Show More
@@ -135,8 +135,35 b' def make_map(config):' | |||||
135 | action="update_perm", conditions=dict(method=["PUT"])) |
|
135 | action="update_perm", conditions=dict(method=["PUT"])) | |
136 |
|
136 | |||
137 | #ADMIN USERS REST ROUTES |
|
137 | #ADMIN USERS REST ROUTES | |
138 | rmap.resource('users_group', 'users_groups', |
|
138 | with rmap.submapper(path_prefix='/_admin', | |
139 |
controller='admin/users_groups' |
|
139 | controller='admin/users_groups') as m: | |
|
140 | m.connect("users_groups", "/users_groups", | |||
|
141 | action="create", conditions=dict(method=["POST"])) | |||
|
142 | m.connect("users_groups", "/users_groups", | |||
|
143 | action="index", conditions=dict(method=["GET"])) | |||
|
144 | m.connect("formatted_users_groups", "/users_groups.{format}", | |||
|
145 | action="index", conditions=dict(method=["GET"])) | |||
|
146 | m.connect("new_users_group", "/users_groups/new", | |||
|
147 | action="new", conditions=dict(method=["GET"])) | |||
|
148 | m.connect("formatted_new_users_group", "/users_groups/new.{format}", | |||
|
149 | action="new", conditions=dict(method=["GET"])) | |||
|
150 | m.connect("update_users_group", "/users_groups/{id}", | |||
|
151 | action="update", conditions=dict(method=["PUT"])) | |||
|
152 | m.connect("delete_users_group", "/users_groups/{id}", | |||
|
153 | action="delete", conditions=dict(method=["DELETE"])) | |||
|
154 | m.connect("edit_users_group", "/users_groups/{id}/edit", | |||
|
155 | action="edit", conditions=dict(method=["GET"])) | |||
|
156 | m.connect("formatted_edit_users_group", | |||
|
157 | "/users_groups/{id}.{format}/edit", | |||
|
158 | action="edit", conditions=dict(method=["GET"])) | |||
|
159 | m.connect("users_group", "/users_groups/{id}", | |||
|
160 | action="show", conditions=dict(method=["GET"])) | |||
|
161 | m.connect("formatted_users_group", "/users_groups/{id}.{format}", | |||
|
162 | action="show", conditions=dict(method=["GET"])) | |||
|
163 | ||||
|
164 | #EXTRAS USER ROUTES | |||
|
165 | m.connect("users_group_perm", "/users_groups_perm/{id}", | |||
|
166 | action="update_perm", conditions=dict(method=["PUT"])) | |||
140 |
|
167 | |||
141 | #ADMIN GROUP REST ROUTES |
|
168 | #ADMIN GROUP REST ROUTES | |
142 | rmap.resource('group', 'groups', |
|
169 | rmap.resource('group', 'groups', |
@@ -36,9 +36,8 b' from rhodecode.lib import helpers as h' | |||||
36 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator |
|
36 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator | |
37 | from rhodecode.lib.base import BaseController, render |
|
37 | from rhodecode.lib.base import BaseController, render | |
38 |
|
38 | |||
39 | from rhodecode.model.db import User, UsersGroup |
|
39 | from rhodecode.model.db import User, UsersGroup, Permission, UsersGroupToPerm | |
40 | from rhodecode.model.forms import UserForm, UsersGroupForm |
|
40 | from rhodecode.model.forms import UserForm, UsersGroupForm | |
41 | from rhodecode.model.user import UserModel |
|
|||
42 | from rhodecode.model.users_group import UsersGroupModel |
|
41 | from rhodecode.model.users_group import UsersGroupModel | |
43 |
|
42 | |||
44 | log = logging.getLogger(__name__) |
|
43 | log = logging.getLogger(__name__) | |
@@ -123,10 +122,16 b' class UsersGroupsController(BaseControll' | |||||
123 | category='success') |
|
122 | category='success') | |
124 | #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa) |
|
123 | #action_logger(self.rhodecode_user, 'new_user', '', '', self.sa) | |
125 | except formencode.Invalid, errors: |
|
124 | except formencode.Invalid, errors: | |
|
125 | e = errors.error_dict or {} | |||
|
126 | ||||
|
127 | perm = Permission.get_by_key('hg.create.repository') | |||
|
128 | e.update({'create_repo_perm': | |||
|
129 | UsersGroupToPerm.has_perm(id, perm)}) | |||
|
130 | ||||
126 | return htmlfill.render( |
|
131 | return htmlfill.render( | |
127 | render('admin/users_groups/users_group_edit.html'), |
|
132 | render('admin/users_groups/users_group_edit.html'), | |
128 | defaults=errors.value, |
|
133 | defaults=errors.value, | |
129 |
errors=e |
|
134 | errors=e, | |
130 | prefix_error=False, |
|
135 | prefix_error=False, | |
131 | encoding="UTF-8") |
|
136 | encoding="UTF-8") | |
132 | except Exception: |
|
137 | except Exception: | |
@@ -171,10 +176,38 b' class UsersGroupsController(BaseControll' | |||||
171 | c.available_members = [(x.user_id, x.username) for x in |
|
176 | c.available_members = [(x.user_id, x.username) for x in | |
172 | self.sa.query(User).all()] |
|
177 | self.sa.query(User).all()] | |
173 | defaults = c.users_group.get_dict() |
|
178 | defaults = c.users_group.get_dict() | |
174 |
|
179 | perm = Permission.get_by_key('hg.create.repository') | ||
|
180 | defaults.update({'create_repo_perm': | |||
|
181 | UsersGroupToPerm.has_perm(id, perm)}) | |||
175 | return htmlfill.render( |
|
182 | return htmlfill.render( | |
176 | render('admin/users_groups/users_group_edit.html'), |
|
183 | render('admin/users_groups/users_group_edit.html'), | |
177 | defaults=defaults, |
|
184 | defaults=defaults, | |
178 | encoding="UTF-8", |
|
185 | encoding="UTF-8", | |
179 | force_defaults=False |
|
186 | force_defaults=False | |
180 | ) |
|
187 | ) | |
|
188 | ||||
|
189 | def update_perm(self, id): | |||
|
190 | """PUT /users_perm/id: Update an existing item""" | |||
|
191 | # url('users_group_perm', id=ID, method='put') | |||
|
192 | ||||
|
193 | grant_perm = request.POST.get('create_repo_perm', False) | |||
|
194 | ||||
|
195 | if grant_perm: | |||
|
196 | perm = Permission.get_by_key('hg.create.none') | |||
|
197 | UsersGroupToPerm.revoke_perm(id, perm) | |||
|
198 | ||||
|
199 | perm = Permission.get_by_key('hg.create.repository') | |||
|
200 | UsersGroupToPerm.grant_perm(id, perm) | |||
|
201 | h.flash(_("Granted 'repository create' permission to user"), | |||
|
202 | category='success') | |||
|
203 | ||||
|
204 | else: | |||
|
205 | perm = Permission.get_by_key('hg.create.repository') | |||
|
206 | UsersGroupToPerm.revoke_perm(id, perm) | |||
|
207 | ||||
|
208 | perm = Permission.get_by_key('hg.create.none') | |||
|
209 | UsersGroupToPerm.grant_perm(id, perm) | |||
|
210 | h.flash(_("Revoked 'repository create' permission to user"), | |||
|
211 | category='success') | |||
|
212 | ||||
|
213 | return redirect(url('edit_users_group', id=id)) |
@@ -43,12 +43,17 b' def upgrade(migrate_engine):' | |||||
43 | UsersGroupMember().__table__.create() |
|
43 | UsersGroupMember().__table__.create() | |
44 |
|
44 | |||
45 | #========================================================================== |
|
45 | #========================================================================== | |
|
46 | # Add table `users_group_repo_to_perm` | |||
|
47 | #========================================================================== | |||
|
48 | from rhodecode.model.db import UsersGroupRepoToPerm | |||
|
49 | UsersGroupRepoToPerm().__table__.create() | |||
|
50 | ||||
|
51 | #========================================================================== | |||
46 | # Add table `users_group_to_perm` |
|
52 | # Add table `users_group_to_perm` | |
47 | #========================================================================== |
|
53 | #========================================================================== | |
48 | from rhodecode.model.db import UsersGroupToPerm |
|
54 | from rhodecode.model.db import UsersGroupToPerm | |
49 | UsersGroupToPerm().__table__.create() |
|
55 | UsersGroupToPerm().__table__.create() | |
50 |
|
56 | |||
51 |
|
||||
52 | #========================================================================== |
|
57 | #========================================================================== | |
53 | # Upgrade of `users` table |
|
58 | # Upgrade of `users` table | |
54 | #========================================================================== |
|
59 | #========================================================================== |
@@ -47,16 +47,19 b' from rhodecode.model import meta' | |||||
47 |
|
47 | |||
48 | log = logging.getLogger(__name__) |
|
48 | log = logging.getLogger(__name__) | |
49 |
|
49 | |||
|
50 | ||||
50 | def init_model(engine): |
|
51 | def init_model(engine): | |
51 | """Initializes db session, bind the engine with the metadata, |
|
52 | """ | |
52 | Call this before using any of the tables or classes in the model, preferably |
|
53 | Initializes db session, bind the engine with the metadata, | |
53 | once in application start |
|
54 | Call this before using any of the tables or classes in the model, | |
|
55 | preferably once in application start | |||
54 |
|
56 | |||
55 | :param engine: engine to bind to |
|
57 | :param engine: engine to bind to | |
56 | """ |
|
58 | """ | |
57 | log.info("initializing db for %s", engine) |
|
59 | log.info("initializing db for %s", engine) | |
58 | meta.Base.metadata.bind = engine |
|
60 | meta.Base.metadata.bind = engine | |
59 |
|
61 | |||
|
62 | ||||
60 | class BaseModel(object): |
|
63 | class BaseModel(object): | |
61 | """Base Model for all RhodeCode models, it adds sql alchemy session |
|
64 | """Base Model for all RhodeCode models, it adds sql alchemy session | |
62 | into instance of model |
|
65 | into instance of model |
@@ -18,11 +18,13 b" The rest of what's here are standard SQL" | |||||
18 | Beaker constructs. |
|
18 | Beaker constructs. | |
19 |
|
19 | |||
20 | """ |
|
20 | """ | |
|
21 | import beaker | |||
21 | from beaker.exceptions import BeakerException |
|
22 | from beaker.exceptions import BeakerException | |
|
23 | ||||
22 | from sqlalchemy.orm.interfaces import MapperOption |
|
24 | from sqlalchemy.orm.interfaces import MapperOption | |
23 | from sqlalchemy.orm.query import Query |
|
25 | from sqlalchemy.orm.query import Query | |
24 | from sqlalchemy.sql import visitors |
|
26 | from sqlalchemy.sql import visitors | |
25 | import beaker |
|
27 | ||
26 |
|
28 | |||
27 | class CachingQuery(Query): |
|
29 | class CachingQuery(Query): | |
28 | """A Query subclass which optionally loads full results from a Beaker |
|
30 | """A Query subclass which optionally loads full results from a Beaker | |
@@ -74,7 +76,8 b' class CachingQuery(Query):' | |||||
74 |
|
76 | |||
75 | """ |
|
77 | """ | |
76 | if hasattr(self, '_cache_parameters'): |
|
78 | if hasattr(self, '_cache_parameters'): | |
77 |
return self.get_value(createfunc=lambda: |
|
79 | return self.get_value(createfunc=lambda: | |
|
80 | list(Query.__iter__(self))) | |||
78 | else: |
|
81 | else: | |
79 | return Query.__iter__(self) |
|
82 | return Query.__iter__(self) | |
80 |
|
83 | |||
@@ -103,11 +106,13 b' class CachingQuery(Query):' | |||||
103 | cache, cache_key = _get_cache_parameters(self) |
|
106 | cache, cache_key = _get_cache_parameters(self) | |
104 | cache.put(cache_key, value) |
|
107 | cache.put(cache_key, value) | |
105 |
|
108 | |||
|
109 | ||||
106 | def query_callable(manager): |
|
110 | def query_callable(manager): | |
107 | def query(*arg, **kw): |
|
111 | def query(*arg, **kw): | |
108 | return CachingQuery(manager, *arg, **kw) |
|
112 | return CachingQuery(manager, *arg, **kw) | |
109 | return query |
|
113 | return query | |
110 |
|
114 | |||
|
115 | ||||
111 | def get_cache_region(name, region): |
|
116 | def get_cache_region(name, region): | |
112 | if region not in beaker.cache.cache_regions: |
|
117 | if region not in beaker.cache.cache_regions: | |
113 | raise BeakerException('Cache region `%s` not configured ' |
|
118 | raise BeakerException('Cache region `%s` not configured ' | |
@@ -115,6 +120,7 b' def get_cache_region(name, region):' | |||||
115 | kw = beaker.cache.cache_regions[region] |
|
120 | kw = beaker.cache.cache_regions[region] | |
116 | return beaker.cache.Cache._get_cache(name, kw) |
|
121 | return beaker.cache.Cache._get_cache(name, kw) | |
117 |
|
122 | |||
|
123 | ||||
118 | def _get_cache_parameters(query): |
|
124 | def _get_cache_parameters(query): | |
119 | """For a query with cache_region and cache_namespace configured, |
|
125 | """For a query with cache_region and cache_namespace configured, | |
120 | return the correspoinding Cache instance and cache key, based |
|
126 | return the correspoinding Cache instance and cache key, based | |
@@ -122,7 +128,8 b' def _get_cache_parameters(query):' | |||||
122 |
|
128 | |||
123 | """ |
|
129 | """ | |
124 | if not hasattr(query, '_cache_parameters'): |
|
130 | if not hasattr(query, '_cache_parameters'): | |
125 |
raise ValueError("This Query does not have caching |
|
131 | raise ValueError("This Query does not have caching " | |
|
132 | "parameters configured.") | |||
126 |
|
133 | |||
127 | region, namespace, cache_key = query._cache_parameters |
|
134 | region, namespace, cache_key = query._cache_parameters | |
128 |
|
135 | |||
@@ -142,6 +149,7 b' def _get_cache_parameters(query):' | |||||
142 |
|
149 | |||
143 | return cache, cache_key |
|
150 | return cache, cache_key | |
144 |
|
151 | |||
|
152 | ||||
145 | def _namespace_from_query(namespace, query): |
|
153 | def _namespace_from_query(namespace, query): | |
146 | # cache namespace - the token handed in by the |
|
154 | # cache namespace - the token handed in by the | |
147 | # option + class we're querying against |
|
155 | # option + class we're querying against | |
@@ -152,6 +160,7 b' def _namespace_from_query(namespace, que' | |||||
152 |
|
160 | |||
153 | return namespace |
|
161 | return namespace | |
154 |
|
162 | |||
|
163 | ||||
155 | def _set_cache_parameters(query, region, namespace, cache_key): |
|
164 | def _set_cache_parameters(query, region, namespace, cache_key): | |
156 |
|
165 | |||
157 | if hasattr(query, '_cache_parameters'): |
|
166 | if hasattr(query, '_cache_parameters'): | |
@@ -162,6 +171,7 b' def _set_cache_parameters(query, region,' | |||||
162 | ) |
|
171 | ) | |
163 | query._cache_parameters = region, namespace, cache_key |
|
172 | query._cache_parameters = region, namespace, cache_key | |
164 |
|
173 | |||
|
174 | ||||
165 | class FromCache(MapperOption): |
|
175 | class FromCache(MapperOption): | |
166 | """Specifies that a Query should load results from a cache.""" |
|
176 | """Specifies that a Query should load results from a cache.""" | |
167 |
|
177 | |||
@@ -191,7 +201,9 b' class FromCache(MapperOption):' | |||||
191 | def process_query(self, query): |
|
201 | def process_query(self, query): | |
192 | """Process a Query during normal loading operation.""" |
|
202 | """Process a Query during normal loading operation.""" | |
193 |
|
203 | |||
194 |
_set_cache_parameters(query, self.region, self.namespace, |
|
204 | _set_cache_parameters(query, self.region, self.namespace, | |
|
205 | self.cache_key) | |||
|
206 | ||||
195 |
|
207 | |||
196 | class RelationshipCache(MapperOption): |
|
208 | class RelationshipCache(MapperOption): | |
197 | """Specifies that a Query as called within a "lazy load" |
|
209 | """Specifies that a Query as called within a "lazy load" | |
@@ -217,7 +229,7 b' class RelationshipCache(MapperOption):' | |||||
217 | self.region = region |
|
229 | self.region = region | |
218 | self.namespace = namespace |
|
230 | self.namespace = namespace | |
219 | self._relationship_options = { |
|
231 | self._relationship_options = { | |
220 |
(attribute.property.parent.class_, attribute.property.key) |
|
232 | (attribute.property.parent.class_, attribute.property.key): self | |
221 | } |
|
233 | } | |
222 |
|
234 | |||
223 | def process_query_conditionally(self, query): |
|
235 | def process_query_conditionally(self, query): | |
@@ -232,7 +244,8 b' class RelationshipCache(MapperOption):' | |||||
232 |
|
244 | |||
233 | for cls in mapper.class_.__mro__: |
|
245 | for cls in mapper.class_.__mro__: | |
234 | if (cls, key) in self._relationship_options: |
|
246 | if (cls, key) in self._relationship_options: | |
235 |
relationship_option = |
|
247 | relationship_option = \ | |
|
248 | self._relationship_options[(cls, key)] | |||
236 | _set_cache_parameters( |
|
249 | _set_cache_parameters( | |
237 | query, |
|
250 | query, | |
238 | relationship_option.region, |
|
251 | relationship_option.region, | |
@@ -261,6 +274,7 b' def _params_from_query(query):' | |||||
261 |
|
274 | |||
262 | """ |
|
275 | """ | |
263 | v = [] |
|
276 | v = [] | |
|
277 | ||||
264 | def visit_bindparam(bind): |
|
278 | def visit_bindparam(bind): | |
265 | value = query._params.get(bind.key, bind.value) |
|
279 | value = query._params.get(bind.key, bind.value) | |
266 |
|
280 | |||
@@ -272,5 +286,5 b' def _params_from_query(query):' | |||||
272 |
|
286 | |||
273 | v.append(value) |
|
287 | v.append(value) | |
274 | if query._criterion is not None: |
|
288 | if query._criterion is not None: | |
275 | visitors.traverse(query._criterion, {}, {'bindparam':visit_bindparam}) |
|
289 | visitors.traverse(query._criterion, {}, {'bindparam': visit_bindparam}) | |
276 | return v |
|
290 | return v |
@@ -189,6 +189,20 b' class UsersGroup(Base):' | |||||
189 |
|
189 | |||
190 | members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined") |
|
190 | members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined") | |
191 |
|
191 | |||
|
192 | ||||
|
193 | @classmethod | |||
|
194 | def get_by_group_name(cls, group_name, cache=False, case_insensitive=False): | |||
|
195 | if case_insensitive: | |||
|
196 | gr = Session.query(cls)\ | |||
|
197 | .filter(cls.users_group_name.ilike(group_name)) | |||
|
198 | else: | |||
|
199 | gr = Session.query(UsersGroup)\ | |||
|
200 | .filter(UsersGroup.users_group_name == group_name) | |||
|
201 | if cache: | |||
|
202 | gr = gr.options(FromCache("sql_cache_short", | |||
|
203 | "get_user_%s" % group_name)) | |||
|
204 | return gr.scalar() | |||
|
205 | ||||
192 | class UsersGroupMember(Base): |
|
206 | class UsersGroupMember(Base): | |
193 | __tablename__ = 'users_groups_members' |
|
207 | __tablename__ = 'users_groups_members' | |
194 | __table_args__ = {'useexisting':True} |
|
208 | __table_args__ = {'useexisting':True} | |
@@ -226,7 +240,7 b' class Repository(Base):' | |||||
226 | fork = relationship('Repository', remote_side=repo_id) |
|
240 | fork = relationship('Repository', remote_side=repo_id) | |
227 | group = relationship('Group') |
|
241 | group = relationship('Group') | |
228 | repo_to_perm = relationship('RepoToPerm', cascade='all', order_by='RepoToPerm.repo_to_perm_id') |
|
242 | repo_to_perm = relationship('RepoToPerm', cascade='all', order_by='RepoToPerm.repo_to_perm_id') | |
229 | users_group_to_perm = relationship('UsersGroupToPerm', cascade='all') |
|
243 | users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all') | |
230 | stats = relationship('Statistics', cascade='all', uselist=False) |
|
244 | stats = relationship('Statistics', cascade='all', uselist=False) | |
231 |
|
245 | |||
232 | followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all') |
|
246 | followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all') | |
@@ -377,8 +391,8 b' class UserToPerm(Base):' | |||||
377 | except: |
|
391 | except: | |
378 | Session.rollback() |
|
392 | Session.rollback() | |
379 |
|
393 | |||
380 | class UsersGroupToPerm(Base): |
|
394 | class UsersGroupRepoToPerm(Base): | |
381 | __tablename__ = 'users_group_to_perm' |
|
395 | __tablename__ = 'users_group_repo_to_perm' | |
382 | __table_args__ = (UniqueConstraint('users_group_id', 'permission_id'), {'useexisting':True}) |
|
396 | __table_args__ = (UniqueConstraint('users_group_id', 'permission_id'), {'useexisting':True}) | |
383 | users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) |
|
397 | users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |
384 | users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None) |
|
398 | users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None) | |
@@ -389,6 +403,55 b' class UsersGroupToPerm(Base):' | |||||
389 | permission = relationship('Permission') |
|
403 | permission = relationship('Permission') | |
390 | repository = relationship('Repository') |
|
404 | repository = relationship('Repository') | |
391 |
|
405 | |||
|
406 | ||||
|
407 | class UsersGroupToPerm(Base): | |||
|
408 | __tablename__ = 'users_group_to_perm' | |||
|
409 | users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True) | |||
|
410 | users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None) | |||
|
411 | permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None) | |||
|
412 | ||||
|
413 | users_group = relationship('UsersGroup') | |||
|
414 | permission = relationship('Permission') | |||
|
415 | ||||
|
416 | ||||
|
417 | @classmethod | |||
|
418 | def has_perm(cls, users_group_id, perm): | |||
|
419 | if not isinstance(perm, Permission): | |||
|
420 | raise Exception('perm needs to be an instance of Permission class') | |||
|
421 | ||||
|
422 | return Session.query(cls).filter(cls.users_group_id == | |||
|
423 | users_group_id)\ | |||
|
424 | .filter(cls.permission == perm)\ | |||
|
425 | .scalar() is not None | |||
|
426 | ||||
|
427 | @classmethod | |||
|
428 | def grant_perm(cls, users_group_id, perm): | |||
|
429 | if not isinstance(perm, Permission): | |||
|
430 | raise Exception('perm needs to be an instance of Permission class') | |||
|
431 | ||||
|
432 | new = cls() | |||
|
433 | new.users_group_id = users_group_id | |||
|
434 | new.permission = perm | |||
|
435 | try: | |||
|
436 | Session.add(new) | |||
|
437 | Session.commit() | |||
|
438 | except: | |||
|
439 | Session.rollback() | |||
|
440 | ||||
|
441 | ||||
|
442 | @classmethod | |||
|
443 | def revoke_perm(cls, users_group_id, perm): | |||
|
444 | if not isinstance(perm, Permission): | |||
|
445 | raise Exception('perm needs to be an instance of Permission class') | |||
|
446 | ||||
|
447 | try: | |||
|
448 | Session.query(cls).filter(cls.users_group_id == users_group_id)\ | |||
|
449 | .filter(cls.permission == perm).delete() | |||
|
450 | Session.commit() | |||
|
451 | except: | |||
|
452 | Session.rollback() | |||
|
453 | ||||
|
454 | ||||
392 | class GroupToPerm(Base): |
|
455 | class GroupToPerm(Base): | |
393 | __tablename__ = 'group_to_perm' |
|
456 | __tablename__ = 'group_to_perm' | |
394 | __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True}) |
|
457 | __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True}) |
@@ -37,7 +37,6 b' from rhodecode.lib.exceptions import Lda' | |||||
37 | from rhodecode.model import meta |
|
37 | from rhodecode.model import meta | |
38 | from rhodecode.model.user import UserModel |
|
38 | from rhodecode.model.user import UserModel | |
39 | from rhodecode.model.repo import RepoModel |
|
39 | from rhodecode.model.repo import RepoModel | |
40 | from rhodecode.model.users_group import UsersGroupModel |
|
|||
41 | from rhodecode.model.db import User, UsersGroup |
|
40 | from rhodecode.model.db import User, UsersGroup | |
42 | from rhodecode import BACKENDS |
|
41 | from rhodecode import BACKENDS | |
43 |
|
42 | |||
@@ -47,9 +46,9 b' log = logging.getLogger(__name__)' | |||||
47 | class State_obj(object): |
|
46 | class State_obj(object): | |
48 | _ = staticmethod(_) |
|
47 | _ = staticmethod(_) | |
49 |
|
48 | |||
50 |
#============================================================================== |
|
49 | #============================================================================== | |
51 | # VALIDATORS |
|
50 | # VALIDATORS | |
52 |
#============================================================================== |
|
51 | #============================================================================== | |
53 | class ValidAuthToken(formencode.validators.FancyValidator): |
|
52 | class ValidAuthToken(formencode.validators.FancyValidator): | |
54 | messages = {'invalid_token':_('Token mismatch')} |
|
53 | messages = {'invalid_token':_('Token mismatch')} | |
55 |
|
54 | |||
@@ -73,23 +72,19 b' def ValidUsername(edit, old_data):' | |||||
73 | if old_un != value or not edit: |
|
72 | if old_un != value or not edit: | |
74 | if UserModel().get_by_username(value, cache=False, |
|
73 | if UserModel().get_by_username(value, cache=False, | |
75 | case_insensitive=True): |
|
74 | case_insensitive=True): | |
76 |
raise formencode.Invalid(_('This username already |
|
75 | raise formencode.Invalid(_('This username already ' | |
77 | value, state) |
|
76 | 'exists') , value, state) | |
78 |
|
||||
79 |
|
77 | |||
80 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: |
|
78 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: | |
81 | raise formencode.Invalid(_('Username may only contain ' |
|
79 | raise formencode.Invalid(_('Username may only contain ' | |
82 |
'alphanumeric characters |
|
80 | 'alphanumeric characters ' | |
83 |
'periods or dashes |
|
81 | 'underscores, periods or dashes ' | |
84 |
'alphanumeric |
|
82 | 'and must begin with alphanumeric ' | |
85 | value, state) |
|
83 | 'character'), value, state) | |
86 |
|
||||
87 |
|
||||
88 |
|
84 | |||
89 | return _ValidUsername |
|
85 | return _ValidUsername | |
90 |
|
86 | |||
91 |
|
87 | |||
92 |
|
||||
93 | def ValidUsersGroup(edit, old_data): |
|
88 | def ValidUsersGroup(edit, old_data): | |
94 |
|
89 | |||
95 | class _ValidUsersGroup(formencode.validators.FancyValidator): |
|
90 | class _ValidUsersGroup(formencode.validators.FancyValidator): | |
@@ -100,22 +95,23 b' def ValidUsersGroup(edit, old_data):' | |||||
100 | #check if group is unique |
|
95 | #check if group is unique | |
101 | old_ugname = None |
|
96 | old_ugname = None | |
102 | if edit: |
|
97 | if edit: | |
103 |
old_ugname = UsersGroup |
|
98 | old_ugname = UsersGroup.get( | |
104 |
|
|
99 | old_data.get('users_group_id')).users_group_name | |
105 |
|
100 | |||
106 | if old_ugname != value or not edit: |
|
101 | if old_ugname != value or not edit: | |
107 |
if UsersGroup |
|
102 | if UsersGroup.get_by_group_name(value, cache=False, | |
108 | case_insensitive=True): |
|
103 | case_insensitive=True): | |
109 |
raise formencode.Invalid(_('This users group |
|
104 | raise formencode.Invalid(_('This users group ' | |
110 |
value, |
|
105 | 'already exists') , value, | |
|
106 | state) | |||
111 |
|
107 | |||
112 |
|
108 | |||
113 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: |
|
109 | if re.match(r'^[a-zA-Z0-9]{1}[a-zA-Z0-9\-\_\.]+$', value) is None: | |
114 | raise formencode.Invalid(_('Group name may only contain ' |
|
110 | raise formencode.Invalid(_('Group name may only contain ' | |
115 |
'alphanumeric characters |
|
111 | 'alphanumeric characters ' | |
116 |
'periods or dashes |
|
112 | 'underscores, periods or dashes ' | |
117 |
'alphanumeric |
|
113 | 'and must begin with alphanumeric ' | |
118 | value, state) |
|
114 | 'character'), value, state) | |
119 |
|
115 | |||
120 | return _ValidUsersGroup |
|
116 | return _ValidUsersGroup | |
121 |
|
117 |
@@ -19,6 +19,7 b' Session = scoped_session(' | |||||
19 | ) |
|
19 | ) | |
20 | ) |
|
20 | ) | |
21 |
|
21 | |||
|
22 | ||||
22 | class BaseModel(object): |
|
23 | class BaseModel(object): | |
23 | """Base Model for all classess |
|
24 | """Base Model for all classess | |
24 |
|
25 |
@@ -66,8 +66,10 b' class PermissionModel(BaseModel):' | |||||
66 |
|
66 | |||
67 | def update(self, form_result): |
|
67 | def update(self, form_result): | |
68 | perm_user = self.sa.query(User)\ |
|
68 | perm_user = self.sa.query(User)\ | |
69 |
.filter(User.username == |
|
69 | .filter(User.username == | |
70 | u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all() |
|
70 | form_result['perm_user_name']).scalar() | |
|
71 | u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == | |||
|
72 | perm_user).all() | |||
71 | if len(u2p) != 3: |
|
73 | if len(u2p) != 3: | |
72 | raise Exception('Defined: %s should be 3 permissions for default' |
|
74 | raise Exception('Defined: %s should be 3 permissions for default' | |
73 | ' user. This should not happen please verify' |
|
75 | ' user. This should not happen please verify' | |
@@ -104,7 +106,6 b' class PermissionModel(BaseModel):' | |||||
104 | perm_user.active = bool(form_result['anonymous']) |
|
106 | perm_user.active = bool(form_result['anonymous']) | |
105 | self.sa.add(perm_user) |
|
107 | self.sa.add(perm_user) | |
106 |
|
108 | |||
107 |
|
||||
108 | self.sa.commit() |
|
109 | self.sa.commit() | |
109 | except (DatabaseError,): |
|
110 | except (DatabaseError,): | |
110 | log.error(traceback.format_exc()) |
|
111 | log.error(traceback.format_exc()) |
@@ -36,13 +36,12 b' from vcs.backends import get_backend' | |||||
36 | from rhodecode.model import BaseModel |
|
36 | from rhodecode.model import BaseModel | |
37 | from rhodecode.model.caching_query import FromCache |
|
37 | from rhodecode.model.caching_query import FromCache | |
38 | from rhodecode.model.db import Repository, RepoToPerm, User, Permission, \ |
|
38 | from rhodecode.model.db import Repository, RepoToPerm, User, Permission, \ | |
39 | Statistics, UsersGroup, UsersGroupToPerm, RhodeCodeUi |
|
39 | Statistics, UsersGroup, UsersGroupRepoToPerm, RhodeCodeUi | |
40 | from rhodecode.model.user import UserModel |
|
40 | from rhodecode.model.user import UserModel | |
41 | from rhodecode.model.users_group import UsersGroupMember, UsersGroupModel |
|
|||
42 |
|
||||
43 |
|
41 | |||
44 | log = logging.getLogger(__name__) |
|
42 | log = logging.getLogger(__name__) | |
45 |
|
43 | |||
|
44 | ||||
46 | class RepoModel(BaseModel): |
|
45 | class RepoModel(BaseModel): | |
47 |
|
46 | |||
48 | @LazyProperty |
|
47 | @LazyProperty | |
@@ -62,7 +61,6 b' class RepoModel(BaseModel):' | |||||
62 | "get_repo_%s" % repo_id)) |
|
61 | "get_repo_%s" % repo_id)) | |
63 | return repo.scalar() |
|
62 | return repo.scalar() | |
64 |
|
63 | |||
65 |
|
||||
66 | def get_by_repo_name(self, repo_name, cache=False): |
|
64 | def get_by_repo_name(self, repo_name, cache=False): | |
67 | repo = self.sa.query(Repository)\ |
|
65 | repo = self.sa.query(Repository)\ | |
68 | .filter(Repository.repo_name == repo_name) |
|
66 | .filter(Repository.repo_name == repo_name) | |
@@ -72,7 +70,6 b' class RepoModel(BaseModel):' | |||||
72 | "get_repo_%s" % repo_name)) |
|
70 | "get_repo_%s" % repo_name)) | |
73 | return repo.scalar() |
|
71 | return repo.scalar() | |
74 |
|
72 | |||
75 |
|
||||
76 | def get_full(self, repo_name, cache=False, invalidate=False): |
|
73 | def get_full(self, repo_name, cache=False, invalidate=False): | |
77 | repo = self.sa.query(Repository)\ |
|
74 | repo = self.sa.query(Repository)\ | |
78 | .options(joinedload(Repository.fork))\ |
|
75 | .options(joinedload(Repository.fork))\ | |
@@ -95,7 +92,6 b' class RepoModel(BaseModel):' | |||||
95 | make_transient(attr) |
|
92 | make_transient(attr) | |
96 | return ret |
|
93 | return ret | |
97 |
|
94 | |||
98 |
|
||||
99 | def get_users_js(self): |
|
95 | def get_users_js(self): | |
100 |
|
96 | |||
101 | users = self.sa.query(User).filter(User.active == True).all() |
|
97 | users = self.sa.query(User).filter(User.active == True).all() | |
@@ -105,7 +101,6 b' class RepoModel(BaseModel):' | |||||
105 | for u in users]) |
|
101 | for u in users]) | |
106 | return users_array |
|
102 | return users_array | |
107 |
|
103 | |||
108 |
|
||||
109 | def get_users_groups_js(self): |
|
104 | def get_users_groups_js(self): | |
110 | users_groups = self.sa.query(UsersGroup)\ |
|
105 | users_groups = self.sa.query(UsersGroup)\ | |
111 | .filter(UsersGroup.users_group_active == True).all() |
|
106 | .filter(UsersGroup.users_group_active == True).all() | |
@@ -122,29 +117,30 b' class RepoModel(BaseModel):' | |||||
122 | try: |
|
117 | try: | |
123 | cur_repo = self.get_by_repo_name(repo_name, cache=False) |
|
118 | cur_repo = self.get_by_repo_name(repo_name, cache=False) | |
124 | user_model = UserModel(self.sa) |
|
119 | user_model = UserModel(self.sa) | |
125 | users_group_model = UsersGroupModel(self.sa) |
|
|||
126 |
|
120 | |||
127 | #update permissions |
|
121 | #update permissions | |
128 | for member, perm, member_type in form_data['perms_updates']: |
|
122 | for member, perm, member_type in form_data['perms_updates']: | |
129 | if member_type == 'user': |
|
123 | if member_type == 'user': | |
130 | r2p = self.sa.query(RepoToPerm)\ |
|
124 | r2p = self.sa.query(RepoToPerm)\ | |
131 |
.filter(RepoToPerm.user == user_model. |
|
125 | .filter(RepoToPerm.user == user_model. | |
|
126 | get_by_username(member))\ | |||
132 | .filter(RepoToPerm.repository == cur_repo)\ |
|
127 | .filter(RepoToPerm.repository == cur_repo)\ | |
133 | .one() |
|
128 | .one() | |
134 |
|
129 | |||
135 | r2p.permission = self.sa.query(Permission)\ |
|
130 | r2p.permission = self.sa.query(Permission)\ | |
136 |
.filter(Permission.permission_name == |
|
131 | .filter(Permission.permission_name == | |
137 | .scalar() |
|
132 | perm).scalar() | |
138 | self.sa.add(r2p) |
|
133 | self.sa.add(r2p) | |
139 | else: |
|
134 | else: | |
140 | g2p = self.sa.query(UsersGroupToPerm)\ |
|
135 | g2p = self.sa.query(UsersGroupRepoToPerm)\ | |
141 |
.filter(UsersGroupToPerm.users_group == |
|
136 | .filter(UsersGroupRepoToPerm.users_group == | |
142 | .filter(UsersGroupToPerm.repository == cur_repo)\ |
|
137 | UsersGroup.get_by_group_name(member))\ | |
143 | .one() |
|
138 | .filter(UsersGroupRepoToPerm.repository == | |
|
139 | cur_repo).one() | |||
144 |
|
140 | |||
145 | g2p.permission = self.sa.query(Permission)\ |
|
141 | g2p.permission = self.sa.query(Permission)\ | |
146 |
.filter(Permission.permission_name == |
|
142 | .filter(Permission.permission_name == | |
147 | .scalar() |
|
143 | perm).scalar() | |
148 | self.sa.add(g2p) |
|
144 | self.sa.add(g2p) | |
149 |
|
145 | |||
150 | #set new permissions |
|
146 | #set new permissions | |
@@ -155,17 +151,19 b' class RepoModel(BaseModel):' | |||||
155 | r2p.user = user_model.get_by_username(member) |
|
151 | r2p.user = user_model.get_by_username(member) | |
156 |
|
152 | |||
157 | r2p.permission = self.sa.query(Permission)\ |
|
153 | r2p.permission = self.sa.query(Permission)\ | |
158 |
.filter(Permission. |
|
154 | .filter(Permission. | |
159 |
|
|
155 | permission_name == perm)\ | |
|
156 | .scalar() | |||
160 | self.sa.add(r2p) |
|
157 | self.sa.add(r2p) | |
161 | else: |
|
158 | else: | |
162 | g2p = UsersGroupToPerm() |
|
159 | g2p = UsersGroupRepoToPerm() | |
163 | g2p.repository = cur_repo |
|
160 | g2p.repository = cur_repo | |
164 |
g2p.users_group = |
|
161 | g2p.users_group = UsersGroup.get_by_group_name(member) | |
165 |
|
162 | |||
166 | g2p.permission = self.sa.query(Permission)\ |
|
163 | g2p.permission = self.sa.query(Permission)\ | |
167 |
.filter(Permission. |
|
164 | .filter(Permission. | |
168 |
|
|
165 | permission_name == perm)\ | |
|
166 | .scalar() | |||
169 | self.sa.add(g2p) |
|
167 | self.sa.add(g2p) | |
170 |
|
168 | |||
171 | #update current repo |
|
169 | #update current repo | |
@@ -276,10 +274,10 b' class RepoModel(BaseModel):' | |||||
276 |
|
274 | |||
277 | def delete_perm_users_group(self, form_data, repo_name): |
|
275 | def delete_perm_users_group(self, form_data, repo_name): | |
278 | try: |
|
276 | try: | |
279 | self.sa.query(UsersGroupToPerm)\ |
|
277 | self.sa.query(UsersGroupRepoToPerm)\ | |
280 | .filter(UsersGroupToPerm.repository \ |
|
278 | .filter(UsersGroupRepoToPerm.repository \ | |
281 | == self.get_by_repo_name(repo_name))\ |
|
279 | == self.get_by_repo_name(repo_name))\ | |
282 | .filter(UsersGroupToPerm.users_group_id \ |
|
280 | .filter(UsersGroupRepoToPerm.users_group_id \ | |
283 | == form_data['users_group_id']).delete() |
|
281 | == form_data['users_group_id']).delete() | |
284 | self.sa.commit() |
|
282 | self.sa.commit() | |
285 | except: |
|
283 | except: | |
@@ -298,7 +296,6 b' class RepoModel(BaseModel):' | |||||
298 | self.sa.rollback() |
|
296 | self.sa.rollback() | |
299 | raise |
|
297 | raise | |
300 |
|
298 | |||
301 |
|
||||
302 | def __create_repo(self, repo_name, alias, clone_uri=False): |
|
299 | def __create_repo(self, repo_name, alias, clone_uri=False): | |
303 | """ |
|
300 | """ | |
304 | makes repository on filesystem |
|
301 | makes repository on filesystem |
@@ -32,8 +32,6 b' from rhodecode.model import BaseModel' | |||||
32 | from rhodecode.model.caching_query import FromCache |
|
32 | from rhodecode.model.caching_query import FromCache | |
33 | from rhodecode.model.db import UsersGroup, UsersGroupMember |
|
33 | from rhodecode.model.db import UsersGroup, UsersGroupMember | |
34 |
|
34 | |||
35 | from sqlalchemy.exc import DatabaseError |
|
|||
36 |
|
||||
37 | log = logging.getLogger(__name__) |
|
35 | log = logging.getLogger(__name__) | |
38 |
|
36 | |||
39 |
|
37 | |||
@@ -43,24 +41,9 b' class UsersGroupModel(BaseModel):' | |||||
43 | users_group = self.sa.query(UsersGroup) |
|
41 | users_group = self.sa.query(UsersGroup) | |
44 | if cache: |
|
42 | if cache: | |
45 | users_group = users_group.options(FromCache("sql_cache_short", |
|
43 | users_group = users_group.options(FromCache("sql_cache_short", | |
46 |
|
|
44 | "get_users_group_%s" % users_group_id)) | |
47 | return users_group.get(users_group_id) |
|
45 | return users_group.get(users_group_id) | |
48 |
|
46 | |||
49 |
|
||||
50 | def get_by_groupname(self, users_group_name, cache=False, |
|
|||
51 | case_insensitive=False): |
|
|||
52 |
|
||||
53 | if case_insensitive: |
|
|||
54 | user = self.sa.query(UsersGroup)\ |
|
|||
55 | .filter(UsersGroup.users_group_name.ilike(users_group_name)) |
|
|||
56 | else: |
|
|||
57 | user = self.sa.query(UsersGroup)\ |
|
|||
58 | .filter(UsersGroup.users_group_name == users_group_name) |
|
|||
59 | if cache: |
|
|||
60 | user = user.options(FromCache("sql_cache_short", |
|
|||
61 | "get_user_%s" % users_group_name)) |
|
|||
62 | return user.scalar() |
|
|||
63 |
|
||||
64 | def create(self, form_data): |
|
47 | def create(self, form_data): | |
65 | try: |
|
48 | try: | |
66 | new_users_group = UsersGroup() |
|
49 | new_users_group = UsersGroup() | |
@@ -86,8 +69,9 b' class UsersGroupModel(BaseModel):' | |||||
86 | members_list = [] |
|
69 | members_list = [] | |
87 | if v: |
|
70 | if v: | |
88 | for u_id in set(v): |
|
71 | for u_id in set(v): | |
89 |
members_list.append(UsersGroupMember( |
|
72 | members_list.append(UsersGroupMember( | |
90 |
|
|
73 | users_group_id, | |
|
74 | u_id)) | |||
91 | setattr(users_group, 'members', members_list) |
|
75 | setattr(users_group, 'members', members_list) | |
92 | setattr(users_group, k, v) |
|
76 | setattr(users_group, k, v) | |
93 |
|
77 |
@@ -247,7 +247,7 b'' | |||||
247 | <div class="title"> |
|
247 | <div class="title"> | |
248 | <h5>${_('Permissions')}</h5> |
|
248 | <h5>${_('Permissions')}</h5> | |
249 | </div> |
|
249 | </div> | |
250 |
${h.form(url(' |
|
250 | ${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')} | |
251 | <div class="form"> |
|
251 | <div class="form"> | |
252 | <!-- fields --> |
|
252 | <!-- fields --> | |
253 | <div class="fields"> |
|
253 | <div class="fields"> | |
@@ -256,7 +256,7 b'' | |||||
256 | <label for="">${_('Create repositories')}:</label> |
|
256 | <label for="">${_('Create repositories')}:</label> | |
257 | </div> |
|
257 | </div> | |
258 | <div class="checkboxes"> |
|
258 | <div class="checkboxes"> | |
259 | ${h.checkbox('create',value=True)} |
|
259 | ${h.checkbox('create_repo_perm',value=True)} | |
260 | </div> |
|
260 | </div> | |
261 | </div> |
|
261 | </div> | |
262 | <div class="buttons"> |
|
262 | <div class="buttons"> |
General Comments 0
You need to be logged in to leave comments.
Login now