Show More
| @@ -398,145 +398,148 b' class UserModel(BaseModel):' | |||||
| 398 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
398 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
| 399 | p = 'group.admin' |
|
399 | p = 'group.admin' | |
| 400 | user.permissions[GK][rg_k] = p |
|
400 | user.permissions[GK][rg_k] = p | |
|
|
401 | return user | |||
| 401 |
|
402 | |||
| 402 | else: |
|
403 | #================================================================== | |
| 403 | #================================================================== |
|
404 | # set default permissions first for repositories and groups | |
| 404 | # set default permissions first for repositories and groups |
|
405 | #================================================================== | |
| 405 | #================================================================== |
|
406 | uid = user.user_id | |
| 406 | uid = user.user_id |
|
|||
| 407 |
|
407 | |||
| 408 |
|
|
408 | # default global permissions | |
| 409 |
|
|
409 | default_global_perms = self.sa.query(UserToPerm)\ | |
| 410 |
|
|
410 | .filter(UserToPerm.user_id == default_user_id) | |
| 411 |
|
411 | |||
| 412 |
|
|
412 | for perm in default_global_perms: | |
| 413 |
|
|
413 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |
| 414 |
|
414 | |||
| 415 |
|
|
415 | # defaults for repositories, taken from default user | |
| 416 |
|
|
416 | for perm in default_repo_perms: | |
| 417 |
|
|
417 | r_k = perm.UserRepoToPerm.repository.repo_name | |
| 418 |
|
|
418 | if perm.Repository.private and not (perm.Repository.user_id == uid): | |
| 419 |
|
|
419 | # disable defaults for private repos, | |
| 420 |
|
|
420 | p = 'repository.none' | |
| 421 |
|
|
421 | elif perm.Repository.user_id == uid: | |
| 422 |
|
|
422 | # set admin if owner | |
| 423 |
|
|
423 | p = 'repository.admin' | |
| 424 |
|
|
424 | else: | |
| 425 |
|
|
425 | p = perm.Permission.permission_name | |
|
|
426 | ||||
|
|
427 | user.permissions[RK][r_k] = p | |||
| 426 |
|
428 | |||
| 427 | user.permissions[RK][r_k] = p |
|
429 | # defaults for repositories groups taken from default user permission | |
|
|
430 | # on given group | |||
|
|
431 | for perm in default_repo_groups_perms: | |||
|
|
432 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |||
|
|
433 | p = perm.Permission.permission_name | |||
|
|
434 | user.permissions[GK][rg_k] = p | |||
|
|
435 | ||||
|
|
436 | #================================================================== | |||
|
|
437 | # overwrite defaults with user permissions if any found | |||
|
|
438 | #================================================================== | |||
|
|
439 | ||||
|
|
440 | # user global permissions | |||
|
|
441 | user_perms = self.sa.query(UserToPerm)\ | |||
|
|
442 | .options(joinedload(UserToPerm.permission))\ | |||
|
|
443 | .filter(UserToPerm.user_id == uid).all() | |||
|
|
444 | ||||
|
|
445 | for perm in user_perms: | |||
|
|
446 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |||
| 428 |
|
447 | |||
| 429 | # defaults for repositories groups taken from default user permission |
|
448 | # user explicit permissions for repositories | |
| 430 | # on given group |
|
449 | user_repo_perms = \ | |
| 431 | for perm in default_repo_groups_perms: |
|
450 | self.sa.query(UserRepoToPerm, Permission, Repository)\ | |
| 432 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
451 | .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\ | |
| 433 | p = perm.Permission.permission_name |
|
452 | .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\ | |
| 434 | user.permissions[GK][rg_k] = p |
|
453 | .filter(UserRepoToPerm.user_id == uid)\ | |
|
|
454 | .all() | |||
| 435 |
|
455 | |||
| 436 | #================================================================== |
|
456 | for perm in user_repo_perms: | |
| 437 | # overwrite defaults with user permissions if any found |
|
457 | # set admin if owner | |
| 438 | #================================================================== |
|
458 | r_k = perm.UserRepoToPerm.repository.repo_name | |
|
|
459 | if perm.Repository.user_id == uid: | |||
|
|
460 | p = 'repository.admin' | |||
|
|
461 | else: | |||
|
|
462 | p = perm.Permission.permission_name | |||
|
|
463 | user.permissions[RK][r_k] = p | |||
| 439 |
|
464 | |||
| 440 | # user global permissions |
|
465 | # USER GROUP | |
| 441 | user_perms = self.sa.query(UserToPerm)\ |
|
466 | #================================================================== | |
| 442 | .options(joinedload(UserToPerm.permission))\ |
|
467 | # check if user is part of user groups for this repository and | |
| 443 | .filter(UserToPerm.user_id == uid).all() |
|
468 | # fill in (or replace with higher) permissions | |
|
|
469 | #================================================================== | |||
| 444 |
|
470 | |||
| 445 | for perm in user_perms: |
|
471 | # users group global | |
| 446 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
472 | user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ | |
|
|
473 | .options(joinedload(UsersGroupToPerm.permission))\ | |||
|
|
474 | .join((UsersGroupMember, UsersGroupToPerm.users_group_id == | |||
|
|
475 | UsersGroupMember.users_group_id))\ | |||
|
|
476 | .filter(UsersGroupMember.user_id == uid).all() | |||
|
|
477 | ||||
|
|
478 | for perm in user_perms_from_users_groups: | |||
|
|
479 | user.permissions[GLOBAL].add(perm.permission.permission_name) | |||
| 447 |
|
480 | |||
| 448 |
|
|
481 | # users group for repositories permissions | |
| 449 |
|
|
482 | user_repo_perms_from_users_groups = \ | |
| 450 |
|
|
483 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ | |
| 451 |
|
|
484 | .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\ | |
| 452 |
|
|
485 | .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\ | |
| 453 | .filter(UserRepoToPerm.user_id == uid)\ |
|
486 | .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
| 454 | .all() |
|
487 | .filter(UsersGroupMember.user_id == uid)\ | |
|
|
488 | .all() | |||
| 455 |
|
489 | |||
| 456 |
|
|
490 | for perm in user_repo_perms_from_users_groups: | |
| 457 | # set admin if owner |
|
491 | r_k = perm.UsersGroupRepoToPerm.repository.repo_name | |
| 458 |
|
|
492 | p = perm.Permission.permission_name | |
| 459 | if perm.Repository.user_id == uid: |
|
493 | cur_perm = user.permissions[RK][r_k] | |
| 460 | p = 'repository.admin' |
|
494 | # overwrite permission only if it's greater than permission | |
| 461 |
e |
|
495 | # given from other sources | |
| 462 | p = perm.Permission.permission_name |
|
496 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
| 463 | user.permissions[RK][r_k] = p |
|
497 | user.permissions[RK][r_k] = p | |
| 464 |
|
498 | |||
| 465 | #================================================================== |
|
499 | # REPO GROUP | |
| 466 | # check if user is part of user groups for this repository and |
|
500 | #================================================================== | |
| 467 | # fill in (or replace with higher) permissions |
|
501 | # get access for this user for repos group and override defaults | |
| 468 |
|
|
502 | #================================================================== | |
| 469 |
|
||||
| 470 | # users group global |
|
|||
| 471 | user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\ |
|
|||
| 472 | .options(joinedload(UsersGroupToPerm.permission))\ |
|
|||
| 473 | .join((UsersGroupMember, UsersGroupToPerm.users_group_id == |
|
|||
| 474 | UsersGroupMember.users_group_id))\ |
|
|||
| 475 | .filter(UsersGroupMember.user_id == uid).all() |
|
|||
| 476 |
|
||||
| 477 | for perm in user_perms_from_users_groups: |
|
|||
| 478 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
|||
| 479 |
|
503 | |||
| 480 | # users group for repositories permissions |
|
504 | # user explicit permissions for repository | |
| 481 |
|
|
505 | user_repo_groups_perms = \ | |
| 482 |
|
|
506 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ | |
| 483 |
|
|
507 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
| 484 |
|
|
508 | .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
| 485 | .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
|
509 | .filter(UserRepoGroupToPerm.user_id == uid)\ | |
| 486 | .filter(UsersGroupMember.user_id == uid)\ |
|
510 | .all() | |
| 487 | .all() |
|
|||
| 488 |
|
511 | |||
| 489 |
|
|
512 | for perm in user_repo_groups_perms: | |
| 490 |
|
|
513 | rg_k = perm.UserRepoGroupToPerm.group.group_name | |
| 491 |
|
|
514 | p = perm.Permission.permission_name | |
| 492 |
|
|
515 | cur_perm = user.permissions[GK][rg_k] | |
| 493 | # overwrite permission only if it's greater than permission |
|
516 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
| 494 | # given from other sources |
|
517 | user.permissions[GK][rg_k] = p | |
| 495 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
|||
| 496 | user.permissions[RK][r_k] = p |
|
|||
| 497 |
|
||||
| 498 | #================================================================== |
|
|||
| 499 | # get access for this user for repos group and override defaults |
|
|||
| 500 | #================================================================== |
|
|||
| 501 |
|
518 | |||
| 502 | # user explicit permissions for repository |
|
519 | # REPO GROUP + USER GROUP | |
| 503 | user_repo_groups_perms = \ |
|
520 | #================================================================== | |
| 504 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
|
521 | # check if user is part of user groups for this repo group and | |
| 505 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
522 | # fill in (or replace with higher) permissions | |
| 506 | .join((Permission, UserRepoGroupToPerm.permission_id == Permission.permission_id))\ |
|
523 | #================================================================== | |
| 507 | .filter(UserRepoGroupToPerm.user_id == uid)\ |
|
|||
| 508 | .all() |
|
|||
| 509 |
|
||||
| 510 | for perm in user_repo_groups_perms: |
|
|||
| 511 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
|||
| 512 | p = perm.Permission.permission_name |
|
|||
| 513 | cur_perm = user.permissions[GK][rg_k] |
|
|||
| 514 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
|||
| 515 | user.permissions[GK][rg_k] = p |
|
|||
| 516 |
|
524 | |||
| 517 | #================================================================== |
|
525 | # users group for repositories permissions | |
| 518 | # check if user is part of user groups for this repo group and |
|
526 | user_repo_group_perms_from_users_groups = \ | |
| 519 | # fill in (or replace with higher) permissions |
|
527 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
| 520 | #================================================================== |
|
528 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
|
|
529 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |||
|
|
530 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |||
|
|
531 | .filter(UsersGroupMember.user_id == uid)\ | |||
|
|
532 | .all() | |||
| 521 |
|
533 | |||
| 522 | # users group for repositories permissions |
|
534 | for perm in user_repo_group_perms_from_users_groups: | |
| 523 | user_repo_group_perms_from_users_groups = \ |
|
535 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
| 524 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ |
|
536 | print perm, g_k | |
| 525 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
537 | p = perm.Permission.permission_name | |
| 526 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ |
|
538 | cur_perm = user.permissions[GK][g_k] | |
| 527 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ |
|
539 | # overwrite permission only if it's greater than permission | |
| 528 | .filter(UsersGroupMember.user_id == uid)\ |
|
540 | # given from other sources | |
| 529 | .all() |
|
541 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
| 530 |
|
542 | user.permissions[GK][g_k] = p | ||
| 531 | for perm in user_repo_group_perms_from_users_groups: |
|
|||
| 532 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name |
|
|||
| 533 | print perm, g_k |
|
|||
| 534 | p = perm.Permission.permission_name |
|
|||
| 535 | cur_perm = user.permissions[GK][g_k] |
|
|||
| 536 | # overwrite permission only if it's greater than permission |
|
|||
| 537 | # given from other sources |
|
|||
| 538 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: |
|
|||
| 539 | user.permissions[GK][g_k] = p |
|
|||
| 540 |
|
543 | |||
| 541 | return user |
|
544 | return user | |
| 542 |
|
545 | |||
General Comments 0
You need to be logged in to leave comments.
Login now