Show More
| @@ -1,438 +1,440 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | """ |
|
2 | """ | |
| 3 | rhodecode.model.user_group |
|
3 | rhodecode.model.user_group | |
| 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 5 |
|
5 | |||
| 6 | repo group model for RhodeCode |
|
6 | repo group model for RhodeCode | |
| 7 |
|
7 | |||
| 8 | :created_on: Jan 25, 2011 |
|
8 | :created_on: Jan 25, 2011 | |
| 9 | :author: marcink |
|
9 | :author: marcink | |
| 10 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2011-2012 Marcin Kuzminski <marcin@python-works.com> | |
| 11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
| 12 | """ |
|
12 | """ | |
| 13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
| 14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
| 15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
| 16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
| 17 | # |
|
17 | # | |
| 18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
| 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
| 22 | # |
|
22 | # | |
| 23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
| 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 25 |
|
25 | |||
| 26 | import os |
|
26 | import os | |
| 27 | import logging |
|
27 | import logging | |
| 28 | import traceback |
|
28 | import traceback | |
| 29 | import shutil |
|
29 | import shutil | |
| 30 | import datetime |
|
30 | import datetime | |
| 31 |
|
31 | |||
| 32 | from rhodecode.lib.utils2 import LazyProperty |
|
32 | from rhodecode.lib.utils2 import LazyProperty | |
| 33 |
|
33 | |||
| 34 | from rhodecode.model import BaseModel |
|
34 | from rhodecode.model import BaseModel | |
| 35 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ |
|
35 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ | |
| 36 | User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository |
|
36 | User, Permission, UserGroupRepoGroupToPerm, UserGroup, Repository | |
| 37 |
|
37 | |||
| 38 | log = logging.getLogger(__name__) |
|
38 | log = logging.getLogger(__name__) | |
| 39 |
|
39 | |||
| 40 |
|
40 | |||
| 41 | class ReposGroupModel(BaseModel): |
|
41 | class ReposGroupModel(BaseModel): | |
| 42 |
|
42 | |||
| 43 | cls = RepoGroup |
|
43 | cls = RepoGroup | |
| 44 |
|
44 | |||
| 45 | def _get_user_group(self, users_group): |
|
45 | def _get_user_group(self, users_group): | |
| 46 | return self._get_instance(UserGroup, users_group, |
|
46 | return self._get_instance(UserGroup, users_group, | |
| 47 | callback=UserGroup.get_by_group_name) |
|
47 | callback=UserGroup.get_by_group_name) | |
| 48 |
|
48 | |||
| 49 | def _get_repo_group(self, repos_group): |
|
49 | def _get_repo_group(self, repos_group): | |
| 50 | return self._get_instance(RepoGroup, repos_group, |
|
50 | return self._get_instance(RepoGroup, repos_group, | |
| 51 | callback=RepoGroup.get_by_group_name) |
|
51 | callback=RepoGroup.get_by_group_name) | |
| 52 |
|
52 | |||
| 53 | @LazyProperty |
|
53 | @LazyProperty | |
| 54 | def repos_path(self): |
|
54 | def repos_path(self): | |
| 55 | """ |
|
55 | """ | |
| 56 | Get's the repositories root path from database |
|
56 | Get's the repositories root path from database | |
| 57 | """ |
|
57 | """ | |
| 58 |
|
58 | |||
| 59 | q = RhodeCodeUi.get_by_key('/') |
|
59 | q = RhodeCodeUi.get_by_key('/') | |
| 60 | return q.ui_value |
|
60 | return q.ui_value | |
| 61 |
|
61 | |||
| 62 | def _create_default_perms(self, new_group): |
|
62 | def _create_default_perms(self, new_group): | |
| 63 | # create default permission |
|
63 | # create default permission | |
| 64 | default_perm = 'group.read' |
|
64 | default_perm = 'group.read' | |
| 65 | def_user = User.get_default_user() |
|
65 | def_user = User.get_default_user() | |
| 66 | for p in def_user.user_perms: |
|
66 | for p in def_user.user_perms: | |
| 67 | if p.permission.permission_name.startswith('group.'): |
|
67 | if p.permission.permission_name.startswith('group.'): | |
| 68 | default_perm = p.permission.permission_name |
|
68 | default_perm = p.permission.permission_name | |
| 69 | break |
|
69 | break | |
| 70 |
|
70 | |||
| 71 | repo_group_to_perm = UserRepoGroupToPerm() |
|
71 | repo_group_to_perm = UserRepoGroupToPerm() | |
| 72 | repo_group_to_perm.permission = Permission.get_by_key(default_perm) |
|
72 | repo_group_to_perm.permission = Permission.get_by_key(default_perm) | |
| 73 |
|
73 | |||
| 74 | repo_group_to_perm.group = new_group |
|
74 | repo_group_to_perm.group = new_group | |
| 75 | repo_group_to_perm.user_id = def_user.user_id |
|
75 | repo_group_to_perm.user_id = def_user.user_id | |
| 76 | return repo_group_to_perm |
|
76 | return repo_group_to_perm | |
| 77 |
|
77 | |||
| 78 | def __create_group(self, group_name): |
|
78 | def __create_group(self, group_name): | |
| 79 | """ |
|
79 | """ | |
| 80 | makes repository group on filesystem |
|
80 | makes repository group on filesystem | |
| 81 |
|
81 | |||
| 82 | :param repo_name: |
|
82 | :param repo_name: | |
| 83 | :param parent_id: |
|
83 | :param parent_id: | |
| 84 | """ |
|
84 | """ | |
| 85 |
|
85 | |||
| 86 | create_path = os.path.join(self.repos_path, group_name) |
|
86 | create_path = os.path.join(self.repos_path, group_name) | |
| 87 | log.debug('creating new group in %s' % create_path) |
|
87 | log.debug('creating new group in %s' % create_path) | |
| 88 |
|
88 | |||
| 89 | if os.path.isdir(create_path): |
|
89 | if os.path.isdir(create_path): | |
| 90 | raise Exception('That directory already exists !') |
|
90 | raise Exception('That directory already exists !') | |
| 91 |
|
91 | |||
| 92 | os.makedirs(create_path) |
|
92 | os.makedirs(create_path) | |
| 93 |
|
93 | |||
| 94 | def __rename_group(self, old, new): |
|
94 | def __rename_group(self, old, new): | |
| 95 | """ |
|
95 | """ | |
| 96 | Renames a group on filesystem |
|
96 | Renames a group on filesystem | |
| 97 |
|
97 | |||
| 98 | :param group_name: |
|
98 | :param group_name: | |
| 99 | """ |
|
99 | """ | |
| 100 |
|
100 | |||
| 101 | if old == new: |
|
101 | if old == new: | |
| 102 | log.debug('skipping group rename') |
|
102 | log.debug('skipping group rename') | |
| 103 | return |
|
103 | return | |
| 104 |
|
104 | |||
| 105 | log.debug('renaming repository group from %s to %s' % (old, new)) |
|
105 | log.debug('renaming repository group from %s to %s' % (old, new)) | |
| 106 |
|
106 | |||
| 107 | old_path = os.path.join(self.repos_path, old) |
|
107 | old_path = os.path.join(self.repos_path, old) | |
| 108 | new_path = os.path.join(self.repos_path, new) |
|
108 | new_path = os.path.join(self.repos_path, new) | |
| 109 |
|
109 | |||
| 110 | log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) |
|
110 | log.debug('renaming repos paths from %s to %s' % (old_path, new_path)) | |
| 111 |
|
111 | |||
| 112 | if os.path.isdir(new_path): |
|
112 | if os.path.isdir(new_path): | |
| 113 | raise Exception('Was trying to rename to already ' |
|
113 | raise Exception('Was trying to rename to already ' | |
| 114 | 'existing dir %s' % new_path) |
|
114 | 'existing dir %s' % new_path) | |
| 115 | shutil.move(old_path, new_path) |
|
115 | shutil.move(old_path, new_path) | |
| 116 |
|
116 | |||
| 117 | def __delete_group(self, group, force_delete=False): |
|
117 | def __delete_group(self, group, force_delete=False): | |
| 118 | """ |
|
118 | """ | |
| 119 | Deletes a group from a filesystem |
|
119 | Deletes a group from a filesystem | |
| 120 |
|
120 | |||
| 121 | :param group: instance of group from database |
|
121 | :param group: instance of group from database | |
| 122 | :param force_delete: use shutil rmtree to remove all objects |
|
122 | :param force_delete: use shutil rmtree to remove all objects | |
| 123 | """ |
|
123 | """ | |
| 124 | paths = group.full_path.split(RepoGroup.url_sep()) |
|
124 | paths = group.full_path.split(RepoGroup.url_sep()) | |
| 125 | paths = os.sep.join(paths) |
|
125 | paths = os.sep.join(paths) | |
| 126 |
|
126 | |||
| 127 | rm_path = os.path.join(self.repos_path, paths) |
|
127 | rm_path = os.path.join(self.repos_path, paths) | |
| 128 | log.info("Removing group %s" % (rm_path)) |
|
128 | log.info("Removing group %s" % (rm_path)) | |
| 129 | # delete only if that path really exists |
|
129 | # delete only if that path really exists | |
| 130 | if os.path.isdir(rm_path): |
|
130 | if os.path.isdir(rm_path): | |
| 131 | if force_delete: |
|
131 | if force_delete: | |
| 132 | shutil.rmtree(rm_path) |
|
132 | shutil.rmtree(rm_path) | |
| 133 | else: |
|
133 | else: | |
| 134 | #archive that group` |
|
134 | #archive that group` | |
| 135 | _now = datetime.datetime.now() |
|
135 | _now = datetime.datetime.now() | |
| 136 | _ms = str(_now.microsecond).rjust(6, '0') |
|
136 | _ms = str(_now.microsecond).rjust(6, '0') | |
| 137 | _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms), |
|
137 | _d = 'rm__%s_GROUP_%s' % (_now.strftime('%Y%m%d_%H%M%S_' + _ms), | |
| 138 | group.name) |
|
138 | group.name) | |
| 139 | shutil.move(rm_path, os.path.join(self.repos_path, _d)) |
|
139 | shutil.move(rm_path, os.path.join(self.repos_path, _d)) | |
| 140 |
|
140 | |||
| 141 | def create(self, group_name, group_description, owner, parent=None, just_db=False): |
|
141 | def create(self, group_name, group_description, owner, parent=None, just_db=False): | |
| 142 | try: |
|
142 | try: | |
|
|
143 | user = self._get_user(owner) | |||
| 143 | new_repos_group = RepoGroup() |
|
144 | new_repos_group = RepoGroup() | |
| 144 |
new_repos_group.user = |
|
145 | new_repos_group.user = user | |
| 145 | new_repos_group.group_description = group_description or group_name |
|
146 | new_repos_group.group_description = group_description or group_name | |
| 146 | new_repos_group.parent_group = self._get_repo_group(parent) |
|
147 | new_repos_group.parent_group = self._get_repo_group(parent) | |
| 147 | new_repos_group.group_name = new_repos_group.get_new_name(group_name) |
|
148 | new_repos_group.group_name = new_repos_group.get_new_name(group_name) | |
| 148 |
|
149 | |||
| 149 | self.sa.add(new_repos_group) |
|
150 | self.sa.add(new_repos_group) | |
| 150 | perm_obj = self._create_default_perms(new_repos_group) |
|
151 | perm_obj = self._create_default_perms(new_repos_group) | |
| 151 | self.sa.add(perm_obj) |
|
152 | self.sa.add(perm_obj) | |
| 152 |
|
153 | |||
| 153 |
#create an ADMIN permission for owner |
|
154 | #create an ADMIN permission for owner except if we're super admin, | |
| 154 | #the owner field of groups |
|
155 | #later owner should go into the owner field of groups | |
|
|
156 | if not user.is_admin: | |||
| 155 | self.grant_user_permission(repos_group=new_repos_group, |
|
157 | self.grant_user_permission(repos_group=new_repos_group, | |
| 156 | user=owner, perm='group.admin') |
|
158 | user=owner, perm='group.admin') | |
| 157 |
|
159 | |||
| 158 | if not just_db: |
|
160 | if not just_db: | |
| 159 | # we need to flush here, in order to check if database won't |
|
161 | # we need to flush here, in order to check if database won't | |
| 160 | # throw any exceptions, create filesystem dirs at the very end |
|
162 | # throw any exceptions, create filesystem dirs at the very end | |
| 161 | self.sa.flush() |
|
163 | self.sa.flush() | |
| 162 | self.__create_group(new_repos_group.group_name) |
|
164 | self.__create_group(new_repos_group.group_name) | |
| 163 |
|
165 | |||
| 164 | return new_repos_group |
|
166 | return new_repos_group | |
| 165 | except Exception: |
|
167 | except Exception: | |
| 166 | log.error(traceback.format_exc()) |
|
168 | log.error(traceback.format_exc()) | |
| 167 | raise |
|
169 | raise | |
| 168 |
|
170 | |||
| 169 | def _update_permissions(self, repos_group, perms_new=None, |
|
171 | def _update_permissions(self, repos_group, perms_new=None, | |
| 170 | perms_updates=None, recursive=False, |
|
172 | perms_updates=None, recursive=False, | |
| 171 | check_perms=True): |
|
173 | check_perms=True): | |
| 172 | from rhodecode.model.repo import RepoModel |
|
174 | from rhodecode.model.repo import RepoModel | |
| 173 | from rhodecode.lib.auth import HasUserGroupPermissionAny |
|
175 | from rhodecode.lib.auth import HasUserGroupPermissionAny | |
| 174 |
|
176 | |||
| 175 | if not perms_new: |
|
177 | if not perms_new: | |
| 176 | perms_new = [] |
|
178 | perms_new = [] | |
| 177 | if not perms_updates: |
|
179 | if not perms_updates: | |
| 178 | perms_updates = [] |
|
180 | perms_updates = [] | |
| 179 |
|
181 | |||
| 180 | def _set_perm_user(obj, user, perm): |
|
182 | def _set_perm_user(obj, user, perm): | |
| 181 | if isinstance(obj, RepoGroup): |
|
183 | if isinstance(obj, RepoGroup): | |
| 182 | self.grant_user_permission( |
|
184 | self.grant_user_permission( | |
| 183 | repos_group=obj, user=user, perm=perm |
|
185 | repos_group=obj, user=user, perm=perm | |
| 184 | ) |
|
186 | ) | |
| 185 | elif isinstance(obj, Repository): |
|
187 | elif isinstance(obj, Repository): | |
| 186 | #we do this ONLY IF repository is non-private |
|
188 | #we do this ONLY IF repository is non-private | |
| 187 | if obj.private: |
|
189 | if obj.private: | |
| 188 | return |
|
190 | return | |
| 189 |
|
191 | |||
| 190 | # we set group permission but we have to switch to repo |
|
192 | # we set group permission but we have to switch to repo | |
| 191 | # permission |
|
193 | # permission | |
| 192 | perm = perm.replace('group.', 'repository.') |
|
194 | perm = perm.replace('group.', 'repository.') | |
| 193 | RepoModel().grant_user_permission( |
|
195 | RepoModel().grant_user_permission( | |
| 194 | repo=obj, user=user, perm=perm |
|
196 | repo=obj, user=user, perm=perm | |
| 195 | ) |
|
197 | ) | |
| 196 |
|
198 | |||
| 197 | def _set_perm_group(obj, users_group, perm): |
|
199 | def _set_perm_group(obj, users_group, perm): | |
| 198 | if isinstance(obj, RepoGroup): |
|
200 | if isinstance(obj, RepoGroup): | |
| 199 | self.grant_users_group_permission( |
|
201 | self.grant_users_group_permission( | |
| 200 | repos_group=obj, group_name=users_group, perm=perm |
|
202 | repos_group=obj, group_name=users_group, perm=perm | |
| 201 | ) |
|
203 | ) | |
| 202 | elif isinstance(obj, Repository): |
|
204 | elif isinstance(obj, Repository): | |
| 203 | # we set group permission but we have to switch to repo |
|
205 | # we set group permission but we have to switch to repo | |
| 204 | # permission |
|
206 | # permission | |
| 205 | perm = perm.replace('group.', 'repository.') |
|
207 | perm = perm.replace('group.', 'repository.') | |
| 206 | RepoModel().grant_users_group_permission( |
|
208 | RepoModel().grant_users_group_permission( | |
| 207 | repo=obj, group_name=users_group, perm=perm |
|
209 | repo=obj, group_name=users_group, perm=perm | |
| 208 | ) |
|
210 | ) | |
| 209 | updates = [] |
|
211 | updates = [] | |
| 210 | log.debug('Now updating permissions for %s in recursive mode:%s' |
|
212 | log.debug('Now updating permissions for %s in recursive mode:%s' | |
| 211 | % (repos_group, recursive)) |
|
213 | % (repos_group, recursive)) | |
| 212 |
|
214 | |||
| 213 | for obj in repos_group.recursive_groups_and_repos(): |
|
215 | for obj in repos_group.recursive_groups_and_repos(): | |
| 214 | #obj is an instance of a group or repositories in that group |
|
216 | #obj is an instance of a group or repositories in that group | |
| 215 | if not recursive: |
|
217 | if not recursive: | |
| 216 | obj = repos_group |
|
218 | obj = repos_group | |
| 217 |
|
219 | |||
| 218 | # update permissions |
|
220 | # update permissions | |
| 219 | for member, perm, member_type in perms_updates: |
|
221 | for member, perm, member_type in perms_updates: | |
| 220 | ## set for user |
|
222 | ## set for user | |
| 221 | if member_type == 'user': |
|
223 | if member_type == 'user': | |
| 222 | # this updates also current one if found |
|
224 | # this updates also current one if found | |
| 223 | _set_perm_user(obj, user=member, perm=perm) |
|
225 | _set_perm_user(obj, user=member, perm=perm) | |
| 224 | ## set for user group |
|
226 | ## set for user group | |
| 225 | else: |
|
227 | else: | |
| 226 | #check if we have permissions to alter this usergroup |
|
228 | #check if we have permissions to alter this usergroup | |
| 227 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
229 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') | |
| 228 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
|
230 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): | |
| 229 | _set_perm_group(obj, users_group=member, perm=perm) |
|
231 | _set_perm_group(obj, users_group=member, perm=perm) | |
| 230 | # set new permissions |
|
232 | # set new permissions | |
| 231 | for member, perm, member_type in perms_new: |
|
233 | for member, perm, member_type in perms_new: | |
| 232 | if member_type == 'user': |
|
234 | if member_type == 'user': | |
| 233 | _set_perm_user(obj, user=member, perm=perm) |
|
235 | _set_perm_user(obj, user=member, perm=perm) | |
| 234 | else: |
|
236 | else: | |
| 235 | #check if we have permissions to alter this usergroup |
|
237 | #check if we have permissions to alter this usergroup | |
| 236 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') |
|
238 | req_perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin') | |
| 237 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): |
|
239 | if not check_perms or HasUserGroupPermissionAny(*req_perms)(member): | |
| 238 | _set_perm_group(obj, users_group=member, perm=perm) |
|
240 | _set_perm_group(obj, users_group=member, perm=perm) | |
| 239 | updates.append(obj) |
|
241 | updates.append(obj) | |
| 240 | #if it's not recursive call |
|
242 | #if it's not recursive call | |
| 241 | # break the loop and don't proceed with other changes |
|
243 | # break the loop and don't proceed with other changes | |
| 242 | if not recursive: |
|
244 | if not recursive: | |
| 243 | break |
|
245 | break | |
| 244 | return updates |
|
246 | return updates | |
| 245 |
|
247 | |||
| 246 | def update(self, repos_group, form_data): |
|
248 | def update(self, repos_group, form_data): | |
| 247 |
|
249 | |||
| 248 | try: |
|
250 | try: | |
| 249 | repos_group = self._get_repo_group(repos_group) |
|
251 | repos_group = self._get_repo_group(repos_group) | |
| 250 | old_path = repos_group.full_path |
|
252 | old_path = repos_group.full_path | |
| 251 |
|
253 | |||
| 252 | # change properties |
|
254 | # change properties | |
| 253 | repos_group.group_description = form_data['group_description'] |
|
255 | repos_group.group_description = form_data['group_description'] | |
| 254 | repos_group.group_parent_id = form_data['group_parent_id'] |
|
256 | repos_group.group_parent_id = form_data['group_parent_id'] | |
| 255 | repos_group.enable_locking = form_data['enable_locking'] |
|
257 | repos_group.enable_locking = form_data['enable_locking'] | |
| 256 |
|
258 | |||
| 257 | repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) |
|
259 | repos_group.parent_group = RepoGroup.get(form_data['group_parent_id']) | |
| 258 | repos_group.group_name = repos_group.get_new_name(form_data['group_name']) |
|
260 | repos_group.group_name = repos_group.get_new_name(form_data['group_name']) | |
| 259 | new_path = repos_group.full_path |
|
261 | new_path = repos_group.full_path | |
| 260 | self.sa.add(repos_group) |
|
262 | self.sa.add(repos_group) | |
| 261 |
|
263 | |||
| 262 | # iterate over all members of this groups and do fixes |
|
264 | # iterate over all members of this groups and do fixes | |
| 263 | # set locking if given |
|
265 | # set locking if given | |
| 264 | # if obj is a repoGroup also fix the name of the group according |
|
266 | # if obj is a repoGroup also fix the name of the group according | |
| 265 | # to the parent |
|
267 | # to the parent | |
| 266 | # if obj is a Repo fix it's name |
|
268 | # if obj is a Repo fix it's name | |
| 267 | # this can be potentially heavy operation |
|
269 | # this can be potentially heavy operation | |
| 268 | for obj in repos_group.recursive_groups_and_repos(): |
|
270 | for obj in repos_group.recursive_groups_and_repos(): | |
| 269 | #set the value from it's parent |
|
271 | #set the value from it's parent | |
| 270 | obj.enable_locking = repos_group.enable_locking |
|
272 | obj.enable_locking = repos_group.enable_locking | |
| 271 | if isinstance(obj, RepoGroup): |
|
273 | if isinstance(obj, RepoGroup): | |
| 272 | new_name = obj.get_new_name(obj.name) |
|
274 | new_name = obj.get_new_name(obj.name) | |
| 273 | log.debug('Fixing group %s to new name %s' \ |
|
275 | log.debug('Fixing group %s to new name %s' \ | |
| 274 | % (obj.group_name, new_name)) |
|
276 | % (obj.group_name, new_name)) | |
| 275 | obj.group_name = new_name |
|
277 | obj.group_name = new_name | |
| 276 | elif isinstance(obj, Repository): |
|
278 | elif isinstance(obj, Repository): | |
| 277 | # we need to get all repositories from this new group and |
|
279 | # we need to get all repositories from this new group and | |
| 278 | # rename them accordingly to new group path |
|
280 | # rename them accordingly to new group path | |
| 279 | new_name = obj.get_new_name(obj.just_name) |
|
281 | new_name = obj.get_new_name(obj.just_name) | |
| 280 | log.debug('Fixing repo %s to new name %s' \ |
|
282 | log.debug('Fixing repo %s to new name %s' \ | |
| 281 | % (obj.repo_name, new_name)) |
|
283 | % (obj.repo_name, new_name)) | |
| 282 | obj.repo_name = new_name |
|
284 | obj.repo_name = new_name | |
| 283 | self.sa.add(obj) |
|
285 | self.sa.add(obj) | |
| 284 |
|
286 | |||
| 285 | self.__rename_group(old_path, new_path) |
|
287 | self.__rename_group(old_path, new_path) | |
| 286 |
|
288 | |||
| 287 | return repos_group |
|
289 | return repos_group | |
| 288 | except Exception: |
|
290 | except Exception: | |
| 289 | log.error(traceback.format_exc()) |
|
291 | log.error(traceback.format_exc()) | |
| 290 | raise |
|
292 | raise | |
| 291 |
|
293 | |||
| 292 | def delete(self, repos_group, force_delete=False): |
|
294 | def delete(self, repos_group, force_delete=False): | |
| 293 | repos_group = self._get_repo_group(repos_group) |
|
295 | repos_group = self._get_repo_group(repos_group) | |
| 294 | try: |
|
296 | try: | |
| 295 | self.sa.delete(repos_group) |
|
297 | self.sa.delete(repos_group) | |
| 296 | self.__delete_group(repos_group, force_delete) |
|
298 | self.__delete_group(repos_group, force_delete) | |
| 297 | except Exception: |
|
299 | except Exception: | |
| 298 | log.error('Error removing repos_group %s' % repos_group) |
|
300 | log.error('Error removing repos_group %s' % repos_group) | |
| 299 | raise |
|
301 | raise | |
| 300 |
|
302 | |||
| 301 | def delete_permission(self, repos_group, obj, obj_type, recursive): |
|
303 | def delete_permission(self, repos_group, obj, obj_type, recursive): | |
| 302 | """ |
|
304 | """ | |
| 303 | Revokes permission for repos_group for given obj(user or users_group), |
|
305 | Revokes permission for repos_group for given obj(user or users_group), | |
| 304 | obj_type can be user or user group |
|
306 | obj_type can be user or user group | |
| 305 |
|
307 | |||
| 306 | :param repos_group: |
|
308 | :param repos_group: | |
| 307 | :param obj: user or user group id |
|
309 | :param obj: user or user group id | |
| 308 | :param obj_type: user or user group type |
|
310 | :param obj_type: user or user group type | |
| 309 | :param recursive: recurse to all children of group |
|
311 | :param recursive: recurse to all children of group | |
| 310 | """ |
|
312 | """ | |
| 311 | from rhodecode.model.repo import RepoModel |
|
313 | from rhodecode.model.repo import RepoModel | |
| 312 | repos_group = self._get_repo_group(repos_group) |
|
314 | repos_group = self._get_repo_group(repos_group) | |
| 313 |
|
315 | |||
| 314 | for el in repos_group.recursive_groups_and_repos(): |
|
316 | for el in repos_group.recursive_groups_and_repos(): | |
| 315 | if not recursive: |
|
317 | if not recursive: | |
| 316 | # if we don't recurse set the permission on only the top level |
|
318 | # if we don't recurse set the permission on only the top level | |
| 317 | # object |
|
319 | # object | |
| 318 | el = repos_group |
|
320 | el = repos_group | |
| 319 |
|
321 | |||
| 320 | if isinstance(el, RepoGroup): |
|
322 | if isinstance(el, RepoGroup): | |
| 321 | if obj_type == 'user': |
|
323 | if obj_type == 'user': | |
| 322 | ReposGroupModel().revoke_user_permission(el, user=obj) |
|
324 | ReposGroupModel().revoke_user_permission(el, user=obj) | |
| 323 | elif obj_type == 'users_group': |
|
325 | elif obj_type == 'users_group': | |
| 324 | ReposGroupModel().revoke_users_group_permission(el, group_name=obj) |
|
326 | ReposGroupModel().revoke_users_group_permission(el, group_name=obj) | |
| 325 | else: |
|
327 | else: | |
| 326 | raise Exception('undefined object type %s' % obj_type) |
|
328 | raise Exception('undefined object type %s' % obj_type) | |
| 327 | elif isinstance(el, Repository): |
|
329 | elif isinstance(el, Repository): | |
| 328 | if obj_type == 'user': |
|
330 | if obj_type == 'user': | |
| 329 | RepoModel().revoke_user_permission(el, user=obj) |
|
331 | RepoModel().revoke_user_permission(el, user=obj) | |
| 330 | elif obj_type == 'users_group': |
|
332 | elif obj_type == 'users_group': | |
| 331 | RepoModel().revoke_users_group_permission(el, group_name=obj) |
|
333 | RepoModel().revoke_users_group_permission(el, group_name=obj) | |
| 332 | else: |
|
334 | else: | |
| 333 | raise Exception('undefined object type %s' % obj_type) |
|
335 | raise Exception('undefined object type %s' % obj_type) | |
| 334 |
|
336 | |||
| 335 | #if it's not recursive call |
|
337 | #if it's not recursive call | |
| 336 | # break the loop and don't proceed with other changes |
|
338 | # break the loop and don't proceed with other changes | |
| 337 | if not recursive: |
|
339 | if not recursive: | |
| 338 | break |
|
340 | break | |
| 339 |
|
341 | |||
| 340 | def grant_user_permission(self, repos_group, user, perm): |
|
342 | def grant_user_permission(self, repos_group, user, perm): | |
| 341 | """ |
|
343 | """ | |
| 342 | Grant permission for user on given repository group, or update |
|
344 | Grant permission for user on given repository group, or update | |
| 343 | existing one if found |
|
345 | existing one if found | |
| 344 |
|
346 | |||
| 345 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
347 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 346 | or repositories_group name |
|
348 | or repositories_group name | |
| 347 | :param user: Instance of User, user_id or username |
|
349 | :param user: Instance of User, user_id or username | |
| 348 | :param perm: Instance of Permission, or permission_name |
|
350 | :param perm: Instance of Permission, or permission_name | |
| 349 | """ |
|
351 | """ | |
| 350 |
|
352 | |||
| 351 | repos_group = self._get_repo_group(repos_group) |
|
353 | repos_group = self._get_repo_group(repos_group) | |
| 352 | user = self._get_user(user) |
|
354 | user = self._get_user(user) | |
| 353 | permission = self._get_perm(perm) |
|
355 | permission = self._get_perm(perm) | |
| 354 |
|
356 | |||
| 355 | # check if we have that permission already |
|
357 | # check if we have that permission already | |
| 356 | obj = self.sa.query(UserRepoGroupToPerm)\ |
|
358 | obj = self.sa.query(UserRepoGroupToPerm)\ | |
| 357 | .filter(UserRepoGroupToPerm.user == user)\ |
|
359 | .filter(UserRepoGroupToPerm.user == user)\ | |
| 358 | .filter(UserRepoGroupToPerm.group == repos_group)\ |
|
360 | .filter(UserRepoGroupToPerm.group == repos_group)\ | |
| 359 | .scalar() |
|
361 | .scalar() | |
| 360 | if obj is None: |
|
362 | if obj is None: | |
| 361 | # create new ! |
|
363 | # create new ! | |
| 362 | obj = UserRepoGroupToPerm() |
|
364 | obj = UserRepoGroupToPerm() | |
| 363 | obj.group = repos_group |
|
365 | obj.group = repos_group | |
| 364 | obj.user = user |
|
366 | obj.user = user | |
| 365 | obj.permission = permission |
|
367 | obj.permission = permission | |
| 366 | self.sa.add(obj) |
|
368 | self.sa.add(obj) | |
| 367 | log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) |
|
369 | log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) | |
| 368 |
|
370 | |||
| 369 | def revoke_user_permission(self, repos_group, user): |
|
371 | def revoke_user_permission(self, repos_group, user): | |
| 370 | """ |
|
372 | """ | |
| 371 | Revoke permission for user on given repository group |
|
373 | Revoke permission for user on given repository group | |
| 372 |
|
374 | |||
| 373 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
375 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 374 | or repositories_group name |
|
376 | or repositories_group name | |
| 375 | :param user: Instance of User, user_id or username |
|
377 | :param user: Instance of User, user_id or username | |
| 376 | """ |
|
378 | """ | |
| 377 |
|
379 | |||
| 378 | repos_group = self._get_repo_group(repos_group) |
|
380 | repos_group = self._get_repo_group(repos_group) | |
| 379 | user = self._get_user(user) |
|
381 | user = self._get_user(user) | |
| 380 |
|
382 | |||
| 381 | obj = self.sa.query(UserRepoGroupToPerm)\ |
|
383 | obj = self.sa.query(UserRepoGroupToPerm)\ | |
| 382 | .filter(UserRepoGroupToPerm.user == user)\ |
|
384 | .filter(UserRepoGroupToPerm.user == user)\ | |
| 383 | .filter(UserRepoGroupToPerm.group == repos_group)\ |
|
385 | .filter(UserRepoGroupToPerm.group == repos_group)\ | |
| 384 | .scalar() |
|
386 | .scalar() | |
| 385 | if obj: |
|
387 | if obj: | |
| 386 | self.sa.delete(obj) |
|
388 | self.sa.delete(obj) | |
| 387 | log.debug('Revoked perm on %s on %s' % (repos_group, user)) |
|
389 | log.debug('Revoked perm on %s on %s' % (repos_group, user)) | |
| 388 |
|
390 | |||
| 389 | def grant_users_group_permission(self, repos_group, group_name, perm): |
|
391 | def grant_users_group_permission(self, repos_group, group_name, perm): | |
| 390 | """ |
|
392 | """ | |
| 391 | Grant permission for user group on given repository group, or update |
|
393 | Grant permission for user group on given repository group, or update | |
| 392 | existing one if found |
|
394 | existing one if found | |
| 393 |
|
395 | |||
| 394 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
396 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 395 | or repositories_group name |
|
397 | or repositories_group name | |
| 396 | :param group_name: Instance of UserGroup, users_group_id, |
|
398 | :param group_name: Instance of UserGroup, users_group_id, | |
| 397 | or user group name |
|
399 | or user group name | |
| 398 | :param perm: Instance of Permission, or permission_name |
|
400 | :param perm: Instance of Permission, or permission_name | |
| 399 | """ |
|
401 | """ | |
| 400 | repos_group = self._get_repo_group(repos_group) |
|
402 | repos_group = self._get_repo_group(repos_group) | |
| 401 | group_name = self._get_user_group(group_name) |
|
403 | group_name = self._get_user_group(group_name) | |
| 402 | permission = self._get_perm(perm) |
|
404 | permission = self._get_perm(perm) | |
| 403 |
|
405 | |||
| 404 | # check if we have that permission already |
|
406 | # check if we have that permission already | |
| 405 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ |
|
407 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ | |
| 406 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ |
|
408 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ | |
| 407 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ |
|
409 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ | |
| 408 | .scalar() |
|
410 | .scalar() | |
| 409 |
|
411 | |||
| 410 | if obj is None: |
|
412 | if obj is None: | |
| 411 | # create new |
|
413 | # create new | |
| 412 | obj = UserGroupRepoGroupToPerm() |
|
414 | obj = UserGroupRepoGroupToPerm() | |
| 413 |
|
415 | |||
| 414 | obj.group = repos_group |
|
416 | obj.group = repos_group | |
| 415 | obj.users_group = group_name |
|
417 | obj.users_group = group_name | |
| 416 | obj.permission = permission |
|
418 | obj.permission = permission | |
| 417 | self.sa.add(obj) |
|
419 | self.sa.add(obj) | |
| 418 | log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) |
|
420 | log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) | |
| 419 |
|
421 | |||
| 420 | def revoke_users_group_permission(self, repos_group, group_name): |
|
422 | def revoke_users_group_permission(self, repos_group, group_name): | |
| 421 | """ |
|
423 | """ | |
| 422 | Revoke permission for user group on given repository group |
|
424 | Revoke permission for user group on given repository group | |
| 423 |
|
425 | |||
| 424 | :param repos_group: Instance of ReposGroup, repositories_group_id, |
|
426 | :param repos_group: Instance of ReposGroup, repositories_group_id, | |
| 425 | or repositories_group name |
|
427 | or repositories_group name | |
| 426 | :param group_name: Instance of UserGroup, users_group_id, |
|
428 | :param group_name: Instance of UserGroup, users_group_id, | |
| 427 | or user group name |
|
429 | or user group name | |
| 428 | """ |
|
430 | """ | |
| 429 | repos_group = self._get_repo_group(repos_group) |
|
431 | repos_group = self._get_repo_group(repos_group) | |
| 430 | group_name = self._get_user_group(group_name) |
|
432 | group_name = self._get_user_group(group_name) | |
| 431 |
|
433 | |||
| 432 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ |
|
434 | obj = self.sa.query(UserGroupRepoGroupToPerm)\ | |
| 433 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ |
|
435 | .filter(UserGroupRepoGroupToPerm.group == repos_group)\ | |
| 434 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ |
|
436 | .filter(UserGroupRepoGroupToPerm.users_group == group_name)\ | |
| 435 | .scalar() |
|
437 | .scalar() | |
| 436 | if obj: |
|
438 | if obj: | |
| 437 | self.sa.delete(obj) |
|
439 | self.sa.delete(obj) | |
| 438 | log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) |
|
440 | log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) | |
General Comments 0
You need to be logged in to leave comments.
Login now