upstream/kallithea Commit - r3734:a8f52054

New default permissions definition for user group create

marcink -

r3734:a8f52054 beta

parent child

rhodecode/config/routing.py

0 +11 -1

                     return is_valid_repos_group(repos_group_name, config['base_path'],
                                                 skip_path_check=True)
+                def check_user_group(environ, match_dict):
+                    """
+                    check for valid user group for proper 404 handling
+                    :param environ:
+                    :param match_dict:
+                    """
+                    return True
                 def check_int(environ, match_dict):
                     return match_dict.get('id').isdigit()
                     m.connect("delete_users_group", "/users_groups/{id}",
                               action="delete", conditions=dict(method=["DELETE"]))
                     m.connect("edit_users_group", "/users_groups/{id}/edit",
-                              action="edit", conditions=dict(method=["GET"]))
+                              action="edit", conditions=dict(method=["GET"]),
+                              function=check_user_group)
                     m.connect("formatted_edit_users_group",
                               "/users_groups/{id}.{format}/edit",
                               action="edit", conditions=dict(method=["GET"]))

rhodecode/controllers/admin/permissions.py

0 +46 -32

                 def __before__(self):
                     super(PermissionsController, self).__before__()
-                    self.repo_perms_choices = [('repository.none', _('None'),),
+                    c.repo_perms_choices = [('repository.none', _('None'),),
                                                ('repository.read', _('Read'),),
                                                ('repository.write', _('Write'),),
                                                ('repository.admin', _('Admin'),)]
-                    self.group_perms_choices = [('group.none', _('None'),),
+                    c.group_perms_choices = [('group.none', _('None'),),
-                                                ('group.read', _('Read'),),
+                                             ('group.read', _('Read'),),
-                                                ('group.write', _('Write'),),
+                                             ('group.write', _('Write'),),
-                                                ('group.admin', _('Admin'),)]
+                                             ('group.admin', _('Admin'),)]
-                    self.register_choices = [
+                    c.user_group_perms_choices = [('usergroup.none', _('None'),),
+                                                  ('usergroup.read', _('Read'),),
+                                                  ('usergroup.write', _('Write'),),
+                                                  ('usergroup.admin', _('Admin'),)]
+                    c.register_choices = [
                         ('hg.register.none',
                             _('Disabled')),
                         ('hg.register.manual_activate',
                         ('hg.register.auto_activate',
                             _('Allowed with automatic account activation')), ]
-                    self.create_choices = [('hg.create.none', _('Disabled')),
+                    c.repo_create_choices = [('hg.create.none', _('Disabled')),
-                                           ('hg.create.repository', _('Enabled'))]
+                                             ('hg.create.repository', _('Enabled'))]
-                    self.fork_choices = [('hg.fork.none', _('Disabled')),
+                    c.user_group_create_choices = [('hg.usergroup.create.false', _('Disabled')),
-                                         ('hg.fork.repository', _('Enabled'))]
+                                                   ('hg.usergroup.create.true', _('Enabled'))]
-                    # set the global template variables
+                    c.repo_group_create_choices = [('hg.repogroup.create.false', _('Disabled')),
-                    c.repo_perms_choices = self.repo_perms_choices
+                                                   ('hg.repogroup.create.true', _('Enabled'))]
-                    c.group_perms_choices = self.group_perms_choices
-                    c.register_choices = self.register_choices
+                    c.fork_choices = [('hg.fork.none', _('Disabled')),
-                    c.create_choices = self.create_choices
+                                      ('hg.fork.repository', _('Enabled'))]
-                    c.fork_choices = self.fork_choices
                 def index(self, format='html'):
                     """GET /permissions: All items in the collection"""
                     #           method='put')
                     # url('permission', id=ID)
                     if id == 'default':
-                        c.user = default_user = User.get_by_username('default')
+                        c.user = default_user = User.get_default_user()
                         c.perm_user = AuthUser(user_id=default_user.user_id)
                         c.user_ip_map = UserIpMap.query()\
                                         .filter(UserIpMap.user == default_user).all()
-                        permission_model = PermissionModel()
                         _form = DefaultPermissionsForm(
-                                [x[0] for x in self.repo_perms_choices],
+                                [x[0] for x in c.repo_perms_choices],
-                                [x[0] for x in self.group_perms_choices],
+                                [x[0] for x in c.group_perms_choices],
-                                [x[0] for x in self.register_choices],
+                                [x[0] for x in c.user_group_perms_choices],
-                                [x[0] for x in self.create_choices],
+                                [x[0] for x in c.repo_create_choices],
-                                [x[0] for x in self.fork_choices])()
+                                [x[0] for x in c.repo_group_create_choices],
+                                [x[0] for x in c.user_group_create_choices],
+                                [x[0] for x in c.fork_choices],
+                                [x[0] for x in c.register_choices])()
                         try:
                             form_result = _form.to_python(dict(request.POST))
                             form_result.update({'perm_user_name': id})
-                            permission_model.update(form_result)
+                            PermissionModel().update(form_result)
                             Session().commit()
                             h.flash(_('Default permissions updated successfully'),
                                     category='success')
                     #this form can only edit default user permissions
                     if id == 'default':
-                        c.user = default_user = User.get_by_username('default')
+                        c.user = User.get_default_user()
-                        defaults = {'anonymous': default_user.active}
+                        defaults = {'anonymous': c.user.active}
-                        c.perm_user = AuthUser(user_id=default_user.user_id)
+                        c.perm_user = c.user.AuthUser
                         c.user_ip_map = UserIpMap.query()\
-                                        .filter(UserIpMap.user == default_user).all()
+                                        .filter(UserIpMap.user == c.user).all()
-                        for p in default_user.user_perms:
+                        for p in c.user.user_perms:
                             if p.permission.permission_name.startswith('repository.'):
                                 defaults['default_repo_perm'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('group.'):
                                 defaults['default_group_perm'] = p.permission.permission_name
+                            if p.permission.permission_name.startswith('usergroup.'):
+                                defaults['default_user_group_perm'] = p.permission.permission_name
+                            if p.permission.permission_name.startswith('hg.create.'):
+                                defaults['default_repo_create'] = p.permission.permission_name
+                            if p.permission.permission_name.startswith('hg.repogroup.'):
+                                defaults['default_repo_group_create'] = p.permission.permission_name
+                            if p.permission.permission_name.startswith('hg.usergroup.'):
+                                defaults['default_user_group_create'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('hg.register.'):
                                 defaults['default_register'] = p.permission.permission_name
-                            if p.permission.permission_name.startswith('hg.create.'):
-                                defaults['default_create'] = p.permission.permission_name
                             if p.permission.permission_name.startswith('hg.fork.'):
                                 defaults['default_fork'] = p.permission.permission_name

rhodecode/controllers/admin/repos.py

0 +2 -2

                     choices, c.landing_revs = ScmModel().get_repo_landing_revs(c.repo_info)
                     c.landing_revs_choices = choices
-                    c.default_user_id = User.get_by_username('default').user_id
+                    c.default_user_id = User.get_default_user().user_id
                     c.in_public_journal = UserFollowing.query()\
                         .filter(UserFollowing.user_id == c.default_user_id)\
                         .filter(UserFollowing.follows_repository == c.repo_info).scalar()
                     if cur_token == token:
                         try:
                             repo_id = Repository.get_by_repo_name(repo_name).repo_id
-                            user_id = User.get_by_username('default').user_id
+                            user_id = User.get_default_user().user_id
                             self.scm_model.toggle_following_repo(repo_id, user_id)
                             h.flash(_('Updated repository visibility in public journal'),
                                     category='success')

rhodecode/controllers/forks.py

0 +1 -1

                         h.not_mapped_error(repo_name)
                         return redirect(url('repos'))
-                    c.default_user_id = User.get_by_username('default').user_id
+                    c.default_user_id = User.get_default_user().user_id
                     c.in_public_journal = UserFollowing.query()\
                         .filter(UserFollowing.user_id == c.default_user_id)\
                         .filter(UserFollowing.follows_repository == c.repo_info).scalar()

rhodecode/controllers/login.py

0 +1 -1

                 @HasPermissionAnyDecorator('hg.admin', 'hg.register.auto_activate',
                                            'hg.register.manual_activate')
                 def register(self):
-                    c.auto_active = 'hg.register.auto_activate' in User.get_by_username('default')\
+                    c.auto_active = 'hg.register.auto_activate' in User.get_default_user()\
                         .AuthUser.permissions['global']
                     if request.POST:

rhodecode/lib/auth.py

0 +2 -2

                              'lastname': safe_unicode(get_ldap_attr('ldap_attr_lastname')),
                              'email': get_ldap_attr('ldap_attr_email'),
                              'active': 'hg.register.auto_activate' in User\
-                                .get_by_username('default').AuthUser.permissions['global']
+                                .get_default_user().AuthUser.permissions['global']
                             }
                             # don't store LDAP password since we don't need it. Override
                         'lastname': None,
                         'email': None,
                         'active': 'hg.register.auto_activate' in User\
-                           .get_by_username('default').AuthUser.permissions['global']
+                           .get_default_user().AuthUser.permissions['global']
                     }
                     user = UserModel().create_for_container_auth(username, user_attrs)
                     if not user:

rhodecode/lib/db_manage.py

0 +3 -8

                         self.sa.add(setting)
                 def fixup_groups(self):
-                    def_usr = User.get_by_username('default')
+                    def_usr = User.get_default_user()
                     for g in RepoGroup.query().all():
                         g.group_name = g.get_new_name(g.name)
                         self.sa.add(g)
                     """
                     # module.(access|create|change|delete)_[name]
                     # module.(none|read|write|admin)
+                    log.info('creating permissions')
-                    for p in Permission.PERMS:
+                    PermissionModel(self.sa).create_permissions()
-                        if not Permission.get_by_key(p[0]):
-                            new_perm = Permission()
-                            new_perm.permission_name = p[0]
-                            new_perm.permission_longname = p[0]
-                            self.sa.add(new_perm)
                 def populate_default_permissions(self):
                     """

rhodecode/lib/utils.py

0 +13 -3

             from rhodecode.model.repos_group import ReposGroupModel
             from rhodecode.lib.utils2 import safe_str, safe_unicode
             from rhodecode.lib.vcs.utils.fakemod import create_module
+            from rhodecode.model.users_group import UserGroupModel
             log = logging.getLogger(__name__)
                 return slug
+            #==============================================================================
+            # PERM DECORATOR HELPERS FOR EXTRACTING NAMES FOR PERM CHECKS
+            #==============================================================================
             def get_repo_slug(request):
                 _repo = request.environ['pylons.routes_dict'].get('repo_name')
                 if _repo:
             def get_user_group_slug(request):
                 _group = request.environ['pylons.routes_dict'].get('id')
-                _group = UserGroup.get(_group)
+                try:
-                if _group:
+                    _group = UserGroup.get(_group)
-                    _group = _group.users_group_name
+                    if _group:
+                        _group = _group.users_group_name
+                except Exception:
+                    log.debug(traceback.format_exc())
+                    #catch all failures here
+                    pass
                 return _group

rhodecode/model/db.py

0 +14 0

                 members = relationship('UserGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
                 users_group_to_perm = relationship('UserGroupToPerm', cascade='all')
                 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
+                users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
                 user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')
                 user = relationship('User')
                     ('usergroup.write', _('User group write access')),
                     ('usergroup.admin', _('User group admin access')),
+                    ('hg.repogroup.create.false', _('Repository Group creation disabled')),
+                    ('hg.repogroup.create.true', _('Repository Group creation enabled')),
+                    ('hg.usergroup.create.false', _('User Group creation disabled')),
+                    ('hg.usergroup.create.true', _('User Group creation enabled')),
                     ('hg.create.none', _('Repository creation disabled')),
                     ('hg.create.repository', _('Repository creation enabled')),
                 ]
                 # defines which permissions are more important higher the more important
+                # Weight defines which permissions are more important.
+                # The higher number the more important.
                 PERM_WEIGHTS = {
                     'repository.none': 0,
                     'repository.read': 1,
                     'usergroup.read': 1,
                     'usergroup.write': 3,
                     'usergroup.admin': 4,
+                    'hg.repogroup.create.false': 0,
+                    'hg.repogroup.create.true': 1,
+                    'hg.usergroup.create.false': 0,
+                    'hg.usergroup.create.true': 1,
                     'hg.fork.none': 0,
                     'hg.fork.repository': 1,

rhodecode/model/forms.py

0 +9 -3

             def DefaultPermissionsForm(repo_perms_choices, group_perms_choices,
-                                       register_choices, create_choices, fork_choices):
+                                       user_group_perms_choices, create_choices,
+                                       repo_group_create_choices, user_group_create_choices,
+                                       fork_choices, register_choices):
                 class _DefaultPermissionsForm(formencode.Schema):
                     allow_extra_fields = True
                     filter_extra_fields = True
                     anonymous = v.StringBoolean(if_missing=False)
                     default_repo_perm = v.OneOf(repo_perms_choices)
                     default_group_perm = v.OneOf(group_perms_choices)
-                    default_register = v.OneOf(register_choices)
+                    default_user_group_perm = v.OneOf(user_group_perms_choices)
-                    default_create = v.OneOf(create_choices)
+                    default_repo_create = v.OneOf(create_choices)
+                    default_user_group_create = v.OneOf(user_group_create_choices)
+                    #default_repo_group_create = v.OneOf(repo_group_create_choices) #not impl. yet
                     default_fork = v.OneOf(fork_choices)
+                    default_register = v.OneOf(register_choices)
                 return _DefaultPermissionsForm

rhodecode/model/permission.py

0 +17 -2

                 cls = Permission
+                def create_permissions(self):
+                    """
+                    Create permissions for whole system
+                    """
+                    for p in Permission.PERMS:
+                        if not Permission.get_by_key(p[0]):
+                            new_perm = Permission()
+                            new_perm.permission_name = p[0]
+                            new_perm.permission_longname = p[0]  #translation err with p[1]
+                            self.sa.add(new_perm)
                 def create_default_permissions(self, user):
                     """
                     Creates only missing default permissions for user
                         # stage 2 reset defaults and set them from form data
                         def _make_new(usr, perm_name):
+                            log.debug('Creating new permission:%s' % (perm_name))
                             new = UserToPerm()
                             new.user = usr
                             new.permission = Permission.get_by_key(perm_name)
                             self.sa.delete(p)
                         #create fresh set of permissions
                         for def_perm_key in ['default_repo_perm', 'default_group_perm',
-                                             'default_register', 'default_create',
+                                             'default_user_group_perm',
-                                             'default_fork']:
+                                             'default_repo_create',
+                                             #'default_repo_group_create', #not implemented yet
+                                             'default_user_group_create',
+                                             'default_fork', 'default_register']:
                             p = _make_new(perm_user, form_result[def_perm_key])
                             self.sa.add(p)

rhodecode/model/repo.py

0 +1 -1

                 def _create_default_perms(self, repository, private):
                     # create default permission
                     default = 'repository.read'
-                    def_user = User.get_by_username('default')
+                    def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('repository.'):
                             default = p.permission.permission_name

rhodecode/model/repos_group.py

0 +1 -1

                 def _create_default_perms(self, new_group):
                     # create default permission
                     default_perm = 'group.read'
-                    def_user = User.get_by_username('default')
+                    def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('group.'):
                             default_perm = p.permission.permission_name

rhodecode/model/users_group.py

0 +1 -1

                 def _create_default_perms(self, user_group):
                     # create default permission
                     default_perm = 'usergroup.read'
-                    def_user = User.get_by_username('default')
+                    def_user = User.get_default_user()
                     for p in def_user.user_perms:
                         if p.permission.permission_name.startswith('usergroup.'):
                             default_perm = p.permission.permission_name

rhodecode/templates/admin/permissions/permissions.html

0 +28 -5

                         </div>
                         <div class="field">
                             <div class="label">
-                                <label for="default_register">${_('Registration')}:</label>
+                                <label for="default_group_perm">${_('User group')}:</label>
                             </div>
                             <div class="select">
-                                ${h.select('default_register','',c.register_choices)}
+                                ${h.select('default_user_group_perm','',c.user_group_perms_choices)}
+                                ${h.checkbox('overwrite_default_user_group','true')}
+                                <label for="overwrite_default_user_group">
+                                <span class="tooltip"
+                                title="${h.tooltip(_('All default permissions on each user group will be reset to chosen permission, note that all custom default permission on repository groups will be lost'))}">
+                                ${_('Overwrite existing settings')}</span> </label>
                             </div>
                         </div>
                          <div class="field">
                             <div class="label">
-                                <label for="default_create">${_('Repository creation')}:</label>
+                                <label for="default_repo_create">${_('Repository creation')}:</label>
                             </div>
                             <div class="select">
-                                ${h.select('default_create','',c.create_choices)}
+                                ${h.select('default_repo_create','',c.repo_create_choices)}
+                            </div>
+                         </div>
+                         <div class="field">
+                            <div class="label">
+                                <label for="default_user_group_create">${_('User group creation')}:</label>
+                            </div>
+                            <div class="select">
+                                ${h.select('default_user_group_create','',c.user_group_create_choices)}
                             </div>
                          </div>
                          <div class="field">
                                 ${h.select('default_fork','',c.fork_choices)}
                             </div>
                          </div>
+                         <div class="field">
+                            <div class="label">
+                                <label for="default_register">${_('Registration')}:</label>
+                            </div>
+                            <div class="select">
+                                ${h.select('default_register','',c.register_choices)}
+                            </div>
+                         </div>
                         <div class="buttons">
                           ${h.submit('save',_('Save'),class_="ui-btn large")}
                           ${h.reset('reset',_('Reset'),class_="ui-btn large")}
                 </div>
                 ## permissions overview
-                <%include file="/base/perms_summary.html"/>
+                <%namespace name="p" file="/base/perms_summary.html"/>
+                ${p.perms_summary(c.perm_user.permissions)}
             </div>
             <div class="box box-left" style="clear:left">

rhodecode/templates/admin/users_groups/users_groups.html

0 +5 0

                     </ul>
                 </div>
                 <!-- end box / title -->
                 <div class="table">
+                %if c.users_groups_list:
                     <table class="table_disp">
                     <tr class="header">
                         <th class="left">${_('Group name')}</th>
                             </tr>
                         %endfor
                     </table>
+                %else:
+                    ${_('There are no user groups yet')}
+                %endif
                 </div>
             </div>
             </%def>

rhodecode/templates/base/perms_summary.html

0 +21 -13

                     %else:
                     <div id='tbl_list_wrap_${section}' class="yui-skin-sam">
                      <table id="tbl_list_${section}">
-                      <thead>
-                          <tr>
-                          <th class="left">${_('Name')}</th>
-                          <th class="left">${_('Permission')}</th>
-                          <th class="left">${_('Edit Permission')}</th>
-                      </thead>
-                      <tbody>
                       %if section == 'global':
+                          <thead>
+                              <tr>
+                              <th colspan="2" class="left">${_('Permission')}</th>
+                              <th class="left">${_('Edit Permission')}</th>
+                          </thead>
+                          <tbody>
                           %for k in sorted(permissions[section], key=lambda s: s.lower()):
                               <tr>
-                                  <td>
+                                  <td colspan="2">
                                       ${h.get_permission_name(k)}
                                   </td>
                                   <td>
-                                       ${h.boolicon(k.split('.')[-1] != 'none')}
-                                  </td>
-                                  <td>
                                        <a href="${h.url('edit_permission', id='default')}">${_('edit')}</a>
                                   </td>
                               </tr>
                           %endfor
+                          </tbody>
                       %else:
+                          <thead>
+                              <tr>
+                              <th class="left">${_('Name')}</th>
+                              <th class="left">${_('Permission')}</th>
+                              <th class="left">${_('Edit Permission')}</th>
+                          </thead>
+                          <tbody>
                           %for k, section_perm in sorted(permissions[section].items(), key=lambda s: s[1]+s[0].lower()):
                               <tr>
                                   <td>
                                           <a href="${h.url('summary_home',repo_name=k)}">${k}</a>
                                       %elif section == 'repositories_groups':
                                           <a href="${h.url('repos_group_home',group_name=k)}">${k}</a>
+                                      %elif section == 'user_groups':
+                                          ##<a href="${h.url('edit_users_group',id=k)}">${k}</a>
+                                          ${k}
                                       %endif
                                   </td>
                                   <td>
                                           <a href="${h.url('edit_repo',repo_name=k,anchor='permissions_manage')}">${_('edit')}</a>
                                       %elif section == 'repositories_groups':
                                           <a href="${h.url('edit_repos_group',group_name=k,anchor='permissions_manage')}">${_('edit')}</a>
+                                      %elif section == 'user_groups':
+                                          ##<a href="${h.url('edit_users_group',id=k)}">${_('edit')}</a>
                                       %endif
                                   </td>
                               </tr>
                           %endfor
+                          </tbody>
                       %endif
-                      </tbody>
                      </table>
                     </div>
                     %endif

rhodecode/templates/pullrequests/pullrequest_data.html

0 +1 -1

               <div class="pagination-wh pagination-left">
               ${c.pullrequests_pager.pager('$link_previous ~2~ $link_next')}
               </div>
-            </div>
  No newline at end of file
+            </div>

rhodecode/tests/functional/test_home.py

0 +4 -4

             )
                 def test_repo_summary_with_anonymous_access_disabled(self):
-                    anon = User.get_by_username('default')
+                    anon = User.get_default_user()
                     anon.active = False
                     Session().add(anon)
                     Session().commit()
                         assert 'login' in response.location
                     finally:
-                        anon = User.get_by_username('default')
+                        anon = User.get_default_user()
                         anon.active = True
                         Session().add(anon)
                         Session().commit()
                 def test_index_with_anonymous_access_disabled(self):
-                    anon = User.get_by_username('default')
+                    anon = User.get_default_user()
                     anon.active = False
                     Session().add(anon)
                     Session().commit()
                                                 status=302)
                         assert 'login' in response.location
                     finally:
-                        anon = User.get_by_username('default')
+                        anon = User.get_default_user()
                         anon.active = True
                         Session().add(anon)
                         Session().commit()

rhodecode/tests/models/test_permissions.py

0 +1 -1

                         username=u'u3', password=u'qweqwe',
                         email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
                     )
-                    self.anon = User.get_by_username('default')
+                    self.anon = User.get_default_user()
                     self.a1 = UserModel().create_or_update(
                         username=u'a1', password=u'qweqwe',
                         email=u'a1@rhodecode.org', firstname=u'a1', lastname=u'a1', admin=True

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages