Show More
@@ -0,0 +1,1 b'' | |||
|
1 | #TODO; write tests when we activate algo for permissions. No newline at end of file |
@@ -26,6 +26,8 b'' | |||
|
26 | 26 | import logging |
|
27 | 27 | import traceback |
|
28 | 28 | import itertools |
|
29 | import collections | |
|
30 | import functools | |
|
29 | 31 | from pylons import url |
|
30 | 32 | from pylons.i18n.translation import _ |
|
31 | 33 | |
@@ -379,13 +381,21 b' class UserModel(BaseModel):' | |||
|
379 | 381 | |
|
380 | 382 | return True |
|
381 | 383 | |
|
382 | def fill_perms(self, user): | |
|
384 | def fill_perms(self, user, explicit=True, algo='higherwin'): | |
|
383 | 385 | """ |
|
384 | 386 | Fills user permission attribute with permissions taken from database |
|
385 | 387 | works for permissions given for repositories, and for permissions that |
|
386 | 388 | are granted to groups |
|
387 | 389 | |
|
388 | 390 | :param user: user instance to fill his perms |
|
391 | :param explicit: In case there are permissions both for user and a group | |
|
392 | that user is part of, explicit flag will defiine if user will | |
|
393 | explicitly override permissions from group, if it's False it will | |
|
394 | make decision based on the algo | |
|
395 | :param algo: algorithm to decide what permission should be choose if | |
|
396 | it's multiple defined, eg user in two different groups. It also | |
|
397 | decides if explicit flag is turned off how to specify the permission | |
|
398 | for case when user is in a group + have defined separate permission | |
|
389 | 399 | """ |
|
390 | 400 | RK = 'repositories' |
|
391 | 401 | GK = 'repositories_groups' |
@@ -394,6 +404,18 b' class UserModel(BaseModel):' | |||
|
394 | 404 | user.permissions[GK] = {} |
|
395 | 405 | user.permissions[GLOBAL] = set() |
|
396 | 406 | |
|
407 | def _choose_perm(new_perm, cur_perm): | |
|
408 | new_perm_val = PERM_WEIGHTS[new_perm] | |
|
409 | cur_perm_val = PERM_WEIGHTS[cur_perm] | |
|
410 | if algo == 'higherwin': | |
|
411 | if new_perm_val > cur_perm_val: | |
|
412 | return new_perm | |
|
413 | return cur_perm | |
|
414 | elif algo == 'lowerwin': | |
|
415 | if new_perm_val < cur_perm_val: | |
|
416 | return new_perm | |
|
417 | return cur_perm | |
|
418 | ||
|
397 | 419 | #====================================================================== |
|
398 | 420 | # fetch default permissions |
|
399 | 421 | #====================================================================== |
@@ -503,12 +525,14 b' class UserModel(BaseModel):' | |||
|
503 | 525 | user.permissions[GLOBAL].add(perm.permission.permission_name) |
|
504 | 526 | |
|
505 | 527 | #====================================================================== |
|
506 |
# !! |
|
|
528 | # !! PERMISSIONS FOR REPOSITORIES !! | |
|
507 | 529 | #====================================================================== |
|
508 | 530 | #====================================================================== |
|
509 | 531 | # check if user is part of user groups for this repository and |
|
510 | # fill in (or NOT replace with higher `or 1` permissions | |
|
532 | # fill in his permission from it. _choose_perm decides of which | |
|
533 | # permission should be selected based on selected method | |
|
511 | 534 | #====================================================================== |
|
535 | ||
|
512 | 536 | # users group for repositories permissions |
|
513 | 537 | user_repo_perms_from_users_groups = \ |
|
514 | 538 | self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\ |
@@ -521,20 +545,23 b' class UserModel(BaseModel):' | |||
|
521 | 545 | .filter(UsersGroupMember.user_id == uid)\ |
|
522 | 546 | .all() |
|
523 | 547 | |
|
548 | multiple_counter = collections.Counter() | |
|
524 | 549 | for perm in user_repo_perms_from_users_groups: |
|
525 | 550 | r_k = perm.UsersGroupRepoToPerm.repository.repo_name |
|
551 | multiple_counter[r_k] += 1 | |
|
526 | 552 | p = perm.Permission.permission_name |
|
527 | 553 | cur_perm = user.permissions[RK][r_k] |
|
528 | # overwrite permission only if it's greater than permission | |
|
529 | # given from other sources - disabled with `or 1` now | |
|
530 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check | |
|
531 | if perm.Repository.user_id == uid: | |
|
532 | # set admin if owner | |
|
533 | p = 'repository.admin' | |
|
534 | 554 | |
|
535 | user.permissions[RK][r_k] = p | |
|
555 | if perm.Repository.user_id == uid: | |
|
556 | # set admin if owner | |
|
557 | p = 'repository.admin' | |
|
558 | else: | |
|
559 | if multiple_counter[r_k] > 1: | |
|
560 | p = _choose_perm(p, cur_perm) | |
|
561 | user.permissions[RK][r_k] = p | |
|
536 | 562 | |
|
537 | # user explicit permissions for repositories | |
|
563 | # user explicit permissions for repositories, overrides any specified | |
|
564 | # by the group permission | |
|
538 | 565 | user_repo_perms = \ |
|
539 | 566 | self.sa.query(UserRepoToPerm, Permission, Repository)\ |
|
540 | 567 | .join((Repository, UserRepoToPerm.repository_id == |
@@ -545,24 +572,52 b' class UserModel(BaseModel):' | |||
|
545 | 572 | .all() |
|
546 | 573 | |
|
547 | 574 | for perm in user_repo_perms: |
|
575 | r_k = perm.UserRepoToPerm.repository.repo_name | |
|
576 | cur_perm = user.permissions[RK][r_k] | |
|
548 | 577 | # set admin if owner |
|
549 | r_k = perm.UserRepoToPerm.repository.repo_name | |
|
550 | 578 | if perm.Repository.user_id == uid: |
|
551 | 579 | p = 'repository.admin' |
|
552 | 580 | else: |
|
553 | 581 | p = perm.Permission.permission_name |
|
582 | if not explicit: | |
|
583 | p = _choose_perm(p, cur_perm) | |
|
554 | 584 | user.permissions[RK][r_k] = p |
|
555 | 585 | |
|
556 | # REPO GROUP | |
|
557 | #================================================================== | |
|
558 | # get access for this user for repos group and override defaults | |
|
559 | #================================================================== | |
|
586 | #====================================================================== | |
|
587 | # !! PERMISSIONS FOR REPOSITORIES GROUPS !! | |
|
588 | #====================================================================== | |
|
589 | #====================================================================== | |
|
590 | # check if user is part of user groups for this repository groups and | |
|
591 | # fill in his permission from it. _choose_perm decides of which | |
|
592 | # permission should be selected based on selected method | |
|
593 | #====================================================================== | |
|
594 | # users group for repo groups permissions | |
|
595 | user_repo_group_perms_from_users_groups = \ | |
|
596 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
|
597 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
|
598 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id | |
|
599 | == Permission.permission_id))\ | |
|
600 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id | |
|
601 | == UsersGroupMember.users_group_id))\ | |
|
602 | .filter(UsersGroupMember.user_id == uid)\ | |
|
603 | .all() | |
|
560 | 604 | |
|
561 | # user explicit permissions for repository | |
|
605 | multiple_counter = collections.Counter() | |
|
606 | for perm in user_repo_group_perms_from_users_groups: | |
|
607 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
|
608 | multiple_counter[g_k] += 1 | |
|
609 | p = perm.Permission.permission_name | |
|
610 | cur_perm = user.permissions[GK][g_k] | |
|
611 | if multiple_counter[g_k] > 1: | |
|
612 | p = _choose_perm(p, cur_perm) | |
|
613 | user.permissions[GK][g_k] = p | |
|
614 | ||
|
615 | # user explicit permissions for repository groups | |
|
562 | 616 | user_repo_groups_perms = \ |
|
563 | 617 | self.sa.query(UserRepoGroupToPerm, Permission, RepoGroup)\ |
|
564 | 618 | .join((RepoGroup, UserRepoGroupToPerm.group_id == RepoGroup.group_id))\ |
|
565 |
.join((Permission, UserRepoGroupToPerm.permission_id |
|
|
619 | .join((Permission, UserRepoGroupToPerm.permission_id | |
|
620 | == Permission.permission_id))\ | |
|
566 | 621 | .filter(UserRepoGroupToPerm.user_id == uid)\ |
|
567 | 622 | .all() |
|
568 | 623 | |
@@ -570,32 +625,9 b' class UserModel(BaseModel):' | |||
|
570 | 625 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
571 | 626 | p = perm.Permission.permission_name |
|
572 | 627 | cur_perm = user.permissions[GK][rg_k] |
|
573 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check | |
|
574 | user.permissions[GK][rg_k] = p | |
|
575 | ||
|
576 | # REPO GROUP + USER GROUP | |
|
577 | #================================================================== | |
|
578 | # check if user is part of user groups for this repo group and | |
|
579 | # fill in (or replace with higher) permissions | |
|
580 | #================================================================== | |
|
581 | ||
|
582 | # users group for repositories permissions | |
|
583 | user_repo_group_perms_from_users_groups = \ | |
|
584 | self.sa.query(UsersGroupRepoGroupToPerm, Permission, RepoGroup)\ | |
|
585 | .join((RepoGroup, UsersGroupRepoGroupToPerm.group_id == RepoGroup.group_id))\ | |
|
586 | .join((Permission, UsersGroupRepoGroupToPerm.permission_id == Permission.permission_id))\ | |
|
587 | .join((UsersGroupMember, UsersGroupRepoGroupToPerm.users_group_id == UsersGroupMember.users_group_id))\ | |
|
588 | .filter(UsersGroupMember.user_id == uid)\ | |
|
589 | .all() | |
|
590 | ||
|
591 | for perm in user_repo_group_perms_from_users_groups: | |
|
592 | g_k = perm.UsersGroupRepoGroupToPerm.group.group_name | |
|
593 | p = perm.Permission.permission_name | |
|
594 | cur_perm = user.permissions[GK][g_k] | |
|
595 | # overwrite permission only if it's greater than permission | |
|
596 | # given from other sources | |
|
597 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check | |
|
598 | user.permissions[GK][g_k] = p | |
|
628 | if not explicit: | |
|
629 | p = _choose_perm(p, cur_perm) | |
|
630 | user.permissions[GK][rg_k] = p | |
|
599 | 631 | |
|
600 | 632 | return user |
|
601 | 633 |
General Comments 0
You need to be logged in to leave comments.
Login now