##// END OF EJS Templates
Fixed permissions for users groups, group can have create repo permission now....
marcink -
r1271:aa7e45ad beta
parent child Browse files
Show More
@@ -135,8 +135,35 b' def make_map(config):'
135 action="update_perm", conditions=dict(method=["PUT"]))
135 action="update_perm", conditions=dict(method=["PUT"]))
136
136
137 #ADMIN USERS REST ROUTES
137 #ADMIN USERS REST ROUTES
138 rmap.resource('users_group', 'users_groups',
138 with rmap.submapper(path_prefix='/_admin',
139 controller='admin/users_groups', path_prefix='/_admin')
139 controller='admin/users_groups') as m:
140 m.connect("users_groups", "/users_groups",
141 action="create", conditions=dict(method=["POST"]))
142 m.connect("users_groups", "/users_groups",
143 action="index", conditions=dict(method=["GET"]))
144 m.connect("formatted_users_groups", "/users_groups.{format}",
145 action="index", conditions=dict(method=["GET"]))
146 m.connect("new_users_group", "/users_groups/new",
147 action="new", conditions=dict(method=["GET"]))
148 m.connect("formatted_new_users_group", "/users_groups/new.{format}",
149 action="new", conditions=dict(method=["GET"]))
150 m.connect("update_users_group", "/users_groups/{id}",
151 action="update", conditions=dict(method=["PUT"]))
152 m.connect("delete_users_group", "/users_groups/{id}",
153 action="delete", conditions=dict(method=["DELETE"]))
154 m.connect("edit_users_group", "/users_groups/{id}/edit",
155 action="edit", conditions=dict(method=["GET"]))
156 m.connect("formatted_edit_users_group",
157 "/users_groups/{id}.{format}/edit",
158 action="edit", conditions=dict(method=["GET"]))
159 m.connect("users_group", "/users_groups/{id}",
160 action="show", conditions=dict(method=["GET"]))
161 m.connect("formatted_users_group", "/users_groups/{id}.{format}",
162 action="show", conditions=dict(method=["GET"]))
163
164 #EXTRAS USER ROUTES
165 m.connect("users_group_perm", "/users_groups_perm/{id}",
166 action="update_perm", conditions=dict(method=["PUT"]))
140
167
141 #ADMIN GROUP REST ROUTES
168 #ADMIN GROUP REST ROUTES
142 rmap.resource('group', 'groups',
169 rmap.resource('group', 'groups',
@@ -36,9 +36,8 b' from rhodecode.lib import helpers as h'
36 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
36 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
37 from rhodecode.lib.base import BaseController, render
37 from rhodecode.lib.base import BaseController, render
38
38
39 from rhodecode.model.db import User, UsersGroup
39 from rhodecode.model.db import User, UsersGroup, Permission, UsersGroupToPerm
40 from rhodecode.model.forms import UserForm, UsersGroupForm
40 from rhodecode.model.forms import UserForm, UsersGroupForm
41 from rhodecode.model.user import UserModel
42 from rhodecode.model.users_group import UsersGroupModel
41 from rhodecode.model.users_group import UsersGroupModel
43
42
44 log = logging.getLogger(__name__)
43 log = logging.getLogger(__name__)
@@ -123,10 +122,16 b' class UsersGroupsController(BaseControll'
123 category='success')
122 category='success')
124 #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
123 #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa)
125 except formencode.Invalid, errors:
124 except formencode.Invalid, errors:
125 e = errors.error_dict or {}
126
127 perm = Permission.get_by_key('hg.create.repository')
128 e.update({'create_repo_perm':
129 UsersGroupToPerm.has_perm(id, perm)})
130
126 return htmlfill.render(
131 return htmlfill.render(
127 render('admin/users_groups/users_group_edit.html'),
132 render('admin/users_groups/users_group_edit.html'),
128 defaults=errors.value,
133 defaults=errors.value,
129 errors=errors.error_dict or {},
134 errors=e,
130 prefix_error=False,
135 prefix_error=False,
131 encoding="UTF-8")
136 encoding="UTF-8")
132 except Exception:
137 except Exception:
@@ -171,10 +176,38 b' class UsersGroupsController(BaseControll'
171 c.available_members = [(x.user_id, x.username) for x in
176 c.available_members = [(x.user_id, x.username) for x in
172 self.sa.query(User).all()]
177 self.sa.query(User).all()]
173 defaults = c.users_group.get_dict()
178 defaults = c.users_group.get_dict()
174
179 perm = Permission.get_by_key('hg.create.repository')
180 defaults.update({'create_repo_perm':
181 UsersGroupToPerm.has_perm(id, perm)})
175 return htmlfill.render(
182 return htmlfill.render(
176 render('admin/users_groups/users_group_edit.html'),
183 render('admin/users_groups/users_group_edit.html'),
177 defaults=defaults,
184 defaults=defaults,
178 encoding="UTF-8",
185 encoding="UTF-8",
179 force_defaults=False
186 force_defaults=False
180 )
187 )
188
189 def update_perm(self, id):
190 """PUT /users_perm/id: Update an existing item"""
191 # url('users_group_perm', id=ID, method='put')
192
193 grant_perm = request.POST.get('create_repo_perm', False)
194
195 if grant_perm:
196 perm = Permission.get_by_key('hg.create.none')
197 UsersGroupToPerm.revoke_perm(id, perm)
198
199 perm = Permission.get_by_key('hg.create.repository')
200 UsersGroupToPerm.grant_perm(id, perm)
201 h.flash(_("Granted 'repository create' permission to user"),
202 category='success')
203
204 else:
205 perm = Permission.get_by_key('hg.create.repository')
206 UsersGroupToPerm.revoke_perm(id, perm)
207
208 perm = Permission.get_by_key('hg.create.none')
209 UsersGroupToPerm.grant_perm(id, perm)
210 h.flash(_("Revoked 'repository create' permission to user"),
211 category='success')
212
213 return redirect(url('edit_users_group', id=id))
@@ -43,12 +43,17 b' def upgrade(migrate_engine):'
43 UsersGroupMember().__table__.create()
43 UsersGroupMember().__table__.create()
44
44
45 #==========================================================================
45 #==========================================================================
46 # Add table `users_group_repo_to_perm`
47 #==========================================================================
48 from rhodecode.model.db import UsersGroupRepoToPerm
49 UsersGroupRepoToPerm().__table__.create()
50
51 #==========================================================================
46 # Add table `users_group_to_perm`
52 # Add table `users_group_to_perm`
47 #==========================================================================
53 #==========================================================================
48 from rhodecode.model.db import UsersGroupToPerm
54 from rhodecode.model.db import UsersGroupToPerm
49 UsersGroupToPerm().__table__.create()
55 UsersGroupToPerm().__table__.create()
50
56
51
52 #==========================================================================
57 #==========================================================================
53 # Upgrade of `users` table
58 # Upgrade of `users` table
54 #==========================================================================
59 #==========================================================================
@@ -47,16 +47,19 b' from rhodecode.model import meta'
47
47
48 log = logging.getLogger(__name__)
48 log = logging.getLogger(__name__)
49
49
50
50 def init_model(engine):
51 def init_model(engine):
51 """Initializes db session, bind the engine with the metadata,
52 """
52 Call this before using any of the tables or classes in the model, preferably
53 Initializes db session, bind the engine with the metadata,
53 once in application start
54 Call this before using any of the tables or classes in the model,
55 preferably once in application start
54
56
55 :param engine: engine to bind to
57 :param engine: engine to bind to
56 """
58 """
57 log.info("initializing db for %s", engine)
59 log.info("initializing db for %s", engine)
58 meta.Base.metadata.bind = engine
60 meta.Base.metadata.bind = engine
59
61
62
60 class BaseModel(object):
63 class BaseModel(object):
61 """Base Model for all RhodeCode models, it adds sql alchemy session
64 """Base Model for all RhodeCode models, it adds sql alchemy session
62 into instance of model
65 into instance of model
@@ -18,11 +18,13 b" The rest of what's here are standard SQL"
18 Beaker constructs.
18 Beaker constructs.
19
19
20 """
20 """
21 import beaker
21 from beaker.exceptions import BeakerException
22 from beaker.exceptions import BeakerException
23
22 from sqlalchemy.orm.interfaces import MapperOption
24 from sqlalchemy.orm.interfaces import MapperOption
23 from sqlalchemy.orm.query import Query
25 from sqlalchemy.orm.query import Query
24 from sqlalchemy.sql import visitors
26 from sqlalchemy.sql import visitors
25 import beaker
27
26
28
27 class CachingQuery(Query):
29 class CachingQuery(Query):
28 """A Query subclass which optionally loads full results from a Beaker
30 """A Query subclass which optionally loads full results from a Beaker
@@ -74,7 +76,8 b' class CachingQuery(Query):'
74
76
75 """
77 """
76 if hasattr(self, '_cache_parameters'):
78 if hasattr(self, '_cache_parameters'):
77 return self.get_value(createfunc=lambda: list(Query.__iter__(self)))
79 return self.get_value(createfunc=lambda:
80 list(Query.__iter__(self)))
78 else:
81 else:
79 return Query.__iter__(self)
82 return Query.__iter__(self)
80
83
@@ -103,11 +106,13 b' class CachingQuery(Query):'
103 cache, cache_key = _get_cache_parameters(self)
106 cache, cache_key = _get_cache_parameters(self)
104 cache.put(cache_key, value)
107 cache.put(cache_key, value)
105
108
109
106 def query_callable(manager):
110 def query_callable(manager):
107 def query(*arg, **kw):
111 def query(*arg, **kw):
108 return CachingQuery(manager, *arg, **kw)
112 return CachingQuery(manager, *arg, **kw)
109 return query
113 return query
110
114
115
111 def get_cache_region(name, region):
116 def get_cache_region(name, region):
112 if region not in beaker.cache.cache_regions:
117 if region not in beaker.cache.cache_regions:
113 raise BeakerException('Cache region `%s` not configured '
118 raise BeakerException('Cache region `%s` not configured '
@@ -115,6 +120,7 b' def get_cache_region(name, region):'
115 kw = beaker.cache.cache_regions[region]
120 kw = beaker.cache.cache_regions[region]
116 return beaker.cache.Cache._get_cache(name, kw)
121 return beaker.cache.Cache._get_cache(name, kw)
117
122
123
118 def _get_cache_parameters(query):
124 def _get_cache_parameters(query):
119 """For a query with cache_region and cache_namespace configured,
125 """For a query with cache_region and cache_namespace configured,
120 return the correspoinding Cache instance and cache key, based
126 return the correspoinding Cache instance and cache key, based
@@ -122,7 +128,8 b' def _get_cache_parameters(query):'
122
128
123 """
129 """
124 if not hasattr(query, '_cache_parameters'):
130 if not hasattr(query, '_cache_parameters'):
125 raise ValueError("This Query does not have caching parameters configured.")
131 raise ValueError("This Query does not have caching "
132 "parameters configured.")
126
133
127 region, namespace, cache_key = query._cache_parameters
134 region, namespace, cache_key = query._cache_parameters
128
135
@@ -142,6 +149,7 b' def _get_cache_parameters(query):'
142
149
143 return cache, cache_key
150 return cache, cache_key
144
151
152
145 def _namespace_from_query(namespace, query):
153 def _namespace_from_query(namespace, query):
146 # cache namespace - the token handed in by the
154 # cache namespace - the token handed in by the
147 # option + class we're querying against
155 # option + class we're querying against
@@ -152,6 +160,7 b' def _namespace_from_query(namespace, que'
152
160
153 return namespace
161 return namespace
154
162
163
155 def _set_cache_parameters(query, region, namespace, cache_key):
164 def _set_cache_parameters(query, region, namespace, cache_key):
156
165
157 if hasattr(query, '_cache_parameters'):
166 if hasattr(query, '_cache_parameters'):
@@ -162,6 +171,7 b' def _set_cache_parameters(query, region,'
162 )
171 )
163 query._cache_parameters = region, namespace, cache_key
172 query._cache_parameters = region, namespace, cache_key
164
173
174
165 class FromCache(MapperOption):
175 class FromCache(MapperOption):
166 """Specifies that a Query should load results from a cache."""
176 """Specifies that a Query should load results from a cache."""
167
177
@@ -191,7 +201,9 b' class FromCache(MapperOption):'
191 def process_query(self, query):
201 def process_query(self, query):
192 """Process a Query during normal loading operation."""
202 """Process a Query during normal loading operation."""
193
203
194 _set_cache_parameters(query, self.region, self.namespace, self.cache_key)
204 _set_cache_parameters(query, self.region, self.namespace,
205 self.cache_key)
206
195
207
196 class RelationshipCache(MapperOption):
208 class RelationshipCache(MapperOption):
197 """Specifies that a Query as called within a "lazy load"
209 """Specifies that a Query as called within a "lazy load"
@@ -217,7 +229,7 b' class RelationshipCache(MapperOption):'
217 self.region = region
229 self.region = region
218 self.namespace = namespace
230 self.namespace = namespace
219 self._relationship_options = {
231 self._relationship_options = {
220 (attribute.property.parent.class_, attribute.property.key) : self
232 (attribute.property.parent.class_, attribute.property.key): self
221 }
233 }
222
234
223 def process_query_conditionally(self, query):
235 def process_query_conditionally(self, query):
@@ -232,7 +244,8 b' class RelationshipCache(MapperOption):'
232
244
233 for cls in mapper.class_.__mro__:
245 for cls in mapper.class_.__mro__:
234 if (cls, key) in self._relationship_options:
246 if (cls, key) in self._relationship_options:
235 relationship_option = self._relationship_options[(cls, key)]
247 relationship_option = \
248 self._relationship_options[(cls, key)]
236 _set_cache_parameters(
249 _set_cache_parameters(
237 query,
250 query,
238 relationship_option.region,
251 relationship_option.region,
@@ -261,6 +274,7 b' def _params_from_query(query):'
261
274
262 """
275 """
263 v = []
276 v = []
277
264 def visit_bindparam(bind):
278 def visit_bindparam(bind):
265 value = query._params.get(bind.key, bind.value)
279 value = query._params.get(bind.key, bind.value)
266
280
@@ -272,5 +286,5 b' def _params_from_query(query):'
272
286
273 v.append(value)
287 v.append(value)
274 if query._criterion is not None:
288 if query._criterion is not None:
275 visitors.traverse(query._criterion, {}, {'bindparam':visit_bindparam})
289 visitors.traverse(query._criterion, {}, {'bindparam': visit_bindparam})
276 return v
290 return v
@@ -189,6 +189,20 b' class UsersGroup(Base):'
189
189
190 members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
190 members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
191
191
192
193 @classmethod
194 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
195 if case_insensitive:
196 gr = Session.query(cls)\
197 .filter(cls.users_group_name.ilike(group_name))
198 else:
199 gr = Session.query(UsersGroup)\
200 .filter(UsersGroup.users_group_name == group_name)
201 if cache:
202 gr = gr.options(FromCache("sql_cache_short",
203 "get_user_%s" % group_name))
204 return gr.scalar()
205
192 class UsersGroupMember(Base):
206 class UsersGroupMember(Base):
193 __tablename__ = 'users_groups_members'
207 __tablename__ = 'users_groups_members'
194 __table_args__ = {'useexisting':True}
208 __table_args__ = {'useexisting':True}
@@ -226,7 +240,7 b' class Repository(Base):'
226 fork = relationship('Repository', remote_side=repo_id)
240 fork = relationship('Repository', remote_side=repo_id)
227 group = relationship('Group')
241 group = relationship('Group')
228 repo_to_perm = relationship('RepoToPerm', cascade='all', order_by='RepoToPerm.repo_to_perm_id')
242 repo_to_perm = relationship('RepoToPerm', cascade='all', order_by='RepoToPerm.repo_to_perm_id')
229 users_group_to_perm = relationship('UsersGroupToPerm', cascade='all')
243 users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')
230 stats = relationship('Statistics', cascade='all', uselist=False)
244 stats = relationship('Statistics', cascade='all', uselist=False)
231
245
232 followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')
246 followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')
@@ -377,8 +391,8 b' class UserToPerm(Base):'
377 except:
391 except:
378 Session.rollback()
392 Session.rollback()
379
393
380 class UsersGroupToPerm(Base):
394 class UsersGroupRepoToPerm(Base):
381 __tablename__ = 'users_group_to_perm'
395 __tablename__ = 'users_group_repo_to_perm'
382 __table_args__ = (UniqueConstraint('users_group_id', 'permission_id'), {'useexisting':True})
396 __table_args__ = (UniqueConstraint('users_group_id', 'permission_id'), {'useexisting':True})
383 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
397 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
384 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
398 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
@@ -389,6 +403,55 b' class UsersGroupToPerm(Base):'
389 permission = relationship('Permission')
403 permission = relationship('Permission')
390 repository = relationship('Repository')
404 repository = relationship('Repository')
391
405
406
407 class UsersGroupToPerm(Base):
408 __tablename__ = 'users_group_to_perm'
409 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
410 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
411 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
412
413 users_group = relationship('UsersGroup')
414 permission = relationship('Permission')
415
416
417 @classmethod
418 def has_perm(cls, users_group_id, perm):
419 if not isinstance(perm, Permission):
420 raise Exception('perm needs to be an instance of Permission class')
421
422 return Session.query(cls).filter(cls.users_group_id ==
423 users_group_id)\
424 .filter(cls.permission == perm)\
425 .scalar() is not None
426
427 @classmethod
428 def grant_perm(cls, users_group_id, perm):
429 if not isinstance(perm, Permission):
430 raise Exception('perm needs to be an instance of Permission class')
431
432 new = cls()
433 new.users_group_id = users_group_id
434 new.permission = perm
435 try:
436 Session.add(new)
437 Session.commit()
438 except:
439 Session.rollback()
440
441
442 @classmethod
443 def revoke_perm(cls, users_group_id, perm):
444 if not isinstance(perm, Permission):
445 raise Exception('perm needs to be an instance of Permission class')
446
447 try:
448 Session.query(cls).filter(cls.users_group_id == users_group_id)\
449 .filter(cls.permission == perm).delete()
450 Session.commit()
451 except:
452 Session.rollback()
453
454
392 class GroupToPerm(Base):
455 class GroupToPerm(Base):
393 __tablename__ = 'group_to_perm'
456 __tablename__ = 'group_to_perm'
394 __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True})
457 __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True})
@@ -37,7 +37,6 b' from rhodecode.lib.exceptions import Lda'
37 from rhodecode.model import meta
37 from rhodecode.model import meta
38 from rhodecode.model.user import UserModel
38 from rhodecode.model.user import UserModel
39 from rhodecode.model.repo import RepoModel
39 from rhodecode.model.repo import RepoModel
40 from rhodecode.model.users_group import UsersGroupModel
41 from rhodecode.model.db import User, UsersGroup
40 from rhodecode.model.db import User, UsersGroup
42 from rhodecode import BACKENDS
41 from rhodecode import BACKENDS
43
42
@@ -47,9 +46,9 b' log = logging.getLogger(__name__)'
47 class State_obj(object):
46 class State_obj(object):
48 _ = staticmethod(_)
47 _ = staticmethod(_)
49
48
50 #===============================================================================
49 #==============================================================================
51 # VALIDATORS
50 # VALIDATORS
52 #===============================================================================
51 #==============================================================================
53 class ValidAuthToken(formencode.validators.FancyValidator):
52 class ValidAuthToken(formencode.validators.FancyValidator):
54 messages = {'invalid_token':_('Token mismatch')}
53 messages = {'invalid_token':_('Token mismatch')}
55
54
@@ -73,23 +72,19 b' def ValidUsername(edit, old_data):'
73 if old_un != value or not edit:
72 if old_un != value or not edit:
74 if UserModel().get_by_username(value, cache=False,
73 if UserModel().get_by_username(value, cache=False,
75 case_insensitive=True):
74 case_insensitive=True):
76 raise formencode.Invalid(_('This username already exists') ,
75 raise formencode.Invalid(_('This username already '
77 value, state)
76 'exists') , value, state)
78
79
77
80 if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
78 if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
81 raise formencode.Invalid(_('Username may only contain '
79 raise formencode.Invalid(_('Username may only contain '
82 'alphanumeric characters underscores, '
80 'alphanumeric characters '
83 'periods or dashes and must begin with '
81 'underscores, periods or dashes '
84 'alphanumeric character'),
82 'and must begin with alphanumeric '
85 value, state)
83 'character'), value, state)
86
87
88
84
89 return _ValidUsername
85 return _ValidUsername
90
86
91
87
92
93 def ValidUsersGroup(edit, old_data):
88 def ValidUsersGroup(edit, old_data):
94
89
95 class _ValidUsersGroup(formencode.validators.FancyValidator):
90 class _ValidUsersGroup(formencode.validators.FancyValidator):
@@ -100,22 +95,23 b' def ValidUsersGroup(edit, old_data):'
100 #check if group is unique
95 #check if group is unique
101 old_ugname = None
96 old_ugname = None
102 if edit:
97 if edit:
103 old_ugname = UsersGroupModel()\
98 old_ugname = UsersGroup.get(
104 .get(old_data.get('users_group_id')).users_group_name
99 old_data.get('users_group_id')).users_group_name
105
100
106 if old_ugname != value or not edit:
101 if old_ugname != value or not edit:
107 if UsersGroupModel().get_by_groupname(value, cache=False,
102 if UsersGroup.get_by_group_name(value, cache=False,
108 case_insensitive=True):
103 case_insensitive=True):
109 raise formencode.Invalid(_('This users group already exists') ,
104 raise formencode.Invalid(_('This users group '
110 value, state)
105 'already exists') , value,
106 state)
111
107
112
108
113 if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
109 if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None:
114 raise formencode.Invalid(_('Group name may only contain '
110 raise formencode.Invalid(_('Group name may only contain '
115 'alphanumeric characters underscores, '
111 'alphanumeric characters '
116 'periods or dashes and must begin with '
112 'underscores, periods or dashes '
117 'alphanumeric character'),
113 'and must begin with alphanumeric '
118 value, state)
114 'character'), value, state)
119
115
120 return _ValidUsersGroup
116 return _ValidUsersGroup
121
117
@@ -19,6 +19,7 b' Session = scoped_session('
19 )
19 )
20 )
20 )
21
21
22
22 class BaseModel(object):
23 class BaseModel(object):
23 """Base Model for all classess
24 """Base Model for all classess
24
25
@@ -66,8 +66,10 b' class PermissionModel(BaseModel):'
66
66
67 def update(self, form_result):
67 def update(self, form_result):
68 perm_user = self.sa.query(User)\
68 perm_user = self.sa.query(User)\
69 .filter(User.username == form_result['perm_user_name']).scalar()
69 .filter(User.username ==
70 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
70 form_result['perm_user_name']).scalar()
71 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
72 perm_user).all()
71 if len(u2p) != 3:
73 if len(u2p) != 3:
72 raise Exception('Defined: %s should be 3 permissions for default'
74 raise Exception('Defined: %s should be 3 permissions for default'
73 ' user. This should not happen please verify'
75 ' user. This should not happen please verify'
@@ -104,7 +106,6 b' class PermissionModel(BaseModel):'
104 perm_user.active = bool(form_result['anonymous'])
106 perm_user.active = bool(form_result['anonymous'])
105 self.sa.add(perm_user)
107 self.sa.add(perm_user)
106
108
107
108 self.sa.commit()
109 self.sa.commit()
109 except (DatabaseError,):
110 except (DatabaseError,):
110 log.error(traceback.format_exc())
111 log.error(traceback.format_exc())
@@ -36,13 +36,12 b' from vcs.backends import get_backend'
36 from rhodecode.model import BaseModel
36 from rhodecode.model import BaseModel
37 from rhodecode.model.caching_query import FromCache
37 from rhodecode.model.caching_query import FromCache
38 from rhodecode.model.db import Repository, RepoToPerm, User, Permission, \
38 from rhodecode.model.db import Repository, RepoToPerm, User, Permission, \
39 Statistics, UsersGroup, UsersGroupToPerm, RhodeCodeUi
39 Statistics, UsersGroup, UsersGroupRepoToPerm, RhodeCodeUi
40 from rhodecode.model.user import UserModel
40 from rhodecode.model.user import UserModel
41 from rhodecode.model.users_group import UsersGroupMember, UsersGroupModel
42
43
41
44 log = logging.getLogger(__name__)
42 log = logging.getLogger(__name__)
45
43
44
46 class RepoModel(BaseModel):
45 class RepoModel(BaseModel):
47
46
48 @LazyProperty
47 @LazyProperty
@@ -62,7 +61,6 b' class RepoModel(BaseModel):'
62 "get_repo_%s" % repo_id))
61 "get_repo_%s" % repo_id))
63 return repo.scalar()
62 return repo.scalar()
64
63
65
66 def get_by_repo_name(self, repo_name, cache=False):
64 def get_by_repo_name(self, repo_name, cache=False):
67 repo = self.sa.query(Repository)\
65 repo = self.sa.query(Repository)\
68 .filter(Repository.repo_name == repo_name)
66 .filter(Repository.repo_name == repo_name)
@@ -72,7 +70,6 b' class RepoModel(BaseModel):'
72 "get_repo_%s" % repo_name))
70 "get_repo_%s" % repo_name))
73 return repo.scalar()
71 return repo.scalar()
74
72
75
76 def get_full(self, repo_name, cache=False, invalidate=False):
73 def get_full(self, repo_name, cache=False, invalidate=False):
77 repo = self.sa.query(Repository)\
74 repo = self.sa.query(Repository)\
78 .options(joinedload(Repository.fork))\
75 .options(joinedload(Repository.fork))\
@@ -95,7 +92,6 b' class RepoModel(BaseModel):'
95 make_transient(attr)
92 make_transient(attr)
96 return ret
93 return ret
97
94
98
99 def get_users_js(self):
95 def get_users_js(self):
100
96
101 users = self.sa.query(User).filter(User.active == True).all()
97 users = self.sa.query(User).filter(User.active == True).all()
@@ -105,7 +101,6 b' class RepoModel(BaseModel):'
105 for u in users])
101 for u in users])
106 return users_array
102 return users_array
107
103
108
109 def get_users_groups_js(self):
104 def get_users_groups_js(self):
110 users_groups = self.sa.query(UsersGroup)\
105 users_groups = self.sa.query(UsersGroup)\
111 .filter(UsersGroup.users_group_active == True).all()
106 .filter(UsersGroup.users_group_active == True).all()
@@ -122,29 +117,30 b' class RepoModel(BaseModel):'
122 try:
117 try:
123 cur_repo = self.get_by_repo_name(repo_name, cache=False)
118 cur_repo = self.get_by_repo_name(repo_name, cache=False)
124 user_model = UserModel(self.sa)
119 user_model = UserModel(self.sa)
125 users_group_model = UsersGroupModel(self.sa)
126
120
127 #update permissions
121 #update permissions
128 for member, perm, member_type in form_data['perms_updates']:
122 for member, perm, member_type in form_data['perms_updates']:
129 if member_type == 'user':
123 if member_type == 'user':
130 r2p = self.sa.query(RepoToPerm)\
124 r2p = self.sa.query(RepoToPerm)\
131 .filter(RepoToPerm.user == user_model.get_by_username(member))\
125 .filter(RepoToPerm.user == user_model.
126 get_by_username(member))\
132 .filter(RepoToPerm.repository == cur_repo)\
127 .filter(RepoToPerm.repository == cur_repo)\
133 .one()
128 .one()
134
129
135 r2p.permission = self.sa.query(Permission)\
130 r2p.permission = self.sa.query(Permission)\
136 .filter(Permission.permission_name == perm)\
131 .filter(Permission.permission_name ==
137 .scalar()
132 perm).scalar()
138 self.sa.add(r2p)
133 self.sa.add(r2p)
139 else:
134 else:
140 g2p = self.sa.query(UsersGroupToPerm)\
135 g2p = self.sa.query(UsersGroupRepoToPerm)\
141 .filter(UsersGroupToPerm.users_group == users_group_model.get_by_groupname(member))\
136 .filter(UsersGroupRepoToPerm.users_group ==
142 .filter(UsersGroupToPerm.repository == cur_repo)\
137 UsersGroup.get_by_group_name(member))\
143 .one()
138 .filter(UsersGroupRepoToPerm.repository ==
139 cur_repo).one()
144
140
145 g2p.permission = self.sa.query(Permission)\
141 g2p.permission = self.sa.query(Permission)\
146 .filter(Permission.permission_name == perm)\
142 .filter(Permission.permission_name ==
147 .scalar()
143 perm).scalar()
148 self.sa.add(g2p)
144 self.sa.add(g2p)
149
145
150 #set new permissions
146 #set new permissions
@@ -155,17 +151,19 b' class RepoModel(BaseModel):'
155 r2p.user = user_model.get_by_username(member)
151 r2p.user = user_model.get_by_username(member)
156
152
157 r2p.permission = self.sa.query(Permission)\
153 r2p.permission = self.sa.query(Permission)\
158 .filter(Permission.permission_name == perm)\
154 .filter(Permission.
159 .scalar()
155 permission_name == perm)\
156 .scalar()
160 self.sa.add(r2p)
157 self.sa.add(r2p)
161 else:
158 else:
162 g2p = UsersGroupToPerm()
159 g2p = UsersGroupRepoToPerm()
163 g2p.repository = cur_repo
160 g2p.repository = cur_repo
164 g2p.users_group = users_group_model.get_by_groupname(member)
161 g2p.users_group = UsersGroup.get_by_group_name(member)
165
162
166 g2p.permission = self.sa.query(Permission)\
163 g2p.permission = self.sa.query(Permission)\
167 .filter(Permission.permission_name == perm)\
164 .filter(Permission.
168 .scalar()
165 permission_name == perm)\
166 .scalar()
169 self.sa.add(g2p)
167 self.sa.add(g2p)
170
168
171 #update current repo
169 #update current repo
@@ -276,10 +274,10 b' class RepoModel(BaseModel):'
276
274
277 def delete_perm_users_group(self, form_data, repo_name):
275 def delete_perm_users_group(self, form_data, repo_name):
278 try:
276 try:
279 self.sa.query(UsersGroupToPerm)\
277 self.sa.query(UsersGroupRepoToPerm)\
280 .filter(UsersGroupToPerm.repository \
278 .filter(UsersGroupRepoToPerm.repository \
281 == self.get_by_repo_name(repo_name))\
279 == self.get_by_repo_name(repo_name))\
282 .filter(UsersGroupToPerm.users_group_id \
280 .filter(UsersGroupRepoToPerm.users_group_id \
283 == form_data['users_group_id']).delete()
281 == form_data['users_group_id']).delete()
284 self.sa.commit()
282 self.sa.commit()
285 except:
283 except:
@@ -298,7 +296,6 b' class RepoModel(BaseModel):'
298 self.sa.rollback()
296 self.sa.rollback()
299 raise
297 raise
300
298
301
302 def __create_repo(self, repo_name, alias, clone_uri=False):
299 def __create_repo(self, repo_name, alias, clone_uri=False):
303 """
300 """
304 makes repository on filesystem
301 makes repository on filesystem
@@ -32,8 +32,6 b' from rhodecode.model import BaseModel'
32 from rhodecode.model.caching_query import FromCache
32 from rhodecode.model.caching_query import FromCache
33 from rhodecode.model.db import UsersGroup, UsersGroupMember
33 from rhodecode.model.db import UsersGroup, UsersGroupMember
34
34
35 from sqlalchemy.exc import DatabaseError
36
37 log = logging.getLogger(__name__)
35 log = logging.getLogger(__name__)
38
36
39
37
@@ -43,24 +41,9 b' class UsersGroupModel(BaseModel):'
43 users_group = self.sa.query(UsersGroup)
41 users_group = self.sa.query(UsersGroup)
44 if cache:
42 if cache:
45 users_group = users_group.options(FromCache("sql_cache_short",
43 users_group = users_group.options(FromCache("sql_cache_short",
46 "get_users_group_%s" % users_group_id))
44 "get_users_group_%s" % users_group_id))
47 return users_group.get(users_group_id)
45 return users_group.get(users_group_id)
48
46
49
50 def get_by_groupname(self, users_group_name, cache=False,
51 case_insensitive=False):
52
53 if case_insensitive:
54 user = self.sa.query(UsersGroup)\
55 .filter(UsersGroup.users_group_name.ilike(users_group_name))
56 else:
57 user = self.sa.query(UsersGroup)\
58 .filter(UsersGroup.users_group_name == users_group_name)
59 if cache:
60 user = user.options(FromCache("sql_cache_short",
61 "get_user_%s" % users_group_name))
62 return user.scalar()
63
64 def create(self, form_data):
47 def create(self, form_data):
65 try:
48 try:
66 new_users_group = UsersGroup()
49 new_users_group = UsersGroup()
@@ -86,8 +69,9 b' class UsersGroupModel(BaseModel):'
86 members_list = []
69 members_list = []
87 if v:
70 if v:
88 for u_id in set(v):
71 for u_id in set(v):
89 members_list.append(UsersGroupMember(users_group_id,
72 members_list.append(UsersGroupMember(
90 u_id))
73 users_group_id,
74 u_id))
91 setattr(users_group, 'members', members_list)
75 setattr(users_group, 'members', members_list)
92 setattr(users_group, k, v)
76 setattr(users_group, k, v)
93
77
@@ -247,7 +247,7 b''
247 <div class="title">
247 <div class="title">
248 <h5>${_('Permissions')}</h5>
248 <h5>${_('Permissions')}</h5>
249 </div>
249 </div>
250 ${h.form(url('xxx', id=''),method='put')}
250 ${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')}
251 <div class="form">
251 <div class="form">
252 <!-- fields -->
252 <!-- fields -->
253 <div class="fields">
253 <div class="fields">
@@ -256,7 +256,7 b''
256 <label for="">${_('Create repositories')}:</label>
256 <label for="">${_('Create repositories')}:</label>
257 </div>
257 </div>
258 <div class="checkboxes">
258 <div class="checkboxes">
259 ${h.checkbox('create',value=True)}
259 ${h.checkbox('create_repo_perm',value=True)}
260 </div>
260 </div>
261 </div>
261 </div>
262 <div class="buttons">
262 <div class="buttons">
General Comments 0
You need to be logged in to leave comments. Login now