upstream/kallithea Commit - r1292:c0335c1d

added some fixes to LDAP form re-submition, new simples ldap-settings getter....

marcink -

r1292:c0335c1d beta

parent child

docs/setup.rst

0 +18 -10

             .. _setup:
             Setup
             =====
             Setting up RhodeCode
             --------------------------
             First, you will need to create a RhodeCode configuration file. Run the following
             command to do this::
                 paster make-config RhodeCode production.ini
             - This will create the file `production.ini` in the current directory. This
               configuration file contains the various settings for RhodeCode, e.g proxy port,
               email settings, usage of static files, cache, celery settings and logging.
             Next, you need to create the databases used by RhodeCode. I recommend that you
             use sqlite (default) or postgresql. If you choose a database other than the
             default ensure you properly adjust the db url in your production.ini
             configuration file to use this other database. Create the databases by running
             the following command::
                 paster setup-app production.ini
             This will prompt you for a "root" path. This "root" path is the location where
             RhodeCode will store all of its repositories on the current machine. After
             entering this "root" path ``setup-app`` will also prompt you for a username and password
             for the initial admin account which ``setup-app`` sets up for you.
             - The ``setup-app`` command will create all of the needed tables and an admin
               account. When choosing a root path you can either use a new empty location, or a
               location which already contains existing repositories. If you choose a location
               which contains existing repositories RhodeCode will simply add all of the
               repositories at the chosen location to it's database. (Note: make sure you
               specify the correct path to the root).
             - Note: the given path for mercurial_ repositories **must** be write accessible
               for the application. It's very important since the RhodeCode web interface will
               work without write access, but when trying to do a push it will eventually fail
               with permission denied errors unless it has write access.
             You are now ready to use RhodeCode, to run it simply execute::
                 paster serve production.ini
             - This command runs the RhodeCode server. The web app should be available at the
 .0.0.1:5000. This ip and port is configurable via the production.ini
               file created in previous step
             - Use the admin account you created above when running ``setup-app`` to login to the web app.
             - The default permissions on each repository is read, and the owner is admin.
               Remember to update these if needed.
             - In the admin panel you can toggle ldap, anonymous, permissions settings. As
               well as edit more advanced options on users and repositories
             Try copying your own mercurial repository into the "root" directory you are
             using, then from within the RhodeCode web application choose Admin >
             repositories. Then choose Add New Repository. Add the repository you copied into
             the root. Test that you can browse your repository from within RhodeCode and then
             try cloning your repository from RhodeCode with::
                 hg clone http://127.0.0.1:5000/<repository name>
             where *repository name* is replaced by the name of your repository.
             Using RhodeCode with SSH
             ------------------------
             RhodeCode currently only hosts repositories using http and https. (The addition of
             ssh hosting is a planned future feature.) However you can easily use ssh in
             parallel with RhodeCode. (Repository access via ssh is a standard "out of
             the box" feature of mercurial_ and you can use this to access any of the
             repositories that RhodeCode is hosting. See PublishingRepositories_)
             RhodeCode repository structures are kept in directories with the same name
             as the project. When using repository groups, each group is a subdirectory.
             This allows you to easily use ssh for accessing repositories.
             In order to use ssh you need to make sure that your web-server and the users login
             accounts have the correct permissions set on the appropriate directories. (Note
             that these permissions are independent of any permissions you have set up using
             the RhodeCode web interface.)
             If your main directory (the same as set in RhodeCode settings) is for example
             set to **/home/hg** and the repository you are using is named `rhodecode`, then
             to clone via ssh you should run::
                 hg clone ssh://user@server.com/home/hg/rhodecode
             Using other external tools such as mercurial-server_ or using ssh key based
             authentication is fully supported.
             Note: In an advanced setup, in order for your ssh access to use the same
             permissions as set up via the RhodeCode web interface, you can create an
             authentication hook to connect to the rhodecode db and runs check functions for
             permissions against that.
             Setting up Whoosh full text search
             ----------------------------------
             Starting from version 1.1 the whoosh index can be build by using the paster
             command ``make-index``. To use ``make-index`` you must specify the configuration
             file that stores the location of the index, and the location of the repositories
             (`--repo-location`).Starting from version 1.2 it is
             also possible to specify a comma separated list of repositories (`--index-only`)
             to build index only on chooses repositories skipping any other found in repos
             location
             You may optionally pass the option `-f` to enable a full index rebuild. Without
             the `-f` option, indexing will run always in "incremental" mode.
             For an incremental index build use::
             	paster make-index production.ini --repo-location=<location for repos>
             For a full index rebuild use::
             	paster make-index production.ini -f --repo-location=<location for repos>
             building index just for chosen repositories is possible with such command::
              paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode
             In order to do periodical index builds and keep your index always up to date.
             It's recommended to do a crontab entry for incremental indexing.
             An example entry might look like this::
                 /path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>
             When using incremental mode (the default) whoosh will check the last
             modification date of each file and add it to be reindexed if a newer file is
             available. The indexing daemon checks for any removed files and removes them
             from index.
             If you want to rebuild index from scratch, you can use the `-f` flag as above,
             or in the admin panel you can check `build from scratch` flag.
             Setting up LDAP support
             -----------------------
             RhodeCode starting from version 1.1 supports ldap authentication. In order
-            to use LDAP, you have to install the python-ldap_ package. This package is available
+            to use LDAP, you have to install the python-ldap_ package. This package is
-            via pypi, so you can install it by running
+            available via pypi, so you can install it by running
-            ::
+            using easy_install::
                 easy_install python-ldap
-            ::
+            using pip::
                 pip install python-ldap
             .. note::
                python-ldap requires some certain libs on your system, so before installing
                it check that you have at least `openldap`, and `sasl` libraries.
             LDAP settings are located in admin->ldap section,
             Here's a typical ldap setup::
              Connection settings
              Enable LDAP          = checked
              Host                 = host.example.org
              Port                 = 389
              Account              = <account>
              Password             = <password>
-             Enable LDAPS         = checked
+             Connection Security  = LDAPS connection
              Certificate Checks   = DEMAND
              Search settings
              Base DN              = CN=users,DC=host,DC=example,DC=org
              LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))
              LDAP Search Scope    = SUBTREE
              Attribute mappings
              Login Attribute      = uid
              First Name Attribute = firstName
              Last Name Attribute  = lastName
              E-mail Attribute     = mail
             .. _enable_ldap:
             Enable LDAP : required
                 Whether to use LDAP for authenticating users.
             .. _ldap_host:
             Host : required
                 LDAP server hostname or IP address.
             .. _Port:
             Port : required
 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
             .. _ldap_account:
             Account : optional
                 Only required if the LDAP server does not allow anonymous browsing of
                 records.  This should be a special account for record browsing.  This
                 will require `LDAP Password`_ below.
             .. _LDAP Password:
             Password : optional
                 Only required if the LDAP server does not allow anonymous browsing of
                 records.
             .. _Enable LDAPS:
-            Enable LDAPS : optional
+            Connection Security : required
-                Check this if SSL encryption is necessary for communication with the
+                Defines the connection to LDAP server
-                LDAP server - it will likely require `Port`_ to be set to a different
-                value (standard LDAPS port is 636).  When LDAPS is enabled then
+                No encryption
-                `Certificate Checks`_ is required.
+                    Plain non encrypted connection
+                LDAPS connection
+                    Enable ldaps connection. It will likely require `Port`_ to be set to
+                    a different value (standard LDAPS port is 636). When LDAPS is enabled
+                    then `Certificate Checks`_ is required.
+                START_TLS on LDAP connection
+                    START TLS connection
             .. _Certificate Checks:
             Certificate Checks : optional
                 How SSL certificates verification is handled - this is only useful when
                 `Enable LDAPS`_ is enabled.  Only DEMAND or HARD offer full SSL security while
                 the other options are susceptible to man-in-the-middle attacks.  SSL
                 certificates can be installed to /etc/openldap/cacerts so that the
                 DEMAND or HARD options can be used with self-signed certificates or
                 certificates that do not have traceable certificates of authority.
                 NEVER
                     A serve certificate will never be requested or checked.
                 ALLOW
                     A server certificate is requested.  Failure to provide a
                     certificate or providing a bad certificate will not terminate the
                     session.
                 TRY
                     A server certificate is requested.  Failure to provide a
                     certificate does not halt the session; providing a bad certificate
                     halts the session.
                 DEMAND
                     A server certificate is requested and must be provided and
                     authenticated for the session to proceed.
                 HARD
                     The same as DEMAND.
             .. _Base DN:
             Base DN : required
                 The Distinguished Name (DN) where searches for users will be performed.
                 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
             .. _LDAP Filter:
             LDAP Filter : optional
                 A LDAP filter defined by RFC 2254.  This is more useful when `LDAP
                 Search Scope`_ is set to SUBTREE.  The filter is useful for limiting
                 which LDAP objects are identified as representing Users for
                 authentication.  The filter is augmented by `Login Attribute`_ below.
                 This can commonly be left blank.
             .. _LDAP Search Scope:
             LDAP Search Scope : required
                 This limits how far LDAP will search for a matching object.
                 BASE
                     Only allows searching of `Base DN`_ and is usually not what you
                     want.
                 ONELEVEL
                     Searches all entries under `Base DN`_, but not Base DN itself.
                 SUBTREE
                     Searches all entries below `Base DN`_, but not Base DN itself.
                     When using SUBTREE `LDAP Filter`_ is useful to limit object
                     location.
             .. _Login Attribute:
             Login Attribute : required
                 The LDAP record attribute that will be matched as the USERNAME or
                 ACCOUNT used to connect to RhodeCode.  This will be added to `LDAP
                 Filter`_ for locating the User object.  If `LDAP Filter`_ is specified as
                 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
                 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
                 ::
                     (&(LDAPFILTER)(uid=jsmith))
             .. _ldap_attr_firstname:
             First Name Attribute : required
                 The LDAP record attribute which represents the user's first name.
             .. _ldap_attr_lastname:
             Last Name Attribute : required
                 The LDAP record attribute which represents the user's last name.
             .. _ldap_attr_email:
             Email Attribute : required
                 The LDAP record attribute which represents the user's email address.
             If all data are entered correctly, and python-ldap_ is properly installed
             users should be granted access to RhodeCode with ldap accounts.  At this
             time user information is copied from LDAP into the RhodeCode user database.
             This means that updates of an LDAP user object may not be reflected as a
             user update in RhodeCode.
             If You have problems with LDAP access and believe You entered correct
             information check out the RhodeCode logs, any error messages sent from LDAP
             will be saved there.
             Active Directory
             ''''''''''''''''
             RhodeCode can use Microsoft Active Directory for user authentication.  This
             is done through an LDAP or LDAPS connection to Active Directory.  The
             following LDAP configuration settings are typical for using Active
             Directory ::
              Base DN              = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
              Login Attribute      = sAMAccountName
              First Name Attribute = givenName
              Last Name Attribute  = sn
              E-mail Attribute     = mail
             All other LDAP settings will likely be site-specific and should be
             appropriately configured.
             Setting Up Celery
             -----------------
             Since version 1.1 celery is configured by the rhodecode ini configuration files.
             Simply set use_celery=true in the ini file then add / change the configuration
             variables inside the ini file.
             Remember that the ini files use the format with '.' not with '_' like celery.
             So for example setting `BROKER_HOST` in celery means setting `broker.host` in
             the config file.
             In order to start using celery run::
              paster celeryd <configfile.ini>
             .. note::
                Make sure you run this command from the same virtualenv, and with the same user
                that rhodecode runs.
             HTTPS support
             -------------
             There are two ways to enable https:
             - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
               recognize this headers and make proper https redirections
             - Alternatively, set `force_https = true` in the ini configuration to force using
               https, no headers are needed than to enable https
             Nginx virtual host example
             --------------------------
             Sample config for nginx using proxy::
                 server {
                    listen          80;
                    server_name     hg.myserver.com;
                    access_log      /var/log/nginx/rhodecode.access.log;
                    error_log       /var/log/nginx/rhodecode.error.log;
                    location / {
                            root /var/www/rhodecode/rhodecode/public/;
                            if (!-f $request_filename){
                                proxy_pass      http://127.0.0.1:5000;
                            }
                            #this is important if you want to use https !!!
                            proxy_set_header X-Url-Scheme $scheme;
                            include         /etc/nginx/proxy.conf;
                    }
                 }
             Here's the proxy.conf. It's tuned so it will not timeout on long
             pushes or large pushes::
                 proxy_redirect              off;
                 proxy_set_header            Host $host;
                 proxy_set_header            X-Host $http_host;
                 proxy_set_header            X-Real-IP $remote_addr;
                 proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header            Proxy-host $proxy_host;
                 client_max_body_size        400m;
                 client_body_buffer_size     128k;
                 proxy_buffering             off;
                 proxy_connect_timeout       3600;
                 proxy_send_timeout          3600;
                 proxy_read_timeout          3600;
                 proxy_buffer_size           16k;
                 proxy_buffers               4 16k;
                 proxy_busy_buffers_size     64k;
                 proxy_temp_file_write_size  64k;
             Also, when using root path with nginx you might set the static files to false
             in the production.ini file::
                 [app:main]
                   use = egg:rhodecode
                   full_stack = true
                   static_files = false
                   lang=en
                   cache_dir = %(here)s/data
             In order to not have the statics served by the application. This improves speed.
             Apache virtual host example
             ---------------------------
             Here is a sample configuration file for apache using proxy::
                 <VirtualHost *:80>
                         ServerName hg.myserver.com
                         ServerAlias hg.myserver.com
                         <Proxy *>
                           Order allow,deny
                           Allow from all
                         </Proxy>
                         #important !
                         #Directive to properly generate url (clone url) for pylons
                         ProxyPreserveHost On
                         #rhodecode instance
                         ProxyPass / http://127.0.0.1:5000/
                         ProxyPassReverse / http://127.0.0.1:5000/
                         #to enable https use line below
                         #SetEnvIf X-Url-Scheme https HTTPS=1
                 </VirtualHost>
             Additional tutorial
             http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
             Apache as subdirectory
             ----------------------
             Apache subdirectory part::
                 <Location /<someprefix> >
                   ProxyPass http://127.0.0.1:5000/<someprefix>
                   ProxyPassReverse http://127.0.0.1:5000/<someprefix>
                   SetEnvIf X-Url-Scheme https HTTPS=1
                 </Location>
             Besides the regular apache setup you will need to add the following to your .ini file::
                 filter-with = proxy-prefix
             Add the following at the end of the .ini file::
                 [filter:proxy-prefix]
                 use = egg:PasteDeploy#prefix
                 prefix = /<someprefix>
             then change <someprefix> into your choosen prefix
             Apache's example FCGI config
             ----------------------------
             TODO !
             Other configuration files
             -------------------------
             Some example init.d scripts can be found here, for debian and gentoo:
             https://rhodecode.org/rhodecode/files/tip/init.d
             Troubleshooting
             ---------------
             :Q: **Missing static files?**
             :A: Make sure either to set the `static_files = true` in the .ini file or
                double check the root path for your http setup. It should point to
                for example:
                /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
             |
             :Q: **Can't install celery/rabbitmq**
             :A: Don't worry RhodeCode works without them too. No extra setup is required.
             |
             :Q: **Long lasting push timeouts?**
             :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
                 are caused by https server and not RhodeCode.
             |
             :Q: **Large pushes timeouts?**
             :A: Make sure you set a proper max_body_size for the http server.
             |
             :Q: **Apache doesn't pass basicAuth on pull/push?**
             :A: Make sure you added `WSGIPassAuthorization true`.
             For further questions search the `Issues tracker`_, or post a message in the `google group rhodecode`_
             .. _virtualenv: http://pypi.python.org/pypi/virtualenv
             .. _python: http://www.python.org/
             .. _mercurial: http://mercurial.selenic.com/
             .. _celery: http://celeryproject.org/
             .. _rabbitmq: http://www.rabbitmq.com/
             .. _python-ldap: http://www.python-ldap.org/
             .. _mercurial-server: http://www.lshift.net/mercurial-server.html
             .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
             .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
             .. _google group rhodecode: http://groups.google.com/group/rhodecode

rhodecode/controllers/admin/ldap_settings.py

0 +13 -9

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.admin.ldap_settings
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 ldap controller for RhodeCode
                 :created_on: Nov 26, 2010
                 :author: marcink
                 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import formencode
             import traceback
             from formencode import htmlfill
             from pylons import request, response, session, tmpl_context as c, url
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
+            from sqlalchemy.exc import DatabaseError
             from rhodecode.lib.base import BaseController, render
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
-            from rhodecode.lib.auth_ldap import LdapImportError
+            from rhodecode.lib.exceptions import LdapImportError
-            from rhodecode.model.settings import SettingsModel
             from rhodecode.model.forms import LdapSettingsForm
-            from sqlalchemy.exc import DatabaseError
+            from rhodecode.model.db import RhodeCodeSettings
             log = logging.getLogger(__name__)
             class LdapSettingsController(BaseController):
                 search_scope_choices = [('BASE', _('BASE'),),
                                         ('ONELEVEL', _('ONELEVEL'),),
                                         ('SUBTREE', _('SUBTREE'),),
                                         ]
                 search_scope_default = 'SUBTREE'
                 tls_reqcert_choices = [('NEVER', _('NEVER'),),
                                        ('ALLOW', _('ALLOW'),),
                                        ('TRY', _('TRY'),),
                                        ('DEMAND', _('DEMAND'),),
                                        ('HARD', _('HARD'),),
                                        ]
                 tls_reqcert_default = 'DEMAND'
                 tls_kind_choices = [('PLAIN', _('No encryption'),),
                                     ('LDAPS', _('LDAPS connection'),),
                                     ('START_TLS', _('START_TLS on LDAP connection'),)
                                     ]
                 tls_kind_default = 'PLAIN'
                 @LoginRequired()
                 @HasPermissionAllDecorator('hg.admin')
                 def __before__(self):
                     c.admin_user = session.get('admin_user')
                     c.admin_username = session.get('admin_username')
                     c.search_scope_choices = self.search_scope_choices
                     c.tls_reqcert_choices = self.tls_reqcert_choices
                     c.tls_kind_choices = self.tls_kind_choices
+                    c.search_scope_cur = self.search_scope_default
+                    c.tls_reqcert_cur = self.tls_reqcert_default
+                    c.tls_kind_cur = self.tls_kind_default
                     super(LdapSettingsController, self).__before__()
                 def index(self):
-                    defaults = SettingsModel().get_ldap_settings()
+                    defaults = RhodeCodeSettings.get_ldap_settings()
                     c.search_scope_cur = defaults.get('ldap_search_scope')
                     c.tls_reqcert_cur = defaults.get('ldap_tls_reqcert')
                     c.tls_kind_cur = defaults.get('ldap_tls_kind')
                     return htmlfill.render(
                                 render('admin/ldap/ldap.html'),
                                 defaults=defaults,
                                 encoding="UTF-8",
                                 force_defaults=True,)
                 def ldap_settings(self):
                     """POST ldap create and store ldap settings"""
-                    settings_model = SettingsModel()
                     _form = LdapSettingsForm([x[0] for x in self.tls_reqcert_choices],
                                              [x[0] for x in self.search_scope_choices],
                                              [x[0] for x in self.tls_kind_choices])()
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         try:
                             for k, v in form_result.items():
                                 if k.startswith('ldap_'):
-                                    setting = settings_model.get(k)
+                                    setting = RhodeCodeSettings.get_by_name(k)
                                     setting.app_settings_value = v
                                     self.sa.add(setting)
                             self.sa.commit()
                             h.flash(_('Ldap settings updated successfully'),
                                 category='success')
                         except (DatabaseError,):
                             raise
                     except LdapImportError:
                         h.flash(_('Unable to activate ldap. The "python-ldap" library '
                                   'is missing.'), category='warning')
                     except formencode.Invalid, errors:
+                        e = errors.error_dict or {}
-                        c.search_scope_cur = self.search_scope_default
-                        c.tls_reqcert_cur = self.search_scope_default
                         return htmlfill.render(
                             render('admin/ldap/ldap.html'),
                             defaults=errors.value,
-                            errors=errors.error_dict or {},
+                            errors=e,
                             prefix_error=False,
                             encoding="UTF-8")
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('error occurred during update of ldap settings'),
                                 category='error')
                     return redirect(url('ldap_home'))

rhodecode/controllers/admin/settings.py

0 +6 -7

             # -*- coding: utf-8 -*-
             """
                 rhodecode.controllers.admin.settings
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 settings controller for rhodecode admin
                 :created_on: Jul 14, 2010
                 :author: marcink
                 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import logging
             import traceback
             import formencode
             from sqlalchemy import func
             from formencode import htmlfill
             from pylons import request, session, tmpl_context as c, url, config
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from rhodecode.lib import helpers as h
             from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator, \
                 HasPermissionAnyDecorator, NotAnonymous
             from rhodecode.lib.base import BaseController, render
             from rhodecode.lib.celerylib import tasks, run_task
             from rhodecode.lib.utils import repo2db_mapper, invalidate_cache, \
                 set_rhodecode_config, repo_name_slug
-            from rhodecode.model.db import RhodeCodeUi, Repository, Group
+            from rhodecode.model.db import RhodeCodeUi, Repository, Group, \
+                RhodeCodeSettings
             from rhodecode.model.forms import UserForm, ApplicationSettingsForm, \
                 ApplicationUiSettingsForm
             from rhodecode.model.scm import ScmModel
-            from rhodecode.model.settings import SettingsModel
             from rhodecode.model.user import UserModel
             log = logging.getLogger(__name__)
             class SettingsController(BaseController):
                 """REST Controller styled on the Atom Publishing Protocol"""
                 # To properly map this controller, ensure your config/routing.py
                 # file has a resource setup:
                 #     map.resource('setting', 'settings', controller='admin/settings',
                 #         path_prefix='/admin', name_prefix='admin_')
                 @LoginRequired()
                 def __before__(self):
                     c.admin_user = session.get('admin_user')
                     c.admin_username = session.get('admin_username')
                     super(SettingsController, self).__before__()
                 @HasPermissionAllDecorator('hg.admin')
                 def index(self, format='html'):
                     """GET /admin/settings: All items in the collection"""
                     # url('admin_settings')
-                    defaults = SettingsModel().get_app_settings()
+                    defaults = RhodeCodeSettings.get_app_settings()
                     defaults.update(self.get_hg_ui_settings())
                     return htmlfill.render(
                         render('admin/settings/settings.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                 @HasPermissionAllDecorator('hg.admin')
                 def create(self):
                     """POST /admin/settings: Create a new item"""
                     # url('admin_settings')
                 @HasPermissionAllDecorator('hg.admin')
                 def new(self, format='html'):
                     """GET /admin/settings/new: Form to create a new item"""
                     # url('admin_new_setting')
                 @HasPermissionAllDecorator('hg.admin')
                 def update(self, setting_id):
                     """PUT /admin/settings/setting_id: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('admin_setting', setting_id=ID),
                     #           method='put')
                     # url('admin_setting', setting_id=ID)
                     if setting_id == 'mapping':
                         rm_obsolete = request.POST.get('destroy', False)
                         log.debug('Rescanning directories with destroy=%s', rm_obsolete)
                         initial = ScmModel().repo_scan()
                         log.debug('invalidating all repositories')
                         for repo_name in initial.keys():
                             invalidate_cache('get_repo_cached_%s' % repo_name)
                         added, removed = repo2db_mapper(initial, rm_obsolete)
                         h.flash(_('Repositories successfully'
                                   ' rescanned added: %s,removed: %s') % (added, removed),
                                 category='success')
                     if setting_id == 'whoosh':
                         repo_location = self.get_hg_ui_settings()['paths_root_path']
                         full_index = request.POST.get('full_index', False)
                         run_task(tasks.whoosh_index, repo_location, full_index)
                         h.flash(_('Whoosh reindex task scheduled'), category='success')
                     if setting_id == 'global':
                         application_form = ApplicationSettingsForm()()
                         try:
                             form_result = application_form.to_python(dict(request.POST))
-                            settings_model = SettingsModel()
                             try:
-                                hgsettings1 = settings_model.get('title')
+                                hgsettings1 = RhodeCodeSettings.get_by_name('title')
                                 hgsettings1.app_settings_value = \
                                     form_result['rhodecode_title']
-                                hgsettings2 = settings_model.get('realm')
+                                hgsettings2 = RhodeCodeSettings.get_by_name('realm')
                                 hgsettings2.app_settings_value = \
                                     form_result['rhodecode_realm']
-                                hgsettings3 = settings_model.get('ga_code')
+                                hgsettings3 = RhodeCodeSettings.get_by_name('ga_code')
                                 hgsettings3.app_settings_value = \
                                     form_result['rhodecode_ga_code']
                                 self.sa.add(hgsettings1)
                                 self.sa.add(hgsettings2)
                                 self.sa.add(hgsettings3)
                                 self.sa.commit()
                                 set_rhodecode_config(config)
                                 h.flash(_('Updated application settings'),
                                         category='success')
                             except Exception:
                                 log.error(traceback.format_exc())
                                 h.flash(_('error occurred during updating '
                                           'application settings'),
                                         category='error')
                                 self.sa.rollback()
                         except formencode.Invalid, errors:
                             return htmlfill.render(
                                  render('admin/settings/settings.html'),
                                  defaults=errors.value,
                                  errors=errors.error_dict or {},
                                  prefix_error=False,
                                  encoding="UTF-8")
                     if setting_id == 'mercurial':
                         application_form = ApplicationUiSettingsForm()()
                         try:
                             form_result = application_form.to_python(dict(request.POST))
                             try:
                                 hgsettings1 = self.sa.query(RhodeCodeUi)\
                                 .filter(RhodeCodeUi.ui_key == 'push_ssl').one()
                                 hgsettings1.ui_value = form_result['web_push_ssl']
                                 hgsettings2 = self.sa.query(RhodeCodeUi)\
                                 .filter(RhodeCodeUi.ui_key == '/').one()
                                 hgsettings2.ui_value = form_result['paths_root_path']
                                 #HOOKS
                                 hgsettings3 = self.sa.query(RhodeCodeUi)\
                                 .filter(RhodeCodeUi.ui_key == 'changegroup.update').one()
                                 hgsettings3.ui_active = \
                                     bool(form_result['hooks_changegroup_update'])
                                 hgsettings4 = self.sa.query(RhodeCodeUi)\
                                 .filter(RhodeCodeUi.ui_key ==
                                         'changegroup.repo_size').one()
                                 hgsettings4.ui_active = \
                                     bool(form_result['hooks_changegroup_repo_size'])
                                 hgsettings5 = self.sa.query(RhodeCodeUi)\
                                 .filter(RhodeCodeUi.ui_key ==
                                         'pretxnchangegroup.push_logger').one()
                                 hgsettings5.ui_active = \
                                     bool(form_result['hooks_pretxnchangegroup'
                                                      '_push_logger'])
                                 hgsettings6 = self.sa.query(RhodeCodeUi)\
                                 .filter(RhodeCodeUi.ui_key ==
                                         'preoutgoing.pull_logger').one()
                                 hgsettings6.ui_active = \
                                     bool(form_result['hooks_preoutgoing_pull_logger'])
                                 self.sa.add(hgsettings1)
                                 self.sa.add(hgsettings2)
                                 self.sa.add(hgsettings3)
                                 self.sa.add(hgsettings4)
                                 self.sa.add(hgsettings5)
                                 self.sa.add(hgsettings6)
                                 self.sa.commit()
                                 h.flash(_('Updated mercurial settings'),
                                         category='success')
                             except:
                                 log.error(traceback.format_exc())
                                 h.flash(_('error occurred during updating '
                                           'application settings'), category='error')
                                 self.sa.rollback()
                         except formencode.Invalid, errors:
                             return htmlfill.render(
                                  render('admin/settings/settings.html'),
                                  defaults=errors.value,
                                  errors=errors.error_dict or {},
                                  prefix_error=False,
                                  encoding="UTF-8")
                     return redirect(url('admin_settings'))
                 @HasPermissionAllDecorator('hg.admin')
                 def delete(self, setting_id):
                     """DELETE /admin/settings/setting_id: Delete an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="DELETE" />
                     # Or using helpers:
                     #    h.form(url('admin_setting', setting_id=ID),
                     #           method='delete')
                     # url('admin_setting', setting_id=ID)
                 @HasPermissionAllDecorator('hg.admin')
                 def show(self, setting_id, format='html'):
                     """
                     GET /admin/settings/setting_id: Show a specific item"""
                     # url('admin_setting', setting_id=ID)
                 @HasPermissionAllDecorator('hg.admin')
                 def edit(self, setting_id, format='html'):
                     """
                     GET /admin/settings/setting_id/edit: Form to
                     edit an existing item"""
                     # url('admin_edit_setting', setting_id=ID)
                 @NotAnonymous()
                 def my_account(self):
                     """
                     GET /_admin/my_account Displays info about my account
                     """
                     # url('admin_settings_my_account')
                     c.user = UserModel().get(self.rhodecode_user.user_id, cache=False)
                     all_repos = [r.repo_name for r in self.sa.query(Repository)\
                                  .filter(Repository.user_id == c.user.user_id)\
                                  .order_by(func.lower(Repository.repo_name)).all()]
                     c.user_repos = ScmModel().get_repos(all_repos)
                     if c.user.username == 'default':
                         h.flash(_("You can't edit this user since it's"
                           " crucial for entire application"), category='warning')
                         return redirect(url('users'))
                     defaults = c.user.get_dict()
                     return htmlfill.render(
                         render('admin/users/user_edit_my_account.html'),
                         defaults=defaults,
                         encoding="UTF-8",
                         force_defaults=False
                     )
                 def my_account_update(self):
                     """PUT /_admin/my_account_update: Update an existing item"""
                     # Forms posted to this method should contain a hidden field:
                     #    <input type="hidden" name="_method" value="PUT" />
                     # Or using helpers:
                     #    h.form(url('admin_settings_my_account_update'),
                     #           method='put')
                     # url('admin_settings_my_account_update', id=ID)
                     user_model = UserModel()
                     uid = self.rhodecode_user.user_id
                     _form = UserForm(edit=True,
                                      old_data={'user_id': uid,
                                                'email': self.rhodecode_user.email})()
                     form_result = {}
                     try:
                         form_result = _form.to_python(dict(request.POST))
                         user_model.update_my_account(uid, form_result)
                         h.flash(_('Your account was updated successfully'),
                                 category='success')
                     except formencode.Invalid, errors:
                         c.user = user_model.get(self.rhodecode_user.user_id, cache=False)
                         c.user = UserModel().get(self.rhodecode_user.user_id, cache=False)
                         all_repos = self.sa.query(Repository)\
                             .filter(Repository.user_id == c.user.user_id)\
                             .order_by(func.lower(Repository.repo_name))\
                             .all()
                         c.user_repos = ScmModel().get_repos(all_repos)
                         return htmlfill.render(
                             render('admin/users/user_edit_my_account.html'),
                             defaults=errors.value,
                             errors=errors.error_dict or {},
                             prefix_error=False,
                             encoding="UTF-8")
                     except Exception:
                         log.error(traceback.format_exc())
                         h.flash(_('error occurred during update of user %s') \
                                 % form_result.get('username'), category='error')
                     return redirect(url('my_account'))
                 @NotAnonymous()
                 @HasPermissionAnyDecorator('hg.admin', 'hg.create.repository')
                 def create_repository(self):
                     """GET /_admin/create_repository: Form to create a new item"""
                     c.repo_groups = [('', '')]
                     parents_link = lambda k: h.literal('&raquo;'.join(
                                                 map(lambda k: k.group_name,
                                                     k.parents + [k])
                                                 )
                                             )
                     c.repo_groups.extend([(x.group_id, parents_link(x)) for \
                                                         x in self.sa.query(Group).all()])
                     c.repo_groups_choices = map(lambda k: unicode(k[0]), c.repo_groups)
                     new_repo = request.GET.get('repo', '')
                     c.new_repo = repo_name_slug(new_repo)
                     return render('admin/repos/repo_add_create_repository.html')
                 def get_hg_ui_settings(self):
                     ret = self.sa.query(RhodeCodeUi).all()
                     if not ret:
                         raise Exception('Could not get application ui settings !')
                     settings = {}
                     for each in ret:
                         k = each.ui_key
                         v = each.ui_value
                         if k == '/':
                             k = 'root_path'
                         if k.find('.') != -1:
                             k = k.replace('.', '_')
                         if each.ui_section == 'hooks':
                             v = each.ui_active
                         settings[each.ui_section + '_' + k] = v
                     return settings

rhodecode/lib/auth.py

0 +9 -10

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.auth
                 ~~~~~~~~~~~~~~~~~~
                 authentication and permission libraries
                 :created_on: Apr 4, 2010
                 :copyright: (c) 2010 by marcink.
                 :license: LICENSE_NAME, see LICENSE_FILE for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import random
             import logging
             import traceback
             import hashlib
             from tempfile import _RandomNameSequence
             from decorator import decorator
             from pylons import config, session, url, request
             from pylons.controllers.util import abort, redirect
             from pylons.i18n.translation import _
             from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS
             if __platform__ in PLATFORM_WIN:
                 from hashlib import sha256
             if __platform__ in PLATFORM_OTHERS:
                 import bcrypt
             from rhodecode.lib import str2bool
             from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
             from rhodecode.lib.utils import get_repo_slug
             from rhodecode.lib.auth_ldap import AuthLdap
             from rhodecode.model import meta
             from rhodecode.model.user import UserModel
-            from rhodecode.model.db import Permission
+            from rhodecode.model.db import Permission, RhodeCodeSettings
             log = logging.getLogger(__name__)
             class PasswordGenerator(object):
                 """This is a simple class for generating password from
                     different sets of characters
                     usage:
                     passwd_gen = PasswordGenerator()
                     #print 8-letter password containing only big and small letters
                         of alphabet
                     print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)
                 """
                 ALPHABETS_NUM = r'''1234567890'''
                 ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''
                 ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''
                 ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''
                 ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \
                     + ALPHABETS_NUM + ALPHABETS_SPECIAL
                 ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM
                 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
                 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM
                 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM
                 def __init__(self, passwd=''):
                     self.passwd = passwd
                 def gen_password(self, len, type):
                     self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
                     return self.passwd
             class RhodeCodeCrypto(object):
                 @classmethod
                 def hash_string(cls, str_):
                     """
                     Cryptographic function used for password hashing based on pybcrypt
                     or pycrypto in windows
                     :param password: password to hash
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(str_).hexdigest()
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(str_, bcrypt.gensalt(10))
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
                 @classmethod
                 def hash_check(cls, password, hashed):
                     """
                     Checks matching password with it's hashed value, runs different
                     implementation based on platform it runs on
                     :param password: password
                     :param hashed: password in hashed form
                     """
                     if __platform__ in PLATFORM_WIN:
                         return sha256(password).hexdigest() == hashed
                     elif __platform__ in PLATFORM_OTHERS:
                         return bcrypt.hashpw(password, hashed) == hashed
                     else:
                         raise Exception('Unknown or unsupported platform %s' \
                                         % __platform__)
             def get_crypt_password(password):
                 return RhodeCodeCrypto.hash_string(password)
             def check_password(password, hashed):
                 return RhodeCodeCrypto.hash_check(password, hashed)
             def generate_api_key(username, salt=None):
                 if salt is None:
                     salt = _RandomNameSequence().next()
                 return hashlib.sha1(username + salt).hexdigest()
             def authfunc(environ, username, password):
                 """Dummy authentication function used in Mercurial/Git/ and access control,
                 :param environ: needed only for using in Basic auth
                 """
                 return authenticate(username, password)
             def authenticate(username, password):
                 """Authentication function used for access control,
                 firstly checks for db authentication then if ldap is enabled for ldap
                 authentication, also creates ldap user if not in database
                 :param username: username
                 :param password: password
                 """
                 user_model = UserModel()
                 user = user_model.get_by_username(username, cache=False)
                 log.debug('Authenticating user using RhodeCode account')
                 if user is not None and not user.ldap_dn:
                     if user.active:
                         if user.username == 'default' and user.active:
                             log.info('user %s authenticated correctly as anonymous user',
                                      username)
                             return True
                         elif user.username == username and check_password(password,
                                                                           user.password):
                             log.info('user %s authenticated correctly', username)
                             return True
                     else:
                         log.warning('user %s is disabled', username)
                 else:
                     log.debug('Regular authentication failed')
                     user_obj = user_model.get_by_username(username, cache=False,
                                                         case_insensitive=True)
                     if user_obj is not None and not user_obj.ldap_dn:
                         log.debug('this user already exists as non ldap')
                         return False
-                    from rhodecode.model.settings import SettingsModel
+                    ldap_settings = RhodeCodeSettings.get_ldap_settings()
-                    ldap_settings = SettingsModel().get_ldap_settings()
                     #======================================================================
                     # FALLBACK TO LDAP AUTH IF ENABLE
                     #======================================================================
                     if str2bool(ldap_settings.get('ldap_active')):
                         log.debug("Authenticating user using ldap")
                         kwargs = {
                               'server': ldap_settings.get('ldap_host', ''),
                               'base_dn': ldap_settings.get('ldap_base_dn', ''),
                               'port': ldap_settings.get('ldap_port'),
                               'bind_dn': ldap_settings.get('ldap_dn_user'),
                               'bind_pass': ldap_settings.get('ldap_dn_pass'),
                               'tls_kind': ldap_settings.get('ldap_tls_kind'),
                               'tls_reqcert': ldap_settings.get('ldap_tls_reqcert'),
                               'ldap_filter': ldap_settings.get('ldap_filter'),
                               'search_scope': ldap_settings.get('ldap_search_scope'),
                               'attr_login': ldap_settings.get('ldap_attr_login'),
                               'ldap_version': 3,
                               }
                         log.debug('Checking for ldap authentication')
                         try:
                             aldap = AuthLdap(**kwargs)
                             (user_dn, ldap_attrs) = aldap.authenticate_ldap(username,
                                                                             password)
                             log.debug('Got ldap DN response %s', user_dn)
+                            get_ldap_attr = lambda k:ldap_attrs.get(ldap_settings\
+                                                                       .get(k), [''])[0]
                             user_attrs = {
-                                'name': ldap_attrs.get(ldap_settings\
+                                'name': get_ldap_attr('ldap_attr_firstname'),
-                                                   .get('ldap_attr_firstname'), [''])[0],
+                                'lastname': get_ldap_attr('ldap_attr_lastname'),
-                                'lastname': ldap_attrs.get(ldap_settings\
+                                'email': get_ldap_attr('ldap_attr_email'),
-                                                       .get('ldap_attr_lastname'),[''])[0],
-                                'email': ldap_attrs.get(ldap_settings\
-                                                    .get('ldap_attr_email'), [''])[0],
                                 }
                             if user_model.create_ldap(username, password, user_dn,
                                                       user_attrs):
                                 log.info('created new ldap user %s', username)
                             return True
                         except (LdapUsernameError, LdapPasswordError,):
                             pass
                         except (Exception,):
                             log.error(traceback.format_exc())
                             pass
                 return False
             class  AuthUser(object):
                 """
                 A simple object that handles all attributes of user in RhodeCode
                 It does lookup based on API key,given user, or user present in session
                 Then it fills all required information for such user. It also checks if
                 anonymous access is enabled and if so, it returns default user as logged
                 in
                 """
                 def __init__(self, user_id=None, api_key=None):
                     self.user_id = user_id
                     self.api_key = None
                     self.username = 'None'
                     self.name = ''
                     self.lastname = ''
                     self.email = ''
                     self.is_authenticated = False
                     self.admin = False
                     self.permissions = {}
                     self._api_key = api_key
                     self.propagate_data()
                 def propagate_data(self):
                     user_model = UserModel()
                     self.anonymous_user = user_model.get_by_username('default', cache=True)
                     if self._api_key and self._api_key != self.anonymous_user.api_key:
                         #try go get user by api key
                         log.debug('Auth User lookup by API KEY %s', self._api_key)
                         user_model.fill_data(self, api_key=self._api_key)
                     else:
                         log.debug('Auth User lookup by USER ID %s', self.user_id)
                         if self.user_id is not None \
                             and self.user_id != self.anonymous_user.user_id:
                             user_model.fill_data(self, user_id=self.user_id)
                         else:
                             if self.anonymous_user.active is True:
                                 user_model.fill_data(self,
                                                      user_id=self.anonymous_user.user_id)
                                 #then we set this user is logged in
                                 self.is_authenticated = True
                             else:
                                 self.is_authenticated = False
                     log.debug('Auth User is now %s', self)
                     user_model.fill_perms(self)
                 @property
                 def is_admin(self):
                     return self.admin
                 def __repr__(self):
                     return "<AuthUser('id:%s:%s|%s')>" % (self.user_id, self.username,
                                                           self.is_authenticated)
                 def set_authenticated(self, authenticated=True):
                     if self.user_id != self.anonymous_user.user_id:
                         self.is_authenticated = authenticated
             def set_available_permissions(config):
                 """This function will propagate pylons globals with all available defined
                 permission given in db. We don't want to check each time from db for new
                 permissions since adding a new permission also requires application restart
                 ie. to decorate new views with the newly created permission
                 :param config: current pylons config instance
                 """
                 log.info('getting information about all available permissions')
                 try:
                     sa = meta.Session()
                     all_perms = sa.query(Permission).all()
                 except:
                     pass
                 finally:
                     meta.Session.remove()
                 config['available_permissions'] = [x.permission_name for x in all_perms]
             #==============================================================================
             # CHECK DECORATORS
             #==============================================================================
             class LoginRequired(object):
                 """
                 Must be logged in to execute this function else
                 redirect to login page
                 :param api_access: if enabled this checks only for valid auth token
                     and grants access based on valid token
                 """
                 def __init__(self, api_access=False):
                     self.api_access = api_access
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     user = cls.rhodecode_user
                     api_access_ok = False
                     if self.api_access:
                         log.debug('Checking API KEY access for %s', cls)
                         if user.api_key == request.GET.get('api_key'):
                             api_access_ok = True
                         else:
                             log.debug("API KEY token not valid")
                     log.debug('Checking if %s is authenticated @ %s', user.username, cls)
                     if user.is_authenticated or api_access_ok:
                         log.debug('user %s is authenticated', user.username)
                         return func(*fargs, **fkwargs)
                     else:
                         log.warn('user %s NOT authenticated', user.username)
                         p = url.current()
                         log.debug('redirecting to login page with %s', p)
                         return redirect(url('login_home', came_from=p))
             class NotAnonymous(object):
                 """Must be logged in to execute this function else
                 redirect to login page"""
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     log.debug('Checking if user is not anonymous @%s', cls)
                     anonymous = self.user.username == 'default'
                     if anonymous:
                         p = ''
                         if request.environ.get('SCRIPT_NAME') != '/':
                             p += request.environ.get('SCRIPT_NAME')
                         p += request.environ.get('PATH_INFO')
                         if request.environ.get('QUERY_STRING'):
                             p += '?' + request.environ.get('QUERY_STRING')
                         import rhodecode.lib.helpers as h
                         h.flash(_('You need to be a registered user to '
                                   'perform this action'),
                                 category='warning')
                         return redirect(url('login_home', came_from=p))
                     else:
                         return func(*fargs, **fkwargs)
             class PermsDecorator(object):
                 """Base class for controller decorators"""
                 def __init__(self, *required_perms):
                     available_perms = config['available_permissions']
                     for perm in required_perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission is not defined" % perm)
                     self.required_perms = set(required_perms)
                     self.user_perms = None
                 def __call__(self, func):
                     return decorator(self.__wrapper, func)
                 def __wrapper(self, func, *fargs, **fkwargs):
                     cls = fargs[0]
                     self.user = cls.rhodecode_user
                     self.user_perms = self.user.permissions
                     log.debug('checking %s permissions %s for %s %s',
                        self.__class__.__name__, self.required_perms, cls,
                            self.user)
                     if self.check_permissions():
                         log.debug('Permission granted for %s %s', cls, self.user)
                         return func(*fargs, **fkwargs)
                     else:
                         log.warning('Permission denied for %s %s', cls, self.user)
                         #redirect with forbidden ret code
                         return abort(403)
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAllDecorator(PermsDecorator):
                 """Checks for access permission for all given predicates. All of them
                 have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAnyDecorator(PermsDecorator):
                 """Checks for access permission for any of given predicates. In order to
                 fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAllDecorator(PermsDecorator):
                 """Checks for access permission for all given predicates for specific
                 repository. All of them have to be meet in order to fulfill the request
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.issubset(user_perms):
                         return True
                     return False
             class HasRepoPermissionAnyDecorator(PermsDecorator):
                 """Checks for access permission for any of given predicates for specific
                 repository. In order to fulfill the request any of predicates must be meet
                 """
                 def check_permissions(self):
                     repo_name = get_repo_slug(request)
                     try:
                         user_perms = set([self.user_perms['repositories'][repo_name]])
                     except KeyError:
                         return False
                     if self.required_perms.intersection(user_perms):
                         return True
                     return False
             #==============================================================================
             # CHECK FUNCTIONS
             #==============================================================================
             class PermsFunction(object):
                 """Base function for other check functions"""
                 def __init__(self, *perms):
                     available_perms = config['available_permissions']
                     for perm in perms:
                         if perm not in available_perms:
                             raise Exception("'%s' permission in not defined" % perm)
                     self.required_perms = set(perms)
                     self.user_perms = None
                     self.granted_for = ''
                     self.repo_name = None
                 def __call__(self, check_Location=''):
                     user = session.get('rhodecode_user', False)
                     if not user:
                         return False
                     self.user_perms = user.permissions
                     self.granted_for = user
                     log.debug('checking %s %s %s', self.__class__.__name__,
                               self.required_perms, user)
                     if self.check_permissions():
                         log.debug('Permission granted %s @ %s', self.granted_for,
                                   check_Location or 'unspecified location')
                         return True
                     else:
                         log.warning('Permission denied for %s @ %s', self.granted_for,
                                     check_Location or 'unspecified location')
                         return False
                 def check_permissions(self):
                     """Dummy function for overriding"""
                     raise Exception('You have to write this function in child class')
             class HasPermissionAll(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.issubset(self.user_perms.get('global')):
                         return True
                     return False
             class HasPermissionAny(PermsFunction):
                 def check_permissions(self):
                     if self.required_perms.intersection(self.user_perms.get('global')):
                         return True
                     return False
             class HasRepoPermissionAll(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAll, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self.user_perms = set([self.user_perms['reposit'
                                                                'ories'][self.repo_name]])
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.issubset(self.user_perms):
                         return True
                     return False
             class HasRepoPermissionAny(PermsFunction):
                 def __call__(self, repo_name=None, check_Location=''):
                     self.repo_name = repo_name
                     return super(HasRepoPermissionAny, self).__call__(check_Location)
                 def check_permissions(self):
                     if not self.repo_name:
                         self.repo_name = get_repo_slug(request)
                     try:
                         self.user_perms = set([self.user_perms['reposi'
                                                                'tories'][self.repo_name]])
                     except KeyError:
                         return False
                     self.granted_for = self.repo_name
                     if self.required_perms.intersection(self.user_perms):
                         return True
                     return False
             #==============================================================================
             # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
             #==============================================================================
             class HasPermissionAnyMiddleware(object):
                 def __init__(self, *perms):
                     self.required_perms = set(perms)
                 def __call__(self, user, repo_name):
                     usr = AuthUser(user.user_id)
                     try:
                         self.user_perms = set([usr.permissions['repositories'][repo_name]])
                     except:
                         self.user_perms = set()
                     self.granted_for = ''
                     self.username = user.username
                     self.repo_name = repo_name
                     return self.check_permissions()
                 def check_permissions(self):
                     log.debug('checking mercurial protocol '
                               'permissions %s for user:%s repository:%s', self.user_perms,
                                                             self.username, self.repo_name)
                     if self.required_perms.intersection(self.user_perms):
                         log.debug('permission granted')
                         return True
                     log.debug('permission denied')
                     return False

rhodecode/lib/auth_ldap.py

0 +25 -16

-            #!/usr/bin/env python
+            # -*- coding: utf-8 -*-
-            # encoding: utf-8
+            """
-            # ldap authentication lib
+                rhodecode.controllers.changelog
-            # Copyright (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
+                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+                RhodeCode authentication library for LDAP
+                :created_on: Created on Nov 17, 2010
+                :author: marcink
+                :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
+                :license: GPLv3, see COPYING for more details.
+            """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-            """
-            Created on Nov 17, 2010
-            @author: marcink
-            """
-            from rhodecode.lib.exceptions import *
             import logging
+            from rhodecode.lib.exceptions import LdapConnectionError, LdapUsernameError, \
+                LdapPasswordError
             log = logging.getLogger(__name__)
             try:
                 import ldap
             except ImportError:
+                # means that python-ldap is not installed
                 pass
             class AuthLdap(object):
                 def __init__(self, server, base_dn, port=389, bind_dn='', bind_pass='',
-                             tls_kind = 'PLAIN', tls_reqcert='DEMAND', ldap_version=3,
+                             tls_kind='PLAIN', tls_reqcert='DEMAND', ldap_version=3,
                              ldap_filter='(&(objectClass=user)(!(objectClass=computer)))',
                              search_scope='SUBTREE',
                              attr_login='uid'):
                     self.ldap_version = ldap_version
                     ldap_server_type = 'ldap'
                     self.TLS_KIND = tls_kind
                     if self.TLS_KIND == 'LDAPS':
                         port = port or 689
                         ldap_server_type = ldap_server_type + 's'
                     self.TLS_REQCERT = ldap.__dict__['OPT_X_TLS_' + tls_reqcert]
                     self.LDAP_SERVER_ADDRESS = server
                     self.LDAP_SERVER_PORT = port
                     #USE FOR READ ONLY BIND TO LDAP SERVER
                     self.LDAP_BIND_DN = bind_dn
                     self.LDAP_BIND_PASS = bind_pass
                     self.LDAP_SERVER = "%s://%s:%s" % (ldap_server_type,
                                                            self.LDAP_SERVER_ADDRESS,
                                                            self.LDAP_SERVER_PORT)
                     self.BASE_DN = base_dn
                     self.LDAP_FILTER = ldap_filter
                     self.SEARCH_SCOPE = ldap.__dict__['SCOPE_' + search_scope]
                     self.attr_login = attr_login
                 def authenticate_ldap(self, username, password):
                     """Authenticate a user via LDAP and return his/her LDAP properties.
                     Raises AuthenticationError if the credentials are rejected, or
                     EnvironmentError if the LDAP server can't be reached.
                     :param username: username
                     :param password: password
                     """
                     from rhodecode.lib.helpers import chop_at
                     uid = chop_at(username, "@%s" % self.LDAP_SERVER_ADDRESS)
                     if "," in username:
                         raise LdapUsernameError("invalid character in username: ,")
                     try:
                         ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, '/etc/openldap/cacerts')
                         ldap.set_option(ldap.OPT_REFERRALS, ldap.OPT_OFF)
                         ldap.set_option(ldap.OPT_RESTART, ldap.OPT_ON)
                         ldap.set_option(ldap.OPT_TIMEOUT, 20)
                         ldap.set_option(ldap.OPT_NETWORK_TIMEOUT, 10)
                         ldap.set_option(ldap.OPT_TIMELIMIT, 15)
                         if self.TLS_KIND != 'PLAIN':
                             ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, self.TLS_REQCERT)
                         server = ldap.initialize(self.LDAP_SERVER)
                         if self.ldap_version == 2:
                             server.protocol = ldap.VERSION2
                         else:
                             server.protocol = ldap.VERSION3
                         if self.TLS_KIND == 'START_TLS':
                             server.start_tls_s()
                         if self.LDAP_BIND_DN and self.LDAP_BIND_PASS:
                             server.simple_bind_s(self.LDAP_BIND_DN, self.LDAP_BIND_PASS)
-                        filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login, username)
+                        filt = '(&%s(%s=%s))' % (self.LDAP_FILTER, self.attr_login,
+                                                 username)
                         log.debug("Authenticating %r filt %s at %s", self.BASE_DN,
                                   filt, self.LDAP_SERVER)
                         lobjects = server.search_ext_s(self.BASE_DN, self.SEARCH_SCOPE,
                                                        filt)
                         if not lobjects:
                             raise ldap.NO_SUCH_OBJECT()
                         for (dn, _attrs) in lobjects:
                             try:
                                 server.simple_bind_s(dn, password)
-                                attrs = server.search_ext_s(dn, ldap.SCOPE_BASE, '(objectClass=*)')[0][1]
+                                attrs = server.search_ext_s(dn, ldap.SCOPE_BASE,
+                                                            '(objectClass=*)')[0][1]
                                 break
                             except ldap.INVALID_CREDENTIALS, e:
                                 log.debug("LDAP rejected password for user '%s' (%s): %s",
                                           uid, username, dn)
                         else:
                             log.debug("No matching LDAP objects for authentication "
                                       "of '%s' (%s)", uid, username)
                             raise LdapPasswordError()
                     except ldap.NO_SUCH_OBJECT, e:
                         log.debug("LDAP says no such user '%s' (%s)", uid, username)
                         raise LdapUsernameError()
                     except ldap.SERVER_DOWN, e:
-                        raise LdapConnectionError("LDAP can't access authentication server")
+                        raise LdapConnectionError("LDAP can't access "
+                                                  "authentication server")
                     return (dn, attrs)

rhodecode/lib/utils.py

0 +3 -3

             # -*- coding: utf-8 -*-
             """
                 rhodecode.lib.utils
                 ~~~~~~~~~~~~~~~~~~~
                 Utilities library for RhodeCode
                 :created_on: Apr 18, 2010
                 :author: marcink
                 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import logging
             import datetime
             import traceback
             import paste
             import beaker
             from paste.script.command import Command, BadCommand
             from UserDict import DictMixin
             from mercurial import ui, config, hg
             from mercurial.error import RepoError
             from webhelpers.text import collapse, remove_formatting, strip_tags
             from vcs.backends.base import BaseChangeset
             from vcs.utils.lazy import LazyProperty
             from rhodecode.model import meta
             from rhodecode.model.caching_query import FromCache
-            from rhodecode.model.db import Repository, User, RhodeCodeUi, UserLog, Group
+            from rhodecode.model.db import Repository, User, RhodeCodeUi, UserLog, Group, \
+                RhodeCodeSettings
             from rhodecode.model.repo import RepoModel
             from rhodecode.model.user import UserModel
             log = logging.getLogger(__name__)
             def recursive_replace(str, replace=' '):
                 """Recursive replace of given sign to just one instance
                 :param str: given string
                 :param replace: char to find and replace multiple instances
                 Examples::
                 >>> recursive_replace("Mighty---Mighty-Bo--sstones",'-')
                 'Mighty-Mighty-Bo-sstones'
                 """
                 if str.find(replace * 2) == -1:
                     return str
                 else:
                     str = str.replace(replace * 2, replace)
                     return recursive_replace(str, replace)
             def repo_name_slug(value):
                 """Return slug of name of repository
                 This function is called on each creation/modification
                 of repository to prevent bad names in repo
                 """
                 slug = remove_formatting(value)
                 slug = strip_tags(slug)
                 for c in """=[]\;'"<>,/~!@#$%^&*()+{}|: """:
                     slug = slug.replace(c, '-')
                 slug = recursive_replace(slug, '-')
                 slug = collapse(slug, '-')
                 return slug
             def get_repo_slug(request):
                 return request.environ['pylons.routes_dict'].get('repo_name')
             def action_logger(user, action, repo, ipaddr='', sa=None):
                 """
                 Action logger for various actions made by users
                 :param user: user that made this action, can be a unique username string or
                     object containing user_id attribute
                 :param action: action to log, should be on of predefined unique actions for
                     easy translations
                 :param repo: string name of repository or object containing repo_id,
                     that action was made on
                 :param ipaddr: optional ip address from what the action was made
                 :param sa: optional sqlalchemy session
                 """
                 if not sa:
                     sa = meta.Session()
                 try:
                     um = UserModel()
                     if hasattr(user, 'user_id'):
                         user_obj = user
                     elif isinstance(user, basestring):
                         user_obj = um.get_by_username(user, cache=False)
                     else:
                         raise Exception('You have to provide user object or username')
                     rm = RepoModel()
                     if hasattr(repo, 'repo_id'):
                         repo_obj = rm.get(repo.repo_id, cache=False)
                         repo_name = repo_obj.repo_name
                     elif  isinstance(repo, basestring):
                         repo_name = repo.lstrip('/')
                         repo_obj = rm.get_by_repo_name(repo_name, cache=False)
                     else:
                         raise Exception('You have to provide repository to action logger')
                     user_log = UserLog()
                     user_log.user_id = user_obj.user_id
                     user_log.action = action
                     user_log.repository_id = repo_obj.repo_id
                     user_log.repository_name = repo_name
                     user_log.action_date = datetime.datetime.now()
                     user_log.user_ip = ipaddr
                     sa.add(user_log)
                     sa.commit()
                     log.info('Adding user %s, action %s on %s', user_obj, action, repo)
                 except:
                     log.error(traceback.format_exc())
                     sa.rollback()
             def get_repos(path, recursive=False):
                 """
                 Scans given path for repos and return (name,(type,path)) tuple
                 :param path: path to scann for repositories
                 :param recursive: recursive search and return names with subdirs in front
                 """
                 from vcs.utils.helpers import get_scm
                 from vcs.exceptions import VCSError
                 if path.endswith(os.sep):
                     #remove ending slash for better results
                     path = path[:-1]
                 def _get_repos(p):
                     if not os.access(p, os.W_OK):
                         return
                     for dirpath in os.listdir(p):
                         if os.path.isfile(os.path.join(p, dirpath)):
                             continue
                         cur_path = os.path.join(p, dirpath)
                         try:
                             scm_info = get_scm(cur_path)
                             yield scm_info[1].split(path)[-1].lstrip(os.sep), scm_info
                         except VCSError:
                             if not recursive:
                                 continue
                             #check if this dir containts other repos for recursive scan
                             rec_path = os.path.join(p, dirpath)
                             if os.path.isdir(rec_path):
                                 for inner_scm in _get_repos(rec_path):
                                     yield inner_scm
                 return _get_repos(path)
             def check_repo_fast(repo_name, base_path):
                 """
                 Check given path for existence of directory
                 :param repo_name:
                 :param base_path:
                 :return False: if this directory is present
                 """
                 if os.path.isdir(os.path.join(base_path, repo_name)):
                     return False
                 return True
             def check_repo(repo_name, base_path, verify=True):
                 repo_path = os.path.join(base_path, repo_name)
                 try:
                     if not check_repo_fast(repo_name, base_path):
                         return False
                     r = hg.repository(ui.ui(), repo_path)
                     if verify:
                         hg.verify(r)
                     #here we hnow that repo exists it was verified
                     log.info('%s repo is already created', repo_name)
                     return False
                 except RepoError:
                     #it means that there is no valid repo there...
                     log.info('%s repo is free for creation', repo_name)
                     return True
             def ask_ok(prompt, retries=4, complaint='Yes or no, please!'):
                 while True:
                     ok = raw_input(prompt)
                     if ok in ('y', 'ye', 'yes'):
                         return True
                     if ok in ('n', 'no', 'nop', 'nope'):
                         return False
                     retries = retries - 1
                     if retries < 0:
                         raise IOError
                     print complaint
             #propagated from mercurial documentation
             ui_sections = ['alias', 'auth',
                             'decode/encode', 'defaults',
                             'diff', 'email',
                             'extensions', 'format',
                             'merge-patterns', 'merge-tools',
                             'hooks', 'http_proxy',
                             'smtp', 'patch',
                             'paths', 'profiling',
                             'server', 'trusted',
                             'ui', 'web', ]
             def make_ui(read_from='file', path=None, checkpaths=True):
                 """A function that will read python rc files or database
                 and make an mercurial ui object from read options
                 :param path: path to mercurial config file
                 :param checkpaths: check the path
                 :param read_from: read from 'file' or 'db'
                 """
                 baseui = ui.ui()
                 #clean the baseui object
                 baseui._ocfg = config.config()
                 baseui._ucfg = config.config()
                 baseui._tcfg = config.config()
                 if read_from == 'file':
                     if not os.path.isfile(path):
                         log.warning('Unable to read config file %s' % path)
                         return False
                     log.debug('reading hgrc from %s', path)
                     cfg = config.config()
                     cfg.read(path)
                     for section in ui_sections:
                         for k, v in cfg.items(section):
                             log.debug('settings ui from file[%s]%s:%s', section, k, v)
                             baseui.setconfig(section, k, v)
                 elif read_from == 'db':
                     sa = meta.Session()
                     ret = sa.query(RhodeCodeUi)\
                         .options(FromCache("sql_cache_short",
                                            "get_hg_ui_settings")).all()
                     hg_ui = ret
                     for ui_ in hg_ui:
                         if ui_.ui_active:
                             log.debug('settings ui from db[%s]%s:%s', ui_.ui_section,
                                       ui_.ui_key, ui_.ui_value)
                             baseui.setconfig(ui_.ui_section, ui_.ui_key, ui_.ui_value)
                     meta.Session.remove()
                 return baseui
             def set_rhodecode_config(config):
                 """Updates pylons config with new settings from database
                 :param config:
                 """
-                from rhodecode.model.settings import SettingsModel
+                hgsettings = RhodeCodeSettings.get_app_settings()
-                hgsettings = SettingsModel().get_app_settings()
                 for k, v in hgsettings.items():
                     config[k] = v
             def invalidate_cache(cache_key, *args):
                 """Puts cache invalidation task into db for
                 further global cache invalidation
                 """
                 from rhodecode.model.scm import ScmModel
                 if cache_key.startswith('get_repo_cached_'):
                     name = cache_key.split('get_repo_cached_')[-1]
                     ScmModel().mark_for_invalidation(name)
             class EmptyChangeset(BaseChangeset):
                 """
                 An dummy empty changeset. It's possible to pass hash when creating
                 an EmptyChangeset
                 """
                 def __init__(self, cs='0' * 40, repo=None):
                     self._empty_cs = cs
                     self.revision = -1
                     self.message = ''
                     self.author = ''
                     self.date = ''
                     self.repository = repo
                 @LazyProperty
                 def raw_id(self):
                     """Returns raw string identifying this changeset, useful for web
                     representation.
                     """
                     return self._empty_cs
                 @LazyProperty
                 def short_id(self):
                     return self.raw_id[:12]
                 def get_file_changeset(self, path):
                     return self
                 def get_file_content(self, path):
                     return u''
                 def get_file_size(self, path):
                     return 0
             def map_groups(groups):
                 """Checks for groups existence, and creates groups structures.
                 It returns last group in structure
                 :param groups: list of groups structure
                 """
                 sa = meta.Session()
                 parent = None
                 group = None
                 for lvl, group_name in enumerate(groups[:-1]):
                     group = sa.query(Group).filter(Group.group_name == group_name).scalar()
                     if group is None:
                         group = Group(group_name, parent)
                         sa.add(group)
                         sa.commit()
                     parent = group
                 return group
             def repo2db_mapper(initial_repo_list, remove_obsolete=False):
                 """maps all repos given in initial_repo_list, non existing repositories
                 are created, if remove_obsolete is True it also check for db entries
                 that are not in initial_repo_list and removes them.
                 :param initial_repo_list: list of repositories found by scanning methods
                 :param remove_obsolete: check for obsolete entries in database
                 """
                 sa = meta.Session()
                 rm = RepoModel()
                 user = sa.query(User).filter(User.admin == True).first()
                 added = []
                 for name, repo in initial_repo_list.items():
                     group = map_groups(name.split('/'))
                     if not rm.get_by_repo_name(name, cache=False):
                         log.info('repository %s not found creating default', name)
                         added.append(name)
                         form_data = {
                                      'repo_name': name,
                                      'repo_type': repo.alias,
                                      'description': repo.description \
                                         if repo.description != 'unknown' else \
                                                     '%s repository' % name,
                                      'private': False,
                                      'group_id': getattr(group, 'group_id', None)
                                      }
                         rm.create(form_data, user, just_db=True)
                 removed = []
                 if remove_obsolete:
                     #remove from database those repositories that are not in the filesystem
                     for repo in sa.query(Repository).all():
                         if repo.repo_name not in initial_repo_list.keys():
                             removed.append(repo.repo_name)
                             sa.delete(repo)
                             sa.commit()
                 return added, removed
             class OrderedDict(dict, DictMixin):
                 def __init__(self, *args, **kwds):
                     if len(args) > 1:
                         raise TypeError('expected at most 1 arguments, got %d' % len(args))
                     try:
                         self.__end
                     except AttributeError:
                         self.clear()
                     self.update(*args, **kwds)
                 def clear(self):
                     self.__end = end = []
                     end += [None, end, end]         # sentinel node for doubly linked list
                     self.__map = {}                 # key --> [key, prev, next]
                     dict.clear(self)
                 def __setitem__(self, key, value):
                     if key not in self:
                         end = self.__end
                         curr = end[1]
                         curr[2] = end[1] = self.__map[key] = [key, curr, end]
                     dict.__setitem__(self, key, value)
                 def __delitem__(self, key):
                     dict.__delitem__(self, key)
                     key, prev, next = self.__map.pop(key)
                     prev[2] = next
                     next[1] = prev
                 def __iter__(self):
                     end = self.__end
                     curr = end[2]
                     while curr is not end:
                         yield curr[0]
                         curr = curr[2]
                 def __reversed__(self):
                     end = self.__end
                     curr = end[1]
                     while curr is not end:
                         yield curr[0]
                         curr = curr[1]
                 def popitem(self, last=True):
                     if not self:
                         raise KeyError('dictionary is empty')
                     if last:
                         key = reversed(self).next()
                     else:
                         key = iter(self).next()
                     value = self.pop(key)
                     return key, value
                 def __reduce__(self):
                     items = [[k, self[k]] for k in self]
                     tmp = self.__map, self.__end
                     del self.__map, self.__end
                     inst_dict = vars(self).copy()
                     self.__map, self.__end = tmp
                     if inst_dict:
                         return (self.__class__, (items,), inst_dict)
                     return self.__class__, (items,)
                 def keys(self):
                     return list(self)
                 setdefault = DictMixin.setdefault
                 update = DictMixin.update
                 pop = DictMixin.pop
                 values = DictMixin.values
                 items = DictMixin.items
                 iterkeys = DictMixin.iterkeys
                 itervalues = DictMixin.itervalues
                 iteritems = DictMixin.iteritems
                 def __repr__(self):
                     if not self:
                         return '%s()' % (self.__class__.__name__,)
                     return '%s(%r)' % (self.__class__.__name__, self.items())
                 def copy(self):
                     return self.__class__(self)
                 @classmethod
                 def fromkeys(cls, iterable, value=None):
                     d = cls()
                     for key in iterable:
                         d[key] = value
                     return d
                 def __eq__(self, other):
                     if isinstance(other, OrderedDict):
                         return len(self) == len(other) and self.items() == other.items()
                     return dict.__eq__(self, other)
                 def __ne__(self, other):
                     return not self == other
             #set cache regions for beaker so celery can utilise it
             def add_cache(settings):
                 cache_settings = {'regions': None}
                 for key in settings.keys():
                     for prefix in ['beaker.cache.', 'cache.']:
                         if key.startswith(prefix):
                             name = key.split(prefix)[1].strip()
                             cache_settings[name] = settings[key].strip()
                 if cache_settings['regions']:
                     for region in cache_settings['regions'].split(','):
                         region = region.strip()
                         region_settings = {}
                         for key, value in cache_settings.items():
                             if key.startswith(region):
                                 region_settings[key.split('.')[1]] = value
                         region_settings['expire'] = int(region_settings.get('expire',
 ))
                         region_settings.setdefault('lock_dir',
                                                    cache_settings.get('lock_dir'))
                         region_settings.setdefault('data_dir',
                                                    cache_settings.get('data_dir'))
                         if 'type' not in region_settings:
                             region_settings['type'] = cache_settings.get('type',
                                                                          'memory')
                         beaker.cache.cache_regions[region] = region_settings
             def get_current_revision():
                 """Returns tuple of (number, id) from repository containing this package
                 or None if repository could not be found.
                 """
                 try:
                     from vcs import get_repo
                     from vcs.utils.helpers import get_scm
                     from vcs.exceptions import RepositoryError, VCSError
                     repopath = os.path.join(os.path.dirname(__file__), '..', '..')
                     scm = get_scm(repopath)[0]
                     repo = get_repo(path=repopath, alias=scm)
                     tip = repo.get_changeset()
                     return (tip.revision, tip.short_id)
                 except (ImportError, RepositoryError, VCSError), err:
                     logging.debug("Cannot retrieve rhodecode's revision. Original error "
                                   "was: %s" % err)
                     return None
             #==============================================================================
             # TEST FUNCTIONS AND CREATORS
             #==============================================================================
             def create_test_index(repo_location, full_index):
                 """Makes default test index
                 :param repo_location:
                 :param full_index:
                 """
                 from rhodecode.lib.indexers.daemon import WhooshIndexingDaemon
                 from rhodecode.lib.pidlock import DaemonLock, LockHeld
                 import shutil
                 index_location = os.path.join(repo_location, 'index')
                 if os.path.exists(index_location):
                     shutil.rmtree(index_location)
                 try:
                     l = DaemonLock()
                     WhooshIndexingDaemon(index_location=index_location,
                                          repo_location=repo_location)\
                         .run(full_index=full_index)
                     l.release()
                 except LockHeld:
                     pass
             def create_test_env(repos_test_path, config):
                 """Makes a fresh database and
                 install test repository into tmp dir
                 """
                 from rhodecode.lib.db_manage import DbManage
                 from rhodecode.tests import HG_REPO, GIT_REPO, NEW_HG_REPO, NEW_GIT_REPO, \
                     HG_FORK, GIT_FORK, TESTS_TMP_PATH
                 import tarfile
                 import shutil
                 from os.path import dirname as dn, join as jn, abspath
                 log = logging.getLogger('TestEnvCreator')
                 # create logger
                 log.setLevel(logging.DEBUG)
                 log.propagate = True
                 # create console handler and set level to debug
                 ch = logging.StreamHandler()
                 ch.setLevel(logging.DEBUG)
                 # create formatter
                 formatter = logging.Formatter("%(asctime)s - %(name)s -"
                                               " %(levelname)s - %(message)s")
                 # add formatter to ch
                 ch.setFormatter(formatter)
                 # add ch to logger
                 log.addHandler(ch)
                 #PART ONE create db
                 dbconf = config['sqlalchemy.db1.url']
                 log.debug('making test db %s', dbconf)
                 dbmanage = DbManage(log_sql=True, dbconf=dbconf, root=config['here'],
                                     tests=True)
                 dbmanage.create_tables(override=True)
                 dbmanage.create_settings(dbmanage.config_prompt(repos_test_path))
                 dbmanage.create_default_user()
                 dbmanage.admin_prompt()
                 dbmanage.create_permissions()
                 dbmanage.populate_default_permissions()
                 #PART TWO make test repo
                 log.debug('making test vcs repositories')
                 #remove old one from previos tests
                 for r in [HG_REPO, GIT_REPO, NEW_HG_REPO, NEW_GIT_REPO, HG_FORK, GIT_FORK]:
                     if os.path.isdir(jn(TESTS_TMP_PATH, r)):
                         log.debug('removing %s', r)
                         shutil.rmtree(jn(TESTS_TMP_PATH, r))
                 #CREATE DEFAULT HG REPOSITORY
                 cur_dir = dn(dn(abspath(__file__)))
                 tar = tarfile.open(jn(cur_dir, 'tests', "vcs_test_hg.tar.gz"))
                 tar.extractall(jn(TESTS_TMP_PATH, HG_REPO))
                 tar.close()
             #==============================================================================
             # PASTER COMMANDS
             #==============================================================================
             class BasePasterCommand(Command):
                 """
                 Abstract Base Class for paster commands.
                 The celery commands are somewhat aggressive about loading
                 celery.conf, and since our module sets the `CELERY_LOADER`
                 environment variable to our loader, we have to bootstrap a bit and
                 make sure we've had a chance to load the pylons config off of the
                 command line, otherwise everything fails.
                 """
                 min_args = 1
                 min_args_error = "Please provide a paster config file as an argument."
                 takes_config_file = 1
                 requires_config_file = True
                 def notify_msg(self, msg, log=False):
                     """Make a notification to user, additionally if logger is passed
                     it logs this action using given logger
                     :param msg: message that will be printed to user
                     :param log: logging instance, to use to additionally log this message
                     """
                     if log and isinstance(log, logging):
                         log(msg)
                 def run(self, args):
                     """
                     Overrides Command.run
                     Checks for a config file argument and loads it.
                     """
                     if len(args) < self.min_args:
                         raise BadCommand(
                             self.min_args_error % {'min_args': self.min_args,
                                                    'actual_args': len(args)})
                     # Decrement because we're going to lob off the first argument.
                     # @@ This is hacky
                     self.min_args -= 1
                     self.bootstrap_config(args[0])
                     self.update_parser()
                     return super(BasePasterCommand, self).run(args[1:])
                 def update_parser(self):
                     """
                     Abstract method.  Allows for the class's parser to be updated
                     before the superclass's `run` method is called.  Necessary to
                     allow options/arguments to be passed through to the underlying
                     celery command.
                     """
                     raise NotImplementedError("Abstract Method.")
                 def bootstrap_config(self, conf):
                     """
                     Loads the pylons configuration.
                     """
                     from pylons import config as pylonsconfig
                     path_to_ini_file = os.path.realpath(conf)
                     conf = paste.deploy.appconfig('config:' + path_to_ini_file)
                     pylonsconfig.init_app(conf.global_conf, conf.local_conf)

rhodecode/model/db.py

0 +6 -1

             # -*- coding: utf-8 -*-
             """
                 rhodecode.model.db
                 ~~~~~~~~~~~~~~~~~~
                 Database Models for RhodeCode
                 :created_on: Apr 08, 2010
                 :author: marcink
                 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
                 :license: GPLv3, see COPYING for more details.
             """
             # This program is free software: you can redistribute it and/or modify
             # it under the terms of the GNU General Public License as published by
             # the Free Software Foundation, either version 3 of the License, or
             # (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program.  If not, see <http://www.gnu.org/licenses/>.
             import os
             import logging
             import datetime
             from datetime import date
             from sqlalchemy import *
             from sqlalchemy.exc import DatabaseError
             from sqlalchemy.orm import relationship, backref
             from sqlalchemy.orm.interfaces import MapperExtension
             from rhodecode.lib import str2bool
             from rhodecode.model.meta import Base, Session
             from rhodecode.model.caching_query import FromCache
             log = logging.getLogger(__name__)
             #==============================================================================
             # MAPPER EXTENSIONS
             #==============================================================================
             class RepositoryMapper(MapperExtension):
                 def after_update(self, mapper, connection, instance):
                     pass
             class RhodeCodeSettings(Base):
                 __tablename__ = 'rhodecode_settings'
                 __table_args__ = (UniqueConstraint('app_settings_name'), {'useexisting':True})
                 app_settings_id = Column("app_settings_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 app_settings_name = Column("app_settings_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 app_settings_value = Column("app_settings_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 def __init__(self, k='', v=''):
                     self.app_settings_name = k
                     self.app_settings_value = v
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.app_settings_name, self.app_settings_value)
                 @classmethod
+                def get_by_name(cls, ldap_key):
+                    return Session.query(cls)\
+                        .filter(cls.app_settings_name == ldap_key).scalar()
+                @classmethod
                 def get_app_settings(cls, cache=False):
                     ret = Session.query(cls)
                     if cache:
                         ret = ret.options(FromCache("sql_cache_short", "get_hg_settings"))
                     if not ret:
                         raise Exception('Could not get application settings !')
                     settings = {}
                     for each in ret:
                         settings['rhodecode_' + each.app_settings_name] = \
                             each.app_settings_value
                     return settings
                 @classmethod
                 def get_ldap_settings(cls, cache=False):
                     ret = Session.query(cls)\
                             .filter(cls.app_settings_name.startswith('ldap_'))\
                             .all()
                     fd = {}
                     for row in ret:
-                        fd.update({row.app_settings_name:str2bool(row.app_settings_value)})
+                        fd.update({row.app_settings_name:row.app_settings_value})
                     return fd
             class RhodeCodeUi(Base):
                 __tablename__ = 'rhodecode_ui'
                 __table_args__ = {'useexisting':True}
                 ui_id = Column("ui_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 ui_section = Column("ui_section", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_key = Column("ui_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_value = Column("ui_value", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 ui_active = Column("ui_active", Boolean(), nullable=True, unique=None, default=True)
             class User(Base):
                 __tablename__ = 'users'
                 __table_args__ = (UniqueConstraint('username'), UniqueConstraint('email'), {'useexisting':True})
                 user_id = Column("user_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 username = Column("username", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 password = Column("password", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 active = Column("active", Boolean(), nullable=True, unique=None, default=None)
                 admin = Column("admin", Boolean(), nullable=True, unique=None, default=False)
                 name = Column("name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 lastname = Column("lastname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 email = Column("email", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
                 ldap_dn = Column("ldap_dn", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 api_key = Column("api_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 user_log = relationship('UserLog', cascade='all')
                 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
                 repositories = relationship('Repository')
                 user_followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_user_id==User.user_id', cascade='all')
                 group_member = relationship('UsersGroupMember', cascade='all')
                 @property
                 def full_contact(self):
                     return '%s %s <%s>' % (self.name, self.lastname, self.email)
                 @property
                 def short_contact(self):
                     return '%s %s' % (self.name, self.lastname)
                 @property
                 def is_admin(self):
                     return self.admin
                 def __repr__(self):
                     return "<%s('id:%s:%s')>" % (self.__class__.__name__,
                                                  self.user_id, self.username)
                 @classmethod
                 def by_username(cls, username):
                     return Session.query(cls).filter(cls.username == username).one()
                 def update_lastlogin(self):
                     """Update user lastlogin"""
                     try:
                         session = Session.object_session(self)
                         self.last_login = datetime.datetime.now()
                         session.add(self)
                         session.commit()
                         log.debug('updated user %s lastlogin', self.username)
                     except (DatabaseError,):
                         session.rollback()
             class UserLog(Base):
                 __tablename__ = 'user_logs'
                 __table_args__ = {'useexisting':True}
                 user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(length=None, convert_unicode=False, assert_unicode=None), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)
                 @property
                 def action_as_day(self):
                     return date(*self.action_date.timetuple()[:3])
                 user = relationship('User')
                 repository = relationship('Repository')
             class UsersGroup(Base):
                 __tablename__ = 'users_groups'
                 __table_args__ = {'useexisting':True}
                 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_name = Column("users_group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
                 members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
                 @classmethod
                 def get_by_group_name(cls, group_name, cache=False, case_insensitive=False):
                     if case_insensitive:
                         gr = Session.query(cls)\
                         .filter(cls.users_group_name.ilike(group_name))
                     else:
                         gr = Session.query(UsersGroup)\
                             .filter(UsersGroup.users_group_name == group_name)
                     if cache:
                         gr = gr.options(FromCache("sql_cache_short",
                                                       "get_user_%s" % group_name))
                     return gr.scalar()
             class UsersGroupMember(Base):
                 __tablename__ = 'users_groups_members'
                 __table_args__ = {'useexisting':True}
                 users_group_member_id = Column("users_group_member_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 user = relationship('User', lazy='joined')
                 users_group = relationship('UsersGroup')
                 def __init__(self, gr_id='', u_id=''):
                     self.users_group_id = gr_id
                     self.user_id = u_id
             class Repository(Base):
                 __tablename__ = 'repositories'
                 __table_args__ = (UniqueConstraint('repo_name'), {'useexisting':True},)
                 __mapper_args__ = {'extension':RepositoryMapper()}
                 repo_id = Column("repo_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 repo_name = Column("repo_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 clone_uri = Column("clone_uri", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=False, default=None)
                 repo_type = Column("repo_type", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=False, default='hg')
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=False, default=None)
                 private = Column("private", Boolean(), nullable=True, unique=None, default=None)
                 enable_statistics = Column("statistics", Boolean(), nullable=True, unique=None, default=True)
                 enable_downloads = Column("downloads", Boolean(), nullable=True, unique=None, default=True)
                 description = Column("description", String(length=10000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 fork_id = Column("fork_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=False, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=False, default=None)
                 user = relationship('User')
                 fork = relationship('Repository', remote_side=repo_id)
                 group = relationship('Group')
                 repo_to_perm = relationship('RepoToPerm', cascade='all', order_by='RepoToPerm.repo_to_perm_id')
                 users_group_to_perm = relationship('UsersGroupRepoToPerm', cascade='all')
                 stats = relationship('Statistics', cascade='all', uselist=False)
                 followers = relationship('UserFollowing', primaryjoin='UserFollowing.follows_repo_id==Repository.repo_id', cascade='all')
                 logs = relationship('UserLog', cascade='all')
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.repo_id, self.repo_name)
                 @classmethod
                 def by_repo_name(cls, repo_name):
                     return Session.query(cls).filter(cls.repo_name == repo_name).one()
                 @property
                 def just_name(self):
                     return self.repo_name.split(os.sep)[-1]
                 @property
                 def groups_with_parents(self):
                     groups = []
                     if self.group is None:
                         return groups
                     cur_gr = self.group
                     groups.insert(0, cur_gr)
                     while 1:
                         gr = getattr(cur_gr, 'parent_group', None)
                         cur_gr = cur_gr.parent_group
                         if gr is None:
                             break
                         groups.insert(0, gr)
                     return groups
                 @property
                 def groups_and_repo(self):
                     return self.groups_with_parents, self.just_name
             class Group(Base):
                 __tablename__ = 'groups'
                 __table_args__ = (UniqueConstraint('group_name'), {'useexisting':True},)
                 group_id = Column("group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 group_name = Column("group_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
                 group_parent_id = Column("group_parent_id", Integer(), ForeignKey('groups.group_id'), nullable=True, unique=None, default=None)
                 parent_group = relationship('Group', remote_side=group_id)
                 def __init__(self, group_name='', parent_group=None):
                     self.group_name = group_name
                     self.parent_group = parent_group
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__, self.group_id,
                                               self.group_name)
                 @property
                 def parents(self):
                     groups = []
                     if self.parent_group is None:
                         return groups
                     cur_gr = self.parent_group
                     groups.insert(0, cur_gr)
                     while 1:
                         gr = getattr(cur_gr, 'parent_group', None)
                         cur_gr = cur_gr.parent_group
                         if gr is None:
                             break
                         groups.insert(0, gr)
                     return groups
                 @property
                 def repositories(self):
                     return Session.query(Repository).filter(Repository.group == self).all()
             class Permission(Base):
                 __tablename__ = 'permissions'
                 __table_args__ = {'useexisting':True}
                 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 permission_name = Column("permission_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 permission_longname = Column("permission_longname", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.permission_id, self.permission_name)
                 @classmethod
                 def get_by_key(cls, key):
                     return Session.query(cls).filter(cls.permission_name == key).scalar()
             class RepoToPerm(Base):
                 __tablename__ = 'repo_to_perm'
                 __table_args__ = (UniqueConstraint('user_id', 'repository_id'), {'useexisting':True})
                 repo_to_perm_id = Column("repo_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 permission = relationship('Permission')
                 repository = relationship('Repository')
             class UserToPerm(Base):
                 __tablename__ = 'user_to_perm'
                 __table_args__ = (UniqueConstraint('user_id', 'permission_id'), {'useexisting':True})
                 user_to_perm_id = Column("user_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 permission = relationship('Permission')
                 @classmethod
                 def has_perm(cls, user_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     return Session.query(cls).filter(cls.user_id == user_id)\
                         .filter(cls.permission == perm).scalar() is not None
                 @classmethod
                 def grant_perm(cls, user_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     new = cls()
                     new.user_id = user_id
                     new.permission = perm
                     try:
                         Session.add(new)
                         Session.commit()
                     except:
                         Session.rollback()
                 @classmethod
                 def revoke_perm(cls, user_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     try:
                         Session.query(cls).filter(cls.user_id == user_id)\
                             .filter(cls.permission == perm).delete()
                         Session.commit()
                     except:
                         Session.rollback()
             class UsersGroupRepoToPerm(Base):
                 __tablename__ = 'users_group_repo_to_perm'
                 __table_args__ = (UniqueConstraint('users_group_id', 'permission_id'), {'useexisting':True})
                 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UsersGroup')
                 permission = relationship('Permission')
                 repository = relationship('Repository')
             class UsersGroupToPerm(Base):
                 __tablename__ = 'users_group_to_perm'
                 users_group_to_perm_id = Column("users_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 users_group_id = Column("users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 users_group = relationship('UsersGroup')
                 permission = relationship('Permission')
                 @classmethod
                 def has_perm(cls, users_group_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     return Session.query(cls).filter(cls.users_group_id ==
                                                      users_group_id)\
                                                      .filter(cls.permission == perm)\
                                                      .scalar() is not None
                 @classmethod
                 def grant_perm(cls, users_group_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     new = cls()
                     new.users_group_id = users_group_id
                     new.permission = perm
                     try:
                         Session.add(new)
                         Session.commit()
                     except:
                         Session.rollback()
                 @classmethod
                 def revoke_perm(cls, users_group_id, perm):
                     if not isinstance(perm, Permission):
                         raise Exception('perm needs to be an instance of Permission class')
                     try:
                         Session.query(cls).filter(cls.users_group_id == users_group_id)\
                             .filter(cls.permission == perm).delete()
                         Session.commit()
                     except:
                         Session.rollback()
             class GroupToPerm(Base):
                 __tablename__ = 'group_to_perm'
                 __table_args__ = (UniqueConstraint('group_id', 'permission_id'), {'useexisting':True})
                 group_to_perm_id = Column("group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
                 group_id = Column("group_id", Integer(), ForeignKey('groups.group_id'), nullable=False, unique=None, default=None)
                 user = relationship('User')
                 permission = relationship('Permission')
                 group = relationship('Group')
             class Statistics(Base):
                 __tablename__ = 'statistics'
                 __table_args__ = (UniqueConstraint('repository_id'), {'useexisting':True})
                 stat_id = Column("stat_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=True, default=None)
                 stat_on_revision = Column("stat_on_revision", Integer(), nullable=False)
                 commit_activity = Column("commit_activity", LargeBinary(1000000), nullable=False)#JSON data
                 commit_activity_combined = Column("commit_activity_combined", LargeBinary(), nullable=False)#JSON data
                 languages = Column("languages", LargeBinary(1000000), nullable=False)#JSON data
                 repository = relationship('Repository', single_parent=True)
             class UserFollowing(Base):
                 __tablename__ = 'user_followings'
                 __table_args__ = (UniqueConstraint('user_id', 'follows_repository_id'),
                                   UniqueConstraint('user_id', 'follows_user_id')
                                   , {'useexisting':True})
                 user_following_id = Column("user_following_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)
                 follows_repo_id = Column("follows_repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=True, unique=None, default=None)
                 follows_user_id = Column("follows_user_id", Integer(), ForeignKey('users.user_id'), nullable=True, unique=None, default=None)
                 follows_from = Column('follows_from', DateTime(timezone=False), nullable=True, unique=None, default=datetime.datetime.now)
                 user = relationship('User', primaryjoin='User.user_id==UserFollowing.user_id')
                 follows_user = relationship('User', primaryjoin='User.user_id==UserFollowing.follows_user_id')
                 follows_repository = relationship('Repository', order_by='Repository.repo_name')
                 @classmethod
                 def get_repo_followers(cls, repo_id):
                     return Session.query(cls).filter(cls.follows_repo_id == repo_id)
             class CacheInvalidation(Base):
                 __tablename__ = 'cache_invalidation'
                 __table_args__ = (UniqueConstraint('cache_key'), {'useexisting':True})
                 cache_id = Column("cache_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
                 cache_key = Column("cache_key", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 cache_args = Column("cache_args", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                 cache_active = Column("cache_active", Boolean(), nullable=True, unique=None, default=False)
                 def __init__(self, cache_key, cache_args=''):
                     self.cache_key = cache_key
                     self.cache_args = cache_args
                     self.cache_active = False
                 def __repr__(self):
                     return "<%s('%s:%s')>" % (self.__class__.__name__,
                                               self.cache_id, self.cache_key)
             class DbMigrateVersion(Base):
                 __tablename__ = 'db_migrate_version'
                 __table_args__ = {'useexisting':True}
                 repository_id = Column('repository_id', String(250), primary_key=True)
                 repository_path = Column('repository_path', Text)
                 version = Column('version', Integer)

rhodecode/tests/functional/test_admin_ldap_settings.py

0 +15 -1

@@ -1,7 +1,21 b''
1	from rhodecode.tests import *	1	from rhodecode.tests import *
2		2
3	class TestLdapSettingsController(TestController):	3	class TestLdapSettingsController(TestController):
4		4
5	def test_index(self):	5	def test_index(self):
6	response = self.app.get(url(controller='admin/ldap_settings', action='index'))	6	self.log_user()
		7	response = self.app.get(url(controller='admin/ldap_settings',
		8	action='index'))
7	# Test response...	9	# Test response...
		10
		11	def test_ldap_save_settings(self):
		12	pass
		13
		14	def test_ldap_error_form(self):
		15	pass
		16
		17	def test_ldap_login(self):
		18	pass
		19
		20	def test_ldap_login_incorrect(self):
		21	pass

rhodecode/tests/functional/test_admin_settings.py

0 +4 -5

             from rhodecode.lib.auth import get_crypt_password, check_password
-            from rhodecode.model.db import User
+            from rhodecode.model.db import User, RhodeCodeSettings
             from rhodecode.tests import *
-            from rhodecode.model.settings import SettingsModel
             class TestAdminSettingsController(TestController):
                 def test_index(self):
                     response = self.app.get(url('admin_settings'))
                     # Test response...
                 def test_index_as_xml(self):
                     response = self.app.get(url('formatted_admin_settings', format='xml'))
                 def test_create(self):
                     response = self.app.post(url('admin_settings'))
                 def test_new(self):
                     response = self.app.get(url('admin_new_setting'))
                 def test_new_as_xml(self):
                     response = self.app.get(url('formatted_admin_new_setting', format='xml'))
                 def test_update(self):
                     response = self.app.put(url('admin_setting', setting_id=1))
                 def test_update_browser_fakeout(self):
                     response = self.app.post(url('admin_setting', setting_id=1), params=dict(_method='put'))
                 def test_delete(self):
                     response = self.app.delete(url('admin_setting', setting_id=1))
                 def test_delete_browser_fakeout(self):
                     response = self.app.post(url('admin_setting', setting_id=1), params=dict(_method='delete'))
                 def test_show(self):
                     response = self.app.get(url('admin_setting', setting_id=1))
                 def test_show_as_xml(self):
                     response = self.app.get(url('formatted_admin_setting', setting_id=1, format='xml'))
                 def test_edit(self):
                     response = self.app.get(url('admin_edit_setting', setting_id=1))
                 def test_edit_as_xml(self):
                     response = self.app.get(url('formatted_admin_edit_setting', setting_id=1, format='xml'))
                 def test_ga_code_active(self):
                     self.log_user()
                     old_title = 'RhodeCode'
                     old_realm = 'RhodeCode authentication'
                     new_ga_code = 'ga-test-123456789'
                     response = self.app.post(url('admin_setting', setting_id='global'),
                                                  params=dict(
                                                              _method='put',
                                                              rhodecode_title=old_title,
                                                              rhodecode_realm=old_realm,
                                                              rhodecode_ga_code=new_ga_code
                                                              ))
                     assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'
-                    assert SettingsModel(self.sa).get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
+                    assert RhodeCodeSettings.get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
                     response = response.follow()
                     assert """_gaq.push(['_setAccount', '%s']);""" % new_ga_code in response.body
                 def test_ga_code_inactive(self):
                     self.log_user()
                     old_title = 'RhodeCode'
                     old_realm = 'RhodeCode authentication'
                     new_ga_code = ''
                     response = self.app.post(url('admin_setting', setting_id='global'),
                                                  params=dict(
                                                              _method='put',
                                                              rhodecode_title=old_title,
                                                              rhodecode_realm=old_realm,
                                                              rhodecode_ga_code=new_ga_code
                                                              ))
                     assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'
-                    assert SettingsModel(self.sa).get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
+                    assert RhodeCodeSettings.get_app_settings()['rhodecode_ga_code'] == new_ga_code, 'change not in database'
                     response = response.follow()
                     assert """_gaq.push(['_setAccount', '%s']);""" % new_ga_code not in response.body
                 def test_title_change(self):
                     self.log_user()
                     old_title = 'RhodeCode'
                     new_title = old_title + '_changed'
                     old_realm = 'RhodeCode authentication'
                     response = self.app.post(url('admin_setting', setting_id='global'),
                                                  params=dict(
                                                              _method='put',
                                                              rhodecode_title=new_title,
                                                              rhodecode_realm=old_realm,
                                                              rhodecode_ga_code=''
                                                              ))
                     assert 'Updated application settings' in response.session['flash'][0][1], 'no flash message about success of change'
-                    assert SettingsModel(self.sa).get_app_settings()['rhodecode_title'] == new_title, 'change not in database'
+                    assert RhodeCodeSettings.get_app_settings()['rhodecode_title'] == new_title, 'change not in database'
                     response = response.follow()
                     assert """<h1><a href="/">%s</a></h1>""" % new_title in response.body
                 def test_my_account(self):
                     self.log_user()
                     response = self.app.get(url('admin_settings_my_account'))
                     print response
                     assert 'value="test_admin' in response.body
                 def test_my_account_update(self):
                     self.log_user()
                     new_email = 'new@mail.pl'
                     new_name = 'NewName'
                     new_lastname = 'NewLastname'
                     new_password = 'test123'
                     response = self.app.post(url('admin_settings_my_account_update'), params=dict(
                                                                         _method='put',
                                                                         username='test_admin',
                                                                         new_password=new_password,
                                                                         password='',
                                                                         name=new_name,
                                                                         lastname=new_lastname,
                                                                         email=new_email,))
                     response.follow()
                     assert 'Your account was updated successfully' in response.session['flash'][0][1], 'no flash message about success of change'
                     user = self.sa.query(User).filter(User.username == 'test_admin').one()
                     assert user.email == new_email , 'incorrect user email after update got %s vs %s' % (user.email, new_email)
                     assert user.name == new_name, 'updated field mismatch %s vs %s' % (user.name, new_name)
                     assert user.lastname == new_lastname, 'updated field mismatch %s vs %s' % (user.lastname, new_lastname)
                     assert check_password(new_password, user.password) is True, 'password field mismatch %s vs %s' % (user.password, new_password)
                     #bring back the admin settings
                     old_email = 'test_admin@mail.com'
                     old_name = 'RhodeCode'
                     old_lastname = 'Admin'
                     old_password = 'test12'
                     response = self.app.post(url('admin_settings_my_account_update'), params=dict(
                                                                         _method='put',
                                                                         username='test_admin',
                                                                         new_password=old_password,
                                                                         password='',
                                                                         name=old_name,
                                                                         lastname=old_lastname,
                                                                         email=old_email,))
                     response.follow()
                     assert 'Your account was updated successfully' in response.session['flash'][0][1], 'no flash message about success of change'
                     user = self.sa.query(User).filter(User.username == 'test_admin').one()
                     assert user.email == old_email , 'incorrect user email after update got %s vs %s' % (user.email, old_email)
                     assert user.email == old_email , 'incorrect user email after update got %s vs %s' % (user.email, old_email)
                     assert user.name == old_name, 'updated field mismatch %s vs %s' % (user.name, old_name)
                     assert user.lastname == old_lastname, 'updated field mismatch %s vs %s' % (user.lastname, old_lastname)
                     assert check_password(old_password, user.password) is True , 'password updated field mismatch %s vs %s' % (user.password, old_password)
                 def test_my_account_update_err_email_exists(self):
                     self.log_user()
                     new_email = 'test_regular@mail.com'#already exisitn email
                     response = self.app.post(url('admin_settings_my_account_update'), params=dict(
                                                                         _method='put',
                                                                         username='test_admin',
                                                                         new_password='test12',
                                                                         name='NewName',
                                                                         lastname='NewLastname',
                                                                         email=new_email,))
                     assert 'This e-mail address is already taken' in response.body, 'Missing error message about existing email'
                 def test_my_account_update_err(self):
                     self.log_user('test_regular2', 'test12')
                     new_email = 'newmail.pl'
                     response = self.app.post(url('admin_settings_my_account_update'), params=dict(
                                                                         _method='put',
                                                                         username='test_admin',
                                                                         new_password='test12',
                                                                         name='NewName',
                                                                         lastname='NewLastname',
                                                                         email=new_email,))
                     assert 'An email address must contain a single @' in response.body, 'Missing error message about wrong email'
                     assert 'This username already exists' in response.body, 'Missing error message about existing user'

rhodecode/model/settings.py

0 removed 0 -103

NO CONTENT: file was removed

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages