##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

fixed default permissions population during upgrades...
marcink -
r3733:af049a95 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -44,6 +44,7 b' from rhodecode.model.repos_group import '
44 44 #from rhodecode.model import meta
45 45 from rhodecode.model.meta import Session, Base
46 46 from rhodecode.model.repo import RepoModel
47 from rhodecode.model.permission import PermissionModel
47 48
48 49
49 50 log = logging.getLogger(__name__)
@@ -550,7 +551,7 b' class DbManage(object):'
550 551 u2p = UserToPerm.query()\
551 552 .filter(UserToPerm.user == default_user).all()
552 553 fixed = False
553 if len(u2p) != len(User.DEFAULT_PERMISSIONS):
554 if len(u2p) != len(Permission.DEFAULT_USER_PERMISSIONS):
554 555 for p in u2p:
555 556 Session().delete(p)
556 557 fixed = True
@@ -682,6 +683,9 b' class DbManage(object):'
682 683 firstname='Anonymous', lastname='User')
683 684
684 685 def create_permissions(self):
686 """
687 Creates all permissions defined in the system
688 """
685 689 # module.(access|create|change|delete)_[name]
686 690 # module.(none|read|write|admin)
687 691
@@ -693,27 +697,12 b' class DbManage(object):'
693 697 self.sa.add(new_perm)
694 698
695 699 def populate_default_permissions(self):
700 """
701 Populate default permissions. It will create only the default
702 permissions that are missing, and not alter already defined ones
703 """
696 704 log.info('creating default user permissions')
697
698 default_user = User.get_by_username('default')
699
700 for def_perm in User.DEFAULT_PERMISSIONS:
701
702 perm = self.sa.query(Permission)\
703 .filter(Permission.permission_name == def_perm)\
704 .scalar()
705 if not perm:
706 raise Exception(
707 'CRITICAL: permission %s not found inside database !!'
708 % def_perm
709 )
710 if not UserToPerm.query()\
711 .filter(UserToPerm.permission == perm)\
712 .filter(UserToPerm.user == default_user).scalar():
713 reg_perm = UserToPerm()
714 reg_perm.user = default_user
715 reg_perm.permission = perm
716 self.sa.add(reg_perm)
705 PermissionModel(self.sa).create_default_permissions(user=User.DEFAULT_USER)
717 706
718 707 @staticmethod
719 708 def check_waitress():
Show file before | Show file after | Hide comments
@@ -320,10 +320,7 b' class User(Base, BaseModel):'
320 320 'mysql_charset': 'utf8'}
321 321 )
322 322 DEFAULT_USER = 'default'
323 DEFAULT_PERMISSIONS = [
324 'hg.register.manual_activate', 'hg.create.repository',
325 'hg.fork.repository', 'repository.read', 'group.read'
326 ]
323
327 324 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
328 325 username = Column("username", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
329 326 password = Column("password", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
@@ -502,6 +499,13 b' class User(Base, BaseModel):'
502 499 raise Exception('Missing administrative account!')
503 500 return user
504 501
502 @classmethod
503 def get_default_user(cls, cache=False):
504 user = User.get_by_username(User.DEFAULT_USER, cache=cache)
505 if user is None:
506 raise Exception('Missing default account!')
507 return user
508
505 509 def get_api_data(self):
506 510 """
507 511 Common function for generating user related data for API
@@ -1405,6 +1409,8 b' class Permission(Base, BaseModel):'
1405 1409 'mysql_charset': 'utf8'},
1406 1410 )
1407 1411 PERMS = [
1412 ('hg.admin', _('RhodeCode Administrator')),
1413
1408 1414 ('repository.none', _('Repository no access')),
1409 1415 ('repository.read', _('Repository read access')),
1410 1416 ('repository.write', _('Repository write access')),
@@ -1420,11 +1426,12 b' class Permission(Base, BaseModel):'
1420 1426 ('usergroup.write', _('User group write access')),
1421 1427 ('usergroup.admin', _('User group admin access')),
1422 1428
1423 ('hg.admin', _('RhodeCode Administrator')),
1424 1429 ('hg.create.none', _('Repository creation disabled')),
1425 1430 ('hg.create.repository', _('Repository creation enabled')),
1431
1426 1432 ('hg.fork.none', _('Repository forking disabled')),
1427 1433 ('hg.fork.repository', _('Repository forking enabled')),
1434
1428 1435 ('hg.register.none', _('Register disabled')),
1429 1436 ('hg.register.manual_activate', _('Register new user with RhodeCode '
1430 1437 'with manual activation')),
@@ -1433,6 +1440,16 b' class Permission(Base, BaseModel):'
1433 1440 'with auto activation')),
1434 1441 ]
1435 1442
1443 #definition of system default permissions for DEFAULT user
1444 DEFAULT_USER_PERMISSIONS = [
1445 'repository.read',
1446 'group.read',
1447 'usergroup.read',
1448 'hg.create.repository',
1449 'hg.fork.repository',
1450 'hg.register.manual_activate',
1451 ]
1452
1436 1453 # defines which permissions are more important higher the more important
1437 1454 PERM_WEIGHTS = {
1438 1455 'repository.none': 0,
Show file before | Show file after | Hide comments
@@ -43,11 +43,49 b' class PermissionModel(BaseModel):'
43 43
44 44 cls = Permission
45 45
46 def create_default_permissions(self, user):
47 """
48 Creates only missing default permissions for user
49
50 :param user:
51 """
52 user = self._get_user(user)
53
54 def _make_perm(perm):
55 new_perm = UserToPerm()
56 new_perm.user = user
57 new_perm.permission = Permission.get_by_key(perm)
58 return new_perm
59
60 def _get_group(perm_name):
61 return '.'.join(perm_name.split('.')[:1])
62
63 perms = UserToPerm.query().filter(UserToPerm.user == user).all()
64 defined_perms_groups = map(_get_group,
65 (x.permission.permission_name for x in perms))
66 log.debug('GOT ALREADY DEFINED:%s' % perms)
67 DEFAULT_PERMS = Permission.DEFAULT_USER_PERMISSIONS
68
69 # for every default permission that needs to be created, we check if
70 # it's group is already defined, if it's not we create default perm
71 for perm_name in DEFAULT_PERMS:
72 gr = _get_group(perm_name)
73 if gr not in defined_perms_groups:
74 log.debug('GR:%s not found, creating permission %s'
75 % (gr, perm_name))
76 new_perm = _make_perm(perm_name)
77 self.sa.add(new_perm)
78
46 79 def update(self, form_result):
47 80 perm_user = User.get_by_username(username=form_result['perm_user_name'])
48 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
49 81
50 82 try:
83 # stage 1 set anonymous access
84 if perm_user.username == 'default':
85 perm_user.active = str2bool(form_result['anonymous'])
86 self.sa.add(perm_user)
87
88 # stage 2 reset defaults and set them from form data
51 89 def _make_new(usr, perm_name):
52 90 new = UserToPerm()
53 91 new.user = usr
@@ -56,6 +94,9 b' class PermissionModel(BaseModel):'
56 94 # clear current entries, to make this function idempotent
57 95 # it will fix even if we define more permissions or permissions
58 96 # are somehow missing
97 u2p = self.sa.query(UserToPerm)\
98 .filter(UserToPerm.user == perm_user)\
99 .all()
59 100 for p in u2p:
60 101 self.sa.delete(p)
61 102 #create fresh set of permissions
@@ -65,7 +106,7 b' class PermissionModel(BaseModel):'
65 106 p = _make_new(perm_user, form_result[def_perm_key])
66 107 self.sa.add(p)
67 108
68 #stage 2 update all default permissions for repos if checked
109 #stage 3 update all default permissions for repos if checked
69 110 if form_result['overwrite_default_repo'] == True:
70 111 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
71 112 _def = Permission.get_by_key('repository.' + _def_name)
@@ -89,11 +130,6 b' class PermissionModel(BaseModel):'
89 130 g2p.permission = _def
90 131 self.sa.add(g2p)
91 132
92 # stage 3 set anonymous access
93 if perm_user.username == 'default':
94 perm_user.active = str2bool(form_result['anonymous'])
95 self.sa.add(perm_user)
96
97 133 self.sa.commit()
98 134 except (DatabaseError,):
99 135 log.error(traceback.format_exc())
Show file before | Show file after | Hide comments
@@ -4,12 +4,14 b' from rhodecode.tests import *'
4 4 from rhodecode.tests.fixture import Fixture
5 5 from rhodecode.model.repos_group import ReposGroupModel
6 6 from rhodecode.model.repo import RepoModel
7 from rhodecode.model.db import RepoGroup, User, UserGroupRepoGroupToPerm
7 from rhodecode.model.db import RepoGroup, User, UserGroupRepoGroupToPerm,\
8 Permission, UserToPerm
8 9 from rhodecode.model.user import UserModel
9 10
10 11 from rhodecode.model.meta import Session
11 12 from rhodecode.model.users_group import UserGroupModel
12 13 from rhodecode.lib.auth import AuthUser
14 from rhodecode.model.permission import PermissionModel
13 15
14 16
15 17 fixture = Fixture()
@@ -101,13 +103,15 b' class TestPermissions(unittest.TestCase)'
101 103 u1_auth = AuthUser(user_id=self.u1.user_id)
102 104 perms = {
103 105 'repositories_groups': {u'test1': 'group.read', u'test2': 'group.read'},
104 'global': set([u'hg.create.repository', u'repository.read', u'hg.register.manual_activate']),
106 'global': set(Permission.DEFAULT_USER_PERMISSIONS),
105 107 'repositories': {u'vcs_test_hg': u'repository.read'}
106 108 }
107 109 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
108 110 perms['repositories'][HG_REPO])
109 111 self.assertEqual(u1_auth.permissions['repositories_groups'],
110 112 perms['repositories_groups'])
113 self.assertEqual(u1_auth.permissions['global'],
114 perms['global'])
111 115
112 116 def test_default_admin_group_perms(self):
113 117 self.g1 = fixture.create_group('test1', skip_if_exists=True)
@@ -347,7 +351,8 b' class TestPermissions(unittest.TestCase)'
347 351 self.assertEqual(u1_auth.permissions['global'],
348 352 set(['hg.create.repository', 'hg.fork.repository',
349 353 'hg.register.manual_activate',
350 'repository.read', 'group.read']))
354 'repository.read', 'group.read',
355 'usergroup.read']))
351 356
352 357 def test_inherited_permissions_from_default_on_user_disabled(self):
353 358 user_model = UserModel()
@@ -365,7 +370,8 b' class TestPermissions(unittest.TestCase)'
365 370 self.assertEqual(u1_auth.permissions['global'],
366 371 set(['hg.create.none', 'hg.fork.none',
367 372 'hg.register.manual_activate',
368 'repository.read', 'group.read']))
373 'repository.read', 'group.read',
374 'usergroup.read']))
369 375
370 376 def test_non_inherited_permissions_from_default_on_user_enabled(self):
371 377 user_model = UserModel()
@@ -391,7 +397,8 b' class TestPermissions(unittest.TestCase)'
391 397 self.assertEqual(u1_auth.permissions['global'],
392 398 set(['hg.create.none', 'hg.fork.none',
393 399 'hg.register.manual_activate',
394 'repository.read', 'group.read']))
400 'repository.read', 'group.read',
401 'usergroup.read']))
395 402
396 403 def test_non_inherited_permissions_from_default_on_user_disabled(self):
397 404 user_model = UserModel()
@@ -417,7 +424,8 b' class TestPermissions(unittest.TestCase)'
417 424 self.assertEqual(u1_auth.permissions['global'],
418 425 set(['hg.create.repository', 'hg.fork.repository',
419 426 'hg.register.manual_activate',
420 'repository.read', 'group.read']))
427 'repository.read', 'group.read',
428 'usergroup.read']))
421 429
422 430 def test_owner_permissions_doesnot_get_overwritten_by_group(self):
423 431 #create repo as USER,
@@ -458,3 +466,60 b' class TestPermissions(unittest.TestCase)'
458 466 u1_auth = AuthUser(user_id=self.u1.user_id)
459 467 self.assertEqual(u1_auth.permissions['repositories']['myownrepo'],
460 468 'repository.admin')
469
470 def _test_def_perm_equal(self, user, change_factor=0):
471 perms = UserToPerm.query()\
472 .filter(UserToPerm.user == user)\
473 .all()
474 self.assertEqual(len(perms),
475 len(Permission.DEFAULT_USER_PERMISSIONS,)+change_factor,
476 msg=perms)
477
478 def test_set_default_permissions(self):
479 PermissionModel().create_default_permissions(user=self.u1)
480 self._test_def_perm_equal(user=self.u1)
481
482 def test_set_default_permissions_after_one_is_missing(self):
483 PermissionModel().create_default_permissions(user=self.u1)
484 self._test_def_perm_equal(user=self.u1)
485 #now we delete one, it should be re-created after another call
486 perms = UserToPerm.query()\
487 .filter(UserToPerm.user == self.u1)\
488 .all()
489 Session().delete(perms[0])
490 Session().commit()
491
492 self._test_def_perm_equal(user=self.u1, change_factor=-1)
493
494 #create missing one !
495 PermissionModel().create_default_permissions(user=self.u1)
496 self._test_def_perm_equal(user=self.u1)
497
498 @parameterized.expand([
499 ('repository.read', 'repository.none'),
500 ('group.read', 'group.none'),
501 ('usergroup.read', 'usergroup.none'),
502 ('hg.create.repository', 'hg.create.none'),
503 ('hg.fork.repository', 'hg.fork.none'),
504 ('hg.register.manual_activate', 'hg.register.auto_activate',)
505 ])
506 def test_set_default_permissions_after_modification(self, perm, modify_to):
507 PermissionModel().create_default_permissions(user=self.u1)
508 self._test_def_perm_equal(user=self.u1)
509
510 old = Permission.get_by_key(perm)
511 new = Permission.get_by_key(modify_to)
512 self.assertNotEqual(old, None)
513 self.assertNotEqual(new, None)
514
515 #now modify permissions
516 p = UserToPerm.query()\
517 .filter(UserToPerm.user == self.u1)\
518 .filter(UserToPerm.permission == old)\
519 .one()
520 p.permission = new
521 Session().add(p)
522 Session().commit()
523
524 PermissionModel().create_default_permissions(user=self.u1)
525 self._test_def_perm_equal(user=self.u1)
General Comments 0
You need to be logged in to leave comments. Login now