Show More
@@ -398,145 +398,148 b' class UserModel(BaseModel):' | |||||
398 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
398 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
399 | p = 'group.admin' |
|
399 | p = 'group.admin' | |
400 | user.permissions[GK][rg_k] = p |
|
400 | user.permissions[GK][rg_k] = p | |
|
401 | return user | |||
401 |
|
402 | |||
402 | else: |
|
403 | #================================================================== | |
403 | #================================================================== |
|
404 | # set default permissions first for repositories and groups | |
404 | # set default permissions first for repositories and groups |
|
405 | #================================================================== | |
405 | #================================================================== |
|
406 | uid = user.user_id | |
406 | uid = user.user_id |
|
|||
407 |
|
407 | |||
408 |
|
|
408 | # default global permissions | |
409 |
|
|
409 | default_global_perms = self.sa.query(UserToPerm)\ | |
410 |
|
|
410 | .filter(UserToPerm.user_id == default_user_id) | |
411 |
|
411 | |||
412 |
|
|
412 | for perm in default_global_perms: | |
413 |
|
|
413 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
414 |
|
414 | |||
415 |
|
|
415 | # defaults for repositories, taken from default user | |
416 |
|
|
416 | for perm in default_repo_perms: | |
417 |
|
|
417 | r_k = perm.UserRepoToPerm.repository.repo_name | |
418 |
|
|
418 | if perm.Repository.private and not (perm.Repository.user_id == uid): | |
419 |
|
|
419 | # disable defaults for private repos, | |
420 |
|
|
420 | p = 'repository.none' | |
421 |
|
|
421 | elif perm.Repository.user_id == uid: | |
422 |
|
|
422 | # set admin if owner | |
423 |
|
|
423 | p = 'repository.admin' | |
424 |
|
|
424 | else: | |
425 |
|
|
425 | p = perm.Permission.permission_name | |
|
426 | ||||
|
427 | user.permissions[RK][r_k] = p | |||
426 |
|
428 | |||
427 | user.permissions[RK][r_k] = p |
|
429 | # defaults for repositories groups taken from default user permission | |
|
430 | # on given group | |||
|
431 | for perm in default_repo_groups_perms: | |||
|
432 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |||
|
433 | p = perm.Permission.permission_name | |||
|
434 | user.permissions[GK][rg_k] = p | |||
|
435 | ||||
|
436 | #================================================================== | |||
|
437 | # overwrite defaults with user permissions if any found | |||
|
438 | #================================================================== | |||
|
439 | ||||
|
440 | # user global permissions | |||
|
441 | user_perms = self.sa.query(UserToPerm)\ | |||
|
442 | .options(joinedload(UserToPerm.permission))\ | |||
|
443 | .filter(UserToPerm.user_id == uid).all() | |||
|
444 | ||||
|
445 | for perm in user_perms: | |||
|
446 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |||
428 |
|
447 | |||
429 | # defaults for repositories groups taken from default user permission |
|
448 | # user explicit permissions for repositories | |
430 | # on given group |
|
449 | user_repo_perms = \ | |
431 | for perm in default_repo_groups_perms: |
|
450 | self.sa.query(UserRepoToPerm, Permission, Repository)\ | |
432 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
451 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ | |
433 | p = perm.Permission.permission_name |
|
452 | .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ | |
434 | user.permissions[GK][rg_k] = p |
|
453 | .filter(UserRepoToPerm.user_id == uid)\ | |
|
454 | .all() | |||
435 |
|
455 | |||
436 | #================================================================== |
|
456 | for perm in user_repo_perms: | |
437 | # overwrite defaults with user permissions if any found |
|
457 | # set admin if owner | |
438 | #================================================================== |
|
458 | r_k = perm.UserRepoToPerm.repository.repo_name | |
|
459 | if perm.Repository.user_id == uid: | |||
|
460 | p = 'repository.admin' | |||
|
461 | else: | |||
|
462 | p = perm.Permission.permission_name | |||
|
463 | user.permissions[RK][r_k] = p | |||
439 |
|
464 | |||
440 | # user global permissions |
|
465 | # USER GROUP | |
441 | user_perms = self.sa.query(UserToPerm)\ |
|
466 | #================================================================== | |
442 | .options(joinedload(UserToPerm.permission))\ |
|
467 | # check if user is part of user groups for this repository and | |
443 | .filter(UserToPerm.user_id == uid).all() |
|
468 | # fill in (or replace with higher) permissions | |
|
469 | #================================================================== | |||
444 |
|
470 | |||
445 | for perm in user_perms: |
|
471 | # users group global | |
446 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
472 | user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ | |
|
473 | .options(joinedload(UsersGroupToPerm.permission))\ | |||
|
474 | .join((UsersGroupMember, UsersGroupToPerm.users_group_id == | |||
|
475 | UsersGroupMember.users_group_id))\ | |||
|
476 | .filter(UsersGroupMember.user_id == uid).all() | |||
|
477 | ||||
|
478 | for perm in user_perms_from_users_groups: | |||
|
479 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |||
447 |
|
480 | |||
448 |
|
|
481 | # users group for repositories permissions | |
449 |
|
|
482 | user_repo_perms_from_users_groups = \ | |
450 |
|
|
483 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ | |
451 |
|
|
484 | .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ | |
452 |
|
|
485 | .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ | |
453 | .filter(UserRepoToPerm.user_id == uid)\ |
|
486 | .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
454 | .all() |
|
487 | .filter(UsersGroupMember.user_id == uid)\ | |
|
488 | .all() | |||
455 |
|
489 | |||
456 |
|
|
490 | for perm in user_repo_perms_from_users_groups: | |
457 | # set admin if owner |
|
491 | r_k = perm.UsersGroupRepoToPerm.repository.repo_name | |
458 |
|
|
492 | p = perm.Permission.permission_name | |
459 | if perm.Repository.user_id == uid: |
|
493 | cur_perm = user.permissions[RK][r_k] | |
460 | p = 'repository.admin' |
|
494 | # overwrite permission only if it's greater than permission | |
461 |
e |
|
495 | # given from other sources | |
462 | p = perm.Permission.permission_name |
|
496 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
463 | user.permissions[RK][r_k] = p |
|
497 | user.permissions[RK][r_k] = p | |
464 |
|
498 | |||
465 | #================================================================== |
|
499 | # REPO GROUP | |
466 | # check if user is part of user groups for this repository and |
|
500 | #================================================================== | |
467 | # fill in (or replace with higher) permissions |
|
501 | # get access for this user for repos group and override defaults | |
468 |
|
|
502 | #================================================================== | |
469 |
|
||||
470 | # users group global |
|
|||
471 | user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ |
|
|||
472 | .options(joinedload(UsersGroupToPerm.permission))\ |
|
|||
473 | .join((UsersGroupMember, UsersGroupToPerm.users_group_id == |
|
|||
474 | UsersGroupMember.users_group_id))\ |
|
|||
475 | .filter(UsersGroupMember.user_id == uid).all() |
|
|||
476 |
|
||||
477 | for perm in user_perms_from_users_groups: |
|
|||
478 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
|||
479 |
|
503 | |||
480 | # users group for repositories permissions |
|
504 | # user explicit permissions for repository | |
481 |
|
|
505 | user_repo_groups_perms = \ | |
482 |
|
|
506 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ | |
483 |
|
|
507 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
484 |
|
|
508 | .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
485 | .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
|
509 | .filter(UserRepoGroupToPerm.user_id == uid)\ | |
486 | .filter(UsersGroupMember.user_id == uid)\ |
|
510 | .all() | |
487 | .all() |
|
|||
488 |
|
511 | |||
489 |
|
|
512 | for perm in user_repo_groups_perms: | |
490 |
|
|
513 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
491 |
|
|
514 | p = perm.Permission.permission_name | |
492 |
|
|
515 | cur_perm = user.permissions[GK][rg_k] | |
493 | # overwrite permission only if it's greater than permission |
|
516 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
494 | # given from other sources |
|
517 | user.permissions[GK][rg_k] = p | |
495 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
|||
496 | user.permissions[RK][r_k] = p |
|
|||
497 |
|
||||
498 | #================================================================== |
|
|||
499 | # get access for this user for repos group and override defaults |
|
|||
500 | #================================================================== |
|
|||
501 |
|
518 | |||
502 | # user explicit permissions for repository |
|
519 | # REPO GROUP + USER GROUP | |
503 | user_repo_groups_perms = \ |
|
520 | #================================================================== | |
504 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
|
521 | # check if user is part of user groups for this repo group and | |
505 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
522 | # fill in (or replace with higher) permissions | |
506 | .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ |
|
523 | #================================================================== | |
507 | .filter(UserRepoGroupToPerm.user_id == uid)\ |
|
|||
508 | .all() |
|
|||
509 |
|
||||
510 | for perm in user_repo_groups_perms: |
|
|||
511 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
|||
512 | p = perm.Permission.permission_name |
|
|||
513 | cur_perm = user.permissions[GK][rg_k] |
|
|||
514 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
|||
515 | user.permissions[GK][rg_k] = p |
|
|||
516 |
|
524 | |||
517 | #================================================================== |
|
525 | # users group for repositories permissions | |
518 | # check if user is part of user groups for this repo group and |
|
526 | user_repo_group_perms_from_users_groups = \ | |
519 | # fill in (or replace with higher) permissions |
|
527 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
520 | #================================================================== |
|
528 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
|
529 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |||
|
530 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |||
|
531 | .filter(UsersGroupMember.user_id == uid)\ | |||
|
532 | .all() | |||
521 |
|
533 | |||
522 | # users group for repositories permissions |
|
534 | for perm in user_repo_group_perms_from_users_groups: | |
523 | user_repo_group_perms_from_users_groups = \ |
|
535 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
524 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ |
|
536 | print perm, g_k | |
525 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
537 | p = perm.Permission.permission_name | |
526 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ |
|
538 | cur_perm = user.permissions[GK][g_k] | |
527 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
|
539 | # overwrite permission only if it's greater than permission | |
528 | .filter(UsersGroupMember.user_id == uid)\ |
|
540 | # given from other sources | |
529 | .all() |
|
541 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
530 |
|
542 | user.permissions[GK][g_k] = p | ||
531 | for perm in user_repo_group_perms_from_users_groups: |
|
|||
532 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name |
|
|||
533 | print perm, g_k |
|
|||
534 | p = perm.Permission.permission_name |
|
|||
535 | cur_perm = user.permissions[GK][g_k] |
|
|||
536 | # overwrite permission only if it's greater than permission |
|
|||
537 | # given from other sources |
|
|||
538 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
|||
539 | user.permissions[GK][g_k] = p |
|
|||
540 |
|
543 | |||
541 | return user |
|
544 | return user | |
542 |
|
545 |
General Comments 0
You need to be logged in to leave comments.
Login now