive):
331 repo_group = db.RepoGroup.guess_instance(repo_group)
338 repo_group = db.RepoGroup.guess_instance(repo_group)
332 perm = db.Permission.guess_instance(perm)
339 perm = db.Permission.guess_instance(perm)
333
340
334 for el in repo_group.recursive_groups_and_repos():
341 for el in repo_group.recursive_groups_and_repos():
335 # iterated obj is an instance of a repos group or repository in
342 # iterated obj is an instance of a repos group or repository in
336 # that group, recursive option can be: none, repos, groups, all
343 # that group, recursive option can be: none, repos, groups, all
337 if recursive == 'all':
344 if recursive == 'all':
338 pass
345 pass
339 elif recursive == 'repos':
346 elif recursive == 'repos':
340 # skip groups, other than this one
347 # skip groups, other than this one
341 if isinstance(el, db.RepoGroup) and not el == repo_group:
348 if isinstance(el, db.RepoGroup) and not el == repo_group:
342 continue
349 continue
343 elif recursive == 'groups':
350 elif recursive == 'groups':
344 # skip repos
351 # skip repos
345 if isinstance(el, db.Repository):
352 if isinstance(el, db.Repository):
346 continue
353 continue
347 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
354 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
348 el = repo_group
355 el = repo_group
349 # also we do a break at the end of this loop.
356 # also we do a break at the end of this loop.
350
357
351 if isinstance(el, db.RepoGroup):
358 if isinstance(el, db.RepoGroup):
352 if obj_type == 'user':
359 if obj_type == 'user':
353 RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)
360 RepoGroupModel().grant_user_permission(el, user=obj, perm=perm)
354 elif obj_type == 'user_group':
361 elif obj_type == 'user_group':
355 RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)
362 RepoGroupModel().grant_user_group_permission(el, group_name=obj, perm=perm)
356 else:
363 else:
357 raise Exception('undefined object type %s' % obj_type)
364 raise Exception('undefined object type %s' % obj_type)
358 elif isinstance(el, db.Repository):
365 elif isinstance(el, db.Repository):
359 # for repos we need to hotfix the name of permission
366 # for repos we need to hotfix the name of permission
360 _perm = perm.permission_name.replace('group.', 'repository.')
367 _perm = perm.permission_name.replace('group.', 'repository.')
361 if obj_type == 'user':
368 if obj_type == 'user':
362 repo.RepoModel().grant_user_permission(el, user=obj, perm=_perm)
369 repo.RepoModel().grant_user_permission(el, user=obj, perm=_perm)
363 elif obj_type == 'user_group':
370 elif obj_type == 'user_group':
364 repo.RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)
371 repo.RepoModel().grant_user_group_permission(el, group_name=obj, perm=_perm)
365 else:
372 else:
366 raise Exception('undefined object type %s' % obj_type)
373 raise Exception('undefined object type %s' % obj_type)
367 else:
374 else:
368 raise Exception('el should be instance of Repository or '
375 raise Exception('el should be instance of Repository or '
369 'RepositoryGroup got %s instead' % type(el))
376 'RepositoryGroup got %s instead' % type(el))
370
377
371 # if it's not recursive call for all,repos,groups
378 # if it's not recursive call for all,repos,groups
372 # break the loop and don't proceed with other changes
379 # break the loop and don't proceed with other changes
373 if recursive not in ['all', 'repos', 'groups']:
380 if recursive not in ['all', 'repos', 'groups']:
374 break
381 break
375
382
376 def delete_permission(self, repo_group, obj, obj_type, recursive):
383 def delete_permission(self, repo_group, obj, obj_type, recursive):
377 """
384 """
378 Revokes permission for repo_group for given obj(user or users_group),
385 Revokes permission for repo_group for given obj(user or users_group),
379 obj_type can be user or user group
386 obj_type can be user or user group
380
387
381 :param repo_group:
388 :param repo_group:
382 :param obj: user or user group id
389 :param obj: user or user group id
383 :param obj_type: user or user group type
390 :param obj_type: user or user group type
384 :param recursive: recurse to all children of group
391 :param recursive: recurse to all children of group
385 """
392 """
386 repo_group = db.RepoGroup.guess_instance(repo_group)
393 repo_group = db.RepoGroup.guess_instance(repo_group)
387
394
388 for el in repo_group.recursive_groups_and_repos():
395 for el in repo_group.recursive_groups_and_repos():
389 # iterated obj is an instance of a repos group or repository in
396 # iterated obj is an instance of a repos group or repository in
390 # that group, recursive option can be: none, repos, groups, all
397 # that group, recursive option can be: none, repos, groups, all
391 if recursive == 'all':
398 if recursive == 'all':
392 pass
399 pass
393 elif recursive == 'repos':
400 elif recursive == 'repos':
394 # skip groups, other than this one
401 # skip groups, other than this one
395 if isinstance(el, db.RepoGroup) and not el == repo_group:
402 if isinstance(el, db.RepoGroup) and not el == repo_group:
396 continue
403 continue
397 elif recursive == 'groups':
404 elif recursive == 'groups':
398 # skip repos
405 # skip repos
399 if isinstance(el, db.Repository):
406 if isinstance(el, db.Repository):
400 continue
407 continue
401 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
408 else: # recursive == 'none': # DEFAULT don't apply to iterated objects
402 el = repo_group
409 el = repo_group
403 # also we do a break at the end of this loop.
410 # also we do a break at the end of this loop.
404
411
405 if isinstance(el, db.RepoGroup):
412 if isinstance(el, db.RepoGroup):
406 if obj_type == 'user':
413 if obj_type == 'user':
407 RepoGroupModel().revoke_user_permission(el, user=obj)
414 RepoGroupModel().revoke_user_permission(el, user=obj)
408 elif obj_type == 'user_group':
415 elif obj_type == 'user_group':
409 RepoGroupModel().revoke_user_group_permission(el, group_name=obj)
416 RepoGroupModel().revoke_user_group_permission(el, group_name=obj)
410 else:
417 else:
411 raise Exception('undefined object type %s' % obj_type)
418 raise Exception('undefined object type %s' % obj_type)
412 elif isinstance(el, db.Repository):
419 elif isinstance(el, db.Repository):
413 if obj_type == 'user':
420 if obj_type == 'user':
414 repo.RepoModel().revoke_user_permission(el, user=obj)
421 repo.RepoModel().revoke_user_permission(el, user=obj)
415 elif obj_type == 'user_group':
422 elif obj_type == 'user_group':
416 repo.RepoModel().revoke_user_group_permission(el, group_name=obj)
423 repo.RepoModel().revoke_user_group_permission(el, group_name=obj)
417 else:
424 else:
418 raise Exception('undefined object type %s' % obj_type)
425 raise Exception('undefined object type %s' % obj_type)
419 else:
426 else:
420 raise Exception('el should be instance of Repository or '
427 raise Exception('el should be instance of Repository or '
421 'RepositoryGroup got %s instead' % type(el))
428 'RepositoryGroup got %s instead' % type(el))
422
429
423 # if it's not recursive call for all,repos,groups
430 # if it's not recursive call for all,repos,groups
424 # break the loop and don't proceed with other changes
431 # break the loop and don't proceed with other changes
425 if recursive not in ['all', 'repos', 'groups']:
432 if recursive not in ['all', 'repos', 'groups']:
426 break
433 break
427
434
428 def grant_user_permission(self, repo_group, user, perm):
435 def grant_user_permission(self, repo_group, user, perm):
429 """
436 """
430 Grant permission for user on given repository group, or update
437 Grant permission for user on given repository group, or update
431 existing one if found
438 existing one if found
432
439
433 :param repo_group: Instance of RepoGroup, repositories_group_id,
440 :param repo_group: Instance of RepoGroup, repositories_group_id,
434 or repositories_group name
441 or repositories_group name
435 :param user: Instance of User, user_id or username
442 :param user: Instance of User, user_id or username
436 :param perm: Instance of Permission, or permission_name
443 :param perm: Instance of Permission, or permission_name
437 """
444 """
438
445
439 repo_group = db.RepoGroup.guess_instance(repo_group)
446 repo_group = db.RepoGroup.guess_instance(repo_group)
440 user = db.User.guess_instance(user)
447 user = db.User.guess_instance(user)
441 permission = db.Permission.guess_instance(perm)
448 permission = db.Permission.guess_instance(perm)
442
449
443 # check if we have that permission already
450 # check if we have that permission already
444 obj = db.UserRepoGroupToPerm.query() \
451 obj = db.UserRepoGroupToPerm.query() \
445 .filter(db.UserRepoGroupToPerm.user == user) \
452 .filter(db.UserRepoGroupToPerm.user == user) \
446 .filter(db.UserRepoGroupToPerm.group == repo_group) \
453 .filter(db.UserRepoGroupToPerm.group == repo_group) \
447 .scalar()
454 .scalar()
448 if obj is None:
455 if obj is None:
449 # create new !
456 # create new !
450 obj = db.UserRepoGroupToPerm()
457 obj = db.UserRepoGroupToPerm()
451 meta.Session().add(obj)
458 meta.Session().add(obj)
452 obj.group = repo_group
459 obj.group = repo_group
453 obj.user = user
460 obj.user = user
454 obj.permission = permission
461 obj.permission = permission
455 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
462 log.debug('Granted perm %s to %s on %s', perm, user, repo_group)
456 return obj
463 return obj
457
464
458 def revoke_user_permission(self, repo_group, user):
465 def revoke_user_permission(self, repo_group, user):
459 """
466 """
460 Revoke permission for user on given repository group
467 Revoke permission for user on given repository group
461
468
462 :param repo_group: Instance of RepoGroup, repositories_group_id,
469 :param repo_group: Instance of RepoGroup, repositories_group_id,
463 or repositories_group name
470 or repositories_group name
464 :param user: Instance of User, user_id or username
471 :param user: Instance of User, user_id or username
465 """
472 """
466
473
467 repo_group = db.RepoGroup.guess_instance(repo_group)
474 repo_group = db.RepoGroup.guess_instance(repo_group)
468 user = db.User.guess_instance(user)
475 user = db.User.guess_instance(user)
469
476
470 obj = db.UserRepoGroupToPerm.query() \
477 obj = db.UserRepoGroupToPerm.query() \
471 .filter(db.UserRepoGroupToPerm.user == user) \
478 .filter(db.UserRepoGroupToPerm.user == user) \
472 .filter(db.UserRepoGroupToPerm.group == repo_group) \
479 .filter(db.UserRepoGroupToPerm.group == repo_group) \
473 .scalar()
480 .scalar()
474 if obj is not None:
481 if obj is not None:
475 meta.Session().delete(obj)
482 meta.Session().delete(obj)
476 log.debug('Revoked perm on %s on %s', repo_group, user)
483 log.debug('Revoked perm on %s on %s', repo_group, user)
477
484
478 def grant_user_group_permission(self, repo_group, group_name, perm):
485 def grant_user_group_permission(self, repo_group, group_name, perm):
479 """
486 """
480 Grant permission for user group on given repository group, or update
487 Grant permission for user group on given repository group, or update
481 existing one if found
488 existing one if found
482
489
483 :param repo_group: Instance of RepoGroup, repositories_group_id,
490 :param repo_group: Instance of RepoGroup, repositories_group_id,
484 or repositories_group name
491 or repositories_group name
485 :param group_name: Instance of UserGroup, users_group_id,
492 :param group_name: Instance of UserGroup, users_group_id,
486 or user group name
493 or user group name
487 :param perm: Instance of Permission, or permission_name
494 :param perm: Instance of Permission, or permission_name
488 """
495 """
489 repo_group = db.RepoGroup.guess_instance(repo_group)
496 repo_group = db.RepoGroup.guess_instance(repo_group)
490 group_name = db.UserGroup.guess_instance(group_name)
497 group_name = db.UserGroup.guess_instance(group_name)
491 permission = db.Permission.guess_instance(perm)
498 permission = db.Permission.guess_instance(perm)
492
499
493 # check if we have that permission already
500 # check if we have that permission already
494 obj = db.UserGroupRepoGroupToPerm.query() \
501 obj = db.UserGroupRepoGroupToPerm.query() \
495 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
502 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
496 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
503 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
497 .scalar()
504 .scalar()
498
505
499 if obj is None:
506 if obj is None:
500 # create new
507 # create new
501 obj = db.UserGroupRepoGroupToPerm()
508 obj = db.UserGroupRepoGroupToPerm()
502 meta.Session().add(obj)
509 meta.Session().add(obj)
503
510
504 obj.group = repo_group
511 obj.group = repo_group
505 obj.users_group = group_name
512 obj.users_group = group_name
506 obj.permission = permission
513 obj.permission = permission
507 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
514 log.debug('Granted perm %s to %s on %s', perm, group_name, repo_group)
508 return obj
515 return obj
509
516
510 def revoke_user_group_permission(self, repo_group, group_name):
517 def revoke_user_group_permission(self, repo_group, group_name):
511 """
518 """
512 Revoke permission for user group on given repository group
519 Revoke permission for user group on given repository group
513
520
514 :param repo_group: Instance of RepoGroup, repositories_group_id,
521 :param repo_group: Instance of RepoGroup, repositories_group_id,
515 or repositories_group name
522 or repositories_group name
516 :param group_name: Instance of UserGroup, users_group_id,
523 :param group_name: Instance of UserGroup, users_group_id,
517 or user group name
524 or user group name
518 """
525 """
519 repo_group = db.RepoGroup.guess_instance(repo_group)
526 repo_group = db.RepoGroup.guess_instance(repo_group)
520 group_name = db.UserGroup.guess_instance(group_name)
527 group_name = db.UserGroup.guess_instance(group_name)
521
528
522 obj = db.UserGroupRepoGroupToPerm.query() \
529 obj = db.UserGroupRepoGroupToPerm.query() \
523 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
530 .filter(db.UserGroupRepoGroupToPerm.group == repo_group) \
524 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
531 .filter(db.UserGroupRepoGroupToPerm.users_group == group_name) \
525 .scalar()
532 .scalar()
526 if obj is not None:
533 if obj is not None:
527 meta.Session().delete(obj)
534 meta.Session().delete(obj)
528 log.debug('Revoked perm to %s on %s', repo_group, group_name)
535 log.debug('Revoked perm to %s on %s', repo_group, group_name)
General Comments 0
You need to be logged in to leave comments. Login now