Show More
@@ -0,0 +1,116 b'' | |||
|
1 | import os | |
|
2 | import unittest | |
|
3 | import functools | |
|
4 | from rhodecode.tests import * | |
|
5 | ||
|
6 | ||
|
7 | from rhodecode.model.repos_group import ReposGroupModel | |
|
8 | from rhodecode.model.repo import RepoModel | |
|
9 | from rhodecode.model.db import RepoGroup, Repository, User | |
|
10 | from rhodecode.model.user import UserModel | |
|
11 | ||
|
12 | from rhodecode.lib.auth import AuthUser | |
|
13 | from rhodecode.model.meta import Session | |
|
14 | ||
|
15 | ||
|
16 | def _make_group(path, desc='desc', parent_id=None, | |
|
17 | skip_if_exists=False): | |
|
18 | ||
|
19 | gr = RepoGroup.get_by_group_name(path) | |
|
20 | if gr and skip_if_exists: | |
|
21 | return gr | |
|
22 | if isinstance(parent_id, RepoGroup): | |
|
23 | parent_id = parent_id.group_id | |
|
24 | gr = ReposGroupModel().create(path, desc, parent_id) | |
|
25 | return gr | |
|
26 | ||
|
27 | ||
|
28 | def _make_repo(name, repos_group=None, repo_type='hg'): | |
|
29 | return RepoModel().create_repo(name, repo_type, 'desc', | |
|
30 | TEST_USER_ADMIN_LOGIN, | |
|
31 | repos_group=repos_group) | |
|
32 | ||
|
33 | ||
|
34 | def _destroy_project_tree(test_u1_id): | |
|
35 | Session.remove() | |
|
36 | repos_group = RepoGroup.get_by_group_name(group_name='g0') | |
|
37 | for el in reversed(repos_group.recursive_groups_and_repos()): | |
|
38 | if isinstance(el, Repository): | |
|
39 | RepoModel().delete(el) | |
|
40 | elif isinstance(el, RepoGroup): | |
|
41 | ReposGroupModel().delete(el, force_delete=True) | |
|
42 | ||
|
43 | u = User.get(test_u1_id) | |
|
44 | Session().delete(u) | |
|
45 | Session().commit() | |
|
46 | ||
|
47 | ||
|
48 | def _create_project_tree(): | |
|
49 | """ | |
|
50 | Creates a tree of groups and repositories to test permissions | |
|
51 | ||
|
52 | structure | |
|
53 | [g0] - group `g0` with 3 subgroups | |
|
54 | | | |
|
55 | |__[g0_1] group g0_1 with 2 groups 0 repos | |
|
56 | | | | |
|
57 | | |__[g0_1_1] group g0_1_1 with 1 group 2 repos | |
|
58 | | | |__<g0/g0_1/g0_1_1/g0_1_1_r1> | |
|
59 | | | |__<g0/g0_1/g0_1_1/g0_1_1_r2> | |
|
60 | | |__<g0/g0_1/g0_1_r1> | |
|
61 | | | |
|
62 | |__[g0_2] 2 repos | |
|
63 | | | | |
|
64 | | |__<g0/g0_2/g0_2_r1> | |
|
65 | | |__<g0/g0_2/g0_2_r2> | |
|
66 | | | |
|
67 | |__[g0_3] 1 repo | |
|
68 | | | |
|
69 | |_<g0/g0_3/g0_3_r1> | |
|
70 | ||
|
71 | """ | |
|
72 | test_u1 = UserModel().create_or_update( | |
|
73 | username=u'test_u1', password=u'qweqwe', | |
|
74 | email=u'test_u1@rhodecode.org', firstname=u'test_u1', lastname=u'test_u1' | |
|
75 | ) | |
|
76 | g0 = _make_group('g0') | |
|
77 | g0_1 = _make_group('g0_1', parent_id=g0) | |
|
78 | g0_1_1 = _make_group('g0_1_1', parent_id=g0_1) | |
|
79 | g0_1_1_r1 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r1', repos_group=g0_1_1) | |
|
80 | g0_1_1_r2 = _make_repo('g0/g0_1/g0_1_1/g0_1_1_r2', repos_group=g0_1_1) | |
|
81 | g0_1_r1 = _make_repo('g0/g0_1/g0_1_r1', repos_group=g0_1) | |
|
82 | g0_2 = _make_group('g0_2', parent_id=g0) | |
|
83 | g0_2_r1 = _make_repo('g0/g0_2/g0_2_r1', repos_group=g0_2) | |
|
84 | g0_2_r2 = _make_repo('g0/g0_2/g0_2_r2', repos_group=g0_2) | |
|
85 | g0_3 = _make_group('g0_3', parent_id=g0) | |
|
86 | g0_3_r1 = _make_repo('g0/g0_3/g0_3_r1', repos_group=g0_3) | |
|
87 | return test_u1 | |
|
88 | ||
|
89 | ||
|
90 | def expected_count(group_name, objects=False): | |
|
91 | repos_group = RepoGroup.get_by_group_name(group_name=group_name) | |
|
92 | objs = repos_group.recursive_groups_and_repos() | |
|
93 | if objects: | |
|
94 | return objs | |
|
95 | return len(objs) | |
|
96 | ||
|
97 | ||
|
98 | def _check_expected_count(items, repo_items, expected): | |
|
99 | should_be = len(items + repo_items) | |
|
100 | there_are = len(expected) | |
|
101 | assert should_be == there_are, ('%s != %s' % ((items + repo_items), expected)) | |
|
102 | ||
|
103 | ||
|
104 | def check_tree_perms(obj_name, repo_perm, prefix, expected_perm): | |
|
105 | assert repo_perm == expected_perm, ('obj:`%s` got perm:`%s` should:`%s`' | |
|
106 | % (obj_name, repo_perm, expected_perm)) | |
|
107 | ||
|
108 | ||
|
109 | def _get_perms(filter_='', recursive=True, key=None, test_u1_id=None): | |
|
110 | test_u1 = AuthUser(user_id=test_u1_id) | |
|
111 | for k, v in test_u1.permissions[key].items(): | |
|
112 | if recursive and k.startswith(filter_): | |
|
113 | yield k, v | |
|
114 | elif not recursive: | |
|
115 | if k == filter_: | |
|
116 | yield k, v |
@@ -0,0 +1,161 b'' | |||
|
1 | import os | |
|
2 | import unittest | |
|
3 | import functools | |
|
4 | from rhodecode.tests import * | |
|
5 | ||
|
6 | from rhodecode.model.repos_group import ReposGroupModel | |
|
7 | from rhodecode.model.db import RepoGroup, Repository, User | |
|
8 | ||
|
9 | from rhodecode.model.meta import Session | |
|
10 | from nose.tools import with_setup | |
|
11 | from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \ | |
|
12 | _get_perms, _check_expected_count, expected_count, _destroy_project_tree | |
|
13 | from rhodecode.model.repo import RepoModel | |
|
14 | ||
|
15 | ||
|
16 | test_u1_id = None | |
|
17 | _get_repo_perms = None | |
|
18 | _get_group_perms = None | |
|
19 | ||
|
20 | ||
|
21 | def permissions_setup_func(group_name='g0', perm='group.read', recursive=True): | |
|
22 | """ | |
|
23 | Resets all permissions to perm attribute | |
|
24 | """ | |
|
25 | repos_group = RepoGroup.get_by_group_name(group_name=group_name) | |
|
26 | if not repos_group: | |
|
27 | raise Exception('Cannot get group %s' % group_name) | |
|
28 | perms_updates = [[test_u1_id, perm, 'user']] | |
|
29 | ReposGroupModel()._update_permissions(repos_group, | |
|
30 | perms_updates=perms_updates, | |
|
31 | recursive=recursive) | |
|
32 | Session().commit() | |
|
33 | ||
|
34 | ||
|
35 | def setup_module(): | |
|
36 | global test_u1_id, _get_repo_perms, _get_group_perms | |
|
37 | test_u1 = _create_project_tree() | |
|
38 | Session().commit() | |
|
39 | test_u1_id = test_u1.user_id | |
|
40 | _get_repo_perms = functools.partial(_get_perms, key='repositories', | |
|
41 | test_u1_id=test_u1_id) | |
|
42 | _get_group_perms = functools.partial(_get_perms, key='repositories_groups', | |
|
43 | test_u1_id=test_u1_id) | |
|
44 | ||
|
45 | ||
|
46 | def teardown_module(): | |
|
47 | _destroy_project_tree(test_u1_id) | |
|
48 | ||
|
49 | ||
|
50 | @with_setup(permissions_setup_func) | |
|
51 | def test_user_permissions_on_group_without_recursive_mode(): | |
|
52 | # set permission to g0 non-recursive mode | |
|
53 | recursive = False | |
|
54 | group = 'g0' | |
|
55 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
56 | ||
|
57 | items = [x for x in _get_repo_perms(group, recursive)] | |
|
58 | expected = 0 | |
|
59 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
60 | for name, perm in items: | |
|
61 | yield check_tree_perms, name, perm, group, 'repository.read' | |
|
62 | ||
|
63 | items = [x for x in _get_group_perms(group, recursive)] | |
|
64 | expected = 1 | |
|
65 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
66 | for name, perm in items: | |
|
67 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
68 | ||
|
69 | ||
|
70 | @with_setup(permissions_setup_func) | |
|
71 | def test_user_permissions_on_group_without_recursive_mode_subgroup(): | |
|
72 | # set permission to g0 non-recursive mode | |
|
73 | recursive = False | |
|
74 | group = 'g0/g0_1' | |
|
75 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
76 | ||
|
77 | items = [x for x in _get_repo_perms(group, recursive)] | |
|
78 | expected = 0 | |
|
79 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
80 | for name, perm in items: | |
|
81 | yield check_tree_perms, name, perm, group, 'repository.read' | |
|
82 | ||
|
83 | items = [x for x in _get_group_perms(group, recursive)] | |
|
84 | expected = 1 | |
|
85 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
86 | for name, perm in items: | |
|
87 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
88 | ||
|
89 | ||
|
90 | @with_setup(permissions_setup_func) | |
|
91 | def test_user_permissions_on_group_with_recursive_mode(): | |
|
92 | ||
|
93 | # set permission to g0 recursive mode, all children including | |
|
94 | # other repos and groups should have this permission now set ! | |
|
95 | recursive = True | |
|
96 | group = 'g0' | |
|
97 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
98 | ||
|
99 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
100 | items = [x for x in _get_group_perms(group, recursive)] | |
|
101 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
102 | ||
|
103 | for name, perm in repo_items: | |
|
104 | yield check_tree_perms, name, perm, group, 'repository.write' | |
|
105 | ||
|
106 | for name, perm in items: | |
|
107 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
108 | ||
|
109 | ||
|
110 | @with_setup(permissions_setup_func) | |
|
111 | def test_user_permissions_on_group_with_recursive_mode_inner_group(): | |
|
112 | ## set permission to g0_3 group to none | |
|
113 | recursive = True | |
|
114 | group = 'g0/g0_3' | |
|
115 | permissions_setup_func(group, 'group.none', recursive=recursive) | |
|
116 | ||
|
117 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
118 | items = [x for x in _get_group_perms(group, recursive)] | |
|
119 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
120 | ||
|
121 | for name, perm in repo_items: | |
|
122 | yield check_tree_perms, name, perm, group, 'repository.none' | |
|
123 | ||
|
124 | for name, perm in items: | |
|
125 | yield check_tree_perms, name, perm, group, 'group.none' | |
|
126 | ||
|
127 | ||
|
128 | @with_setup(permissions_setup_func) | |
|
129 | def test_user_permissions_on_group_with_recursive_mode_deepest(): | |
|
130 | ## set permission to g0_3 group to none | |
|
131 | recursive = True | |
|
132 | group = 'g0/g0_1/g0_1_1' | |
|
133 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
134 | ||
|
135 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
136 | items = [x for x in _get_group_perms(group, recursive)] | |
|
137 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
138 | ||
|
139 | for name, perm in repo_items: | |
|
140 | yield check_tree_perms, name, perm, group, 'repository.write' | |
|
141 | ||
|
142 | for name, perm in items: | |
|
143 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
144 | ||
|
145 | ||
|
146 | @with_setup(permissions_setup_func) | |
|
147 | def test_user_permissions_on_group_with_recursive_mode_only_with_repos(): | |
|
148 | ## set permission to g0_3 group to none | |
|
149 | recursive = True | |
|
150 | group = 'g0/g0_2' | |
|
151 | permissions_setup_func(group, 'group.admin', recursive=recursive) | |
|
152 | ||
|
153 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
154 | items = [x for x in _get_group_perms(group, recursive)] | |
|
155 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
156 | ||
|
157 | for name, perm in repo_items: | |
|
158 | yield check_tree_perms, name, perm, group, 'repository.admin' | |
|
159 | ||
|
160 | for name, perm in items: | |
|
161 | yield check_tree_perms, name, perm, group, 'group.admin' |
@@ -0,0 +1,170 b'' | |||
|
1 | import os | |
|
2 | import unittest | |
|
3 | import functools | |
|
4 | from rhodecode.tests import * | |
|
5 | ||
|
6 | from rhodecode.model.repos_group import ReposGroupModel | |
|
7 | from rhodecode.model.db import RepoGroup, Repository, User | |
|
8 | ||
|
9 | from rhodecode.model.meta import Session | |
|
10 | from nose.tools import with_setup | |
|
11 | from rhodecode.tests.models.common import _create_project_tree, check_tree_perms, \ | |
|
12 | _get_perms, _check_expected_count, expected_count, _destroy_project_tree | |
|
13 | from rhodecode.model.users_group import UsersGroupModel | |
|
14 | from rhodecode.model.repo import RepoModel | |
|
15 | ||
|
16 | ||
|
17 | test_u2_id = None | |
|
18 | test_u2_gr_id = None | |
|
19 | _get_repo_perms = None | |
|
20 | _get_group_perms = None | |
|
21 | ||
|
22 | ||
|
23 | def permissions_setup_func(group_name='g0', perm='group.read', recursive=True): | |
|
24 | """ | |
|
25 | Resets all permissions to perm attribute | |
|
26 | """ | |
|
27 | repos_group = RepoGroup.get_by_group_name(group_name=group_name) | |
|
28 | if not repos_group: | |
|
29 | raise Exception('Cannot get group %s' % group_name) | |
|
30 | perms_updates = [[test_u2_gr_id, perm, 'users_group']] | |
|
31 | ReposGroupModel()._update_permissions(repos_group, | |
|
32 | perms_updates=perms_updates, | |
|
33 | recursive=recursive) | |
|
34 | Session().commit() | |
|
35 | ||
|
36 | ||
|
37 | def setup_module(): | |
|
38 | global test_u2_id, test_u2_gr_id, _get_repo_perms, _get_group_perms | |
|
39 | test_u2 = _create_project_tree() | |
|
40 | Session().commit() | |
|
41 | test_u2_id = test_u2.user_id | |
|
42 | ||
|
43 | gr1 = UsersGroupModel().create(name='perms_group_1') | |
|
44 | Session().commit() | |
|
45 | test_u2_gr_id = gr1.users_group_id | |
|
46 | UsersGroupModel().add_user_to_group(gr1, user=test_u2_id) | |
|
47 | Session().commit() | |
|
48 | ||
|
49 | _get_repo_perms = functools.partial(_get_perms, key='repositories', | |
|
50 | test_u1_id=test_u2_id) | |
|
51 | _get_group_perms = functools.partial(_get_perms, key='repositories_groups', | |
|
52 | test_u1_id=test_u2_id) | |
|
53 | ||
|
54 | ||
|
55 | def teardown_module(): | |
|
56 | _destroy_project_tree(test_u2_id) | |
|
57 | ||
|
58 | ||
|
59 | @with_setup(permissions_setup_func) | |
|
60 | def test_user_permissions_on_group_without_recursive_mode(): | |
|
61 | # set permission to g0 non-recursive mode | |
|
62 | recursive = False | |
|
63 | group = 'g0' | |
|
64 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
65 | ||
|
66 | items = [x for x in _get_repo_perms(group, recursive)] | |
|
67 | expected = 0 | |
|
68 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
69 | for name, perm in items: | |
|
70 | yield check_tree_perms, name, perm, group, 'repository.read' | |
|
71 | ||
|
72 | items = [x for x in _get_group_perms(group, recursive)] | |
|
73 | expected = 1 | |
|
74 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
75 | for name, perm in items: | |
|
76 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
77 | ||
|
78 | ||
|
79 | @with_setup(permissions_setup_func) | |
|
80 | def test_user_permissions_on_group_without_recursive_mode_subgroup(): | |
|
81 | # set permission to g0 non-recursive mode | |
|
82 | recursive = False | |
|
83 | group = 'g0/g0_1' | |
|
84 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
85 | ||
|
86 | items = [x for x in _get_repo_perms(group, recursive)] | |
|
87 | expected = 0 | |
|
88 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
89 | for name, perm in items: | |
|
90 | yield check_tree_perms, name, perm, group, 'repository.read' | |
|
91 | ||
|
92 | items = [x for x in _get_group_perms(group, recursive)] | |
|
93 | expected = 1 | |
|
94 | assert len(items) == expected, ' %s != %s' % (len(items), expected) | |
|
95 | for name, perm in items: | |
|
96 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
97 | ||
|
98 | ||
|
99 | @with_setup(permissions_setup_func) | |
|
100 | def test_user_permissions_on_group_with_recursive_mode(): | |
|
101 | ||
|
102 | # set permission to g0 recursive mode, all children including | |
|
103 | # other repos and groups should have this permission now set ! | |
|
104 | recursive = True | |
|
105 | group = 'g0' | |
|
106 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
107 | ||
|
108 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
109 | items = [x for x in _get_group_perms(group, recursive)] | |
|
110 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
111 | ||
|
112 | for name, perm in repo_items: | |
|
113 | yield check_tree_perms, name, perm, group, 'repository.write' | |
|
114 | ||
|
115 | for name, perm in items: | |
|
116 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
117 | ||
|
118 | ||
|
119 | @with_setup(permissions_setup_func) | |
|
120 | def test_user_permissions_on_group_with_recursive_mode_inner_group(): | |
|
121 | ## set permission to g0_3 group to none | |
|
122 | recursive = True | |
|
123 | group = 'g0/g0_3' | |
|
124 | permissions_setup_func(group, 'group.none', recursive=recursive) | |
|
125 | ||
|
126 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
127 | items = [x for x in _get_group_perms(group, recursive)] | |
|
128 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
129 | ||
|
130 | for name, perm in repo_items: | |
|
131 | yield check_tree_perms, name, perm, group, 'repository.none' | |
|
132 | ||
|
133 | for name, perm in items: | |
|
134 | yield check_tree_perms, name, perm, group, 'group.none' | |
|
135 | ||
|
136 | ||
|
137 | @with_setup(permissions_setup_func) | |
|
138 | def test_user_permissions_on_group_with_recursive_mode_deepest(): | |
|
139 | ## set permission to g0_3 group to none | |
|
140 | recursive = True | |
|
141 | group = 'g0/g0_1/g0_1_1' | |
|
142 | permissions_setup_func(group, 'group.write', recursive=recursive) | |
|
143 | ||
|
144 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
145 | items = [x for x in _get_group_perms(group, recursive)] | |
|
146 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
147 | ||
|
148 | for name, perm in repo_items: | |
|
149 | yield check_tree_perms, name, perm, group, 'repository.write' | |
|
150 | ||
|
151 | for name, perm in items: | |
|
152 | yield check_tree_perms, name, perm, group, 'group.write' | |
|
153 | ||
|
154 | ||
|
155 | @with_setup(permissions_setup_func) | |
|
156 | def test_user_permissions_on_group_with_recursive_mode_only_with_repos(): | |
|
157 | ## set permission to g0_3 group to none | |
|
158 | recursive = True | |
|
159 | group = 'g0/g0_2' | |
|
160 | permissions_setup_func(group, 'group.admin', recursive=recursive) | |
|
161 | ||
|
162 | repo_items = [x for x in _get_repo_perms(group, recursive)] | |
|
163 | items = [x for x in _get_group_perms(group, recursive)] | |
|
164 | _check_expected_count(items, repo_items, expected_count(group, True)) | |
|
165 | ||
|
166 | for name, perm in repo_items: | |
|
167 | yield check_tree_perms, name, perm, group, 'repository.admin' | |
|
168 | ||
|
169 | for name, perm in items: | |
|
170 | yield check_tree_perms, name, perm, group, 'group.admin' |
@@ -45,6 +45,7 b' from rhodecode.model.forms import ReposG' | |||
|
45 | 45 | from rhodecode.model.meta import Session |
|
46 | 46 | from rhodecode.model.repo import RepoModel |
|
47 | 47 | from webob.exc import HTTPInternalServerError, HTTPNotFound |
|
48 | from rhodecode.lib.utils2 import str2bool | |
|
48 | 49 | |
|
49 | 50 | log = logging.getLogger(__name__) |
|
50 | 51 | |
@@ -162,7 +163,7 b' class ReposGroupsController(BaseControll' | |||
|
162 | 163 | Session().commit() |
|
163 | 164 | h.flash(_('updated repos group %s') \ |
|
164 | 165 | % form_result['group_name'], category='success') |
|
165 | #TODO: in futureaction_logger(, '', '', '', self.sa) | |
|
166 | #TODO: in future action_logger(, '', '', '', self.sa) | |
|
166 | 167 | except formencode.Invalid, errors: |
|
167 | 168 | |
|
168 | 169 | return htmlfill.render( |
@@ -227,10 +228,11 b' class ReposGroupsController(BaseControll' | |||
|
227 | 228 | |
|
228 | 229 | :param group_name: |
|
229 | 230 | """ |
|
230 | ||
|
231 | 231 | try: |
|
232 | ReposGroupModel().revoke_user_permission( | |
|
233 | repos_group=group_name, user=request.POST['user_id'] | |
|
232 | recursive = str2bool(request.POST.get('recursive', False)) | |
|
233 | ReposGroupModel().delete_permission( | |
|
234 | repos_group=group_name, obj=request.POST['user_id'], | |
|
235 | obj_type='user', recursive=recursive | |
|
234 | 236 | ) |
|
235 | 237 | Session().commit() |
|
236 | 238 | except Exception: |
@@ -248,9 +250,10 b' class ReposGroupsController(BaseControll' | |||
|
248 | 250 | """ |
|
249 | 251 | |
|
250 | 252 | try: |
|
251 | ReposGroupModel().revoke_users_group_permission( | |
|
252 | repos_group=group_name, | |
|
253 | group_name=request.POST['users_group_id'] | |
|
253 | recursive = str2bool(request.POST.get('recursive', False)) | |
|
254 | ReposGroupModel().delete_permission( | |
|
255 | repos_group=group_name, obj=request.POST['users_group_id'], | |
|
256 | obj_type='users_group', recursive=recursive | |
|
254 | 257 | ) |
|
255 | 258 | Session().commit() |
|
256 | 259 | except Exception: |
@@ -128,6 +128,7 b' def ReposGroupForm(edit=False, old_data=' | |||
|
128 | 128 | testValueList=True, |
|
129 | 129 | if_missing=None, not_empty=False) |
|
130 | 130 | enable_locking = v.StringBoolean(if_missing=False) |
|
131 | recursive = v.StringBoolean(if_missing=False) | |
|
131 | 132 | chained_validators = [v.ValidReposGroup(edit, old_data), |
|
132 | 133 | v.ValidPerms('group')] |
|
133 | 134 |
@@ -368,6 +368,7 b' class RepoModel(BaseModel):' | |||
|
368 | 368 | obj.user = user |
|
369 | 369 | obj.permission = permission |
|
370 | 370 | self.sa.add(obj) |
|
371 | log.debug('Granted perm %s to %s on %s' % (perm, user, repo)) | |
|
371 | 372 | |
|
372 | 373 | def revoke_user_permission(self, repo, user): |
|
373 | 374 | """ |
@@ -383,8 +384,10 b' class RepoModel(BaseModel):' | |||
|
383 | 384 | obj = self.sa.query(UserRepoToPerm)\ |
|
384 | 385 | .filter(UserRepoToPerm.repository == repo)\ |
|
385 | 386 | .filter(UserRepoToPerm.user == user)\ |
|
386 |
. |
|
|
387 | self.sa.delete(obj) | |
|
387 | .scalar() | |
|
388 | if obj: | |
|
389 | self.sa.delete(obj) | |
|
390 | log.debug('Revoked perm on %s on %s' % (repo, user)) | |
|
388 | 391 | |
|
389 | 392 | def grant_users_group_permission(self, repo, group_name, perm): |
|
390 | 393 | """ |
@@ -414,6 +417,7 b' class RepoModel(BaseModel):' | |||
|
414 | 417 | obj.users_group = group_name |
|
415 | 418 | obj.permission = permission |
|
416 | 419 | self.sa.add(obj) |
|
420 | log.debug('Granted perm %s to %s on %s' % (perm, group_name, repo)) | |
|
417 | 421 | |
|
418 | 422 | def revoke_users_group_permission(self, repo, group_name): |
|
419 | 423 | """ |
@@ -429,8 +433,10 b' class RepoModel(BaseModel):' | |||
|
429 | 433 | obj = self.sa.query(UsersGroupRepoToPerm)\ |
|
430 | 434 | .filter(UsersGroupRepoToPerm.repository == repo)\ |
|
431 | 435 | .filter(UsersGroupRepoToPerm.users_group == group_name)\ |
|
432 |
. |
|
|
433 | self.sa.delete(obj) | |
|
436 | .scalar() | |
|
437 | if obj: | |
|
438 | self.sa.delete(obj) | |
|
439 | log.debug('Revoked perm to %s on %s' % (repo, group_name)) | |
|
434 | 440 | |
|
435 | 441 | def delete_stats(self, repo_name): |
|
436 | 442 | """ |
@@ -32,7 +32,7 b' from rhodecode.lib.utils2 import LazyPro' | |||
|
32 | 32 | |
|
33 | 33 | from rhodecode.model import BaseModel |
|
34 | 34 | from rhodecode.model.db import RepoGroup, RhodeCodeUi, UserRepoGroupToPerm, \ |
|
35 | User, Permission, UsersGroupRepoGroupToPerm, UsersGroup | |
|
35 | User, Permission, UsersGroupRepoGroupToPerm, UsersGroup, Repository | |
|
36 | 36 | |
|
37 | 37 | log = logging.getLogger(__name__) |
|
38 | 38 | |
@@ -115,11 +115,12 b' class ReposGroupModel(BaseModel):' | |||
|
115 | 115 | 'existing dir %s' % new_path) |
|
116 | 116 | shutil.move(old_path, new_path) |
|
117 | 117 | |
|
118 | def __delete_group(self, group): | |
|
118 | def __delete_group(self, group, force_delete=False): | |
|
119 | 119 | """ |
|
120 | 120 | Deletes a group from a filesystem |
|
121 | 121 | |
|
122 | 122 | :param group: instance of group from database |
|
123 | :param force_delete: use shutil rmtree to remove all objects | |
|
123 | 124 | """ |
|
124 | 125 | paths = group.full_path.split(RepoGroup.url_sep()) |
|
125 | 126 | paths = os.sep.join(paths) |
@@ -127,7 +128,10 b' class ReposGroupModel(BaseModel):' | |||
|
127 | 128 | rm_path = os.path.join(self.repos_path, paths) |
|
128 | 129 | if os.path.isdir(rm_path): |
|
129 | 130 | # delete only if that path really exists |
|
130 | os.rmdir(rm_path) | |
|
131 | if force_delete: | |
|
132 | shutil.rmtree(rm_path) | |
|
133 | else: | |
|
134 | os.rmdir(rm_path) # this raises an exception when there are still objects inside | |
|
131 | 135 | |
|
132 | 136 | def create(self, group_name, group_description, parent=None, just_db=False): |
|
133 | 137 | try: |
@@ -150,32 +154,79 b' class ReposGroupModel(BaseModel):' | |||
|
150 | 154 | log.error(traceback.format_exc()) |
|
151 | 155 | raise |
|
152 | 156 | |
|
157 | def _update_permissions(self, repos_group, perms_new=None, | |
|
158 | perms_updates=None, recursive=False): | |
|
159 | from rhodecode.model.repo import RepoModel | |
|
160 | if not perms_new: | |
|
161 | perms_new = [] | |
|
162 | if not perms_updates: | |
|
163 | perms_updates = [] | |
|
164 | ||
|
165 | def _set_perm_user(obj, user, perm): | |
|
166 | if isinstance(obj, RepoGroup): | |
|
167 | ReposGroupModel().grant_user_permission( | |
|
168 | repos_group=obj, user=user, perm=perm | |
|
169 | ) | |
|
170 | elif isinstance(obj, Repository): | |
|
171 | # we set group permission but we have to switch to repo | |
|
172 | # permission | |
|
173 | perm = perm.replace('group.', 'repository.') | |
|
174 | RepoModel().grant_user_permission( | |
|
175 | repo=obj, user=user, perm=perm | |
|
176 | ) | |
|
177 | ||
|
178 | def _set_perm_group(obj, users_group, perm): | |
|
179 | if isinstance(obj, RepoGroup): | |
|
180 | ReposGroupModel().grant_users_group_permission( | |
|
181 | repos_group=obj, group_name=users_group, perm=perm | |
|
182 | ) | |
|
183 | elif isinstance(obj, Repository): | |
|
184 | # we set group permission but we have to switch to repo | |
|
185 | # permission | |
|
186 | perm = perm.replace('group.', 'repository.') | |
|
187 | RepoModel().grant_users_group_permission( | |
|
188 | repo=obj, group_name=users_group, perm=perm | |
|
189 | ) | |
|
190 | updates = [] | |
|
191 | log.debug('Now updating permissions for %s in recursive mode:%s' | |
|
192 | % (repos_group, recursive)) | |
|
193 | ||
|
194 | for obj in repos_group.recursive_groups_and_repos(): | |
|
195 | if not recursive: | |
|
196 | obj = repos_group | |
|
197 | ||
|
198 | # update permissions | |
|
199 | for member, perm, member_type in perms_updates: | |
|
200 | ## set for user | |
|
201 | if member_type == 'user': | |
|
202 | # this updates also current one if found | |
|
203 | _set_perm_user(obj, user=member, perm=perm) | |
|
204 | ## set for users group | |
|
205 | else: | |
|
206 | _set_perm_group(obj, users_group=member, perm=perm) | |
|
207 | # set new permissions | |
|
208 | for member, perm, member_type in perms_new: | |
|
209 | if member_type == 'user': | |
|
210 | _set_perm_user(obj, user=member, perm=perm) | |
|
211 | else: | |
|
212 | _set_perm_group(obj, users_group=member, perm=perm) | |
|
213 | updates.append(obj) | |
|
214 | #if it's not recursive call | |
|
215 | # break the loop and don't proceed with other changes | |
|
216 | if not recursive: | |
|
217 | break | |
|
218 | return updates | |
|
219 | ||
|
153 | 220 | def update(self, repos_group_id, form_data): |
|
154 | 221 | |
|
155 | 222 | try: |
|
156 | 223 | repos_group = RepoGroup.get(repos_group_id) |
|
157 | ||
|
158 | # update permissions | |
|
159 | for member, perm, member_type in form_data['perms_updates']: | |
|
160 | if member_type == 'user': | |
|
161 | # this updates also current one if found | |
|
162 | ReposGroupModel().grant_user_permission( | |
|
163 | repos_group=repos_group, user=member, perm=perm | |
|
164 | ) | |
|
165 | else: | |
|
166 | ReposGroupModel().grant_users_group_permission( | |
|
167 | repos_group=repos_group, group_name=member, perm=perm | |
|
168 | ) | |
|
169 | # set new permissions | |
|
170 | for member, perm, member_type in form_data['perms_new']: | |
|
171 | if member_type == 'user': | |
|
172 | ReposGroupModel().grant_user_permission( | |
|
173 | repos_group=repos_group, user=member, perm=perm | |
|
174 | ) | |
|
175 | else: | |
|
176 | ReposGroupModel().grant_users_group_permission( | |
|
177 | repos_group=repos_group, group_name=member, perm=perm | |
|
178 | ) | |
|
224 | recursive = form_data['recursive'] | |
|
225 | # iterate over all members(if in recursive mode) of this groups and | |
|
226 | # set the permissions ! | |
|
227 | # this can be potentially heavy operation | |
|
228 | self._update_permissions(repos_group, form_data['perms_new'], | |
|
229 | form_data['perms_updates'], recursive) | |
|
179 | 230 | |
|
180 | 231 | old_path = repos_group.full_path |
|
181 | 232 | |
@@ -191,7 +242,6 b' class ReposGroupModel(BaseModel):' | |||
|
191 | 242 | |
|
192 | 243 | # iterate over all members of this groups and set the locking ! |
|
193 | 244 | # this can be potentially heavy operation |
|
194 | ||
|
195 | 245 | for obj in repos_group.recursive_groups_and_repos(): |
|
196 | 246 | #set the value from it's parent |
|
197 | 247 | obj.enable_locking = repos_group.enable_locking |
@@ -210,15 +260,54 b' class ReposGroupModel(BaseModel):' | |||
|
210 | 260 | log.error(traceback.format_exc()) |
|
211 | 261 | raise |
|
212 | 262 | |
|
213 | def delete(self, repos_group): | |
|
263 | def delete(self, repos_group, force_delete=False): | |
|
214 | 264 | repos_group = self._get_repos_group(repos_group) |
|
215 | 265 | try: |
|
216 | 266 | self.sa.delete(repos_group) |
|
217 | self.__delete_group(repos_group) | |
|
267 | self.__delete_group(repos_group, force_delete) | |
|
218 | 268 | except: |
|
219 | 269 | log.exception('Error removing repos_group %s' % repos_group) |
|
220 | 270 | raise |
|
221 | 271 | |
|
272 | def delete_permission(self, repos_group, obj, obj_type, recursive): | |
|
273 | """ | |
|
274 | Revokes permission for repos_group for given obj(user or users_group), | |
|
275 | obj_type can be user or users group | |
|
276 | ||
|
277 | :param repos_group: | |
|
278 | :param obj: user or users group id | |
|
279 | :param obj_type: user or users group type | |
|
280 | :param recursive: recurse to all children of group | |
|
281 | """ | |
|
282 | from rhodecode.model.repo import RepoModel | |
|
283 | repos_group = self._get_repos_group(repos_group) | |
|
284 | ||
|
285 | for el in repos_group.recursive_groups_and_repos(): | |
|
286 | if not recursive: | |
|
287 | # if we don't recurse set the permission on only the top level | |
|
288 | # object | |
|
289 | el = repos_group | |
|
290 | ||
|
291 | if isinstance(el, RepoGroup): | |
|
292 | if obj_type == 'user': | |
|
293 | ReposGroupModel().revoke_user_permission(el, user=obj) | |
|
294 | elif obj_type == 'users_group': | |
|
295 | ReposGroupModel().revoke_users_group_permission(el, group_name=obj) | |
|
296 | else: | |
|
297 | raise Exception('undefined object type %s' % obj_type) | |
|
298 | elif isinstance(el, Repository): | |
|
299 | if obj_type == 'user': | |
|
300 | RepoModel().revoke_user_permission(el, user=obj) | |
|
301 | elif obj_type == 'users_group': | |
|
302 | RepoModel().revoke_users_group_permission(el, group_name=obj) | |
|
303 | else: | |
|
304 | raise Exception('undefined object type %s' % obj_type) | |
|
305 | ||
|
306 | #if it's not recursive call | |
|
307 | # break the loop and don't proceed with other changes | |
|
308 | if not recursive: | |
|
309 | break | |
|
310 | ||
|
222 | 311 | def grant_user_permission(self, repos_group, user, perm): |
|
223 | 312 | """ |
|
224 | 313 | Grant permission for user on given repositories group, or update |
@@ -246,6 +335,7 b' class ReposGroupModel(BaseModel):' | |||
|
246 | 335 | obj.user = user |
|
247 | 336 | obj.permission = permission |
|
248 | 337 | self.sa.add(obj) |
|
338 | log.debug('Granted perm %s to %s on %s' % (perm, user, repos_group)) | |
|
249 | 339 | |
|
250 | 340 | def revoke_user_permission(self, repos_group, user): |
|
251 | 341 | """ |
@@ -262,8 +352,10 b' class ReposGroupModel(BaseModel):' | |||
|
262 | 352 | obj = self.sa.query(UserRepoGroupToPerm)\ |
|
263 | 353 | .filter(UserRepoGroupToPerm.user == user)\ |
|
264 | 354 | .filter(UserRepoGroupToPerm.group == repos_group)\ |
|
265 |
. |
|
|
266 | self.sa.delete(obj) | |
|
355 | .scalar() | |
|
356 | if obj: | |
|
357 | self.sa.delete(obj) | |
|
358 | log.debug('Revoked perm on %s on %s' % (repos_group, user)) | |
|
267 | 359 | |
|
268 | 360 | def grant_users_group_permission(self, repos_group, group_name, perm): |
|
269 | 361 | """ |
@@ -294,6 +386,7 b' class ReposGroupModel(BaseModel):' | |||
|
294 | 386 | obj.users_group = group_name |
|
295 | 387 | obj.permission = permission |
|
296 | 388 | self.sa.add(obj) |
|
389 | log.debug('Granted perm %s to %s on %s' % (perm, group_name, repos_group)) | |
|
297 | 390 | |
|
298 | 391 | def revoke_users_group_permission(self, repos_group, group_name): |
|
299 | 392 | """ |
@@ -310,5 +403,7 b' class ReposGroupModel(BaseModel):' | |||
|
310 | 403 | obj = self.sa.query(UsersGroupRepoGroupToPerm)\ |
|
311 | 404 | .filter(UsersGroupRepoGroupToPerm.group == repos_group)\ |
|
312 | 405 | .filter(UsersGroupRepoGroupToPerm.users_group == group_name)\ |
|
313 |
. |
|
|
314 | self.sa.delete(obj) | |
|
406 | .scalar() | |
|
407 | if obj: | |
|
408 | self.sa.delete(obj) | |
|
409 | log.debug('Revoked perm to %s on %s' % (repos_group, group_name)) |
@@ -564,7 +564,7 b' class UserModel(BaseModel):' | |||
|
564 | 564 | rg_k = perm.UserRepoGroupToPerm.group.group_name |
|
565 | 565 | p = perm.Permission.permission_name |
|
566 | 566 | cur_perm = user.permissions[GK][rg_k] |
|
567 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
|
567 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check | |
|
568 | 568 | user.permissions[GK][rg_k] = p |
|
569 | 569 | |
|
570 | 570 | # REPO GROUP + USER GROUP |
@@ -588,7 +588,7 b' class UserModel(BaseModel):' | |||
|
588 | 588 | cur_perm = user.permissions[GK][g_k] |
|
589 | 589 | # overwrite permission only if it's greater than permission |
|
590 | 590 | # given from other sources |
|
591 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]: | |
|
591 | if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check | |
|
592 | 592 | user.permissions[GK][g_k] = p |
|
593 | 593 | |
|
594 | 594 | return user |
@@ -499,9 +499,9 b" def ValidPerms(type_='repo'):" | |||
|
499 | 499 | # fill new permissions in order of how they were added |
|
500 | 500 | for k in sorted(map(int, new_perms_group.keys())): |
|
501 | 501 | perm_dict = new_perms_group[str(k)] |
|
502 |
new_member = perm_dict |
|
|
503 |
new_perm = perm_dict |
|
|
504 |
new_type = perm_dict |
|
|
502 | new_member = perm_dict.get('name') | |
|
503 | new_perm = perm_dict.get('perm') | |
|
504 | new_type = perm_dict.get('type') | |
|
505 | 505 | if new_member and new_perm and new_type: |
|
506 | 506 | perms_new.add((new_member, new_perm, new_type)) |
|
507 | 507 |
@@ -68,6 +68,12 b'' | |||
|
68 | 68 | </span> |
|
69 | 69 | </td> |
|
70 | 70 | </tr> |
|
71 | <tr> | |
|
72 | <td colspan="6"> | |
|
73 | ${h.checkbox('recursive',value="True", label=_('apply to parents'))} | |
|
74 | <span class="help-block">${_('Set or revoke permission to all children of that group, including repositories and other groups')}</span> | |
|
75 | </td> | |
|
76 | </tr> | |
|
71 | 77 | </table> |
|
72 | 78 | <script type="text/javascript"> |
|
73 | 79 | function ajaxActionUser(user_id, field_id) { |
@@ -81,7 +87,8 b' function ajaxActionUser(user_id, field_i' | |||
|
81 | 87 | alert("${_('Failed to remove user')}"); |
|
82 | 88 | }, |
|
83 | 89 | }; |
|
84 | var postData = '_method=delete&user_id=' + user_id; | |
|
90 | var recursive = YUD.get('recursive').checked; | |
|
91 | var postData = '_method=delete&recursive={0}&user_id={1}'.format(recursive,user_id); | |
|
85 | 92 | var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData); |
|
86 | 93 | }; |
|
87 | 94 | |
@@ -96,7 +103,8 b' function ajaxActionUsersGroup(users_grou' | |||
|
96 | 103 | alert("${_('Failed to remove users group')}"); |
|
97 | 104 | }, |
|
98 | 105 | }; |
|
99 | var postData = '_method=delete&users_group_id='+users_group_id; | |
|
106 | var recursive = YUD.get('recursive').checked; | |
|
107 | var postData = '_method=delete&recursive={0}&users_group_id={1}'.format(recursive,users_group_id); | |
|
100 | 108 | var request = YAHOO.util.Connect.asyncRequest('POST', sUrl, callback, postData); |
|
101 | 109 | }; |
|
102 | 110 |
@@ -291,4 +291,3 b' class TestCompareController(TestControll' | |||
|
291 | 291 | finally: |
|
292 | 292 | RepoModel().delete(r2_id) |
|
293 | 293 | RepoModel().delete(r1_id) |
|
294 |
@@ -1,7 +1,7 b'' | |||
|
1 | 1 | import os |
|
2 | 2 | import unittest |
|
3 | 3 | from rhodecode.tests import * |
|
4 | ||
|
4 | from rhodecode.tests.models.common import _make_group | |
|
5 | 5 | from rhodecode.model.repos_group import ReposGroupModel |
|
6 | 6 | from rhodecode.model.repo import RepoModel |
|
7 | 7 | from rhodecode.model.db import RepoGroup, User, UsersGroupRepoGroupToPerm |
@@ -12,16 +12,6 b' from rhodecode.model.users_group import ' | |||
|
12 | 12 | from rhodecode.lib.auth import AuthUser |
|
13 | 13 | |
|
14 | 14 | |
|
15 | def _make_group(path, desc='desc', parent_id=None, | |
|
16 | skip_if_exists=False): | |
|
17 | ||
|
18 | gr = RepoGroup.get_by_group_name(path) | |
|
19 | if gr and skip_if_exists: | |
|
20 | return gr | |
|
21 | ||
|
22 | gr = ReposGroupModel().create(path, desc, parent_id) | |
|
23 | return gr | |
|
24 | ||
|
25 | 15 | |
|
26 | 16 | class TestPermissions(unittest.TestCase): |
|
27 | 17 | def __init__(self, methodName='runTest'): |
@@ -4,7 +4,7 b' from rhodecode.tests import *' | |||
|
4 | 4 | |
|
5 | 5 | from rhodecode.model.repos_group import ReposGroupModel |
|
6 | 6 | from rhodecode.model.repo import RepoModel |
|
7 | from rhodecode.model.db import RepoGroup, User | |
|
7 | from rhodecode.model.db import RepoGroup, User, Repository | |
|
8 | 8 | from rhodecode.model.meta import Session |
|
9 | 9 | from sqlalchemy.exc import IntegrityError |
|
10 | 10 | |
@@ -15,7 +15,8 b" def _make_group(path, desc='desc', paren" | |||
|
15 | 15 | gr = RepoGroup.get_by_group_name(path) |
|
16 | 16 | if gr and skip_if_exists: |
|
17 | 17 | return gr |
|
18 | ||
|
18 | if isinstance(parent_id, RepoGroup): | |
|
19 | parent_id = parent_id.group_id | |
|
19 | 20 | gr = ReposGroupModel().create(path, desc, parent_id) |
|
20 | 21 | return gr |
|
21 | 22 | |
@@ -54,7 +55,8 b' class TestReposGroups(unittest.TestCase)' | |||
|
54 | 55 | group_parent_id=parent_id, |
|
55 | 56 | perms_updates=[], |
|
56 | 57 | perms_new=[], |
|
57 | enable_locking=False | |
|
58 | enable_locking=False, | |
|
59 | recursive=False | |
|
58 | 60 | ) |
|
59 | 61 | gr = ReposGroupModel().update(id_, form_data) |
|
60 | 62 | return gr |
@@ -132,7 +134,8 b' class TestReposGroups(unittest.TestCase)' | |||
|
132 | 134 | repo_type='hg', |
|
133 | 135 | clone_uri=None, |
|
134 | 136 | landing_rev='tip', |
|
135 |
enable_locking=False |
|
|
137 | enable_locking=False, | |
|
138 | recursive=False) | |
|
136 | 139 | cur_user = User.get_by_username(TEST_USER_ADMIN_LOGIN) |
|
137 | 140 | r = RepoModel().create(form_data, cur_user) |
|
138 | 141 |
General Comments 0
You need to be logged in to leave comments.
Login now