##// END OF EJS Templates
implements #329...
marcink -
r1793:631caf88 beta
parent child Browse files
Show More
@@ -223,8 +223,8 b' OUTPUT::'
223 }
223 }
224 error: null
224 error: null
225
225
226 add_user_to_users_groups
226 add_user_to_users_group
227 ------------------------
227 -----------------------
228
228
229 Adds a user to a users group. This command can be executed only using api_key
229 Adds a user to a users group. This command can be executed only using api_key
230 belonging to user with admin rights
230 belonging to user with admin rights
@@ -302,14 +302,14 b' OUTPUT::'
302 "active" : "<bool>",
302 "active" : "<bool>",
303 "admin" :Β  "<bool>",
303 "admin" :Β  "<bool>",
304 "ldap" : "<ldap_dn>",
304 "ldap" : "<ldap_dn>",
305 "permission" : "repository_(read|write|admin)"
305 "permission" : "repository.(read|write|admin)"
306 },
306 },
307 …
307 …
308 {
308 {
309 "id" : "<usersgroupid>",
309 "id" : "<usersgroupid>",
310 "name" : "<usersgroupname>",
310 "name" : "<usersgroupname>",
311 "active": "<bool>",
311 "active": "<bool>",
312 "permission" : "repository_(read|write|admin)"
312 "permission" : "repository.(read|write|admin)"
313 },
313 },
314 …
314 …
315 ]
315 ]
@@ -356,10 +356,27 b' INPUT::'
356 args: {
356 args: {
357 "repo_name" : "<reponame>",
357 "repo_name" : "<reponame>",
358 "user_name" : "<username>",
358 "user_name" : "<username>",
359 "perm" : "(None|repository_(read|write|admin))",
359 "perm" : "(None|repository.(read|write|admin))",
360 }
360 }
361
361
362 OUTPUT::
362 OUTPUT::
363
363
364 result: None
364 result: None
365 error: null
365 error: null
366
367 add_users_group_to_repo
368 -----------------------
369
370 Add a users group to a repository. This command can be executed only using
371 api_key belonging to user with admin rights. If "perm" is None, group will
372 be removed from the repository.
373
374 INPUT::
375
376 api_key : "<api_key>"
377 method : "add_users_group_to_repo"
378 args: {
379 "repo_name" : "<reponame>",
380 "group_name" : "<groupname>",
381 "perm" : "(None|repository.(read|write|admin))",
382 } No newline at end of file
@@ -46,6 +46,7 b' from rhodecode.lib.auth import AuthUser'
46
46
47 log = logging.getLogger('JSONRPC')
47 log = logging.getLogger('JSONRPC')
48
48
49
49 class JSONRPCError(BaseException):
50 class JSONRPCError(BaseException):
50
51
51 def __init__(self, message):
52 def __init__(self, message):
@@ -67,19 +68,18 b' def jsonrpc_error(message, code=None):'
67 return resp
68 return resp
68
69
69
70
70
71 class JSONRPCController(WSGIController):
71 class JSONRPCController(WSGIController):
72 """
72 """
73 A WSGI-speaking JSON-RPC controller class
73 A WSGI-speaking JSON-RPC controller class
74
74
75 See the specification:
75 See the specification:
76 <http://json-rpc.org/wiki/specification>`.
76 <http://json-rpc.org/wiki/specification>`.
77
77
78 Valid controller return values should be json-serializable objects.
78 Valid controller return values should be json-serializable objects.
79
79
80 Sub-classes should catch their exceptions and raise JSONRPCError
80 Sub-classes should catch their exceptions and raise JSONRPCError
81 if they want to pass meaningful errors to the client.
81 if they want to pass meaningful errors to the client.
82
82
83 """
83 """
84
84
85 def _get_method_args(self):
85 def _get_method_args(self):
@@ -111,7 +111,7 b' class JSONRPCController(WSGIController):'
111 try:
111 try:
112 json_body = json.loads(urllib.unquote_plus(raw_body))
112 json_body = json.loads(urllib.unquote_plus(raw_body))
113 except ValueError, e:
113 except ValueError, e:
114 #catch JSON errors Here
114 # catch JSON errors Here
115 return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
115 return jsonrpc_error(message="JSON parse error ERR:%s RAW:%r" \
116 % (e, urllib.unquote_plus(raw_body)))
116 % (e, urllib.unquote_plus(raw_body)))
117
117
@@ -120,10 +120,10 b' class JSONRPCController(WSGIController):'
120 self._req_api_key = json_body['api_key']
120 self._req_api_key = json_body['api_key']
121 self._req_id = json_body['id']
121 self._req_id = json_body['id']
122 self._req_method = json_body['method']
122 self._req_method = json_body['method']
123 self._req_params = json_body['args']
123 self._request_params = json_body['args']
124 log.debug('method: %s, params: %s',
124 log.debug('method: %s, params: %s',
125 self._req_method,
125 self._req_method,
126 self._req_params)
126 self._request_params)
127 except KeyError, e:
127 except KeyError, e:
128 return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
128 return jsonrpc_error(message='Incorrect JSON query missing %s' % e)
129
129
@@ -146,13 +146,14 b' class JSONRPCController(WSGIController):'
146 # self.kargs and dispatch control to WGIController
146 # self.kargs and dispatch control to WGIController
147 argspec = inspect.getargspec(self._func)
147 argspec = inspect.getargspec(self._func)
148 arglist = argspec[0][1:]
148 arglist = argspec[0][1:]
149 defaults = argspec[3] or []
149 defaults = map(type, argspec[3] or [])
150 default_empty = types.NotImplementedType
150 default_empty = types.NotImplementedType
151
151
152 kwarglist = list(izip_longest(reversed(arglist), reversed(defaults),
152 # kw arguments required by this method
153 fillvalue=default_empty))
153 func_kwargs = dict(izip_longest(reversed(arglist), reversed(defaults),
154 fillvalue=default_empty))
154
155
155 # this is little trick to inject logged in user for
156 # this is little trick to inject logged in user for
156 # perms decorators to work they expect the controller class to have
157 # perms decorators to work they expect the controller class to have
157 # rhodecode_user attribute set
158 # rhodecode_user attribute set
158 self.rhodecode_user = auth_u
159 self.rhodecode_user = auth_u
@@ -167,21 +168,23 b' class JSONRPCController(WSGIController):'
167 (self._func.__name__, USER_SESSION_ATTR))
168 (self._func.__name__, USER_SESSION_ATTR))
168
169
169 # get our arglist and check if we provided them as args
170 # get our arglist and check if we provided them as args
170 for arg, default in kwarglist:
171 for arg, default in func_kwargs.iteritems():
171 if arg == USER_SESSION_ATTR:
172 if arg == USER_SESSION_ATTR:
172 # USER_SESSION_ATTR is something translated from api key and
173 # USER_SESSION_ATTR is something translated from api key and
173 # this is checked before so we don't need validate it
174 # this is checked before so we don't need validate it
174 continue
175 continue
175
176
176 # skip the required param check if it's default value is
177 # skip the required param check if it's default value is
177 # NotImplementedType (default_empty)
178 # NotImplementedType (default_empty)
178 if not self._req_params or (type(default) == default_empty
179 if (default == default_empty and arg not in self._request_params):
179 and arg not in self._req_params):
180 return jsonrpc_error(
180 return jsonrpc_error(message=('Missing non optional %s arg '
181 message=(
181 'in JSON DATA') % arg)
182 'Missing non optional `%s` arg in JSON DATA' % arg
183 )
184 )
182
185
183 self._rpc_args = {USER_SESSION_ATTR:u}
186 self._rpc_args = {USER_SESSION_ATTR: u}
184 self._rpc_args.update(self._req_params)
187 self._rpc_args.update(self._request_params)
185
188
186 self._rpc_args['action'] = self._req_method
189 self._rpc_args['action'] = self._req_method
187 self._rpc_args['environ'] = environ
190 self._rpc_args['environ'] = environ
@@ -190,6 +193,7 b' class JSONRPCController(WSGIController):'
190 status = []
193 status = []
191 headers = []
194 headers = []
192 exc_info = []
195 exc_info = []
196
193 def change_content(new_status, new_headers, new_exc_info=None):
197 def change_content(new_status, new_headers, new_exc_info=None):
194 status.append(new_status)
198 status.append(new_status)
195 headers.extend(new_headers)
199 headers.extend(new_headers)
@@ -60,41 +60,47 b' class ApiController(JSONRPCController):'
60 """"
60 """"
61 Get a user by username
61 Get a user by username
62
62
63 :param apiuser
63 :param apiuser:
64 :param username
64 :param username:
65 """
65 """
66
66
67 user = User.get_by_username(username)
67 user = User.get_by_username(username)
68 if not user:
68 if not user:
69 return None
69 return None
70
70
71 return dict(id=user.user_id,
71 return dict(
72 id=user.user_id,
73 username=user.username,
74 firstname=user.name,
75 lastname=user.lastname,
76 email=user.email,
77 active=user.active,
78 admin=user.admin,
79 ldap=user.ldap_dn
80 )
81
82 @HasPermissionAllDecorator('hg.admin')
83 def get_users(self, apiuser):
84 """"
85 Get all users
86
87 :param apiuser:
88 """
89
90 result = []
91 for user in User.getAll():
92 result.append(
93 dict(
94 id=user.user_id,
72 username=user.username,
95 username=user.username,
73 firstname=user.name,
96 firstname=user.name,
74 lastname=user.lastname,
97 lastname=user.lastname,
75 email=user.email,
98 email=user.email,
76 active=user.active,
99 active=user.active,
77 admin=user.admin,
100 admin=user.admin,
78 ldap=user.ldap_dn)
101 ldap=user.ldap_dn
79
102 )
80 @HasPermissionAllDecorator('hg.admin')
103 )
81 def get_users(self, apiuser):
82 """"
83 Get all users
84
85 :param apiuser
86 """
87
88 result = []
89 for user in User.getAll():
90 result.append(dict(id=user.user_id,
91 username=user.username,
92 firstname=user.name,
93 lastname=user.lastname,
94 email=user.email,
95 active=user.active,
96 admin=user.admin,
97 ldap=user.ldap_dn))
98 return result
104 return result
99
105
100 @HasPermissionAllDecorator('hg.admin')
106 @HasPermissionAllDecorator('hg.admin')
@@ -131,8 +137,8 b' class ApiController(JSONRPCController):'
131 """"
137 """"
132 Get users group by name
138 Get users group by name
133
139
134 :param apiuser
140 :param apiuser:
135 :param group_name
141 :param group_name:
136 """
142 """
137
143
138 users_group = UsersGroup.get_by_group_name(group_name)
144 users_group = UsersGroup.get_by_group_name(group_name)
@@ -161,7 +167,7 b' class ApiController(JSONRPCController):'
161 """"
167 """"
162 Get all users groups
168 Get all users groups
163
169
164 :param apiuser
170 :param apiuser:
165 """
171 """
166
172
167 result = []
173 result = []
@@ -210,9 +216,9 b' class ApiController(JSONRPCController):'
210 """"
216 """"
211 Add a user to a group
217 Add a user to a group
212
218
213 :param apiuser
219 :param apiuser:
214 :param group_name
220 :param group_name:
215 :param user_name
221 :param user_name:
216 """
222 """
217
223
218 try:
224 try:
@@ -238,8 +244,8 b' class ApiController(JSONRPCController):'
238 """"
244 """"
239 Get repository by name
245 Get repository by name
240
246
241 :param apiuser
247 :param apiuser:
242 :param repo_name
248 :param repo_name:
243 """
249 """
244
250
245 repo = Repository.get_by_repo_name(repo_name)
251 repo = Repository.get_by_repo_name(repo_name)
@@ -250,45 +256,59 b' class ApiController(JSONRPCController):'
250 for user in repo.repo_to_perm:
256 for user in repo.repo_to_perm:
251 perm = user.permission.permission_name
257 perm = user.permission.permission_name
252 user = user.user
258 user = user.user
253 members.append(dict(type_="user",
259 members.append(
254 id=user.user_id,
260 dict(
255 username=user.username,
261 type_="user",
256 firstname=user.name,
262 id=user.user_id,
257 lastname=user.lastname,
263 username=user.username,
258 email=user.email,
264 firstname=user.name,
259 active=user.active,
265 lastname=user.lastname,
260 admin=user.admin,
266 email=user.email,
261 ldap=user.ldap_dn,
267 active=user.active,
262 permission=perm))
268 admin=user.admin,
269 ldap=user.ldap_dn,
270 permission=perm
271 )
272 )
263 for users_group in repo.users_group_to_perm:
273 for users_group in repo.users_group_to_perm:
264 perm = users_group.permission.permission_name
274 perm = users_group.permission.permission_name
265 users_group = users_group.users_group
275 users_group = users_group.users_group
266 members.append(dict(type_="users_group",
276 members.append(
267 id=users_group.users_group_id,
277 dict(
268 name=users_group.users_group_name,
278 type_="users_group",
269 active=users_group.users_group_active,
279 id=users_group.users_group_id,
270 permission=perm))
280 name=users_group.users_group_name,
281 active=users_group.users_group_active,
282 permission=perm
283 )
284 )
271
285
272 return dict(id=repo.repo_id,
286 return dict(
273 name=repo.repo_name,
287 id=repo.repo_id,
274 type=repo.repo_type,
288 name=repo.repo_name,
275 description=repo.description,
289 type=repo.repo_type,
276 members=members)
290 description=repo.description,
291 members=members
292 )
277
293
278 @HasPermissionAnyDecorator('hg.admin')
294 @HasPermissionAnyDecorator('hg.admin')
279 def get_repos(self, apiuser):
295 def get_repos(self, apiuser):
280 """"
296 """"
281 Get all repositories
297 Get all repositories
282
298
283 :param apiuser
299 :param apiuser:
284 """
300 """
285
301
286 result = []
302 result = []
287 for repository in Repository.getAll():
303 for repository in Repository.getAll():
288 result.append(dict(id=repository.repo_id,
304 result.append(
289 name=repository.repo_name,
305 dict(
290 type=repository.repo_type,
306 id=repository.repo_id,
291 description=repository.description))
307 name=repository.repo_name,
308 type=repository.repo_type,
309 description=repository.description
310 )
311 )
292 return result
312 return result
293
313
294 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
314 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
@@ -297,12 +317,12 b' class ApiController(JSONRPCController):'
297 """
317 """
298 Create a repository
318 Create a repository
299
319
300 :param apiuser
320 :param apiuser:
301 :param name
321 :param name:
302 :param description
322 :param description:
303 :param type
323 :param type:
304 :param private
324 :param private:
305 :param owner_name
325 :param owner_name:
306 """
326 """
307
327
308 try:
328 try:
@@ -321,18 +341,27 b' class ApiController(JSONRPCController):'
321 for g in groups:
341 for g in groups:
322 group = RepoGroup.get_by_group_name(g)
342 group = RepoGroup.get_by_group_name(g)
323 if not group:
343 if not group:
324 group = ReposGroupModel().create(dict(group_name=g,
344 group = ReposGroupModel().create(
325 group_description='',
345 dict(
326 group_parent_id=parent_id))
346 group_name=g,
347 group_description='',
348 group_parent_id=parent_id
349 )
350 )
327 parent_id = group.group_id
351 parent_id = group.group_id
328
352
329 RepoModel().create(dict(repo_name=real_name,
353 RepoModel().create(
330 repo_name_full=name,
354 dict(
331 description=description,
355 repo_name=real_name,
332 private=private,
356 repo_name_full=name,
333 repo_type=repo_type,
357 description=description,
334 repo_group=parent_id,
358 private=private,
335 clone_uri=None), owner)
359 repo_type=repo_type,
360 repo_group=parent_id,
361 clone_uri=None
362 ),
363 owner
364 )
336 Session.commit()
365 Session.commit()
337 except Exception:
366 except Exception:
338 log.error(traceback.format_exc())
367 log.error(traceback.format_exc())
@@ -343,16 +372,16 b' class ApiController(JSONRPCController):'
343 """
372 """
344 Add permission for a user to a repository
373 Add permission for a user to a repository
345
374
346 :param apiuser
375 :param apiuser:
347 :param repo_name
376 :param repo_name:
348 :param user_name
377 :param user_name:
349 :param perm
378 :param perm:
350 """
379 """
351
380
352 try:
381 try:
353 repo = Repository.get_by_repo_name(repo_name)
382 repo = Repository.get_by_repo_name(repo_name)
354 if repo is None:
383 if repo is None:
355 raise JSONRPCError('unknown repository %s' % repo)
384 raise JSONRPCError('unknown repository %s' % repo)
356
385
357 try:
386 try:
358 user = User.get_by_username(user_name)
387 user = User.get_by_username(user_name)
@@ -362,8 +391,54 b' class ApiController(JSONRPCController):'
362 RepositoryPermissionModel()\
391 RepositoryPermissionModel()\
363 .update_or_delete_user_permission(repo, user, perm)
392 .update_or_delete_user_permission(repo, user, perm)
364 Session.commit()
393 Session.commit()
394
395 return dict(
396 msg='Added perm: %s for %s in repo: %s' % (
397 perm, user_name, repo_name
398 )
399 )
365 except Exception:
400 except Exception:
366 log.error(traceback.format_exc())
401 log.error(traceback.format_exc())
367 raise JSONRPCError('failed to edit permission %(repo)s for %(user)s'
402 raise JSONRPCError(
368 % dict(user=user_name, repo=repo_name))
403 'failed to edit permission %(repo)s for %(user)s' % dict(
404 user=user_name, repo=repo_name
405 )
406 )
407
408 @HasPermissionAnyDecorator('hg.admin')
409 def add_users_group_to_repo(self, apiuser, repo_name, group_name, perm):
410 """
411 Add permission for a users group to a repository
412
413 :param apiuser:
414 :param repo_name:
415 :param group_name:
416 :param perm:
417 """
418
419 try:
420 repo = Repository.get_by_repo_name(repo_name)
421 if repo is None:
422 raise JSONRPCError('unknown repository %s' % repo)
369
423
424 try:
425 user_group = UsersGroup.get_by_group_name(group_name)
426 except NoResultFound:
427 raise JSONRPCError('unknown users group %s' % user_group)
428
429 RepositoryPermissionModel()\
430 .update_or_delete_users_group_permission(repo, user_group,
431 perm)
432 Session.commit()
433 return dict(
434 msg='Added perm: %s for %s in repo: %s' % (
435 perm, group_name, repo_name
436 )
437 )
438 except Exception:
439 log.error(traceback.format_exc())
440 raise JSONRPCError(
441 'failed to edit permission %(repo)s for %(usergr)s' % dict(
442 usergr=group_name, repo=repo_name
443 )
444 )
@@ -6,8 +6,9 b''
6 repository permission model for RhodeCode
6 repository permission model for RhodeCode
7
7
8 :created_on: Oct 1, 2011
8 :created_on: Oct 1, 2011
9 :author: nvinot
9 :author: nvinot, marcink
10 :copyright: (C) 2011-2011 Nicolas Vinot <aeris@imirhil.fr>
10 :copyright: (C) 2011-2011 Nicolas Vinot <aeris@imirhil.fr>
11 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
11 :license: GPLv3, see COPYING for more details.
12 :license: GPLv3, see COPYING for more details.
12 """
13 """
13 # This program is free software: you can redistribute it and/or modify
14 # This program is free software: you can redistribute it and/or modify
@@ -25,7 +26,7 b''
25
26
26 import logging
27 import logging
27 from rhodecode.model import BaseModel
28 from rhodecode.model import BaseModel
28 from rhodecode.model.db import UserRepoToPerm, Permission
29 from rhodecode.model.db import UserRepoToPerm, UsersGroupRepoToPerm, Permission
29
30
30 log = logging.getLogger(__name__)
31 log = logging.getLogger(__name__)
31
32
@@ -39,6 +40,15 b' class RepositoryPermissionModel(BaseMode'
39 .scalar()
40 .scalar()
40
41
41 def update_user_permission(self, repository, user, permission):
42 def update_user_permission(self, repository, user, permission):
43
44 #TODO: REMOVE THIS !!
45 ################################
46 import ipdb;ipdb.set_trace()
47 print 'setting ipdb debuggin for rhodecode.model.repo_permission.RepositoryPermissionModel.update_user_permission'
48 ################################
49
50
51
42 permission = Permission.get_by_key(permission)
52 permission = Permission.get_by_key(permission)
43 current = self.get_user_permission(repository, user)
53 current = self.get_user_permission(repository, user)
44 if current:
54 if current:
@@ -56,8 +66,41 b' class RepositoryPermissionModel(BaseMode'
56 if current:
66 if current:
57 self.sa.delete(current)
67 self.sa.delete(current)
58
68
69 def get_users_group_permission(self, repository, users_group):
70 return UsersGroupRepoToPerm.query() \
71 .filter(UsersGroupRepoToPerm.users_group == users_group) \
72 .filter(UsersGroupRepoToPerm.repository == repository) \
73 .scalar()
74
75 def update_users_group_permission(self, repository, users_group,
76 permission):
77 permission = Permission.get_by_key(permission)
78 current = self.get_users_group_permission(repository, users_group)
79 if current:
80 if not current.permission is permission:
81 current.permission = permission
82 else:
83 p = UsersGroupRepoToPerm()
84 p.users_group = users_group
85 p.repository = repository
86 p.permission = permission
87 self.sa.add(p)
88
89 def delete_users_group_permission(self, repository, users_group):
90 current = self.get_users_group_permission(repository, users_group)
91 if current:
92 self.sa.delete(current)
93
59 def update_or_delete_user_permission(self, repository, user, permission):
94 def update_or_delete_user_permission(self, repository, user, permission):
60 if permission:
95 if permission:
61 self.update_user_permission(repository, user, permission)
96 self.update_user_permission(repository, user, permission)
62 else:
97 else:
63 self.delete_user_permission(repository, user)
98 self.delete_user_permission(repository, user)
99
100 def update_or_delete_users_group_permission(self, repository, user_group,
101 permission):
102 if permission:
103 self.update_users_group_permission(repository, user_group,
104 permission)
105 else:
106 self.delete_users_group_permission(repository, user_group) No newline at end of file
General Comments 0
You need to be logged in to leave comments. Login now