Show More
@@ -1,172 +1,176 b'' | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 | """ |
|
2 | """ | |
3 | rhodecode.controllers.admin.users |
|
3 | rhodecode.controllers.admin.users | |
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
5 |
|
5 | |||
6 | Users crud controller for pylons |
|
6 | Users crud controller for pylons | |
7 |
|
7 | |||
8 | :created_on: Apr 4, 2010 |
|
8 | :created_on: Apr 4, 2010 | |
9 | :author: marcink |
|
9 | :author: marcink | |
10 | :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> | |
11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
12 | """ |
|
12 | """ | |
13 | # This program is free software; you can redistribute it and/or |
|
13 | # This program is free software; you can redistribute it and/or | |
14 | # modify it under the terms of the GNU General Public License |
|
14 | # modify it under the terms of the GNU General Public License | |
15 | # as published by the Free Software Foundation; version 2 |
|
15 | # as published by the Free Software Foundation; version 2 | |
16 | # of the License or (at your opinion) any later version of the license. |
|
16 | # of the License or (at your opinion) any later version of the license. | |
17 | # |
|
17 | # | |
18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
22 | # |
|
22 | # | |
23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
24 | # along with this program; if not, write to the Free Software |
|
24 | # along with this program; if not, write to the Free Software | |
25 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
25 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | |
26 | # MA 02110-1301, USA. |
|
26 | # MA 02110-1301, USA. | |
27 |
|
27 | |||
28 | import logging |
|
28 | import logging | |
29 | import traceback |
|
29 | import traceback | |
30 | import formencode |
|
30 | import formencode | |
31 |
|
31 | |||
32 | from formencode import htmlfill |
|
32 | from formencode import htmlfill | |
33 | from pylons import request, session, tmpl_context as c, url |
|
33 | from pylons import request, session, tmpl_context as c, url, config | |
34 | from pylons.controllers.util import abort, redirect |
|
34 | from pylons.controllers.util import abort, redirect | |
35 | from pylons.i18n.translation import _ |
|
35 | from pylons.i18n.translation import _ | |
36 |
|
36 | |||
37 |
from rhodecode.lib.exceptions import |
|
37 | from rhodecode.lib.exceptions import DefaultUserException, UserOwnsReposException | |
38 | from rhodecode.lib import helpers as h |
|
38 | from rhodecode.lib import helpers as h | |
39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator |
|
39 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \ | |
|
40 | fill_perms | |||
40 | from rhodecode.lib.base import BaseController, render |
|
41 | from rhodecode.lib.base import BaseController, render | |
41 |
|
42 | |||
42 | from rhodecode.model.db import User |
|
43 | from rhodecode.model.db import User | |
43 | from rhodecode.model.forms import UserForm |
|
44 | from rhodecode.model.forms import UserForm | |
44 | from rhodecode.model.user import UserModel |
|
45 | from rhodecode.model.user import UserModel | |
45 |
|
46 | |||
46 | log = logging.getLogger(__name__) |
|
47 | log = logging.getLogger(__name__) | |
47 |
|
48 | |||
48 | class UsersController(BaseController): |
|
49 | class UsersController(BaseController): | |
49 | """REST Controller styled on the Atom Publishing Protocol""" |
|
50 | """REST Controller styled on the Atom Publishing Protocol""" | |
50 | # To properly map this controller, ensure your config/routing.py |
|
51 | # To properly map this controller, ensure your config/routing.py | |
51 | # file has a resource setup: |
|
52 | # file has a resource setup: | |
52 | # map.resource('user', 'users') |
|
53 | # map.resource('user', 'users') | |
53 |
|
54 | |||
54 | @LoginRequired() |
|
55 | @LoginRequired() | |
55 | @HasPermissionAllDecorator('hg.admin') |
|
56 | @HasPermissionAllDecorator('hg.admin') | |
56 | def __before__(self): |
|
57 | def __before__(self): | |
57 | c.admin_user = session.get('admin_user') |
|
58 | c.admin_user = session.get('admin_user') | |
58 | c.admin_username = session.get('admin_username') |
|
59 | c.admin_username = session.get('admin_username') | |
59 | super(UsersController, self).__before__() |
|
60 | super(UsersController, self).__before__() | |
60 |
|
61 | c.available_permissions = config['available_permissions'] | ||
61 |
|
62 | |||
62 | def index(self, format='html'): |
|
63 | def index(self, format='html'): | |
63 | """GET /users: All items in the collection""" |
|
64 | """GET /users: All items in the collection""" | |
64 | # url('users') |
|
65 | # url('users') | |
65 |
|
66 | |||
66 | c.users_list = self.sa.query(User).all() |
|
67 | c.users_list = self.sa.query(User).all() | |
67 | return render('admin/users/users.html') |
|
68 | return render('admin/users/users.html') | |
68 |
|
69 | |||
69 | def create(self): |
|
70 | def create(self): | |
70 | """POST /users: Create a new item""" |
|
71 | """POST /users: Create a new item""" | |
71 | # url('users') |
|
72 | # url('users') | |
72 |
|
73 | |||
73 | user_model = UserModel() |
|
74 | user_model = UserModel() | |
74 | login_form = UserForm()() |
|
75 | login_form = UserForm()() | |
75 | try: |
|
76 | try: | |
76 | form_result = login_form.to_python(dict(request.POST)) |
|
77 | form_result = login_form.to_python(dict(request.POST)) | |
77 | user_model.create(form_result) |
|
78 | user_model.create(form_result) | |
78 | h.flash(_('created user %s') % form_result['username'], |
|
79 | h.flash(_('created user %s') % form_result['username'], | |
79 | category='success') |
|
80 | category='success') | |
80 | #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa) |
|
81 | #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa) | |
81 | except formencode.Invalid, errors: |
|
82 | except formencode.Invalid, errors: | |
82 | return htmlfill.render( |
|
83 | return htmlfill.render( | |
83 | render('admin/users/user_add.html'), |
|
84 | render('admin/users/user_add.html'), | |
84 | defaults=errors.value, |
|
85 | defaults=errors.value, | |
85 | errors=errors.error_dict or {}, |
|
86 | errors=errors.error_dict or {}, | |
86 | prefix_error=False, |
|
87 | prefix_error=False, | |
87 | encoding="UTF-8") |
|
88 | encoding="UTF-8") | |
88 | except Exception: |
|
89 | except Exception: | |
89 | log.error(traceback.format_exc()) |
|
90 | log.error(traceback.format_exc()) | |
90 | h.flash(_('error occurred during creation of user %s') \ |
|
91 | h.flash(_('error occurred during creation of user %s') \ | |
91 | % request.POST.get('username'), category='error') |
|
92 | % request.POST.get('username'), category='error') | |
92 | return redirect(url('users')) |
|
93 | return redirect(url('users')) | |
93 |
|
94 | |||
94 | def new(self, format='html'): |
|
95 | def new(self, format='html'): | |
95 | """GET /users/new: Form to create a new item""" |
|
96 | """GET /users/new: Form to create a new item""" | |
96 | # url('new_user') |
|
97 | # url('new_user') | |
97 | return render('admin/users/user_add.html') |
|
98 | return render('admin/users/user_add.html') | |
98 |
|
99 | |||
99 | def update(self, id): |
|
100 | def update(self, id): | |
100 | """PUT /users/id: Update an existing item""" |
|
101 | """PUT /users/id: Update an existing item""" | |
101 | # Forms posted to this method should contain a hidden field: |
|
102 | # Forms posted to this method should contain a hidden field: | |
102 | # <input type="hidden" name="_method" value="PUT" /> |
|
103 | # <input type="hidden" name="_method" value="PUT" /> | |
103 | # Or using helpers: |
|
104 | # Or using helpers: | |
104 | # h.form(url('user', id=ID), |
|
105 | # h.form(url('user', id=ID), | |
105 | # method='put') |
|
106 | # method='put') | |
106 | # url('user', id=ID) |
|
107 | # url('user', id=ID) | |
107 | user_model = UserModel() |
|
108 | user_model = UserModel() | |
108 | c.user = user_model.get(id) |
|
109 | c.user = user_model.get(id) | |
109 |
|
110 | |||
110 | _form = UserForm(edit=True, old_data={'user_id':id, |
|
111 | _form = UserForm(edit=True, old_data={'user_id':id, | |
111 | 'email':c.user.email})() |
|
112 | 'email':c.user.email})() | |
112 | form_result = {} |
|
113 | form_result = {} | |
113 | try: |
|
114 | try: | |
114 | form_result = _form.to_python(dict(request.POST)) |
|
115 | form_result = _form.to_python(dict(request.POST)) | |
115 | user_model.update(id, form_result) |
|
116 | user_model.update(id, form_result) | |
116 | h.flash(_('User updated succesfully'), category='success') |
|
117 | h.flash(_('User updated succesfully'), category='success') | |
117 |
|
118 | |||
118 | except formencode.Invalid, errors: |
|
119 | except formencode.Invalid, errors: | |
119 | return htmlfill.render( |
|
120 | return htmlfill.render( | |
120 | render('admin/users/user_edit.html'), |
|
121 | render('admin/users/user_edit.html'), | |
121 | defaults=errors.value, |
|
122 | defaults=errors.value, | |
122 | errors=errors.error_dict or {}, |
|
123 | errors=errors.error_dict or {}, | |
123 | prefix_error=False, |
|
124 | prefix_error=False, | |
124 | encoding="UTF-8") |
|
125 | encoding="UTF-8") | |
125 | except Exception: |
|
126 | except Exception: | |
126 | log.error(traceback.format_exc()) |
|
127 | log.error(traceback.format_exc()) | |
127 | h.flash(_('error occurred during update of user %s') \ |
|
128 | h.flash(_('error occurred during update of user %s') \ | |
128 | % form_result.get('username'), category='error') |
|
129 | % form_result.get('username'), category='error') | |
129 |
|
130 | |||
130 | return redirect(url('users')) |
|
131 | return redirect(url('users')) | |
131 |
|
132 | |||
132 | def delete(self, id): |
|
133 | def delete(self, id): | |
133 | """DELETE /users/id: Delete an existing item""" |
|
134 | """DELETE /users/id: Delete an existing item""" | |
134 | # Forms posted to this method should contain a hidden field: |
|
135 | # Forms posted to this method should contain a hidden field: | |
135 | # <input type="hidden" name="_method" value="DELETE" /> |
|
136 | # <input type="hidden" name="_method" value="DELETE" /> | |
136 | # Or using helpers: |
|
137 | # Or using helpers: | |
137 | # h.form(url('user', id=ID), |
|
138 | # h.form(url('user', id=ID), | |
138 | # method='delete') |
|
139 | # method='delete') | |
139 | # url('user', id=ID) |
|
140 | # url('user', id=ID) | |
140 | user_model = UserModel() |
|
141 | user_model = UserModel() | |
141 | try: |
|
142 | try: | |
142 | user_model.delete(id) |
|
143 | user_model.delete(id) | |
143 | h.flash(_('sucessfully deleted user'), category='success') |
|
144 | h.flash(_('successfully deleted user'), category='success') | |
144 | except (UserOwnsReposException, DefaultUserException), e: |
|
145 | except (UserOwnsReposException, DefaultUserException), e: | |
145 | h.flash(str(e), category='warning') |
|
146 | h.flash(str(e), category='warning') | |
146 | except Exception: |
|
147 | except Exception: | |
147 | h.flash(_('An error occurred during deletion of user'), |
|
148 | h.flash(_('An error occurred during deletion of user'), | |
148 | category='error') |
|
149 | category='error') | |
149 | return redirect(url('users')) |
|
150 | return redirect(url('users')) | |
150 |
|
151 | |||
151 | def show(self, id, format='html'): |
|
152 | def show(self, id, format='html'): | |
152 | """GET /users/id: Show a specific item""" |
|
153 | """GET /users/id: Show a specific item""" | |
153 | # url('user', id=ID) |
|
154 | # url('user', id=ID) | |
154 |
|
155 | |||
155 |
|
156 | |||
156 | def edit(self, id, format='html'): |
|
157 | def edit(self, id, format='html'): | |
157 | """GET /users/id/edit: Form to edit an existing item""" |
|
158 | """GET /users/id/edit: Form to edit an existing item""" | |
158 | # url('edit_user', id=ID) |
|
159 | # url('edit_user', id=ID) | |
159 | c.user = self.sa.query(User).get(id) |
|
160 | c.user = self.sa.query(User).get(id) | |
160 | if not c.user: |
|
161 | if not c.user: | |
161 | return redirect(url('users')) |
|
162 | return redirect(url('users')) | |
162 | if c.user.username == 'default': |
|
163 | if c.user.username == 'default': | |
163 | h.flash(_("You can't edit this user"), category='warning') |
|
164 | h.flash(_("You can't edit this user"), category='warning') | |
164 | return redirect(url('users')) |
|
165 | return redirect(url('users')) | |
|
166 | c.user.permissions = {} | |||
|
167 | c.granted_permissions = fill_perms(c.user).permissions['global'] | |||
165 |
|
168 | |||
166 | defaults = c.user.get_dict() |
|
169 | defaults = c.user.get_dict() | |
|
170 | ||||
167 | return htmlfill.render( |
|
171 | return htmlfill.render( | |
168 | render('admin/users/user_edit.html'), |
|
172 | render('admin/users/user_edit.html'), | |
169 | defaults=defaults, |
|
173 | defaults=defaults, | |
170 | encoding="UTF-8", |
|
174 | encoding="UTF-8", | |
171 | force_defaults=False |
|
175 | force_defaults=False | |
172 | ) |
|
176 | ) |
@@ -1,569 +1,577 b'' | |||||
1 | #!/usr/bin/env python |
|
1 | # -*- coding: utf-8 -*- | |
2 | # encoding: utf-8 |
|
2 | """ | |
3 | # authentication and permission libraries |
|
3 | rhodecode.lib.auth | |
4 | # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> |
|
4 | ~~~~~~~~~~~~~~~~~~ | |
5 | # |
|
5 | ||
|
6 | authentication and permission libraries | |||
|
7 | ||||
|
8 | :created_on: Apr 4, 2010 | |||
|
9 | :copyright: (c) 2010 by marcink. | |||
|
10 | :license: LICENSE_NAME, see LICENSE_FILE for more details. | |||
|
11 | """ | |||
6 | # This program is free software; you can redistribute it and/or |
|
12 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License |
|
13 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; version 2 |
|
14 | # as published by the Free Software Foundation; version 2 | |
9 | # of the License or (at your opinion) any later version of the license. |
|
15 | # of the License or (at your opinion) any later version of the license. | |
10 | # |
|
16 | # | |
11 | # This program is distributed in the hope that it will be useful, |
|
17 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. |
|
20 | # GNU General Public License for more details. | |
15 | # |
|
21 | # | |
16 | # You should have received a copy of the GNU General Public License |
|
22 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software |
|
23 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
24 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | |
19 | # MA 02110-1301, USA. |
|
25 | # MA 02110-1301, USA. | |
20 | """ |
|
|||
21 | Created on April 4, 2010 |
|
|||
22 |
|
26 | |||
23 | @author: marcink |
|
27 | import bcrypt | |
24 | """ |
|
28 | import random | |
|
29 | import logging | |||
|
30 | import traceback | |||
|
31 | ||||
|
32 | from decorator import decorator | |||
|
33 | ||||
25 | from pylons import config, session, url, request |
|
34 | from pylons import config, session, url, request | |
26 | from pylons.controllers.util import abort, redirect |
|
35 | from pylons.controllers.util import abort, redirect | |
27 | from rhodecode.lib.exceptions import * |
|
36 | ||
|
37 | from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError | |||
28 | from rhodecode.lib.utils import get_repo_slug |
|
38 | from rhodecode.lib.utils import get_repo_slug | |
29 | from rhodecode.lib.auth_ldap import AuthLdap |
|
39 | from rhodecode.lib.auth_ldap import AuthLdap | |
|
40 | ||||
30 | from rhodecode.model import meta |
|
41 | from rhodecode.model import meta | |
31 | from rhodecode.model.user import UserModel |
|
42 | from rhodecode.model.user import UserModel | |
32 | from rhodecode.model.caching_query import FromCache |
|
|||
33 | from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \ |
|
43 | from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \ | |
34 | UserToPerm |
|
44 | UserToPerm | |
35 | import bcrypt |
|
45 | ||
36 | from decorator import decorator |
|
|||
37 | import logging |
|
|||
38 | import random |
|
|||
39 | import traceback |
|
|||
40 |
|
46 | |||
41 | log = logging.getLogger(__name__) |
|
47 | log = logging.getLogger(__name__) | |
42 |
|
48 | |||
43 | class PasswordGenerator(object): |
|
49 | class PasswordGenerator(object): | |
44 | """This is a simple class for generating password from |
|
50 | """This is a simple class for generating password from | |
45 | different sets of characters |
|
51 | different sets of characters | |
46 | usage: |
|
52 | usage: | |
47 | passwd_gen = PasswordGenerator() |
|
53 | passwd_gen = PasswordGenerator() | |
48 | #print 8-letter password containing only big and small letters of alphabet |
|
54 | #print 8-letter password containing only big and small letters of alphabet | |
49 | print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL) |
|
55 | print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL) | |
50 | """ |
|
56 | """ | |
51 | ALPHABETS_NUM = r'''1234567890'''#[0] |
|
57 | ALPHABETS_NUM = r'''1234567890'''#[0] | |
52 | ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1] |
|
58 | ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''#[1] | |
53 | ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2] |
|
59 | ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''#[2] | |
54 | ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' #[3] |
|
60 | ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?''' #[3] | |
55 | ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4] |
|
61 | ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM + ALPHABETS_SPECIAL#[4] | |
56 | ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5] |
|
62 | ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM#[5] | |
57 | ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL |
|
63 | ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL | |
58 | ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6] |
|
64 | ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6] | |
59 | ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7] |
|
65 | ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7] | |
60 |
|
66 | |||
61 | def __init__(self, passwd=''): |
|
67 | def __init__(self, passwd=''): | |
62 | self.passwd = passwd |
|
68 | self.passwd = passwd | |
63 |
|
69 | |||
64 | def gen_password(self, len, type): |
|
70 | def gen_password(self, len, type): | |
65 | self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) |
|
71 | self.passwd = ''.join([random.choice(type) for _ in xrange(len)]) | |
66 | return self.passwd |
|
72 | return self.passwd | |
67 |
|
73 | |||
68 |
|
74 | |||
69 | def get_crypt_password(password): |
|
75 | def get_crypt_password(password): | |
70 | """Cryptographic function used for password hashing based on sha1 |
|
76 | """Cryptographic function used for password hashing based on sha1 | |
71 | :param password: password to hash |
|
77 | :param password: password to hash | |
72 | """ |
|
78 | """ | |
73 | return bcrypt.hashpw(password, bcrypt.gensalt(10)) |
|
79 | return bcrypt.hashpw(password, bcrypt.gensalt(10)) | |
74 |
|
80 | |||
75 | def check_password(password, hashed): |
|
81 | def check_password(password, hashed): | |
76 | return bcrypt.hashpw(password, hashed) == hashed |
|
82 | return bcrypt.hashpw(password, hashed) == hashed | |
77 |
|
83 | |||
78 | def authfunc(environ, username, password): |
|
84 | def authfunc(environ, username, password): | |
79 | """ |
|
85 | """ | |
80 | Dummy authentication function used in Mercurial/Git/ and access control, |
|
86 | Dummy authentication function used in Mercurial/Git/ and access control, | |
81 |
|
87 | |||
82 | :param environ: needed only for using in Basic auth |
|
88 | :param environ: needed only for using in Basic auth | |
83 | """ |
|
89 | """ | |
84 | return authenticate(username, password) |
|
90 | return authenticate(username, password) | |
85 |
|
91 | |||
86 |
|
92 | |||
87 | def authenticate(username, password): |
|
93 | def authenticate(username, password): | |
88 | """ |
|
94 | """ | |
89 | Authentication function used for access control, |
|
95 | Authentication function used for access control, | |
90 | firstly checks for db authentication then if ldap is enabled for ldap |
|
96 | firstly checks for db authentication then if ldap is enabled for ldap | |
91 | authentication, also creates ldap user if not in database |
|
97 | authentication, also creates ldap user if not in database | |
92 |
|
98 | |||
93 | :param username: username |
|
99 | :param username: username | |
94 | :param password: password |
|
100 | :param password: password | |
95 | """ |
|
101 | """ | |
96 | user_model = UserModel() |
|
102 | user_model = UserModel() | |
97 | user = user_model.get_by_username(username, cache=False) |
|
103 | user = user_model.get_by_username(username, cache=False) | |
98 |
|
104 | |||
99 | log.debug('Authenticating user using RhodeCode account') |
|
105 | log.debug('Authenticating user using RhodeCode account') | |
100 | if user is not None and user.is_ldap is False: |
|
106 | if user is not None and user.is_ldap is False: | |
101 | if user.active: |
|
107 | if user.active: | |
102 |
|
108 | |||
103 | if user.username == 'default' and user.active: |
|
109 | if user.username == 'default' and user.active: | |
104 | log.info('user %s authenticated correctly as anonymous user', |
|
110 | log.info('user %s authenticated correctly as anonymous user', | |
105 | username) |
|
111 | username) | |
106 | return True |
|
112 | return True | |
107 |
|
113 | |||
108 | elif user.username == username and check_password(password, user.password): |
|
114 | elif user.username == username and check_password(password, user.password): | |
109 | log.info('user %s authenticated correctly', username) |
|
115 | log.info('user %s authenticated correctly', username) | |
110 | return True |
|
116 | return True | |
111 | else: |
|
117 | else: | |
112 | log.warning('user %s is disabled', username) |
|
118 | log.warning('user %s is disabled', username) | |
113 |
|
119 | |||
114 | else: |
|
120 | else: | |
115 | log.debug('Regular authentication failed') |
|
121 | log.debug('Regular authentication failed') | |
116 | user_obj = user_model.get_by_username(username, cache=False, |
|
122 | user_obj = user_model.get_by_username(username, cache=False, | |
117 | case_insensitive=True) |
|
123 | case_insensitive=True) | |
118 |
|
124 | |||
119 | if user_obj is not None and user_obj.is_ldap is False: |
|
125 | if user_obj is not None and user_obj.is_ldap is False: | |
120 | log.debug('this user already exists as non ldap') |
|
126 | log.debug('this user already exists as non ldap') | |
121 | return False |
|
127 | return False | |
122 |
|
128 | |||
123 | from rhodecode.model.settings import SettingsModel |
|
129 | from rhodecode.model.settings import SettingsModel | |
124 | ldap_settings = SettingsModel().get_ldap_settings() |
|
130 | ldap_settings = SettingsModel().get_ldap_settings() | |
125 |
|
131 | |||
126 | #====================================================================== |
|
132 | #====================================================================== | |
127 | # FALLBACK TO LDAP AUTH IN ENABLE |
|
133 | # FALLBACK TO LDAP AUTH IN ENABLE | |
128 | #====================================================================== |
|
134 | #====================================================================== | |
129 | if ldap_settings.get('ldap_active', False): |
|
135 | if ldap_settings.get('ldap_active', False): | |
130 | log.debug("Authenticating user using ldap") |
|
136 | log.debug("Authenticating user using ldap") | |
131 | kwargs = { |
|
137 | kwargs = { | |
132 | 'server':ldap_settings.get('ldap_host', ''), |
|
138 | 'server':ldap_settings.get('ldap_host', ''), | |
133 | 'base_dn':ldap_settings.get('ldap_base_dn', ''), |
|
139 | 'base_dn':ldap_settings.get('ldap_base_dn', ''), | |
134 | 'port':ldap_settings.get('ldap_port'), |
|
140 | 'port':ldap_settings.get('ldap_port'), | |
135 | 'bind_dn':ldap_settings.get('ldap_dn_user'), |
|
141 | 'bind_dn':ldap_settings.get('ldap_dn_user'), | |
136 | 'bind_pass':ldap_settings.get('ldap_dn_pass'), |
|
142 | 'bind_pass':ldap_settings.get('ldap_dn_pass'), | |
137 | 'use_ldaps':ldap_settings.get('ldap_ldaps'), |
|
143 | 'use_ldaps':ldap_settings.get('ldap_ldaps'), | |
138 | 'ldap_version':3, |
|
144 | 'ldap_version':3, | |
139 | } |
|
145 | } | |
140 | log.debug('Checking for ldap authentication') |
|
146 | log.debug('Checking for ldap authentication') | |
141 | try: |
|
147 | try: | |
142 | aldap = AuthLdap(**kwargs) |
|
148 | aldap = AuthLdap(**kwargs) | |
143 | res = aldap.authenticate_ldap(username, password) |
|
149 | res = aldap.authenticate_ldap(username, password) | |
144 | log.debug('Got ldap response %s', res) |
|
150 | log.debug('Got ldap response %s', res) | |
145 |
|
151 | |||
146 | if user_model.create_ldap(username, password): |
|
152 | if user_model.create_ldap(username, password): | |
147 | log.info('created new ldap user') |
|
153 | log.info('created new ldap user') | |
148 |
|
154 | |||
149 | return True |
|
155 | return True | |
150 | except (LdapUsernameError, LdapPasswordError,): |
|
156 | except (LdapUsernameError, LdapPasswordError,): | |
151 | pass |
|
157 | pass | |
152 | except (Exception,): |
|
158 | except (Exception,): | |
153 | log.error(traceback.format_exc()) |
|
159 | log.error(traceback.format_exc()) | |
154 | pass |
|
160 | pass | |
155 | return False |
|
161 | return False | |
156 |
|
162 | |||
157 | class AuthUser(object): |
|
163 | class AuthUser(object): | |
158 | """ |
|
164 | """ | |
159 | A simple object that handles a mercurial username for authentication |
|
165 | A simple object that handles a mercurial username for authentication | |
160 | """ |
|
166 | """ | |
161 | def __init__(self): |
|
167 | def __init__(self): | |
162 | self.username = 'None' |
|
168 | self.username = 'None' | |
163 | self.name = '' |
|
169 | self.name = '' | |
164 | self.lastname = '' |
|
170 | self.lastname = '' | |
165 | self.email = '' |
|
171 | self.email = '' | |
166 | self.user_id = None |
|
172 | self.user_id = None | |
167 | self.is_authenticated = False |
|
173 | self.is_authenticated = False | |
168 | self.is_admin = False |
|
174 | self.is_admin = False | |
169 | self.permissions = {} |
|
175 | self.permissions = {} | |
170 |
|
176 | |||
171 | def __repr__(self): |
|
177 | def __repr__(self): | |
172 | return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username) |
|
178 | return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username) | |
173 |
|
179 | |||
174 | def set_available_permissions(config): |
|
180 | def set_available_permissions(config): | |
175 | """ |
|
181 | """This function will propagate pylons globals with all available defined | |
176 | This function will propagate pylons globals with all available defined |
|
|||
177 | permission given in db. We don't wannt to check each time from db for new |
|
182 | permission given in db. We don't wannt to check each time from db for new | |
178 | permissions since adding a new permission also requires application restart |
|
183 | permissions since adding a new permission also requires application restart | |
179 | ie. to decorate new views with the newly created permission |
|
184 | ie. to decorate new views with the newly created permission | |
180 | :param config: |
|
185 | ||
|
186 | :param config: current pylons config instance | |||
|
187 | ||||
181 | """ |
|
188 | """ | |
182 | log.info('getting information about all available permissions') |
|
189 | log.info('getting information about all available permissions') | |
183 | try: |
|
190 | try: | |
184 | sa = meta.Session() |
|
191 | sa = meta.Session() | |
185 | all_perms = sa.query(Permission).all() |
|
192 | all_perms = sa.query(Permission).all() | |
186 | except: |
|
193 | except: | |
187 | pass |
|
194 | pass | |
188 | finally: |
|
195 | finally: | |
189 | meta.Session.remove() |
|
196 | meta.Session.remove() | |
190 |
|
197 | |||
191 | config['available_permissions'] = [x.permission_name for x in all_perms] |
|
198 | config['available_permissions'] = [x.permission_name for x in all_perms] | |
192 |
|
199 | |||
193 | def set_base_path(config): |
|
200 | def set_base_path(config): | |
194 | config['base_path'] = config['pylons.app_globals'].base_path |
|
201 | config['base_path'] = config['pylons.app_globals'].base_path | |
195 |
|
202 | |||
196 |
|
203 | |||
197 | def fill_perms(user): |
|
204 | def fill_perms(user): | |
198 | """ |
|
205 | """Fills user permission attribute with permissions taken from database | |
199 | Fills user permission attribute with permissions taken from database |
|
206 | ||
200 | :param user: |
|
207 | :param user: | |
|
208 | ||||
201 | """ |
|
209 | """ | |
202 |
|
210 | |||
203 | sa = meta.Session() |
|
211 | sa = meta.Session() | |
204 | user.permissions['repositories'] = {} |
|
212 | user.permissions['repositories'] = {} | |
205 | user.permissions['global'] = set() |
|
213 | user.permissions['global'] = set() | |
206 |
|
214 | |||
207 | #=========================================================================== |
|
215 | #=========================================================================== | |
208 | # fetch default permissions |
|
216 | # fetch default permissions | |
209 | #=========================================================================== |
|
217 | #=========================================================================== | |
210 | default_user = UserModel().get_by_username('default', cache=True) |
|
218 | default_user = UserModel().get_by_username('default', cache=True) | |
211 |
|
219 | |||
212 | default_perms = sa.query(RepoToPerm, Repository, Permission)\ |
|
220 | default_perms = sa.query(RepoToPerm, Repository, Permission)\ | |
213 | .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
|
221 | .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ | |
214 | .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
|
222 | .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ | |
215 | .filter(RepoToPerm.user == default_user).all() |
|
223 | .filter(RepoToPerm.user == default_user).all() | |
216 |
|
224 | |||
217 | if user.is_admin: |
|
225 | if user.is_admin: | |
218 | #======================================================================= |
|
226 | #======================================================================= | |
219 | # #admin have all default rights set to admin |
|
227 | # #admin have all default rights set to admin | |
220 | #======================================================================= |
|
228 | #======================================================================= | |
221 | user.permissions['global'].add('hg.admin') |
|
229 | user.permissions['global'].add('hg.admin') | |
222 |
|
230 | |||
223 | for perm in default_perms: |
|
231 | for perm in default_perms: | |
224 | p = 'repository.admin' |
|
232 | p = 'repository.admin' | |
225 | user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
|
233 | user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | |
226 |
|
234 | |||
227 | else: |
|
235 | else: | |
228 | #======================================================================= |
|
236 | #======================================================================= | |
229 | # set default permissions |
|
237 | # set default permissions | |
230 | #======================================================================= |
|
238 | #======================================================================= | |
231 |
|
239 | |||
232 | #default global |
|
240 | #default global | |
233 | default_global_perms = sa.query(UserToPerm)\ |
|
241 | default_global_perms = sa.query(UserToPerm)\ | |
234 | .filter(UserToPerm.user == sa.query(User)\ |
|
242 | .filter(UserToPerm.user == sa.query(User)\ | |
235 | .filter(User.username == 'default').one()) |
|
243 | .filter(User.username == 'default').one()) | |
236 |
|
244 | |||
237 | for perm in default_global_perms: |
|
245 | for perm in default_global_perms: | |
238 | user.permissions['global'].add(perm.permission.permission_name) |
|
246 | user.permissions['global'].add(perm.permission.permission_name) | |
239 |
|
247 | |||
240 | #default repositories |
|
248 | #default repositories | |
241 | for perm in default_perms: |
|
249 | for perm in default_perms: | |
242 | if perm.Repository.private and not perm.Repository.user_id == user.user_id: |
|
250 | if perm.Repository.private and not perm.Repository.user_id == user.user_id: | |
243 | #disable defaults for private repos, |
|
251 | #disable defaults for private repos, | |
244 | p = 'repository.none' |
|
252 | p = 'repository.none' | |
245 | elif perm.Repository.user_id == user.user_id: |
|
253 | elif perm.Repository.user_id == user.user_id: | |
246 | #set admin if owner |
|
254 | #set admin if owner | |
247 | p = 'repository.admin' |
|
255 | p = 'repository.admin' | |
248 | else: |
|
256 | else: | |
249 | p = perm.Permission.permission_name |
|
257 | p = perm.Permission.permission_name | |
250 |
|
258 | |||
251 | user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
|
259 | user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | |
252 |
|
260 | |||
253 | #======================================================================= |
|
261 | #======================================================================= | |
254 | # #overwrite default with user permissions if any |
|
262 | # #overwrite default with user permissions if any | |
255 | #======================================================================= |
|
263 | #======================================================================= | |
256 | user_perms = sa.query(RepoToPerm, Permission, Repository)\ |
|
264 | user_perms = sa.query(RepoToPerm, Permission, Repository)\ | |
257 | .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
|
265 | .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ | |
258 | .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ |
|
266 | .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\ | |
259 | .filter(RepoToPerm.user_id == user.user_id).all() |
|
267 | .filter(RepoToPerm.user_id == user.user_id).all() | |
260 |
|
268 | |||
261 | for perm in user_perms: |
|
269 | for perm in user_perms: | |
262 | if perm.Repository.user_id == user.user_id:#set admin if owner |
|
270 | if perm.Repository.user_id == user.user_id:#set admin if owner | |
263 | p = 'repository.admin' |
|
271 | p = 'repository.admin' | |
264 | else: |
|
272 | else: | |
265 | p = perm.Permission.permission_name |
|
273 | p = perm.Permission.permission_name | |
266 | user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p |
|
274 | user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p | |
267 | meta.Session.remove() |
|
275 | meta.Session.remove() | |
268 | return user |
|
276 | return user | |
269 |
|
277 | |||
270 | def get_user(session): |
|
278 | def get_user(session): | |
271 | """ |
|
279 | """ | |
272 | Gets user from session, and wraps permissions into user |
|
280 | Gets user from session, and wraps permissions into user | |
273 | :param session: |
|
281 | :param session: | |
274 | """ |
|
282 | """ | |
275 | user = session.get('rhodecode_user', AuthUser()) |
|
283 | user = session.get('rhodecode_user', AuthUser()) | |
276 | #if the user is not logged in we check for anonymous access |
|
284 | #if the user is not logged in we check for anonymous access | |
277 | #if user is logged and it's a default user check if we still have anonymous |
|
285 | #if user is logged and it's a default user check if we still have anonymous | |
278 | #access enabled |
|
286 | #access enabled | |
279 | if user.user_id is None or user.username == 'default': |
|
287 | if user.user_id is None or user.username == 'default': | |
280 | anonymous_user = UserModel().get_by_username('default', cache=True) |
|
288 | anonymous_user = UserModel().get_by_username('default', cache=True) | |
281 | if anonymous_user.active is True: |
|
289 | if anonymous_user.active is True: | |
282 | #then we set this user is logged in |
|
290 | #then we set this user is logged in | |
283 | user.is_authenticated = True |
|
291 | user.is_authenticated = True | |
284 | user.user_id = anonymous_user.user_id |
|
292 | user.user_id = anonymous_user.user_id | |
285 | else: |
|
293 | else: | |
286 | user.is_authenticated = False |
|
294 | user.is_authenticated = False | |
287 |
|
295 | |||
288 | if user.is_authenticated: |
|
296 | if user.is_authenticated: | |
289 | user = UserModel().fill_data(user) |
|
297 | user = UserModel().fill_data(user) | |
290 |
|
298 | |||
291 | user = fill_perms(user) |
|
299 | user = fill_perms(user) | |
292 | session['rhodecode_user'] = user |
|
300 | session['rhodecode_user'] = user | |
293 | session.save() |
|
301 | session.save() | |
294 | return user |
|
302 | return user | |
295 |
|
303 | |||
296 | #=============================================================================== |
|
304 | #=============================================================================== | |
297 | # CHECK DECORATORS |
|
305 | # CHECK DECORATORS | |
298 | #=============================================================================== |
|
306 | #=============================================================================== | |
299 | class LoginRequired(object): |
|
307 | class LoginRequired(object): | |
300 | """Must be logged in to execute this function else |
|
308 | """Must be logged in to execute this function else | |
301 | redirect to login page""" |
|
309 | redirect to login page""" | |
302 |
|
310 | |||
303 | def __call__(self, func): |
|
311 | def __call__(self, func): | |
304 | return decorator(self.__wrapper, func) |
|
312 | return decorator(self.__wrapper, func) | |
305 |
|
313 | |||
306 | def __wrapper(self, func, *fargs, **fkwargs): |
|
314 | def __wrapper(self, func, *fargs, **fkwargs): | |
307 | user = session.get('rhodecode_user', AuthUser()) |
|
315 | user = session.get('rhodecode_user', AuthUser()) | |
308 | log.debug('Checking login required for user:%s', user.username) |
|
316 | log.debug('Checking login required for user:%s', user.username) | |
309 | if user.is_authenticated: |
|
317 | if user.is_authenticated: | |
310 | log.debug('user %s is authenticated', user.username) |
|
318 | log.debug('user %s is authenticated', user.username) | |
311 | return func(*fargs, **fkwargs) |
|
319 | return func(*fargs, **fkwargs) | |
312 | else: |
|
320 | else: | |
313 | log.warn('user %s not authenticated', user.username) |
|
321 | log.warn('user %s not authenticated', user.username) | |
314 |
|
322 | |||
315 | p = '' |
|
323 | p = '' | |
316 | if request.environ.get('SCRIPT_NAME') != '/': |
|
324 | if request.environ.get('SCRIPT_NAME') != '/': | |
317 | p += request.environ.get('SCRIPT_NAME') |
|
325 | p += request.environ.get('SCRIPT_NAME') | |
318 |
|
326 | |||
319 | p += request.environ.get('PATH_INFO') |
|
327 | p += request.environ.get('PATH_INFO') | |
320 | if request.environ.get('QUERY_STRING'): |
|
328 | if request.environ.get('QUERY_STRING'): | |
321 | p += '?' + request.environ.get('QUERY_STRING') |
|
329 | p += '?' + request.environ.get('QUERY_STRING') | |
322 |
|
330 | |||
323 | log.debug('redirecting to login page with %s', p) |
|
331 | log.debug('redirecting to login page with %s', p) | |
324 | return redirect(url('login_home', came_from=p)) |
|
332 | return redirect(url('login_home', came_from=p)) | |
325 |
|
333 | |||
326 | class NotAnonymous(object): |
|
334 | class NotAnonymous(object): | |
327 | """Must be logged in to execute this function else |
|
335 | """Must be logged in to execute this function else | |
328 | redirect to login page""" |
|
336 | redirect to login page""" | |
329 |
|
337 | |||
330 | def __call__(self, func): |
|
338 | def __call__(self, func): | |
331 | return decorator(self.__wrapper, func) |
|
339 | return decorator(self.__wrapper, func) | |
332 |
|
340 | |||
333 | def __wrapper(self, func, *fargs, **fkwargs): |
|
341 | def __wrapper(self, func, *fargs, **fkwargs): | |
334 | user = session.get('rhodecode_user', AuthUser()) |
|
342 | user = session.get('rhodecode_user', AuthUser()) | |
335 | log.debug('Checking if user is not anonymous') |
|
343 | log.debug('Checking if user is not anonymous') | |
336 |
|
344 | |||
337 | anonymous = user.username == 'default' |
|
345 | anonymous = user.username == 'default' | |
338 |
|
346 | |||
339 | if anonymous: |
|
347 | if anonymous: | |
340 | p = '' |
|
348 | p = '' | |
341 | if request.environ.get('SCRIPT_NAME') != '/': |
|
349 | if request.environ.get('SCRIPT_NAME') != '/': | |
342 | p += request.environ.get('SCRIPT_NAME') |
|
350 | p += request.environ.get('SCRIPT_NAME') | |
343 |
|
351 | |||
344 | p += request.environ.get('PATH_INFO') |
|
352 | p += request.environ.get('PATH_INFO') | |
345 | if request.environ.get('QUERY_STRING'): |
|
353 | if request.environ.get('QUERY_STRING'): | |
346 | p += '?' + request.environ.get('QUERY_STRING') |
|
354 | p += '?' + request.environ.get('QUERY_STRING') | |
347 | return redirect(url('login_home', came_from=p)) |
|
355 | return redirect(url('login_home', came_from=p)) | |
348 | else: |
|
356 | else: | |
349 | return func(*fargs, **fkwargs) |
|
357 | return func(*fargs, **fkwargs) | |
350 |
|
358 | |||
351 | class PermsDecorator(object): |
|
359 | class PermsDecorator(object): | |
352 | """Base class for decorators""" |
|
360 | """Base class for decorators""" | |
353 |
|
361 | |||
354 | def __init__(self, *required_perms): |
|
362 | def __init__(self, *required_perms): | |
355 | available_perms = config['available_permissions'] |
|
363 | available_perms = config['available_permissions'] | |
356 | for perm in required_perms: |
|
364 | for perm in required_perms: | |
357 | if perm not in available_perms: |
|
365 | if perm not in available_perms: | |
358 | raise Exception("'%s' permission is not defined" % perm) |
|
366 | raise Exception("'%s' permission is not defined" % perm) | |
359 | self.required_perms = set(required_perms) |
|
367 | self.required_perms = set(required_perms) | |
360 | self.user_perms = None |
|
368 | self.user_perms = None | |
361 |
|
369 | |||
362 | def __call__(self, func): |
|
370 | def __call__(self, func): | |
363 | return decorator(self.__wrapper, func) |
|
371 | return decorator(self.__wrapper, func) | |
364 |
|
372 | |||
365 |
|
373 | |||
366 | def __wrapper(self, func, *fargs, **fkwargs): |
|
374 | def __wrapper(self, func, *fargs, **fkwargs): | |
367 | # _wrapper.__name__ = func.__name__ |
|
375 | # _wrapper.__name__ = func.__name__ | |
368 | # _wrapper.__dict__.update(func.__dict__) |
|
376 | # _wrapper.__dict__.update(func.__dict__) | |
369 | # _wrapper.__doc__ = func.__doc__ |
|
377 | # _wrapper.__doc__ = func.__doc__ | |
370 | self.user = session.get('rhodecode_user', AuthUser()) |
|
378 | self.user = session.get('rhodecode_user', AuthUser()) | |
371 | self.user_perms = self.user.permissions |
|
379 | self.user_perms = self.user.permissions | |
372 | log.debug('checking %s permissions %s for %s %s', |
|
380 | log.debug('checking %s permissions %s for %s %s', | |
373 | self.__class__.__name__, self.required_perms, func.__name__, |
|
381 | self.__class__.__name__, self.required_perms, func.__name__, | |
374 | self.user) |
|
382 | self.user) | |
375 |
|
383 | |||
376 | if self.check_permissions(): |
|
384 | if self.check_permissions(): | |
377 | log.debug('Permission granted for %s %s', func.__name__, self.user) |
|
385 | log.debug('Permission granted for %s %s', func.__name__, self.user) | |
378 |
|
386 | |||
379 | return func(*fargs, **fkwargs) |
|
387 | return func(*fargs, **fkwargs) | |
380 |
|
388 | |||
381 | else: |
|
389 | else: | |
382 | log.warning('Permission denied for %s %s', func.__name__, self.user) |
|
390 | log.warning('Permission denied for %s %s', func.__name__, self.user) | |
383 | #redirect with forbidden ret code |
|
391 | #redirect with forbidden ret code | |
384 | return abort(403) |
|
392 | return abort(403) | |
385 |
|
393 | |||
386 |
|
394 | |||
387 |
|
395 | |||
388 | def check_permissions(self): |
|
396 | def check_permissions(self): | |
389 | """Dummy function for overriding""" |
|
397 | """Dummy function for overriding""" | |
390 | raise Exception('You have to write this function in child class') |
|
398 | raise Exception('You have to write this function in child class') | |
391 |
|
399 | |||
392 | class HasPermissionAllDecorator(PermsDecorator): |
|
400 | class HasPermissionAllDecorator(PermsDecorator): | |
393 | """Checks for access permission for all given predicates. All of them |
|
401 | """Checks for access permission for all given predicates. All of them | |
394 | have to be meet in order to fulfill the request |
|
402 | have to be meet in order to fulfill the request | |
395 | """ |
|
403 | """ | |
396 |
|
404 | |||
397 | def check_permissions(self): |
|
405 | def check_permissions(self): | |
398 | if self.required_perms.issubset(self.user_perms.get('global')): |
|
406 | if self.required_perms.issubset(self.user_perms.get('global')): | |
399 | return True |
|
407 | return True | |
400 | return False |
|
408 | return False | |
401 |
|
409 | |||
402 |
|
410 | |||
403 | class HasPermissionAnyDecorator(PermsDecorator): |
|
411 | class HasPermissionAnyDecorator(PermsDecorator): | |
404 | """Checks for access permission for any of given predicates. In order to |
|
412 | """Checks for access permission for any of given predicates. In order to | |
405 | fulfill the request any of predicates must be meet |
|
413 | fulfill the request any of predicates must be meet | |
406 | """ |
|
414 | """ | |
407 |
|
415 | |||
408 | def check_permissions(self): |
|
416 | def check_permissions(self): | |
409 | if self.required_perms.intersection(self.user_perms.get('global')): |
|
417 | if self.required_perms.intersection(self.user_perms.get('global')): | |
410 | return True |
|
418 | return True | |
411 | return False |
|
419 | return False | |
412 |
|
420 | |||
413 | class HasRepoPermissionAllDecorator(PermsDecorator): |
|
421 | class HasRepoPermissionAllDecorator(PermsDecorator): | |
414 | """Checks for access permission for all given predicates for specific |
|
422 | """Checks for access permission for all given predicates for specific | |
415 | repository. All of them have to be meet in order to fulfill the request |
|
423 | repository. All of them have to be meet in order to fulfill the request | |
416 | """ |
|
424 | """ | |
417 |
|
425 | |||
418 | def check_permissions(self): |
|
426 | def check_permissions(self): | |
419 | repo_name = get_repo_slug(request) |
|
427 | repo_name = get_repo_slug(request) | |
420 | try: |
|
428 | try: | |
421 | user_perms = set([self.user_perms['repositories'][repo_name]]) |
|
429 | user_perms = set([self.user_perms['repositories'][repo_name]]) | |
422 | except KeyError: |
|
430 | except KeyError: | |
423 | return False |
|
431 | return False | |
424 | if self.required_perms.issubset(user_perms): |
|
432 | if self.required_perms.issubset(user_perms): | |
425 | return True |
|
433 | return True | |
426 | return False |
|
434 | return False | |
427 |
|
435 | |||
428 |
|
436 | |||
429 | class HasRepoPermissionAnyDecorator(PermsDecorator): |
|
437 | class HasRepoPermissionAnyDecorator(PermsDecorator): | |
430 | """Checks for access permission for any of given predicates for specific |
|
438 | """Checks for access permission for any of given predicates for specific | |
431 | repository. In order to fulfill the request any of predicates must be meet |
|
439 | repository. In order to fulfill the request any of predicates must be meet | |
432 | """ |
|
440 | """ | |
433 |
|
441 | |||
434 | def check_permissions(self): |
|
442 | def check_permissions(self): | |
435 | repo_name = get_repo_slug(request) |
|
443 | repo_name = get_repo_slug(request) | |
436 |
|
444 | |||
437 | try: |
|
445 | try: | |
438 | user_perms = set([self.user_perms['repositories'][repo_name]]) |
|
446 | user_perms = set([self.user_perms['repositories'][repo_name]]) | |
439 | except KeyError: |
|
447 | except KeyError: | |
440 | return False |
|
448 | return False | |
441 | if self.required_perms.intersection(user_perms): |
|
449 | if self.required_perms.intersection(user_perms): | |
442 | return True |
|
450 | return True | |
443 | return False |
|
451 | return False | |
444 | #=============================================================================== |
|
452 | #=============================================================================== | |
445 | # CHECK FUNCTIONS |
|
453 | # CHECK FUNCTIONS | |
446 | #=============================================================================== |
|
454 | #=============================================================================== | |
447 |
|
455 | |||
448 | class PermsFunction(object): |
|
456 | class PermsFunction(object): | |
449 | """Base function for other check functions""" |
|
457 | """Base function for other check functions""" | |
450 |
|
458 | |||
451 | def __init__(self, *perms): |
|
459 | def __init__(self, *perms): | |
452 | available_perms = config['available_permissions'] |
|
460 | available_perms = config['available_permissions'] | |
453 |
|
461 | |||
454 | for perm in perms: |
|
462 | for perm in perms: | |
455 | if perm not in available_perms: |
|
463 | if perm not in available_perms: | |
456 | raise Exception("'%s' permission in not defined" % perm) |
|
464 | raise Exception("'%s' permission in not defined" % perm) | |
457 | self.required_perms = set(perms) |
|
465 | self.required_perms = set(perms) | |
458 | self.user_perms = None |
|
466 | self.user_perms = None | |
459 | self.granted_for = '' |
|
467 | self.granted_for = '' | |
460 | self.repo_name = None |
|
468 | self.repo_name = None | |
461 |
|
469 | |||
462 | def __call__(self, check_Location=''): |
|
470 | def __call__(self, check_Location=''): | |
463 | user = session.get('rhodecode_user', False) |
|
471 | user = session.get('rhodecode_user', False) | |
464 | if not user: |
|
472 | if not user: | |
465 | return False |
|
473 | return False | |
466 | self.user_perms = user.permissions |
|
474 | self.user_perms = user.permissions | |
467 | self.granted_for = user.username |
|
475 | self.granted_for = user.username | |
468 | log.debug('checking %s %s %s', self.__class__.__name__, |
|
476 | log.debug('checking %s %s %s', self.__class__.__name__, | |
469 | self.required_perms, user) |
|
477 | self.required_perms, user) | |
470 |
|
478 | |||
471 | if self.check_permissions(): |
|
479 | if self.check_permissions(): | |
472 | log.debug('Permission granted for %s @ %s %s', self.granted_for, |
|
480 | log.debug('Permission granted for %s @ %s %s', self.granted_for, | |
473 | check_Location, user) |
|
481 | check_Location, user) | |
474 | return True |
|
482 | return True | |
475 |
|
483 | |||
476 | else: |
|
484 | else: | |
477 | log.warning('Permission denied for %s @ %s %s', self.granted_for, |
|
485 | log.warning('Permission denied for %s @ %s %s', self.granted_for, | |
478 | check_Location, user) |
|
486 | check_Location, user) | |
479 | return False |
|
487 | return False | |
480 |
|
488 | |||
481 | def check_permissions(self): |
|
489 | def check_permissions(self): | |
482 | """Dummy function for overriding""" |
|
490 | """Dummy function for overriding""" | |
483 | raise Exception('You have to write this function in child class') |
|
491 | raise Exception('You have to write this function in child class') | |
484 |
|
492 | |||
485 | class HasPermissionAll(PermsFunction): |
|
493 | class HasPermissionAll(PermsFunction): | |
486 | def check_permissions(self): |
|
494 | def check_permissions(self): | |
487 | if self.required_perms.issubset(self.user_perms.get('global')): |
|
495 | if self.required_perms.issubset(self.user_perms.get('global')): | |
488 | return True |
|
496 | return True | |
489 | return False |
|
497 | return False | |
490 |
|
498 | |||
491 | class HasPermissionAny(PermsFunction): |
|
499 | class HasPermissionAny(PermsFunction): | |
492 | def check_permissions(self): |
|
500 | def check_permissions(self): | |
493 | if self.required_perms.intersection(self.user_perms.get('global')): |
|
501 | if self.required_perms.intersection(self.user_perms.get('global')): | |
494 | return True |
|
502 | return True | |
495 | return False |
|
503 | return False | |
496 |
|
504 | |||
497 | class HasRepoPermissionAll(PermsFunction): |
|
505 | class HasRepoPermissionAll(PermsFunction): | |
498 |
|
506 | |||
499 | def __call__(self, repo_name=None, check_Location=''): |
|
507 | def __call__(self, repo_name=None, check_Location=''): | |
500 | self.repo_name = repo_name |
|
508 | self.repo_name = repo_name | |
501 | return super(HasRepoPermissionAll, self).__call__(check_Location) |
|
509 | return super(HasRepoPermissionAll, self).__call__(check_Location) | |
502 |
|
510 | |||
503 | def check_permissions(self): |
|
511 | def check_permissions(self): | |
504 | if not self.repo_name: |
|
512 | if not self.repo_name: | |
505 | self.repo_name = get_repo_slug(request) |
|
513 | self.repo_name = get_repo_slug(request) | |
506 |
|
514 | |||
507 | try: |
|
515 | try: | |
508 | self.user_perms = set([self.user_perms['repositories']\ |
|
516 | self.user_perms = set([self.user_perms['repositories']\ | |
509 | [self.repo_name]]) |
|
517 | [self.repo_name]]) | |
510 | except KeyError: |
|
518 | except KeyError: | |
511 | return False |
|
519 | return False | |
512 | self.granted_for = self.repo_name |
|
520 | self.granted_for = self.repo_name | |
513 | if self.required_perms.issubset(self.user_perms): |
|
521 | if self.required_perms.issubset(self.user_perms): | |
514 | return True |
|
522 | return True | |
515 | return False |
|
523 | return False | |
516 |
|
524 | |||
517 | class HasRepoPermissionAny(PermsFunction): |
|
525 | class HasRepoPermissionAny(PermsFunction): | |
518 |
|
526 | |||
519 | def __call__(self, repo_name=None, check_Location=''): |
|
527 | def __call__(self, repo_name=None, check_Location=''): | |
520 | self.repo_name = repo_name |
|
528 | self.repo_name = repo_name | |
521 | return super(HasRepoPermissionAny, self).__call__(check_Location) |
|
529 | return super(HasRepoPermissionAny, self).__call__(check_Location) | |
522 |
|
530 | |||
523 | def check_permissions(self): |
|
531 | def check_permissions(self): | |
524 | if not self.repo_name: |
|
532 | if not self.repo_name: | |
525 | self.repo_name = get_repo_slug(request) |
|
533 | self.repo_name = get_repo_slug(request) | |
526 |
|
534 | |||
527 | try: |
|
535 | try: | |
528 | self.user_perms = set([self.user_perms['repositories']\ |
|
536 | self.user_perms = set([self.user_perms['repositories']\ | |
529 | [self.repo_name]]) |
|
537 | [self.repo_name]]) | |
530 | except KeyError: |
|
538 | except KeyError: | |
531 | return False |
|
539 | return False | |
532 | self.granted_for = self.repo_name |
|
540 | self.granted_for = self.repo_name | |
533 | if self.required_perms.intersection(self.user_perms): |
|
541 | if self.required_perms.intersection(self.user_perms): | |
534 | return True |
|
542 | return True | |
535 | return False |
|
543 | return False | |
536 |
|
544 | |||
537 | #=============================================================================== |
|
545 | #=============================================================================== | |
538 | # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH |
|
546 | # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH | |
539 | #=============================================================================== |
|
547 | #=============================================================================== | |
540 |
|
548 | |||
541 | class HasPermissionAnyMiddleware(object): |
|
549 | class HasPermissionAnyMiddleware(object): | |
542 | def __init__(self, *perms): |
|
550 | def __init__(self, *perms): | |
543 | self.required_perms = set(perms) |
|
551 | self.required_perms = set(perms) | |
544 |
|
552 | |||
545 | def __call__(self, user, repo_name): |
|
553 | def __call__(self, user, repo_name): | |
546 | usr = AuthUser() |
|
554 | usr = AuthUser() | |
547 | usr.user_id = user.user_id |
|
555 | usr.user_id = user.user_id | |
548 | usr.username = user.username |
|
556 | usr.username = user.username | |
549 | usr.is_admin = user.admin |
|
557 | usr.is_admin = user.admin | |
550 |
|
558 | |||
551 | try: |
|
559 | try: | |
552 | self.user_perms = set([fill_perms(usr)\ |
|
560 | self.user_perms = set([fill_perms(usr)\ | |
553 | .permissions['repositories'][repo_name]]) |
|
561 | .permissions['repositories'][repo_name]]) | |
554 | except: |
|
562 | except: | |
555 | self.user_perms = set() |
|
563 | self.user_perms = set() | |
556 | self.granted_for = '' |
|
564 | self.granted_for = '' | |
557 | self.username = user.username |
|
565 | self.username = user.username | |
558 | self.repo_name = repo_name |
|
566 | self.repo_name = repo_name | |
559 | return self.check_permissions() |
|
567 | return self.check_permissions() | |
560 |
|
568 | |||
561 | def check_permissions(self): |
|
569 | def check_permissions(self): | |
562 | log.debug('checking mercurial protocol ' |
|
570 | log.debug('checking mercurial protocol ' | |
563 | 'permissions for user:%s repository:%s', |
|
571 | 'permissions for user:%s repository:%s', | |
564 | self.username, self.repo_name) |
|
572 | self.username, self.repo_name) | |
565 | if self.required_perms.intersection(self.user_perms): |
|
573 | if self.required_perms.intersection(self.user_perms): | |
566 | log.debug('permission granted') |
|
574 | log.debug('permission granted') | |
567 | return True |
|
575 | return True | |
568 | log.debug('permission denied') |
|
576 | log.debug('permission denied') | |
569 | return False |
|
577 | return False |
@@ -1,293 +1,298 b'' | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 | """ |
|
2 | """ | |
3 | rhodecode.model.db |
|
3 | rhodecode.model.db | |
4 | ~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~ | |
5 |
|
5 | |||
6 | Database Models for RhodeCode |
|
6 | Database Models for RhodeCode | |
7 |
|
7 | |||
8 | :created_on: Apr 08, 2010 |
|
8 | :created_on: Apr 08, 2010 | |
9 | :author: marcink |
|
9 | :author: marcink | |
10 | :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> | |
11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
12 | """ |
|
12 | """ | |
13 | # This program is free software; you can redistribute it and/or |
|
13 | # This program is free software; you can redistribute it and/or | |
14 | # modify it under the terms of the GNU General Public License |
|
14 | # modify it under the terms of the GNU General Public License | |
15 | # as published by the Free Software Foundation; version 2 |
|
15 | # as published by the Free Software Foundation; version 2 | |
16 | # of the License or (at your opinion) any later version of the license. |
|
16 | # of the License or (at your opinion) any later version of the license. | |
17 | # |
|
17 | # | |
18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
22 | # |
|
22 | # | |
23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
24 | # along with this program; if not, write to the Free Software |
|
24 | # along with this program; if not, write to the Free Software | |
25 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
25 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | |
26 | # MA 02110-1301, USA. |
|
26 | # MA 02110-1301, USA. | |
27 | import logging |
|
27 | import logging | |
28 | import datetime |
|
28 | import datetime | |
29 |
|
29 | |||
30 | from sqlalchemy import * |
|
30 | from sqlalchemy import * | |
31 | from sqlalchemy.exc import DatabaseError |
|
31 | from sqlalchemy.exc import DatabaseError | |
32 | from sqlalchemy.orm import relation, backref, class_mapper |
|
32 | from sqlalchemy.orm import relation, backref, class_mapper | |
33 | from sqlalchemy.orm.session import Session |
|
33 | from sqlalchemy.orm.session import Session | |
34 |
|
34 | |||
35 | from rhodecode.model.meta import Base |
|
35 | from rhodecode.model.meta import Base | |
36 |
|
36 | |||
37 | log = logging.getLogger(__name__) |
|
37 | log = logging.getLogger(__name__) | |
38 |
|
38 | |||
39 | class BaseModel(object): |
|
39 | class BaseModel(object): | |
40 |
|
40 | |||
41 | @classmethod |
|
41 | @classmethod | |
42 | def _get_keys(cls): |
|
42 | def _get_keys(cls): | |
43 | """return column names for this model """ |
|
43 | """return column names for this model """ | |
44 | return class_mapper(cls).c.keys() |
|
44 | return class_mapper(cls).c.keys() | |
45 |
|
45 | |||
46 | def get_dict(self): |
|
46 | def get_dict(self): | |
47 | """return dict with keys and values corresponding |
|
47 | """return dict with keys and values corresponding | |
48 | to this model data """ |
|
48 | to this model data """ | |
49 |
|
49 | |||
50 | d = {} |
|
50 | d = {} | |
51 | for k in self._get_keys(): |
|
51 | for k in self._get_keys(): | |
52 | d[k] = getattr(self, k) |
|
52 | d[k] = getattr(self, k) | |
53 | return d |
|
53 | return d | |
54 |
|
54 | |||
55 | def get_appstruct(self): |
|
55 | def get_appstruct(self): | |
56 | """return list with keys and values tupples corresponding |
|
56 | """return list with keys and values tupples corresponding | |
57 | to this model data """ |
|
57 | to this model data """ | |
58 |
|
58 | |||
59 | l = [] |
|
59 | l = [] | |
60 | for k in self._get_keys(): |
|
60 | for k in self._get_keys(): | |
61 | l.append((k, getattr(self, k),)) |
|
61 | l.append((k, getattr(self, k),)) | |
62 | return l |
|
62 | return l | |
63 |
|
63 | |||
64 | def populate_obj(self, populate_dict): |
|
64 | def populate_obj(self, populate_dict): | |
65 | """populate model with data from given populate_dict""" |
|
65 | """populate model with data from given populate_dict""" | |
66 |
|
66 | |||
67 | for k in self._get_keys(): |
|
67 | for k in self._get_keys(): | |
68 | if k in populate_dict: |
|
68 | if k in populate_dict: | |
69 | setattr(self, k, populate_dict[k]) |
|
69 | setattr(self, k, populate_dict[k]) | |
70 |
|
70 | |||
71 | class RhodeCodeSettings(Base, BaseModel): |
|
71 | class RhodeCodeSettings(Base, BaseModel): | |
72 | __tablename__ = 'rhodecode_settings' |
|
72 | __tablename__ = 'rhodecode_settings' | |
73 | __table_args__ = (UniqueConstraint('app_settings_name'), {'useexisting':True}) |
|
73 | __table_args__ = (UniqueConstraint('app_settings_name'), {'useexisting':True}) | |
74 | app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
74 | app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
75 | app_settings_name = Column("app_settings_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
75 | app_settings_name = Column("app_settings_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
76 | app_settings_value = Column("app_settings_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
76 | app_settings_value = Column("app_settings_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
77 |
|
77 | |||
78 | def __init__(self, k, v): |
|
78 | def __init__(self, k, v): | |
79 | self.app_settings_name = k |
|
79 | self.app_settings_name = k | |
80 | self.app_settings_value = v |
|
80 | self.app_settings_value = v | |
81 |
|
81 | |||
82 | def __repr__(self): |
|
82 | def __repr__(self): | |
83 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
83 | return "<%s('%s:%s')>" % (self.__class__.__name__, | |
84 | self.app_settings_name, self.app_settings_value) |
|
84 | self.app_settings_name, self.app_settings_value) | |
85 |
|
85 | |||
86 | class RhodeCodeUi(Base, BaseModel): |
|
86 | class RhodeCodeUi(Base, BaseModel): | |
87 | __tablename__ = 'rhodecode_ui' |
|
87 | __tablename__ = 'rhodecode_ui' | |
88 | __table_args__ = {'useexisting':True} |
|
88 | __table_args__ = {'useexisting':True} | |
89 | ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
89 | ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
90 | ui_section = Column("ui_section", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
90 | ui_section = Column("ui_section", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
91 | ui_key = Column("ui_key", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
91 | ui_key = Column("ui_key", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
92 | ui_value = Column("ui_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
92 | ui_value = Column("ui_value", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
93 | ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True) |
|
93 | ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True) | |
94 |
|
94 | |||
95 |
|
95 | |||
96 | class User(Base, BaseModel): |
|
96 | class User(Base, BaseModel): | |
97 | __tablename__ = 'users' |
|
97 | __tablename__ = 'users' | |
98 | __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'useexisting':True}) |
|
98 | __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'useexisting':True}) | |
99 | user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
99 | user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
100 | username = Column("username", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
100 | username = Column("username", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
101 | password = Column("password", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
101 | password = Column("password", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
102 | active = Column("active", Boolean(), nullable=True, unique=None, default=None) |
|
102 | active = Column("active", Boolean(), nullable=True, unique=None, default=None) | |
103 | admin = Column("admin", Boolean(), nullable=True, unique=None, default=False) |
|
103 | admin = Column("admin", Boolean(), nullable=True, unique=None, default=False) | |
104 | name = Column("name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
104 | name = Column("name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
105 | lastname = Column("lastname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
105 | lastname = Column("lastname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
106 | email = Column("email", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
106 | email = Column("email", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
107 | last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None) |
|
107 | last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None) | |
108 | is_ldap = Column("is_ldap", Boolean(), nullable=False, unique=None, default=False) |
|
108 | is_ldap = Column("is_ldap", Boolean(), nullable=False, unique=None, default=False) | |
109 |
|
109 | |||
110 | user_log = relation('UserLog', cascade='all') |
|
110 | user_log = relation('UserLog', cascade='all') | |
111 | user_perms = relation('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all') |
|
111 | user_perms = relation('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all') | |
112 |
|
112 | |||
113 | repositories = relation('Repository') |
|
113 | repositories = relation('Repository') | |
114 | user_followers = relation('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all') |
|
114 | user_followers = relation('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all') | |
115 |
|
115 | |||
116 | @property |
|
116 | @property | |
117 | def full_contact(self): |
|
117 | def full_contact(self): | |
118 | return '%s %s <%s>' % (self.name, self.lastname, self.email) |
|
118 | return '%s %s <%s>' % (self.name, self.lastname, self.email) | |
119 |
|
119 | |||
|
120 | ||||
|
121 | @property | |||
|
122 | def is_admin(self): | |||
|
123 | return self.admin | |||
|
124 | ||||
120 | def __repr__(self): |
|
125 | def __repr__(self): | |
121 | return "<%s('id:%s:%s')>" % (self.__class__.__name__, |
|
126 | return "<%s('id:%s:%s')>" % (self.__class__.__name__, | |
122 | self.user_id, self.username) |
|
127 | self.user_id, self.username) | |
123 |
|
128 | |||
124 | def update_lastlogin(self): |
|
129 | def update_lastlogin(self): | |
125 | """Update user lastlogin""" |
|
130 | """Update user lastlogin""" | |
126 |
|
131 | |||
127 | try: |
|
132 | try: | |
128 | session = Session.object_session(self) |
|
133 | session = Session.object_session(self) | |
129 | self.last_login = datetime.datetime.now() |
|
134 | self.last_login = datetime.datetime.now() | |
130 | session.add(self) |
|
135 | session.add(self) | |
131 | session.commit() |
|
136 | session.commit() | |
132 | log.debug('updated user %s lastlogin', self.username) |
|
137 | log.debug('updated user %s lastlogin', self.username) | |
133 | except (DatabaseError,): |
|
138 | except (DatabaseError,): | |
134 | session.rollback() |
|
139 | session.rollback() | |
135 |
|
140 | |||
136 |
|
141 | |||
137 | class UserLog(Base, BaseModel): |
|
142 | class UserLog(Base, BaseModel): | |
138 | __tablename__ = 'user_logs' |
|
143 | __tablename__ = 'user_logs' | |
139 | __table_args__ = {'useexisting':True} |
|
144 | __table_args__ = {'useexisting':True} | |
140 | user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
145 | user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
141 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
146 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) | |
142 | repository_id = Column("repository_id", Integer(length=None, convert_unicode=False, assert_unicode=None), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None) |
|
147 | repository_id = Column("repository_id", Integer(length=None, convert_unicode=False, assert_unicode=None), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None) | |
143 | repository_name = Column("repository_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
148 | repository_name = Column("repository_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
144 | user_ip = Column("user_ip", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
149 | user_ip = Column("user_ip", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
145 | action = Column("action", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
150 | action = Column("action", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
146 | action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None) |
|
151 | action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None) | |
147 |
|
152 | |||
148 | user = relation('User') |
|
153 | user = relation('User') | |
149 | repository = relation('Repository') |
|
154 | repository = relation('Repository') | |
150 |
|
155 | |||
151 | class Repository(Base, BaseModel): |
|
156 | class Repository(Base, BaseModel): | |
152 | __tablename__ = 'repositories' |
|
157 | __tablename__ = 'repositories' | |
153 | __table_args__ = (UniqueConstraint('repo_name'), {'useexisting':True},) |
|
158 | __table_args__ = (UniqueConstraint('repo_name'), {'useexisting':True},) | |
154 | repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
159 | repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
155 | repo_name = Column("repo_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None) |
|
160 | repo_name = Column("repo_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None) | |
156 | repo_type = Column("repo_type", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg') |
|
161 | repo_type = Column("repo_type", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg') | |
157 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None) |
|
162 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None) | |
158 | private = Column("private", Boolean(), nullable=True, unique=None, default=None) |
|
163 | private = Column("private", Boolean(), nullable=True, unique=None, default=None) | |
159 | enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True) |
|
164 | enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True) | |
160 | description = Column("description", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
165 | description = Column("description", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
161 | fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None) |
|
166 | fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None) | |
162 | group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None) |
|
167 | group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None) | |
163 |
|
168 | |||
164 | user = relation('User') |
|
169 | user = relation('User') | |
165 | fork = relation('Repository', remote_side=repo_id) |
|
170 | fork = relation('Repository', remote_side=repo_id) | |
166 | group = relation('Group') |
|
171 | group = relation('Group') | |
167 | repo_to_perm = relation('RepoToPerm', cascade='all') |
|
172 | repo_to_perm = relation('RepoToPerm', cascade='all') | |
168 | stats = relation('Statistics', cascade='all', uselist=False) |
|
173 | stats = relation('Statistics', cascade='all', uselist=False) | |
169 |
|
174 | |||
170 | repo_followers = relation('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all') |
|
175 | repo_followers = relation('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all') | |
171 |
|
176 | |||
172 | def __repr__(self): |
|
177 | def __repr__(self): | |
173 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
178 | return "<%s('%s:%s')>" % (self.__class__.__name__, | |
174 | self.repo_id, self.repo_name) |
|
179 | self.repo_id, self.repo_name) | |
175 |
|
180 | |||
176 | class Group(Base, BaseModel): |
|
181 | class Group(Base, BaseModel): | |
177 | __tablename__ = 'groups' |
|
182 | __tablename__ = 'groups' | |
178 | __table_args__ = (UniqueConstraint('group_name'), {'useexisting':True},) |
|
183 | __table_args__ = (UniqueConstraint('group_name'), {'useexisting':True},) | |
179 |
|
184 | |||
180 | group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
185 | group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
181 | group_name = Column("group_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None) |
|
186 | group_name = Column("group_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None) | |
182 | group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None) |
|
187 | group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None) | |
183 |
|
188 | |||
184 | parent_group = relation('Group', remote_side=group_id) |
|
189 | parent_group = relation('Group', remote_side=group_id) | |
185 |
|
190 | |||
186 |
|
191 | |||
187 | def __init__(self, group_name='', parent_group=None): |
|
192 | def __init__(self, group_name='', parent_group=None): | |
188 | self.group_name = group_name |
|
193 | self.group_name = group_name | |
189 | self.parent_group = parent_group |
|
194 | self.parent_group = parent_group | |
190 |
|
195 | |||
191 | def __repr__(self): |
|
196 | def __repr__(self): | |
192 | return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id, |
|
197 | return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id, | |
193 | self.group_name) |
|
198 | self.group_name) | |
194 |
|
199 | |||
195 | class Permission(Base, BaseModel): |
|
200 | class Permission(Base, BaseModel): | |
196 | __tablename__ = 'permissions' |
|
201 | __tablename__ = 'permissions' | |
197 | __table_args__ = {'useexisting':True} |
|
202 | __table_args__ = {'useexisting':True} | |
198 | permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
203 | permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
199 | permission_name = Column("permission_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
204 | permission_name = Column("permission_name", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
200 | permission_longname = Column("permission_longname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
205 | permission_longname = Column("permission_longname", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
201 |
|
206 | |||
202 | def __repr__(self): |
|
207 | def __repr__(self): | |
203 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
208 | return "<%s('%s:%s')>" % (self.__class__.__name__, | |
204 | self.permission_id, self.permission_name) |
|
209 | self.permission_id, self.permission_name) | |
205 |
|
210 | |||
206 | class RepoToPerm(Base, BaseModel): |
|
211 | class RepoToPerm(Base, BaseModel): | |
207 | __tablename__ = 'repo_to_perm' |
|
212 | __tablename__ = 'repo_to_perm' | |
208 | __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True}) |
|
213 | __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True}) | |
209 | repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
214 | repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
210 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
215 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) | |
211 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
216 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) | |
212 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None) |
|
217 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None) | |
213 |
|
218 | |||
214 | user = relation('User') |
|
219 | user = relation('User') | |
215 | permission = relation('Permission') |
|
220 | permission = relation('Permission') | |
216 | repository = relation('Repository') |
|
221 | repository = relation('Repository') | |
217 |
|
222 | |||
218 | class UserToPerm(Base, BaseModel): |
|
223 | class UserToPerm(Base, BaseModel): | |
219 | __tablename__ = 'user_to_perm' |
|
224 | __tablename__ = 'user_to_perm' | |
220 | __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'useexisting':True}) |
|
225 | __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'useexisting':True}) | |
221 | user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
226 | user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
222 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
227 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) | |
223 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
228 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) | |
224 |
|
229 | |||
225 | user = relation('User') |
|
230 | user = relation('User') | |
226 | permission = relation('Permission') |
|
231 | permission = relation('Permission') | |
227 |
|
232 | |||
228 | class GroupToPerm(Base, BaseModel): |
|
233 | class GroupToPerm(Base, BaseModel): | |
229 | __tablename__ = 'group_to_perm' |
|
234 | __tablename__ = 'group_to_perm' | |
230 | __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True}) |
|
235 | __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True}) | |
231 |
|
236 | |||
232 | group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
237 | group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
233 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
238 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) | |
234 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) |
|
239 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) | |
235 | group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None) |
|
240 | group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None) | |
236 |
|
241 | |||
237 | user = relation('User') |
|
242 | user = relation('User') | |
238 | permission = relation('Permission') |
|
243 | permission = relation('Permission') | |
239 | group = relation('Group') |
|
244 | group = relation('Group') | |
240 |
|
245 | |||
241 | class Statistics(Base, BaseModel): |
|
246 | class Statistics(Base, BaseModel): | |
242 | __tablename__ = 'statistics' |
|
247 | __tablename__ = 'statistics' | |
243 | __table_args__ = (UniqueConstraint('repository_id'), {'useexisting':True}) |
|
248 | __table_args__ = (UniqueConstraint('repository_id'), {'useexisting':True}) | |
244 | stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
249 | stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
245 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None) |
|
250 | repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None) | |
246 | stat_on_revision = Column("stat_on_revision", Integer(), nullable=False) |
|
251 | stat_on_revision = Column("stat_on_revision", Integer(), nullable=False) | |
247 | commit_activity = Column("commit_activity", LargeBinary(), nullable=False)#JSON data |
|
252 | commit_activity = Column("commit_activity", LargeBinary(), nullable=False)#JSON data | |
248 | commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data |
|
253 | commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data | |
249 | languages = Column("languages", LargeBinary(), nullable=False)#JSON data |
|
254 | languages = Column("languages", LargeBinary(), nullable=False)#JSON data | |
250 |
|
255 | |||
251 | repository = relation('Repository', single_parent=True) |
|
256 | repository = relation('Repository', single_parent=True) | |
252 |
|
257 | |||
253 | class UserFollowing(Base, BaseModel): |
|
258 | class UserFollowing(Base, BaseModel): | |
254 | __tablename__ = 'user_followings' |
|
259 | __tablename__ = 'user_followings' | |
255 | __table_args__ = (UniqueConstraint('user_id', 'follows_repository_id'), |
|
260 | __table_args__ = (UniqueConstraint('user_id', 'follows_repository_id'), | |
256 | UniqueConstraint('user_id', 'follows_user_id') |
|
261 | UniqueConstraint('user_id', 'follows_user_id') | |
257 | , {'useexisting':True}) |
|
262 | , {'useexisting':True}) | |
258 |
|
263 | |||
259 | user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
264 | user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
260 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) |
|
265 | user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None) | |
261 | follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None) |
|
266 | follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None) | |
262 | follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None) |
|
267 | follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None) | |
263 |
|
268 | |||
264 | user = relation('User', primaryjoin='User.user_id==UserFollowing.user_id') |
|
269 | user = relation('User', primaryjoin='User.user_id==UserFollowing.user_id') | |
265 |
|
270 | |||
266 | follows_user = relation('User', primaryjoin='User.user_id==UserFollowing.follows_user_id') |
|
271 | follows_user = relation('User', primaryjoin='User.user_id==UserFollowing.follows_user_id') | |
267 | follows_repository = relation('Repository') |
|
272 | follows_repository = relation('Repository') | |
268 |
|
273 | |||
269 | class CacheInvalidation(Base, BaseModel): |
|
274 | class CacheInvalidation(Base, BaseModel): | |
270 | __tablename__ = 'cache_invalidation' |
|
275 | __tablename__ = 'cache_invalidation' | |
271 | __table_args__ = (UniqueConstraint('cache_key'), {'useexisting':True}) |
|
276 | __table_args__ = (UniqueConstraint('cache_key'), {'useexisting':True}) | |
272 | cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
277 | cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
273 | cache_key = Column("cache_key", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
278 | cache_key = Column("cache_key", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
274 | cache_args = Column("cache_args", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) |
|
279 | cache_args = Column("cache_args", String(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None) | |
275 | cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False) |
|
280 | cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False) | |
276 |
|
281 | |||
277 |
|
282 | |||
278 | def __init__(self, cache_key, cache_args=''): |
|
283 | def __init__(self, cache_key, cache_args=''): | |
279 | self.cache_key = cache_key |
|
284 | self.cache_key = cache_key | |
280 | self.cache_args = cache_args |
|
285 | self.cache_args = cache_args | |
281 | self.cache_active = False |
|
286 | self.cache_active = False | |
282 |
|
287 | |||
283 | def __repr__(self): |
|
288 | def __repr__(self): | |
284 | return "<%s('%s:%s')>" % (self.__class__.__name__, |
|
289 | return "<%s('%s:%s')>" % (self.__class__.__name__, | |
285 | self.cache_id, self.cache_key) |
|
290 | self.cache_id, self.cache_key) | |
286 |
|
291 | |||
287 | class DbMigrateVersion(Base, BaseModel): |
|
292 | class DbMigrateVersion(Base, BaseModel): | |
288 | __tablename__ = 'db_migrate_version' |
|
293 | __tablename__ = 'db_migrate_version' | |
289 | __table_args__ = {'useexisting':True} |
|
294 | __table_args__ = {'useexisting':True} | |
290 | repository_id = Column('repository_id', String(250), primary_key=True) |
|
295 | repository_id = Column('repository_id', String(250), primary_key=True) | |
291 | repository_path = Column('repository_path', Text) |
|
296 | repository_path = Column('repository_path', Text) | |
292 | version = Column('version', Integer) |
|
297 | version = Column('version', Integer) | |
293 |
|
298 |
@@ -1,120 +1,234 b'' | |||||
1 | ## -*- coding: utf-8 -*- |
|
1 | ## -*- coding: utf-8 -*- | |
2 | <%inherit file="/base/base.html"/> |
|
2 | <%inherit file="/base/base.html"/> | |
3 |
|
3 | |||
4 | <%def name="title()"> |
|
4 | <%def name="title()"> | |
5 | ${_('Edit user')} ${c.user.username} - ${c.rhodecode_name} |
|
5 | ${_('Edit user')} ${c.user.username} - ${c.rhodecode_name} | |
6 | </%def> |
|
6 | </%def> | |
7 |
|
7 | |||
8 | <%def name="breadcrumbs_links()"> |
|
8 | <%def name="breadcrumbs_links()"> | |
9 | ${h.link_to(_('Admin'),h.url('admin_home'))} |
|
9 | ${h.link_to(_('Admin'),h.url('admin_home'))} | |
10 | » |
|
10 | » | |
11 | ${h.link_to(_('Users'),h.url('users'))} |
|
11 | ${h.link_to(_('Users'),h.url('users'))} | |
12 | » |
|
12 | » | |
13 | ${_('edit')} "${c.user.username}" |
|
13 | ${_('edit')} "${c.user.username}" | |
14 | </%def> |
|
14 | </%def> | |
15 |
|
15 | |||
16 | <%def name="page_nav()"> |
|
16 | <%def name="page_nav()"> | |
17 | ${self.menu('admin')} |
|
17 | ${self.menu('admin')} | |
18 | </%def> |
|
18 | </%def> | |
19 |
|
19 | |||
20 | <%def name="main()"> |
|
20 | <%def name="main()"> | |
21 | <div class="box box-left"> |
|
21 | <div class="box box-left"> | |
22 | <!-- box / title --> |
|
22 | <!-- box / title --> | |
23 | <div class="title"> |
|
23 | <div class="title"> | |
24 | ${self.breadcrumbs()} |
|
24 | ${self.breadcrumbs()} | |
25 | </div> |
|
25 | </div> | |
26 | <!-- end box / title --> |
|
26 | <!-- end box / title --> | |
27 | ${h.form(url('user', id=c.user.user_id),method='put')} |
|
27 | ${h.form(url('user', id=c.user.user_id),method='put')} | |
28 | <div class="form"> |
|
28 | <div class="form"> | |
29 | <!-- fields --> |
|
29 | <!-- fields --> | |
30 | <div class="fields"> |
|
30 | <div class="fields"> | |
31 | <div class="field"> |
|
31 | <div class="field"> | |
32 | <div class="gravatar_box"> |
|
32 | <div class="gravatar_box"> | |
33 | <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div> |
|
33 | <div class="gravatar"><img alt="gravatar" src="${h.gravatar_url(c.user.email)}"/></div> | |
34 | <p> |
|
34 | <p> | |
35 | <strong>Change your avatar at <a href="http://gravatar.com">gravatar.com</a></strong><br/> |
|
35 | <strong>Change your avatar at <a href="http://gravatar.com">gravatar.com</a></strong><br/> | |
36 | ${_('Using')} ${c.user.email} |
|
36 | ${_('Using')} ${c.user.email} | |
37 | </p> |
|
37 | </p> | |
38 | </div> |
|
38 | </div> | |
39 | </div> |
|
39 | </div> | |
40 |
|
40 | |||
41 | <div class="field"> |
|
41 | <div class="field"> | |
42 | <div class="label"> |
|
42 | <div class="label"> | |
43 | <label for="username">${_('Username')}:</label> |
|
43 | <label for="username">${_('Username')}:</label> | |
44 | </div> |
|
44 | </div> | |
45 | <div class="input"> |
|
45 | <div class="input"> | |
46 | ${h.text('username',class_='medium')} |
|
46 | ${h.text('username',class_='medium')} | |
47 | </div> |
|
47 | </div> | |
48 | </div> |
|
48 | </div> | |
49 |
|
49 | |||
50 | <div class="field"> |
|
50 | <div class="field"> | |
51 | <div class="label"> |
|
51 | <div class="label"> | |
52 | <label for="new_password">${_('New password')}:</label> |
|
52 | <label for="new_password">${_('New password')}:</label> | |
53 | </div> |
|
53 | </div> | |
54 | <div class="input"> |
|
54 | <div class="input"> | |
55 | ${h.password('new_password',class_='medium')} |
|
55 | ${h.password('new_password',class_='medium')} | |
56 | </div> |
|
56 | </div> | |
57 | </div> |
|
57 | </div> | |
58 |
|
58 | |||
59 | <div class="field"> |
|
59 | <div class="field"> | |
60 | <div class="label"> |
|
60 | <div class="label"> | |
61 | <label for="name">${_('First Name')}:</label> |
|
61 | <label for="name">${_('First Name')}:</label> | |
62 | </div> |
|
62 | </div> | |
63 | <div class="input"> |
|
63 | <div class="input"> | |
64 | ${h.text('name',class_='medium')} |
|
64 | ${h.text('name',class_='medium')} | |
65 | </div> |
|
65 | </div> | |
66 | </div> |
|
66 | </div> | |
67 |
|
67 | |||
68 | <div class="field"> |
|
68 | <div class="field"> | |
69 | <div class="label"> |
|
69 | <div class="label"> | |
70 | <label for="lastname">${_('Last Name')}:</label> |
|
70 | <label for="lastname">${_('Last Name')}:</label> | |
71 | </div> |
|
71 | </div> | |
72 | <div class="input"> |
|
72 | <div class="input"> | |
73 | ${h.text('lastname',class_='medium')} |
|
73 | ${h.text('lastname',class_='medium')} | |
74 | </div> |
|
74 | </div> | |
75 | </div> |
|
75 | </div> | |
76 |
|
76 | |||
77 | <div class="field"> |
|
77 | <div class="field"> | |
78 | <div class="label"> |
|
78 | <div class="label"> | |
79 | <label for="email">${_('Email')}:</label> |
|
79 | <label for="email">${_('Email')}:</label> | |
80 | </div> |
|
80 | </div> | |
81 | <div class="input"> |
|
81 | <div class="input"> | |
82 | ${h.text('email',class_='medium')} |
|
82 | ${h.text('email',class_='medium')} | |
83 | </div> |
|
83 | </div> | |
84 | </div> |
|
84 | </div> | |
85 |
|
85 | |||
86 | <div class="field"> |
|
86 | <div class="field"> | |
87 | <div class="label label-checkbox"> |
|
87 | <div class="label label-checkbox"> | |
88 | <label for="active">${_('Active')}:</label> |
|
88 | <label for="active">${_('Active')}:</label> | |
89 | </div> |
|
89 | </div> | |
90 | <div class="checkboxes"> |
|
90 | <div class="checkboxes"> | |
91 | ${h.checkbox('active',value=True)} |
|
91 | ${h.checkbox('active',value=True)} | |
92 | </div> |
|
92 | </div> | |
93 | </div> |
|
93 | </div> | |
94 |
|
94 | |||
95 | <div class="field"> |
|
95 | <div class="field"> | |
96 | <div class="label label-checkbox"> |
|
96 | <div class="label label-checkbox"> | |
97 | <label for="admin">${_('Admin')}:</label> |
|
97 | <label for="admin">${_('Admin')}:</label> | |
98 | </div> |
|
98 | </div> | |
99 | <div class="checkboxes"> |
|
99 | <div class="checkboxes"> | |
100 | ${h.checkbox('admin',value=True)} |
|
100 | ${h.checkbox('admin',value=True)} | |
101 | </div> |
|
101 | </div> | |
102 | </div> |
|
102 | </div> | |
103 | <div class="buttons"> |
|
103 | <div class="buttons"> | |
104 | ${h.submit('save','Save',class_="ui-button")} |
|
104 | ${h.submit('save','Save',class_="ui-button")} | |
105 | ${h.reset('reset','Reset',class_="ui-button")} |
|
105 | ${h.reset('reset','Reset',class_="ui-button")} | |
106 | </div> |
|
106 | </div> | |
107 | </div> |
|
107 | </div> | |
108 | </div> |
|
108 | </div> | |
109 | ${h.end_form()} |
|
109 | ${h.end_form()} | |
110 | </div> |
|
110 | </div> | |
111 | <div class="box box-right"> |
|
111 | <div class="box box-right"> | |
112 | <!-- box / title --> |
|
112 | <!-- box / title --> | |
113 | <div class="title"> |
|
113 | <div class="title"> | |
114 | <h5>${_('Permissions')}</h5> |
|
114 | <h5>${_('Permissions')}</h5> | |
115 | </div> |
|
115 | </div> | |
116 | <div class="table"> |
|
116 | <form id="map_form" method="post" action="{%url update_permissions %}"> | |
117 | Permissions settings goes here ! |
|
117 | <div class="form"> | |
118 | </div> |
|
118 | <div class="fields"> | |
|
119 | ||||
|
120 | ||||
|
121 | ||||
|
122 | <table> | |||
|
123 | <tr> | |||
|
124 | <td class="label">${_('Permissions')}:</td> | |||
|
125 | <td> | |||
|
126 | <div> | |||
|
127 | <div style="float:left"> | |||
|
128 | <div class="text">${_('Granted permissions')}</div> | |||
|
129 | ${h.select('granted_permissions',[],c.granted_permissions,multiple=True,size=8,style="min-width:210px")} | |||
|
130 | </div> | |||
|
131 | <div style="float:left;width:20px;padding-top:50px"> | |||
|
132 | <img alt="add" id="add_element" | |||
|
133 | style="padding:2px;cursor:pointer" | |||
|
134 | src="/images/icons/arrow_left.png"> | |||
|
135 | <br /> | |||
|
136 | <img alt="remove" id="remove_element" | |||
|
137 | style="padding:2px;cursor:pointer" | |||
|
138 | src="/images/icons/arrow_right.png"> | |||
|
139 | </div> | |||
|
140 | <div style="float:left"> | |||
|
141 | <div class="text">${_('Available permissions')}</div> | |||
|
142 | ${h.select('available_permissions',[],c.available_permissions,multiple=True,size=8,style="min-width:210px")} | |||
|
143 | </div> | |||
|
144 | </div> | |||
|
145 | </td> | |||
|
146 | </tr> | |||
|
147 | ||||
|
148 | </table> | |||
|
149 | <div class="buttons"> | |||
|
150 | ${h.submit('Save','Save',class_="ui-button")} | |||
|
151 | </div> | |||
|
152 | </div> | |||
|
153 | </div> | |||
|
154 | </form> | |||
|
155 | ||||
|
156 | ||||
|
157 | <script type="text/javascript"> | |||
|
158 | YAHOO.util.Event.onDOMReady(function(){ | |||
|
159 | ||||
|
160 | var D = YAHOO.util.Dom; | |||
|
161 | var E = YAHOO.util.Event; | |||
|
162 | ||||
|
163 | //temp container for storage. | |||
|
164 | var cache = new Array(); | |||
|
165 | var c = D.get('id_granted_permissions'); | |||
|
166 | ||||
|
167 | //get only selected options for further fullfilment | |||
|
168 | for(var i = 0;node =c.options[i];i++){ | |||
|
169 | if(node.selected){ | |||
|
170 | //push selected to my temp storage left overs :) | |||
|
171 | cache.push(node); | |||
|
172 | } | |||
|
173 | } | |||
|
174 | ||||
|
175 | //clear select | |||
|
176 | c.options.length = 0; | |||
|
177 | ||||
|
178 | //fill it with remembered options | |||
|
179 | for(var i = 0;node = cache[i];i++){ | |||
|
180 | c.options[i]=new Option(node.text, node.value, false, false); | |||
|
181 | } | |||
|
182 | ||||
|
183 | function target_callback(e){ | |||
|
184 | window.location='/admin/t4?g='+e.target.value; | |||
|
185 | } | |||
|
186 | ||||
|
187 | function prompts_action_callback(e){ | |||
|
188 | ||||
|
189 | var choosen = D.get('id_granted_permissions'); | |||
|
190 | var availible = D.get('id_available_permissions'); | |||
|
191 | ||||
|
192 | if (this.id=='add_element'){ | |||
|
193 | for(var i=0; node = availible.options[i];i++){ | |||
|
194 | if(node.selected){ | |||
|
195 | choosen.appendChild(new Option(node.text, node.value, false, false)); | |||
|
196 | } | |||
|
197 | } | |||
|
198 | } | |||
|
199 | else if (this.id=='remove_element'){ | |||
|
200 | ||||
|
201 | //temp container for storage. | |||
|
202 | cache = new Array(); | |||
|
203 | ||||
|
204 | for(var i = 0;node = choosen.options[i];i++){ | |||
|
205 | if(!node.selected){ | |||
|
206 | //push left overs :) | |||
|
207 | cache.push(node); | |||
|
208 | } | |||
|
209 | } | |||
|
210 | //clear select | |||
|
211 | choosen.options.length = 0; | |||
|
212 | for(var i = 0;node = cache[i];i++){ | |||
|
213 | choosen.options[i]=new Option(node.text, node.value, false, false); | |||
|
214 | } | |||
|
215 | } | |||
|
216 | else{ | |||
|
217 | ||||
|
218 | } | |||
|
219 | } | |||
|
220 | ||||
|
221 | E.addListener('id_groups','change',target_callback); | |||
|
222 | ||||
|
223 | E.addListener(['add_element','remove_element'],'click',prompts_action_callback) | |||
|
224 | ||||
|
225 | E.addListener('map_form','submit',function(){ | |||
|
226 | var choosen = D.get('id_granted_permissions'); | |||
|
227 | for (var i = 0; i < choosen.options.length; i++) { | |||
|
228 | choosen.options[i].selected = 'selected'; | |||
|
229 | } | |||
|
230 | }) | |||
|
231 | }); | |||
|
232 | </script> | |||
119 | </div> |
|
233 | </div> | |
120 | </%def> No newline at end of file |
|
234 | </%def> |
@@ -1,119 +1,119 b'' | |||||
1 | from rhodecode.tests import * |
|
1 | from rhodecode.tests import * | |
2 | from rhodecode.model.db import User |
|
2 | from rhodecode.model.db import User | |
3 | from rhodecode.lib.auth import check_password |
|
3 | from rhodecode.lib.auth import check_password | |
4 | from sqlalchemy.orm.exc import NoResultFound |
|
4 | from sqlalchemy.orm.exc import NoResultFound | |
5 |
|
5 | |||
6 | class TestAdminUsersController(TestController): |
|
6 | class TestAdminUsersController(TestController): | |
7 |
|
7 | |||
8 | def test_index(self): |
|
8 | def test_index(self): | |
9 | response = self.app.get(url('users')) |
|
9 | response = self.app.get(url('users')) | |
10 | # Test response... |
|
10 | # Test response... | |
11 |
|
11 | |||
12 | def test_index_as_xml(self): |
|
12 | def test_index_as_xml(self): | |
13 | response = self.app.get(url('formatted_users', format='xml')) |
|
13 | response = self.app.get(url('formatted_users', format='xml')) | |
14 |
|
14 | |||
15 | def test_create(self): |
|
15 | def test_create(self): | |
16 | self.log_user() |
|
16 | self.log_user() | |
17 | username = 'newtestuser' |
|
17 | username = 'newtestuser' | |
18 | password = 'test12' |
|
18 | password = 'test12' | |
19 | name = 'name' |
|
19 | name = 'name' | |
20 | lastname = 'lastname' |
|
20 | lastname = 'lastname' | |
21 | email = 'mail@mail.com' |
|
21 | email = 'mail@mail.com' | |
22 |
|
22 | |||
23 | response = self.app.post(url('users'), {'username':username, |
|
23 | response = self.app.post(url('users'), {'username':username, | |
24 | 'password':password, |
|
24 | 'password':password, | |
25 | 'name':name, |
|
25 | 'name':name, | |
26 | 'active':True, |
|
26 | 'active':True, | |
27 | 'lastname':lastname, |
|
27 | 'lastname':lastname, | |
28 | 'email':email}) |
|
28 | 'email':email}) | |
29 |
|
29 | |||
30 |
|
30 | |||
31 | assert '''created user %s''' % (username) in response.session['flash'][0], 'No flash message about new user' |
|
31 | assert '''created user %s''' % (username) in response.session['flash'][0], 'No flash message about new user' | |
32 |
|
32 | |||
33 | new_user = self.sa.query(User).filter(User.username == username).one() |
|
33 | new_user = self.sa.query(User).filter(User.username == username).one() | |
34 |
|
34 | |||
35 |
|
35 | |||
36 | assert new_user.username == username, 'wrong info about username' |
|
36 | assert new_user.username == username, 'wrong info about username' | |
37 | assert check_password(password, new_user.password) == True , 'wrong info about password' |
|
37 | assert check_password(password, new_user.password) == True , 'wrong info about password' | |
38 | assert new_user.name == name, 'wrong info about name' |
|
38 | assert new_user.name == name, 'wrong info about name' | |
39 | assert new_user.lastname == lastname, 'wrong info about lastname' |
|
39 | assert new_user.lastname == lastname, 'wrong info about lastname' | |
40 | assert new_user.email == email, 'wrong info about email' |
|
40 | assert new_user.email == email, 'wrong info about email' | |
41 |
|
41 | |||
42 |
|
42 | |||
43 | response.follow() |
|
43 | response.follow() | |
44 | response = response.follow() |
|
44 | response = response.follow() | |
45 | assert """edit">newtestuser</a>""" in response.body |
|
45 | assert """edit">newtestuser</a>""" in response.body | |
46 |
|
46 | |||
47 | def test_create_err(self): |
|
47 | def test_create_err(self): | |
48 | self.log_user() |
|
48 | self.log_user() | |
49 | username = 'new_user' |
|
49 | username = 'new_user' | |
50 | password = '' |
|
50 | password = '' | |
51 | name = 'name' |
|
51 | name = 'name' | |
52 | lastname = 'lastname' |
|
52 | lastname = 'lastname' | |
53 | email = 'errmail.com' |
|
53 | email = 'errmail.com' | |
54 |
|
54 | |||
55 | response = self.app.post(url('users'), {'username':username, |
|
55 | response = self.app.post(url('users'), {'username':username, | |
56 | 'password':password, |
|
56 | 'password':password, | |
57 | 'name':name, |
|
57 | 'name':name, | |
58 | 'active':False, |
|
58 | 'active':False, | |
59 | 'lastname':lastname, |
|
59 | 'lastname':lastname, | |
60 | 'email':email}) |
|
60 | 'email':email}) | |
61 |
|
61 | |||
62 | assert """<span class="error-message">Invalid username</span>""" in response.body |
|
62 | assert """<span class="error-message">Invalid username</span>""" in response.body | |
63 | assert """<span class="error-message">Please enter a value</span>""" in response.body |
|
63 | assert """<span class="error-message">Please enter a value</span>""" in response.body | |
64 | assert """<span class="error-message">An email address must contain a single @</span>""" in response.body |
|
64 | assert """<span class="error-message">An email address must contain a single @</span>""" in response.body | |
65 |
|
65 | |||
66 | def get_user(): |
|
66 | def get_user(): | |
67 | self.sa.query(User).filter(User.username == username).one() |
|
67 | self.sa.query(User).filter(User.username == username).one() | |
68 |
|
68 | |||
69 | self.assertRaises(NoResultFound, get_user), 'found user in database' |
|
69 | self.assertRaises(NoResultFound, get_user), 'found user in database' | |
70 |
|
70 | |||
71 | def test_new(self): |
|
71 | def test_new(self): | |
72 | response = self.app.get(url('new_user')) |
|
72 | response = self.app.get(url('new_user')) | |
73 |
|
73 | |||
74 | def test_new_as_xml(self): |
|
74 | def test_new_as_xml(self): | |
75 | response = self.app.get(url('formatted_new_user', format='xml')) |
|
75 | response = self.app.get(url('formatted_new_user', format='xml')) | |
76 |
|
76 | |||
77 | def test_update(self): |
|
77 | def test_update(self): | |
78 | response = self.app.put(url('user', id=1)) |
|
78 | response = self.app.put(url('user', id=1)) | |
79 |
|
79 | |||
80 | def test_update_browser_fakeout(self): |
|
80 | def test_update_browser_fakeout(self): | |
81 | response = self.app.post(url('user', id=1), params=dict(_method='put')) |
|
81 | response = self.app.post(url('user', id=1), params=dict(_method='put')) | |
82 |
|
82 | |||
83 | def test_delete(self): |
|
83 | def test_delete(self): | |
84 | self.log_user() |
|
84 | self.log_user() | |
85 | username = 'newtestuserdeleteme' |
|
85 | username = 'newtestuserdeleteme' | |
86 | password = 'test12' |
|
86 | password = 'test12' | |
87 | name = 'name' |
|
87 | name = 'name' | |
88 | lastname = 'lastname' |
|
88 | lastname = 'lastname' | |
89 | email = 'todeletemail@mail.com' |
|
89 | email = 'todeletemail@mail.com' | |
90 |
|
90 | |||
91 | response = self.app.post(url('users'), {'username':username, |
|
91 | response = self.app.post(url('users'), {'username':username, | |
92 | 'password':password, |
|
92 | 'password':password, | |
93 | 'name':name, |
|
93 | 'name':name, | |
94 | 'active':True, |
|
94 | 'active':True, | |
95 | 'lastname':lastname, |
|
95 | 'lastname':lastname, | |
96 | 'email':email}) |
|
96 | 'email':email}) | |
97 |
|
97 | |||
98 | response = response.follow() |
|
98 | response = response.follow() | |
99 |
|
99 | |||
100 | new_user = self.sa.query(User).filter(User.username == username).one() |
|
100 | new_user = self.sa.query(User).filter(User.username == username).one() | |
101 | response = self.app.delete(url('user', id=new_user.user_id)) |
|
101 | response = self.app.delete(url('user', id=new_user.user_id)) | |
102 |
|
102 | |||
103 | assert """sucessfully deleted user""" in response.session['flash'][0], 'No info about user deletion' |
|
103 | assert """successfully deleted user""" in response.session['flash'][0], 'No info about user deletion' | |
104 |
|
104 | |||
105 |
|
105 | |||
106 | def test_delete_browser_fakeout(self): |
|
106 | def test_delete_browser_fakeout(self): | |
107 | response = self.app.post(url('user', id=1), params=dict(_method='delete')) |
|
107 | response = self.app.post(url('user', id=1), params=dict(_method='delete')) | |
108 |
|
108 | |||
109 | def test_show(self): |
|
109 | def test_show(self): | |
110 | response = self.app.get(url('user', id=1)) |
|
110 | response = self.app.get(url('user', id=1)) | |
111 |
|
111 | |||
112 | def test_show_as_xml(self): |
|
112 | def test_show_as_xml(self): | |
113 | response = self.app.get(url('formatted_user', id=1, format='xml')) |
|
113 | response = self.app.get(url('formatted_user', id=1, format='xml')) | |
114 |
|
114 | |||
115 | def test_edit(self): |
|
115 | def test_edit(self): | |
116 | response = self.app.get(url('edit_user', id=1)) |
|
116 | response = self.app.get(url('edit_user', id=1)) | |
117 |
|
117 | |||
118 | def test_edit_as_xml(self): |
|
118 | def test_edit_as_xml(self): | |
119 | response = self.app.get(url('formatted_edit_user', id=1, format='xml')) |
|
119 | response = self.app.get(url('formatted_edit_user', id=1, format='xml')) |
General Comments 0
You need to be logged in to leave comments.
Login now