Show More
@@ -1,438 +1,440 b'' | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 | """ |
|
2 | """ | |
3 | rhodecode.model.user_group |
|
3 | rhodecode.model.user_group | |
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
5 |
|
5 | |||
6 | repo group model for RhodeCode |
|
6 | repo group model for RhodeCode | |
7 |
|
7 | |||
8 | :created_on: Jan 25, 2011 |
|
8 | :created_on: Jan 25, 2011 | |
9 | :author: marcink |
|
9 | :author: marcink | |
10 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> | |
11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
12 | """ |
|
12 | """ | |
13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
17 | # |
|
17 | # | |
18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
22 | # |
|
22 | # | |
23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
25 |
|
25 | |||
26 | import os |
|
26 | import os | |
27 | import logging |
|
27 | import logging | |
28 | import traceback |
|
28 | import traceback | |
29 | import shutil |
|
29 | import shutil | |
30 | import datetime |
|
30 | import datetime | |
31 |
|
31 | |||
32 | from rhodecode.lib.utils2 import LazyProperty |
|
32 | from rhodecode.lib.utils2 import LazyProperty | |
33 |
|
33 | |||
34 | from rhodecode.model import BaseModel |
|
34 | from rhodecode.model import BaseModel | |
35 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ |
|
35 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ | |
36 | User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository |
|
36 | User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository | |
37 |
|
37 | |||
38 | log = logging.getLogger(__name__) |
|
38 | log = logging.getLogger(__name__) | |
39 |
|
39 | |||
40 |
|
40 | |||
41 | class ReposGroupModel(BaseModel): |
|
41 | class ReposGroupModel(BaseModel): | |
42 |
|
42 | |||
43 | cls = RepoGroup |
|
43 | cls = RepoGroup | |
44 |
|
44 | |||
45 | def _get_user_group(self, users_group): |
|
45 | def _get_user_group(self, users_group): | |
46 | return self._get_instance(UserGroup, users_group, |
|
46 | return self._get_instance(UserGroup, users_group, | |
47 | callback=UserGroup.get_by_group_name) |
|
47 | callback=UserGroup.get_by_group_name) | |
48 |
|
48 | |||
49 | def _get_repo_group(self, repos_group): |
|
49 | def _get_repo_group(self, repos_group): | |
50 | return self._get_instance(RepoGroup, repos_group, |
|
50 | return self._get_instance(RepoGroup, repos_group, | |
51 | callback=RepoGroup.get_by_group_name) |
|
51 | callback=RepoGroup.get_by_group_name) | |
52 |
|
52 | |||
53 | @LazyProperty |
|
53 | @LazyProperty | |
54 | def repos_path(self): |
|
54 | def repos_path(self): | |
55 | """ |
|
55 | """ | |
56 | Get's the repositories root path from database |
|
56 | Get's the repositories root path from database | |
57 | """ |
|
57 | """ | |
58 |
|
58 | |||
59 | q = RhodeCodeUi.get_by_key('/') |
|
59 | q = RhodeCodeUi.get_by_key('/') | |
60 | return q.ui_value |
|
60 | return q.ui_value | |
61 |
|
61 | |||
62 | def _create_default_perms(self, new_group): |
|
62 | def _create_default_perms(self, new_group): | |
63 | # create default permission |
|
63 | # create default permission | |
64 | default_perm = 'group.read' |
|
64 | default_perm = 'group.read' | |
65 | def_user = User.get_default_user() |
|
65 | def_user = User.get_default_user() | |
66 | for p in def_user.user_perms: |
|
66 | for p in def_user.user_perms: | |
67 | if p.permission.permission_name.startswith('group.'): |
|
67 | if p.permission.permission_name.startswith('group.'): | |
68 | default_perm = p.permission.permission_name |
|
68 | default_perm = p.permission.permission_name | |
69 | break |
|
69 | break | |
70 |
|
70 | |||
71 | repo_group_to_perm = UserRepoGroupToPerm() |
|
71 | repo_group_to_perm = UserRepoGroupToPerm() | |
72 | repo_group_to_perm.permission = Permission.get_by_key(default_perm) |
|
72 | repo_group_to_perm.permission = Permission.get_by_key(default_perm) | |
73 |
|
73 | |||
74 | repo_group_to_perm.group = new_group |
|
74 | repo_group_to_perm.group = new_group | |
75 | repo_group_to_perm.user_id = def_user.user_id |
|
75 | repo_group_to_perm.user_id = def_user.user_id | |
76 | return repo_group_to_perm |
|
76 | return repo_group_to_perm | |
77 |
|
77 | |||
78 | def __create_group(self, group_name): |
|
78 | def __create_group(self, group_name): | |
79 | """ |
|
79 | """ | |
80 | makes repository group on filesystem |
|
80 | makes repository group on filesystem | |
81 |
|
81 | |||
82 | :param repo_name: |
|
82 | :param repo_name: | |
83 | :param parent_id: |
|
83 | :param parent_id: | |
84 | """ |
|
84 | """ | |
85 |
|
85 | |||
86 | create_path = os.path.join(self.repos_path, group_name) |
|
86 | create_path = os.path.join(self.repos_path, group_name) | |
87 | log.debug('creating new group in %s' % create_path) |
|
87 | log.debug('creating new group in %s' % create_path) | |
88 |
|
88 | |||
89 | if os.path.isdir(create_path): |
|
89 | if os.path.isdir(create_path): | |
90 | raise Exception('That directory already exists !') |
|
90 | raise Exception('That directory already exists !') | |
91 |
|
91 | |||
92 | os.makedirs(create_path) |
|
92 | os.makedirs(create_path) | |
93 |
|
93 | |||
94 | def __rename_group(self, old, new): |
|
94 | def __rename_group(self, old, new): | |
95 | """ |
|
95 | """ | |
96 | Renames a group on filesystem |
|
96 | Renames a group on filesystem | |
97 |
|
97 | |||
98 | :param group_name: |
|
98 | :param group_name: | |
99 | """ |
|
99 | """ | |
100 |
|
100 | |||
101 | if old == new: |
|
101 | if old == new: | |
102 | log.debug('skipping group rename') |
|
102 | log.debug('skipping group rename') | |
103 | return |
|
103 | return | |
104 |
|
104 | |||
105 | log.debug('renaming repository group from %s to %s' % (old, new)) |
|
105 | log.debug('renaming repository group from %s to %s' % (old, new)) | |
106 |
|
106 | |||
107 | old_path = os.path.join(self.repos_path, old) |
|
107 | old_path = os.path.join(self.repos_path, old) | |
108 | new_path = os.path.join(self.repos_path, new) |
|
108 | new_path = os.path.join(self.repos_path, new) | |
109 |
|
109 | |||
110 | log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) |
|
110 | log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) | |
111 |
|
111 | |||
112 | if os.path.isdir(new_path): |
|
112 | if os.path.isdir(new_path): | |
113 | raise Exception('Was trying to rename to already ' |
|
113 | raise Exception('Was trying to rename to already ' | |
114 | 'existing dir %s' % new_path) |
|
114 | 'existing dir %s' % new_path) | |
115 | shutil.move(old_path, new_path) |
|
115 | shutil.move(old_path, new_path) | |
116 |
|
116 | |||
117 | def __delete_group(self, group, force_delete=False): |
|
117 | def __delete_group(self, group, force_delete=False): | |
118 | """ |
|
118 | """ | |
119 | Deletes a group from a filesystem |
|
119 | Deletes a group from a filesystem | |
120 |
|
120 | |||
121 | :param group: instance of group from database |
|
121 | :param group: instance of group from database | |
122 | :param force_delete: use shutil rmtree to remove all objects |
|
122 | :param force_delete: use shutil rmtree to remove all objects | |
123 | """ |
|
123 | """ | |
124 | paths = group.full_path.split(RepoGroup.url_sep()) |
|
124 | paths = group.full_path.split(RepoGroup.url_sep()) | |
125 | paths = os.sep.join(paths) |
|
125 | paths = os.sep.join(paths) | |
126 |
|
126 | |||
127 | rm_path = os.path.join(self.repos_path, paths) |
|
127 | rm_path = os.path.join(self.repos_path, paths) | |
128 | log.info("Removing group %s" % (rm_path)) |
|
128 | log.info("Removing group %s" % (rm_path)) | |
129 | # delete only if that path really exists |
|
129 | # delete only if that path really exists | |
130 | if os.path.isdir(rm_path): |
|
130 | if os.path.isdir(rm_path): | |
131 | if force_delete: |
|
131 | if force_delete: | |
132 | shutil.rmtree(rm_path) |
|
132 | shutil.rmtree(rm_path) | |
133 | else: |
|
133 | else: | |
134 | #archive that group` |
|
134 | #archive that group` | |
135 | _now = datetime.datetime.now() |
|
135 | _now = datetime.datetime.now() | |
136 | _ms = str(_now.microsecond).rjust(6, '0') |
|
136 | _ms = str(_now.microsecond).rjust(6, '0') | |
137 | _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms), |
|
137 | _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms), | |
138 | group.name) |
|
138 | group.name) | |
139 | shutil.move(rm_path, os.path.join(self.repos_path, _d)) |
|
139 | shutil.move(rm_path, os.path.join(self.repos_path, _d)) | |
140 |
|
140 | |||
141 | def create(self, group_name, group_description, owner, parent=None, just_db=False): |
|
141 | def create(self, group_name, group_description, owner, parent=None, just_db=False): | |
142 | try: |
|
142 | try: | |
|
143 | user = self._get_user(owner) | |||
143 | new_repos_group = RepoGroup() |
|
144 | new_repos_group = RepoGroup() | |
144 |
new_repos_group.user = |
|
145 | new_repos_group.user = user | |
145 | new_repos_group.group_description = group_description or group_name |
|
146 | new_repos_group.group_description = group_description or group_name | |
146 | new_repos_group.parent_group = self._get_repo_group(parent) |
|
147 | new_repos_group.parent_group = self._get_repo_group(parent) | |
147 | new_repos_group.group_name = new_repos_group.get_new_name(group_name) |
|
148 | new_repos_group.group_name = new_repos_group.get_new_name(group_name) | |
148 |
|
149 | |||
149 | self.sa.add(new_repos_group) |
|
150 | self.sa.add(new_repos_group) | |
150 | perm_obj = self._create_default_perms(new_repos_group) |
|
151 | perm_obj = self._create_default_perms(new_repos_group) | |
151 | self.sa.add(perm_obj) |
|
152 | self.sa.add(perm_obj) | |
152 |
|
153 | |||
153 |
#create an ADMIN permission for owner |
|
154 | #create an ADMIN permission for owner except if we're super admin, | |
154 | #the owner field of groups |
|
155 | #later owner should go into the owner field of groups | |
|
156 | if not user.is_admin: | |||
155 | self.grant_user_permission(repos_group=new_repos_group, |
|
157 | self.grant_user_permission(repos_group=new_repos_group, | |
156 | user=owner, perm='group.admin') |
|
158 | user=owner, perm='group.admin') | |
157 |
|
159 | |||
158 | if not just_db: |
|
160 | if not just_db: | |
159 | # we need to flush here, in order to check if database won't |
|
161 | # we need to flush here, in order to check if database won't | |
160 | # throw any exceptions, create filesystem dirs at the very end |
|
162 | # throw any exceptions, create filesystem dirs at the very end | |
161 | self.sa.flush() |
|
163 | self.sa.flush() | |
162 | self.__create_group(new_repos_group.group_name) |
|
164 | self.__create_group(new_repos_group.group_name) | |
163 |
|
165 | |||
164 | return new_repos_group |
|
166 | return new_repos_group | |
165 | except Exception: |
|
167 | except Exception: | |
166 | log.error(traceback.format_exc()) |
|
168 | log.error(traceback.format_exc()) | |
167 | raise |
|
169 | raise | |
168 |
|
170 | |||
169 | def _update_permissions(self, repos_group, perms_new=None, |
|
171 | def _update_permissions(self, repos_group, perms_new=None, | |
170 | perms_updates=None, recursive=False, |
|
172 | perms_updates=None, recursive=False, | |
171 | check_perms=True): |
|
173 | check_perms=True): | |
172 | from rhodecode.model.repo import RepoModel |
|
174 | from rhodecode.model.repo import RepoModel | |
173 | from rhodecode.lib.auth import HasUserGroupPermissionAny |
|
175 | from rhodecode.lib.auth import HasUserGroupPermissionAny | |
174 |
|
176 | |||
175 | if not perms_new: |
|
177 | if not perms_new: | |
176 | perms_new = [] |
|
178 | perms_new = [] | |
177 | if not perms_updates: |
|
179 | if not perms_updates: | |
178 | perms_updates = [] |
|
180 | perms_updates = [] | |
179 |
|
181 | |||
180 | def _set_perm_user(obj, user, perm): |
|
182 | def _set_perm_user(obj, user, perm): | |
181 | if isinstance(obj, RepoGroup): |
|
183 | if isinstance(obj, RepoGroup): | |
182 | self.grant_user_permission( |
|
184 | self.grant_user_permission( | |
183 | repos_group=obj, user=user, perm=perm |
|
185 | repos_group=obj, user=user, perm=perm | |
184 | ) |
|
186 | ) | |
185 | elif isinstance(obj, Repository): |
|
187 | elif isinstance(obj, Repository): | |
186 | #we do this ONLY IF repository is non-private |
|
188 | #we do this ONLY IF repository is non-private | |
187 | if obj.private: |
|
189 | if obj.private: | |
188 | return |
|
190 | return | |
189 |
|
191 | |||
190 | # we set group permission but we have to switch to repo |
|
192 | # we set group permission but we have to switch to repo | |
191 | # permission |
|
193 | # permission | |
192 | perm = perm.replace('group.', 'repository.') |
|
194 | perm = perm.replace('group.', 'repository.') | |
193 | RepoModel().grant_user_permission( |
|
195 | RepoModel().grant_user_permission( | |
194 | repo=obj, user=user, perm=perm |
|
196 | repo=obj, user=user, perm=perm | |
195 | ) |
|
197 | ) | |
196 |
|
198 | |||
197 | def _set_perm_group(obj, users_group, perm): |
|
199 | def _set_perm_group(obj, users_group, perm): | |
198 | if isinstance(obj, RepoGroup): |
|
200 | if isinstance(obj, RepoGroup): | |
199 | self.grant_users_group_permission( |
|
201 | self.grant_users_group_permission( | |
200 | repos_group=obj, group_name=users_group, perm=perm |
|
202 | repos_group=obj, group_name=users_group, perm=perm | |
201 | ) |
|
203 | ) | |
202 | elif isinstance(obj, Repository): |
|
204 | elif isinstance(obj, Repository): | |
203 | # we set group permission but we have to switch to repo |
|
205 | # we set group permission but we have to switch to repo | |
204 | # permission |
|
206 | # permission | |
205 | perm = perm.replace('group.', 'repository.') |
|
207 | perm = perm.replace('group.', 'repository.') | |
206 | RepoModel().grant_users_group_permission( |
|
208 | RepoModel().grant_users_group_permission( | |
207 | repo=obj, group_name=users_group, perm=perm |
|
209 | repo=obj, group_name=users_group, perm=perm | |
208 | ) |
|
210 | ) | |
209 | updates = [] |
|
211 | updates = [] | |
210 | log.debug('Now updating permissions for %s in recursive mode:%s' |
|
212 | log.debug('Now updating permissions for %s in recursive mode:%s' | |
211 | % (repos_group, recursive)) |
|
213 | % (repos_group, recursive)) | |
212 |
|
214 | |||
213 | for obj in repos_group.recursive_groups_and_repos(): |
|
215 | for obj in repos_group.recursive_groups_and_repos(): | |
214 | #obj is an instance of a group or repositories in that group |
|
216 | #obj is an instance of a group or repositories in that group | |
215 | if not recursive: |
|
217 | if not recursive: | |
216 | obj = repos_group |
|
218 | obj = repos_group | |
217 |
|
219 | |||
218 | # update permissions |
|
220 | # update permissions | |
219 | for member, perm, member_type in perms_updates: |
|
221 | for member, perm, member_type in perms_updates: | |
220 | ## set for user |
|
222 | ## set for user | |
221 | if member_type == 'user': |
|
223 | if member_type == 'user': | |
222 | # this updates also current one if found |
|
224 | # this updates also current one if found | |
223 | _set_perm_user(obj, user=member, perm=perm) |
|
225 | _set_perm_user(obj, user=member, perm=perm) | |
224 | ## set for user group |
|
226 | ## set for user group | |
225 | else: |
|
227 | else: | |
226 | #check if we have permissions to alter this usergroup |
|
228 | #check if we have permissions to alter this usergroup | |
227 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
229 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') | |
228 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
|
230 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): | |
229 | _set_perm_group(obj, users_group=member, perm=perm) |
|
231 | _set_perm_group(obj, users_group=member, perm=perm) | |
230 | # set new permissions |
|
232 | # set new permissions | |
231 | for member, perm, member_type in perms_new: |
|
233 | for member, perm, member_type in perms_new: | |
232 | if member_type == 'user': |
|
234 | if member_type == 'user': | |
233 | _set_perm_user(obj, user=member, perm=perm) |
|
235 | _set_perm_user(obj, user=member, perm=perm) | |
234 | else: |
|
236 | else: | |
235 | #check if we have permissions to alter this usergroup |
|
237 | #check if we have permissions to alter this usergroup | |
236 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
238 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') | |
237 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
|
239 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): | |
238 | _set_perm_group(obj, users_group=member, perm=perm) |
|
240 | _set_perm_group(obj, users_group=member, perm=perm) | |
239 | updates.append(obj) |
|
241 | updates.append(obj) | |
240 | #if it's not recursive call |
|
242 | #if it's not recursive call | |
241 | # break the loop and don't proceed with other changes |
|
243 | # break the loop and don't proceed with other changes | |
242 | if not recursive: |
|
244 | if not recursive: | |
243 | break |
|
245 | break | |
244 | return updates |
|
246 | return updates | |
245 |
|
247 | |||
246 | def update(self, repos_group, form_data): |
|
248 | def update(self, repos_group, form_data): | |
247 |
|
249 | |||
248 | try: |
|
250 | try: | |
249 | repos_group = self._get_repo_group(repos_group) |
|
251 | repos_group = self._get_repo_group(repos_group) | |
250 | old_path = repos_group.full_path |
|
252 | old_path = repos_group.full_path | |
251 |
|
253 | |||
252 | # change properties |
|
254 | # change properties | |
253 | repos_group.group_description = form_data['group_description'] |
|
255 | repos_group.group_description = form_data['group_description'] | |
254 | repos_group.group_parent_id = form_data['group_parent_id'] |
|
256 | repos_group.group_parent_id = form_data['group_parent_id'] | |
255 | repos_group.enable_locking = form_data['enable_locking'] |
|
257 | repos_group.enable_locking = form_data['enable_locking'] | |
256 |
|
258 | |||
257 | repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) |
|
259 | repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) | |
258 | repos_group.group_name = repos_group.get_new_name(form_data['group_name']) |
|
260 | repos_group.group_name = repos_group.get_new_name(form_data['group_name']) | |
259 | new_path = repos_group.full_path |
|
261 | new_path = repos_group.full_path | |
260 | self.sa.add(repos_group) |
|
262 | self.sa.add(repos_group) | |
261 |
|
263 | |||
262 | # iterate over all members of this groups and do fixes |
|
264 | # iterate over all members of this groups and do fixes | |
263 | # set locking if given |
|
265 | # set locking if given | |
264 | # if obj is a repoGroup also fix the name of the group according |
|
266 | # if obj is a repoGroup also fix the name of the group according | |
265 | # to the parent |
|
267 | # to the parent | |
266 | # if obj is a Repo fix it's name |
|
268 | # if obj is a Repo fix it's name | |
267 | # this can be potentially heavy operation |
|
269 | # this can be potentially heavy operation | |
268 | for obj in repos_group.recursive_groups_and_repos(): |
|
270 | for obj in repos_group.recursive_groups_and_repos(): | |
269 | #set the value from it's parent |
|
271 | #set the value from it's parent | |
270 | obj.enable_locking = repos_group.enable_locking |
|
272 | obj.enable_locking = repos_group.enable_locking | |
271 | if isinstance(obj, RepoGroup): |
|
273 | if isinstance(obj, RepoGroup): | |
272 | new_name = obj.get_new_name(obj.name) |
|
274 | new_name = obj.get_new_name(obj.name) | |
273 | log.debug('Fixing group %s to new name %s' \ |
|
275 | log.debug('Fixing group %s to new name %s' \ | |
274 | % (obj.group_name, new_name)) |
|
276 | % (obj.group_name, new_name)) | |
275 | obj.group_name = new_name |
|
277 | obj.group_name = new_name | |
276 | elif isinstance(obj, Repository): |
|
278 | elif isinstance(obj, Repository): | |
277 | # we need to get all repositories from this new group and |
|
279 | # we need to get all repositories from this new group and | |
278 | # rename them accordingly to new group path |
|
280 | # rename them accordingly to new group path | |
279 | new_name = obj.get_new_name(obj.just_name) |
|
281 | new_name = obj.get_new_name(obj.just_name) | |
280 | log.debug('Fixing repo %s to new name %s' \ |
|
282 | log.debug('Fixing repo %s to new name %s' \ | |
281 | % (obj.repo_name, new_name)) |
|
283 | % (obj.repo_name, new_name)) | |
282 | obj.repo_name = new_name |
|
284 | obj.repo_name = new_name | |
283 | self.sa.add(obj) |
|
285 | self.sa.add(obj) | |
284 |
|
286 | |||
285 | self.__rename_group(old_path, new_path) |
|
287 | self.__rename_group(old_path, new_path) | |
286 |
|
288 | |||
287 | return repos_group |
|
289 | return repos_group | |
288 | except Exception: |
|
290 | except Exception: | |
289 | log.error(traceback.format_exc()) |
|
291 | log.error(traceback.format_exc()) | |
290 | raise |
|
292 | raise | |
291 |
|
293 | |||
292 | def delete(self, repos_group, force_delete=False): |
|
294 | def delete(self, repos_group, force_delete=False): | |
293 | repos_group = self._get_repo_group(repos_group) |
|
295 | repos_group = self._get_repo_group(repos_group) | |
294 | try: |
|
296 | try: | |
295 | self.sa.delete(repos_group) |
|
297 | self.sa.delete(repos_group) | |
296 | self.__delete_group(repos_group, force_delete) |
|
298 | self.__delete_group(repos_group, force_delete) | |
297 | except Exception: |
|
299 | except Exception: | |
298 | log.error('Error removing repos_group %s' % repos_group) |
|
300 | log.error('Error removing repos_group %s' % repos_group) | |
299 | raise |
|
301 | raise | |
300 |
|
302 | |||
301 | def delete_permission(self, repos_group, obj, obj_type, recursive): |
|
303 | def delete_permission(self, repos_group, obj, obj_type, recursive): | |
302 | """ |
|
304 | """ | |
303 | Revokes permission for repos_group for given obj(user or users_group), |
|
305 | Revokes permission for repos_group for given obj(user or users_group), | |
304 | obj_type can be user or user group |
|
306 | obj_type can be user or user group | |
305 |
|
307 | |||
306 | :param repos_group: |
|
308 | :param repos_group: | |
307 | :param obj: user or user group id |
|
309 | :param obj: user or user group id | |
308 | :param obj_type: user or user group type |
|
310 | :param obj_type: user or user group type | |
309 | :param recursive: recurse to all children of group |
|
311 | :param recursive: recurse to all children of group | |
310 | """ |
|
312 | """ | |
311 | from rhodecode.model.repo import RepoModel |
|
313 | from rhodecode.model.repo import RepoModel | |
312 | repos_group = self._get_repo_group(repos_group) |
|
314 | repos_group = self._get_repo_group(repos_group) | |
313 |
|
315 | |||
314 | for el in repos_group.recursive_groups_and_repos(): |
|
316 | for el in repos_group.recursive_groups_and_repos(): | |
315 | if not recursive: |
|
317 | if not recursive: | |
316 | # if we don't recurse set the permission on only the top level |
|
318 | # if we don't recurse set the permission on only the top level | |
317 | # object |
|
319 | # object | |
318 | el = repos_group |
|
320 | el = repos_group | |
319 |
|
321 | |||
320 | if isinstance(el, RepoGroup): |
|
322 | if isinstance(el, RepoGroup): | |
321 | if obj_type == 'user': |
|
323 | if obj_type == 'user': | |
322 | ReposGroupModel().revoke_user_permission(el, user=obj) |
|
324 | ReposGroupModel().revoke_user_permission(el, user=obj) | |
323 | elif obj_type == 'users_group': |
|
325 | elif obj_type == 'users_group': | |
324 | ReposGroupModel().revoke_users_group_permission(el, group_name=obj) |
|
326 | ReposGroupModel().revoke_users_group_permission(el, group_name=obj) | |
325 | else: |
|
327 | else: | |
326 | raise Exception('undefined object type %s' % obj_type) |
|
328 | raise Exception('undefined object type %s' % obj_type) | |
327 | elif isinstance(el, Repository): |
|
329 | elif isinstance(el, Repository): | |
328 | if obj_type == 'user': |
|
330 | if obj_type == 'user': | |
329 | RepoModel().revoke_user_permission(el, user=obj) |
|
331 | RepoModel().revoke_user_permission(el, user=obj) | |
330 | elif obj_type == 'users_group': |
|
332 | elif obj_type == 'users_group': | |
331 | RepoModel().revoke_users_group_permission(el, group_name=obj) |
|
333 | RepoModel().revoke_users_group_permission(el, group_name=obj) | |
332 | else: |
|
334 | else: | |
333 | raise Exception('undefined object type %s' % obj_type) |
|
335 | raise Exception('undefined object type %s' % obj_type) | |
334 |
|
336 | |||
335 | #if it's not recursive call |
|
337 | #if it's not recursive call | |
336 | # break the loop and don't proceed with other changes |
|
338 | # break the loop and don't proceed with other changes | |
337 | if not recursive: |
|
339 | if not recursive: | |
338 | break |
|
340 | break | |
339 |
|
341 | |||
340 | def grant_user_permission(self, repos_group, user, perm): |
|
342 | def grant_user_permission(self, repos_group, user, perm): | |
341 | """ |
|
343 | """ | |
342 | Grant permission for user on given repository group, or update |
|
344 | Grant permission for user on given repository group, or update | |
343 | existing one if found |
|
345 | existing one if found | |
344 |
|
346 | |||
345 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
347 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
346 | or repositories_group name |
|
348 | or repositories_group name | |
347 | :param user: Instance of User, user_id or username |
|
349 | :param user: Instance of User, user_id or username | |
348 | :param perm: Instance of Permission, or permission_name |
|
350 | :param perm: Instance of Permission, or permission_name | |
349 | """ |
|
351 | """ | |
350 |
|
352 | |||
351 | repos_group = self._get_repo_group(repos_group) |
|
353 | repos_group = self._get_repo_group(repos_group) | |
352 | user = self._get_user(user) |
|
354 | user = self._get_user(user) | |
353 | permission = self._get_perm(perm) |
|
355 | permission = self._get_perm(perm) | |
354 |
|
356 | |||
355 | # check if we have that permission already |
|
357 | # check if we have that permission already | |
356 | obj = self.sa.query(UserRepoGroupToPerm)\ |
|
358 | obj = self.sa.query(UserRepoGroupToPerm)\ | |
357 | .filter(UserRepoGroupToPerm.user == user)\ |
|
359 | .filter(UserRepoGroupToPerm.user == user)\ | |
358 | .filter(UserRepoGroupToPerm.group == repos_group)\ |
|
360 | .filter(UserRepoGroupToPerm.group == repos_group)\ | |
359 | .scalar() |
|
361 | .scalar() | |
360 | if obj is None: |
|
362 | if obj is None: | |
361 | # create new ! |
|
363 | # create new ! | |
362 | obj = UserRepoGroupToPerm() |
|
364 | obj = UserRepoGroupToPerm() | |
363 | obj.group = repos_group |
|
365 | obj.group = repos_group | |
364 | obj.user = user |
|
366 | obj.user = user | |
365 | obj.permission = permission |
|
367 | obj.permission = permission | |
366 | self.sa.add(obj) |
|
368 | self.sa.add(obj) | |
367 | log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) |
|
369 | log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) | |
368 |
|
370 | |||
369 | def revoke_user_permission(self, repos_group, user): |
|
371 | def revoke_user_permission(self, repos_group, user): | |
370 | """ |
|
372 | """ | |
371 | Revoke permission for user on given repository group |
|
373 | Revoke permission for user on given repository group | |
372 |
|
374 | |||
373 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
375 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
374 | or repositories_group name |
|
376 | or repositories_group name | |
375 | :param user: Instance of User, user_id or username |
|
377 | :param user: Instance of User, user_id or username | |
376 | """ |
|
378 | """ | |
377 |
|
379 | |||
378 | repos_group = self._get_repo_group(repos_group) |
|
380 | repos_group = self._get_repo_group(repos_group) | |
379 | user = self._get_user(user) |
|
381 | user = self._get_user(user) | |
380 |
|
382 | |||
381 | obj = self.sa.query(UserRepoGroupToPerm)\ |
|
383 | obj = self.sa.query(UserRepoGroupToPerm)\ | |
382 | .filter(UserRepoGroupToPerm.user == user)\ |
|
384 | .filter(UserRepoGroupToPerm.user == user)\ | |
383 | .filter(UserRepoGroupToPerm.group == repos_group)\ |
|
385 | .filter(UserRepoGroupToPerm.group == repos_group)\ | |
384 | .scalar() |
|
386 | .scalar() | |
385 | if obj: |
|
387 | if obj: | |
386 | self.sa.delete(obj) |
|
388 | self.sa.delete(obj) | |
387 | log.debug('Revoked perm on %s on %s' % (repos_group, user)) |
|
389 | log.debug('Revoked perm on %s on %s' % (repos_group, user)) | |
388 |
|
390 | |||
389 | def grant_users_group_permission(self, repos_group, group_name, perm): |
|
391 | def grant_users_group_permission(self, repos_group, group_name, perm): | |
390 | """ |
|
392 | """ | |
391 | Grant permission for user group on given repository group, or update |
|
393 | Grant permission for user group on given repository group, or update | |
392 | existing one if found |
|
394 | existing one if found | |
393 |
|
395 | |||
394 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
396 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
395 | or repositories_group name |
|
397 | or repositories_group name | |
396 | :param group_name: Instance of UserGroup, users_group_id, |
|
398 | :param group_name: Instance of UserGroup, users_group_id, | |
397 | or user group name |
|
399 | or user group name | |
398 | :param perm: Instance of Permission, or permission_name |
|
400 | :param perm: Instance of Permission, or permission_name | |
399 | """ |
|
401 | """ | |
400 | repos_group = self._get_repo_group(repos_group) |
|
402 | repos_group = self._get_repo_group(repos_group) | |
401 | group_name = self._get_user_group(group_name) |
|
403 | group_name = self._get_user_group(group_name) | |
402 | permission = self._get_perm(perm) |
|
404 | permission = self._get_perm(perm) | |
403 |
|
405 | |||
404 | # check if we have that permission already |
|
406 | # check if we have that permission already | |
405 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ |
|
407 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ | |
406 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ |
|
408 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ | |
407 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ |
|
409 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ | |
408 | .scalar() |
|
410 | .scalar() | |
409 |
|
411 | |||
410 | if obj is None: |
|
412 | if obj is None: | |
411 | # create new |
|
413 | # create new | |
412 | obj = UserGroupRepoGroupToPerm() |
|
414 | obj = UserGroupRepoGroupToPerm() | |
413 |
|
415 | |||
414 | obj.group = repos_group |
|
416 | obj.group = repos_group | |
415 | obj.users_group = group_name |
|
417 | obj.users_group = group_name | |
416 | obj.permission = permission |
|
418 | obj.permission = permission | |
417 | self.sa.add(obj) |
|
419 | self.sa.add(obj) | |
418 | log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) |
|
420 | log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) | |
419 |
|
421 | |||
420 | def revoke_users_group_permission(self, repos_group, group_name): |
|
422 | def revoke_users_group_permission(self, repos_group, group_name): | |
421 | """ |
|
423 | """ | |
422 | Revoke permission for user group on given repository group |
|
424 | Revoke permission for user group on given repository group | |
423 |
|
425 | |||
424 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
426 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
425 | or repositories_group name |
|
427 | or repositories_group name | |
426 | :param group_name: Instance of UserGroup, users_group_id, |
|
428 | :param group_name: Instance of UserGroup, users_group_id, | |
427 | or user group name |
|
429 | or user group name | |
428 | """ |
|
430 | """ | |
429 | repos_group = self._get_repo_group(repos_group) |
|
431 | repos_group = self._get_repo_group(repos_group) | |
430 | group_name = self._get_user_group(group_name) |
|
432 | group_name = self._get_user_group(group_name) | |
431 |
|
433 | |||
432 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ |
|
434 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ | |
433 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ |
|
435 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ | |
434 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ |
|
436 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ | |
435 | .scalar() |
|
437 | .scalar() | |
436 | if obj: |
|
438 | if obj: | |
437 | self.sa.delete(obj) |
|
439 | self.sa.delete(obj) | |
438 | log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) |
|
440 | log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) |
General Comments 0
You need to be logged in to leave comments.
Login now