##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

fix fo empty email passed in attributes of ldap account....
marcink -
r1689:cc302c98 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,471 +1,476 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2 """
2 """
3 rhodecode.model.user
3 rhodecode.model.user
4 ~~~~~~~~~~~~~~~~~~~~
4 ~~~~~~~~~~~~~~~~~~~~
5
5
6 users model for RhodeCode
6 users model for RhodeCode
7
7
8 :created_on: Apr 9, 2010
8 :created_on: Apr 9, 2010
9 :author: marcink
9 :author: marcink
10 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
10 :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
11 :license: GPLv3, see COPYING for more details.
11 :license: GPLv3, see COPYING for more details.
12 """
12 """
13 # This program is free software: you can redistribute it and/or modify
13 # This program is free software: you can redistribute it and/or modify
14 # it under the terms of the GNU General Public License as published by
14 # it under the terms of the GNU General Public License as published by
15 # the Free Software Foundation, either version 3 of the License, or
15 # the Free Software Foundation, either version 3 of the License, or
16 # (at your option) any later version.
16 # (at your option) any later version.
17 #
17 #
18 # This program is distributed in the hope that it will be useful,
18 # This program is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 # GNU General Public License for more details.
21 # GNU General Public License for more details.
22 #
22 #
23 # You should have received a copy of the GNU General Public License
23 # You should have received a copy of the GNU General Public License
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
24 # along with this program. If not, see <http://www.gnu.org/licenses/>.
25
25
26 import logging
26 import logging
27 import traceback
27 import traceback
28
28
29 from pylons.i18n.translation import _
29 from pylons.i18n.translation import _
30
30
31 from rhodecode.lib import safe_unicode
31 from rhodecode.lib import safe_unicode
32 from rhodecode.lib.caching_query import FromCache
32 from rhodecode.lib.caching_query import FromCache
33
33
34 from rhodecode.model import BaseModel
34 from rhodecode.model import BaseModel
35 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
35 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
36 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
36 UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
37 from rhodecode.lib.exceptions import DefaultUserException, \
37 from rhodecode.lib.exceptions import DefaultUserException, \
38 UserOwnsReposException
38 UserOwnsReposException
39
39
40 from sqlalchemy.exc import DatabaseError
40 from sqlalchemy.exc import DatabaseError
41 from rhodecode.lib import generate_api_key
41 from rhodecode.lib import generate_api_key
42 from sqlalchemy.orm import joinedload
42 from sqlalchemy.orm import joinedload
43
43
44 log = logging.getLogger(__name__)
44 log = logging.getLogger(__name__)
45
45
46 PERM_WEIGHTS = {'repository.none': 0,
46 PERM_WEIGHTS = {'repository.none': 0,
47 'repository.read': 1,
47 'repository.read': 1,
48 'repository.write': 3,
48 'repository.write': 3,
49 'repository.admin': 3}
49 'repository.admin': 3}
50
50
51
51
52 class UserModel(BaseModel):
52 class UserModel(BaseModel):
53 def get(self, user_id, cache=False):
53 def get(self, user_id, cache=False):
54 user = self.sa.query(User)
54 user = self.sa.query(User)
55 if cache:
55 if cache:
56 user = user.options(FromCache("sql_cache_short",
56 user = user.options(FromCache("sql_cache_short",
57 "get_user_%s" % user_id))
57 "get_user_%s" % user_id))
58 return user.get(user_id)
58 return user.get(user_id)
59
59
60 def get_by_username(self, username, cache=False, case_insensitive=False):
60 def get_by_username(self, username, cache=False, case_insensitive=False):
61
61
62 if case_insensitive:
62 if case_insensitive:
63 user = self.sa.query(User).filter(User.username.ilike(username))
63 user = self.sa.query(User).filter(User.username.ilike(username))
64 else:
64 else:
65 user = self.sa.query(User)\
65 user = self.sa.query(User)\
66 .filter(User.username == username)
66 .filter(User.username == username)
67 if cache:
67 if cache:
68 user = user.options(FromCache("sql_cache_short",
68 user = user.options(FromCache("sql_cache_short",
69 "get_user_%s" % username))
69 "get_user_%s" % username))
70 return user.scalar()
70 return user.scalar()
71
71
72 def get_by_api_key(self, api_key, cache=False):
72 def get_by_api_key(self, api_key, cache=False):
73
73
74 user = self.sa.query(User)\
74 user = self.sa.query(User)\
75 .filter(User.api_key == api_key)
75 .filter(User.api_key == api_key)
76 if cache:
76 if cache:
77 user = user.options(FromCache("sql_cache_short",
77 user = user.options(FromCache("sql_cache_short",
78 "get_user_%s" % api_key))
78 "get_user_%s" % api_key))
79 return user.scalar()
79 return user.scalar()
80
80
81 def create(self, form_data):
81 def create(self, form_data):
82 try:
82 try:
83 new_user = User()
83 new_user = User()
84 for k, v in form_data.items():
84 for k, v in form_data.items():
85 setattr(new_user, k, v)
85 setattr(new_user, k, v)
86
86
87 new_user.api_key = generate_api_key(form_data['username'])
87 new_user.api_key = generate_api_key(form_data['username'])
88 self.sa.add(new_user)
88 self.sa.add(new_user)
89 self.sa.commit()
89 self.sa.commit()
90 return new_user
90 return new_user
91 except:
91 except:
92 log.error(traceback.format_exc())
92 log.error(traceback.format_exc())
93 self.sa.rollback()
93 self.sa.rollback()
94 raise
94 raise
95
95
96
96
97 def create_or_update(self, username, password, email, name, lastname,
97 def create_or_update(self, username, password, email, name, lastname,
98 active=True, admin=False, ldap_dn=None):
98 active=True, admin=False, ldap_dn=None):
99 """
99 """
100 Creates a new instance if not found, or updates current one
100 Creates a new instance if not found, or updates current one
101
101
102 :param username:
102 :param username:
103 :param password:
103 :param password:
104 :param email:
104 :param email:
105 :param active:
105 :param active:
106 :param name:
106 :param name:
107 :param lastname:
107 :param lastname:
108 :param active:
108 :param active:
109 :param admin:
109 :param admin:
110 :param ldap_dn:
110 :param ldap_dn:
111 """
111 """
112
112
113 from rhodecode.lib.auth import get_crypt_password
113 from rhodecode.lib.auth import get_crypt_password
114
114
115 log.debug('Checking for %s account in RhodeCode database', username)
115 log.debug('Checking for %s account in RhodeCode database', username)
116 user = User.get_by_username(username, case_insensitive=True)
116 user = User.get_by_username(username, case_insensitive=True)
117 if user is None:
117 if user is None:
118 log.debug('creating new user %s', username)
118 log.debug('creating new user %s', username)
119 new_user = User()
119 new_user = User()
120 else:
120 else:
121 log.debug('updating user %s', username)
121 log.debug('updating user %s', username)
122 new_user = user
122 new_user = user
123
123
124 try:
124 try:
125 new_user.username = username
125 new_user.username = username
126 new_user.admin = admin
126 new_user.admin = admin
127 new_user.password = get_crypt_password(password)
127 new_user.password = get_crypt_password(password)
128 new_user.api_key = generate_api_key(username)
128 new_user.api_key = generate_api_key(username)
129 new_user.email = email
129 new_user.email = email
130 new_user.active = active
130 new_user.active = active
131 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
131 new_user.ldap_dn = safe_unicode(ldap_dn) if ldap_dn else None
132 new_user.name = name
132 new_user.name = name
133 new_user.lastname = lastname
133 new_user.lastname = lastname
134
134
135 self.sa.add(new_user)
135 self.sa.add(new_user)
136 self.sa.commit()
136 self.sa.commit()
137 return new_user
137 return new_user
138 except (DatabaseError,):
138 except (DatabaseError,):
139 log.error(traceback.format_exc())
139 log.error(traceback.format_exc())
140 self.sa.rollback()
140 self.sa.rollback()
141 raise
141 raise
142
142
143
143
144 def create_for_container_auth(self, username, attrs):
144 def create_for_container_auth(self, username, attrs):
145 """
145 """
146 Creates the given user if it's not already in the database
146 Creates the given user if it's not already in the database
147
147
148 :param username:
148 :param username:
149 :param attrs:
149 :param attrs:
150 """
150 """
151 if self.get_by_username(username, case_insensitive=True) is None:
151 if self.get_by_username(username, case_insensitive=True) is None:
152 try:
152 try:
153 new_user = User()
153 new_user = User()
154 new_user.username = username
154 new_user.username = username
155 new_user.password = None
155 new_user.password = None
156 new_user.api_key = generate_api_key(username)
156 new_user.api_key = generate_api_key(username)
157 new_user.email = attrs['email']
157 new_user.email = attrs['email']
158 new_user.active = attrs.get('active', True)
158 new_user.active = attrs.get('active', True)
159 new_user.name = attrs['name']
159 new_user.name = attrs['name']
160 new_user.lastname = attrs['lastname']
160 new_user.lastname = attrs['lastname']
161
161
162 self.sa.add(new_user)
162 self.sa.add(new_user)
163 self.sa.commit()
163 self.sa.commit()
164 return new_user
164 return new_user
165 except (DatabaseError,):
165 except (DatabaseError,):
166 log.error(traceback.format_exc())
166 log.error(traceback.format_exc())
167 self.sa.rollback()
167 self.sa.rollback()
168 raise
168 raise
169 log.debug('User %s already exists. Skipping creation of account'
169 log.debug('User %s already exists. Skipping creation of account'
170 ' for container auth.', username)
170 ' for container auth.', username)
171 return None
171 return None
172
172
173 def create_ldap(self, username, password, user_dn, attrs):
173 def create_ldap(self, username, password, user_dn, attrs):
174 """
174 """
175 Checks if user is in database, if not creates this user marked
175 Checks if user is in database, if not creates this user marked
176 as ldap user
176 as ldap user
177
177
178 :param username:
178 :param username:
179 :param password:
179 :param password:
180 :param user_dn:
180 :param user_dn:
181 :param attrs:
181 :param attrs:
182 """
182 """
183 from rhodecode.lib.auth import get_crypt_password
183 from rhodecode.lib.auth import get_crypt_password
184 log.debug('Checking for such ldap account in RhodeCode database')
184 log.debug('Checking for such ldap account in RhodeCode database')
185 if self.get_by_username(username, case_insensitive=True) is None:
185 if self.get_by_username(username, case_insensitive=True) is None:
186
187 # autogenerate email for ldap account without one
188 generate_email = lambda usr: '%s@ldap.account' % usr
189
186 try:
190 try:
187 new_user = User()
191 new_user = User()
192 username = username.lower()
188 # add ldap account always lowercase
193 # add ldap account always lowercase
189 new_user.username = username.lower()
194 new_user.username = username
190 new_user.password = get_crypt_password(password)
195 new_user.password = get_crypt_password(password)
191 new_user.api_key = generate_api_key(username)
196 new_user.api_key = generate_api_key(username)
192 new_user.email = attrs['email']
197 new_user.email = attrs['email'] or generate_email(username)
193 new_user.active = attrs.get('active', True)
198 new_user.active = attrs.get('active', True)
194 new_user.ldap_dn = safe_unicode(user_dn)
199 new_user.ldap_dn = safe_unicode(user_dn)
195 new_user.name = attrs['name']
200 new_user.name = attrs['name']
196 new_user.lastname = attrs['lastname']
201 new_user.lastname = attrs['lastname']
197
202
198 self.sa.add(new_user)
203 self.sa.add(new_user)
199 self.sa.commit()
204 self.sa.commit()
200 return new_user
205 return new_user
201 except (DatabaseError,):
206 except (DatabaseError,):
202 log.error(traceback.format_exc())
207 log.error(traceback.format_exc())
203 self.sa.rollback()
208 self.sa.rollback()
204 raise
209 raise
205 log.debug('this %s user exists skipping creation of ldap account',
210 log.debug('this %s user exists skipping creation of ldap account',
206 username)
211 username)
207 return None
212 return None
208
213
209 def create_registration(self, form_data):
214 def create_registration(self, form_data):
210 from rhodecode.lib.celerylib import tasks, run_task
215 from rhodecode.lib.celerylib import tasks, run_task
211 try:
216 try:
212 new_user = User()
217 new_user = User()
213 for k, v in form_data.items():
218 for k, v in form_data.items():
214 if k != 'admin':
219 if k != 'admin':
215 setattr(new_user, k, v)
220 setattr(new_user, k, v)
216
221
217 self.sa.add(new_user)
222 self.sa.add(new_user)
218 self.sa.commit()
223 self.sa.commit()
219 body = ('New user registration\n'
224 body = ('New user registration\n'
220 'username: %s\n'
225 'username: %s\n'
221 'email: %s\n')
226 'email: %s\n')
222 body = body % (form_data['username'], form_data['email'])
227 body = body % (form_data['username'], form_data['email'])
223
228
224 run_task(tasks.send_email, None,
229 run_task(tasks.send_email, None,
225 _('[RhodeCode] New User registration'),
230 _('[RhodeCode] New User registration'),
226 body)
231 body)
227 except:
232 except:
228 log.error(traceback.format_exc())
233 log.error(traceback.format_exc())
229 self.sa.rollback()
234 self.sa.rollback()
230 raise
235 raise
231
236
232 def update(self, user_id, form_data):
237 def update(self, user_id, form_data):
233 try:
238 try:
234 user = self.get(user_id, cache=False)
239 user = self.get(user_id, cache=False)
235 if user.username == 'default':
240 if user.username == 'default':
236 raise DefaultUserException(
241 raise DefaultUserException(
237 _("You can't Edit this user since it's"
242 _("You can't Edit this user since it's"
238 " crucial for entire application"))
243 " crucial for entire application"))
239
244
240 for k, v in form_data.items():
245 for k, v in form_data.items():
241 if k == 'new_password' and v != '':
246 if k == 'new_password' and v != '':
242 user.password = v
247 user.password = v
243 user.api_key = generate_api_key(user.username)
248 user.api_key = generate_api_key(user.username)
244 else:
249 else:
245 setattr(user, k, v)
250 setattr(user, k, v)
246
251
247 self.sa.add(user)
252 self.sa.add(user)
248 self.sa.commit()
253 self.sa.commit()
249 except:
254 except:
250 log.error(traceback.format_exc())
255 log.error(traceback.format_exc())
251 self.sa.rollback()
256 self.sa.rollback()
252 raise
257 raise
253
258
254 def update_my_account(self, user_id, form_data):
259 def update_my_account(self, user_id, form_data):
255 try:
260 try:
256 user = self.get(user_id, cache=False)
261 user = self.get(user_id, cache=False)
257 if user.username == 'default':
262 if user.username == 'default':
258 raise DefaultUserException(
263 raise DefaultUserException(
259 _("You can't Edit this user since it's"
264 _("You can't Edit this user since it's"
260 " crucial for entire application"))
265 " crucial for entire application"))
261 for k, v in form_data.items():
266 for k, v in form_data.items():
262 if k == 'new_password' and v != '':
267 if k == 'new_password' and v != '':
263 user.password = v
268 user.password = v
264 user.api_key = generate_api_key(user.username)
269 user.api_key = generate_api_key(user.username)
265 else:
270 else:
266 if k not in ['admin', 'active']:
271 if k not in ['admin', 'active']:
267 setattr(user, k, v)
272 setattr(user, k, v)
268
273
269 self.sa.add(user)
274 self.sa.add(user)
270 self.sa.commit()
275 self.sa.commit()
271 except:
276 except:
272 log.error(traceback.format_exc())
277 log.error(traceback.format_exc())
273 self.sa.rollback()
278 self.sa.rollback()
274 raise
279 raise
275
280
276 def delete(self, user_id):
281 def delete(self, user_id):
277 try:
282 try:
278 user = self.get(user_id, cache=False)
283 user = self.get(user_id, cache=False)
279 if user.username == 'default':
284 if user.username == 'default':
280 raise DefaultUserException(
285 raise DefaultUserException(
281 _("You can't remove this user since it's"
286 _("You can't remove this user since it's"
282 " crucial for entire application"))
287 " crucial for entire application"))
283 if user.repositories:
288 if user.repositories:
284 raise UserOwnsReposException(_('This user still owns %s '
289 raise UserOwnsReposException(_('This user still owns %s '
285 'repositories and cannot be '
290 'repositories and cannot be '
286 'removed. Switch owners or '
291 'removed. Switch owners or '
287 'remove those repositories') \
292 'remove those repositories') \
288 % user.repositories)
293 % user.repositories)
289 self.sa.delete(user)
294 self.sa.delete(user)
290 self.sa.commit()
295 self.sa.commit()
291 except:
296 except:
292 log.error(traceback.format_exc())
297 log.error(traceback.format_exc())
293 self.sa.rollback()
298 self.sa.rollback()
294 raise
299 raise
295
300
296 def reset_password_link(self, data):
301 def reset_password_link(self, data):
297 from rhodecode.lib.celerylib import tasks, run_task
302 from rhodecode.lib.celerylib import tasks, run_task
298 run_task(tasks.send_password_link, data['email'])
303 run_task(tasks.send_password_link, data['email'])
299
304
300 def reset_password(self, data):
305 def reset_password(self, data):
301 from rhodecode.lib.celerylib import tasks, run_task
306 from rhodecode.lib.celerylib import tasks, run_task
302 run_task(tasks.reset_user_password, data['email'])
307 run_task(tasks.reset_user_password, data['email'])
303
308
304 def fill_data(self, auth_user, user_id=None, api_key=None):
309 def fill_data(self, auth_user, user_id=None, api_key=None):
305 """
310 """
306 Fetches auth_user by user_id,or api_key if present.
311 Fetches auth_user by user_id,or api_key if present.
307 Fills auth_user attributes with those taken from database.
312 Fills auth_user attributes with those taken from database.
308 Additionally set's is_authenitated if lookup fails
313 Additionally set's is_authenitated if lookup fails
309 present in database
314 present in database
310
315
311 :param auth_user: instance of user to set attributes
316 :param auth_user: instance of user to set attributes
312 :param user_id: user id to fetch by
317 :param user_id: user id to fetch by
313 :param api_key: api key to fetch by
318 :param api_key: api key to fetch by
314 """
319 """
315 if user_id is None and api_key is None:
320 if user_id is None and api_key is None:
316 raise Exception('You need to pass user_id or api_key')
321 raise Exception('You need to pass user_id or api_key')
317
322
318 try:
323 try:
319 if api_key:
324 if api_key:
320 dbuser = self.get_by_api_key(api_key)
325 dbuser = self.get_by_api_key(api_key)
321 else:
326 else:
322 dbuser = self.get(user_id)
327 dbuser = self.get(user_id)
323
328
324 if dbuser is not None and dbuser.active:
329 if dbuser is not None and dbuser.active:
325 log.debug('filling %s data', dbuser)
330 log.debug('filling %s data', dbuser)
326 for k, v in dbuser.get_dict().items():
331 for k, v in dbuser.get_dict().items():
327 setattr(auth_user, k, v)
332 setattr(auth_user, k, v)
328 else:
333 else:
329 return False
334 return False
330
335
331 except:
336 except:
332 log.error(traceback.format_exc())
337 log.error(traceback.format_exc())
333 auth_user.is_authenticated = False
338 auth_user.is_authenticated = False
334 return False
339 return False
335
340
336 return True
341 return True
337
342
338 def fill_perms(self, user):
343 def fill_perms(self, user):
339 """
344 """
340 Fills user permission attribute with permissions taken from database
345 Fills user permission attribute with permissions taken from database
341 works for permissions given for repositories, and for permissions that
346 works for permissions given for repositories, and for permissions that
342 are granted to groups
347 are granted to groups
343
348
344 :param user: user instance to fill his perms
349 :param user: user instance to fill his perms
345 """
350 """
346
351
347 user.permissions['repositories'] = {}
352 user.permissions['repositories'] = {}
348 user.permissions['global'] = set()
353 user.permissions['global'] = set()
349
354
350 #======================================================================
355 #======================================================================
351 # fetch default permissions
356 # fetch default permissions
352 #======================================================================
357 #======================================================================
353 default_user = self.get_by_username('default', cache=True)
358 default_user = self.get_by_username('default', cache=True)
354
359
355 default_perms = self.sa.query(UserRepoToPerm, Repository, Permission)\
360 default_perms = self.sa.query(UserRepoToPerm, Repository, Permission)\
356 .join((Repository, UserRepoToPerm.repository_id ==
361 .join((Repository, UserRepoToPerm.repository_id ==
357 Repository.repo_id))\
362 Repository.repo_id))\
358 .join((Permission, UserRepoToPerm.permission_id ==
363 .join((Permission, UserRepoToPerm.permission_id ==
359 Permission.permission_id))\
364 Permission.permission_id))\
360 .filter(UserRepoToPerm.user == default_user).all()
365 .filter(UserRepoToPerm.user == default_user).all()
361
366
362 if user.is_admin:
367 if user.is_admin:
363 #==================================================================
368 #==================================================================
364 # #admin have all default rights set to admin
369 # #admin have all default rights set to admin
365 #==================================================================
370 #==================================================================
366 user.permissions['global'].add('hg.admin')
371 user.permissions['global'].add('hg.admin')
367
372
368 for perm in default_perms:
373 for perm in default_perms:
369 p = 'repository.admin'
374 p = 'repository.admin'
370 user.permissions['repositories'][perm.UserRepoToPerm.
375 user.permissions['repositories'][perm.UserRepoToPerm.
371 repository.repo_name] = p
376 repository.repo_name] = p
372
377
373 else:
378 else:
374 #==================================================================
379 #==================================================================
375 # set default permissions
380 # set default permissions
376 #==================================================================
381 #==================================================================
377 uid = user.user_id
382 uid = user.user_id
378
383
379 #default global
384 #default global
380 default_global_perms = self.sa.query(UserToPerm)\
385 default_global_perms = self.sa.query(UserToPerm)\
381 .filter(UserToPerm.user == default_user)
386 .filter(UserToPerm.user == default_user)
382
387
383 for perm in default_global_perms:
388 for perm in default_global_perms:
384 user.permissions['global'].add(perm.permission.permission_name)
389 user.permissions['global'].add(perm.permission.permission_name)
385
390
386 #default for repositories
391 #default for repositories
387 for perm in default_perms:
392 for perm in default_perms:
388 if perm.Repository.private and not (perm.Repository.user_id ==
393 if perm.Repository.private and not (perm.Repository.user_id ==
389 uid):
394 uid):
390 #diself.sable defaults for private repos,
395 #diself.sable defaults for private repos,
391 p = 'repository.none'
396 p = 'repository.none'
392 elif perm.Repository.user_id == uid:
397 elif perm.Repository.user_id == uid:
393 #set admin if owner
398 #set admin if owner
394 p = 'repository.admin'
399 p = 'repository.admin'
395 else:
400 else:
396 p = perm.Permission.permission_name
401 p = perm.Permission.permission_name
397
402
398 user.permissions['repositories'][perm.UserRepoToPerm.
403 user.permissions['repositories'][perm.UserRepoToPerm.
399 repository.repo_name] = p
404 repository.repo_name] = p
400
405
401 #==================================================================
406 #==================================================================
402 # overwrite default with user permissions if any
407 # overwrite default with user permissions if any
403 #==================================================================
408 #==================================================================
404
409
405 #user global
410 #user global
406 user_perms = self.sa.query(UserToPerm)\
411 user_perms = self.sa.query(UserToPerm)\
407 .options(joinedload(UserToPerm.permission))\
412 .options(joinedload(UserToPerm.permission))\
408 .filter(UserToPerm.user_id == uid).all()
413 .filter(UserToPerm.user_id == uid).all()
409
414
410 for perm in user_perms:
415 for perm in user_perms:
411 user.permissions['global'].add(perm.permission.
416 user.permissions['global'].add(perm.permission.
412 permission_name)
417 permission_name)
413
418
414 #user repositories
419 #user repositories
415 user_repo_perms = self.sa.query(UserRepoToPerm, Permission,
420 user_repo_perms = self.sa.query(UserRepoToPerm, Permission,
416 Repository)\
421 Repository)\
417 .join((Repository, UserRepoToPerm.repository_id ==
422 .join((Repository, UserRepoToPerm.repository_id ==
418 Repository.repo_id))\
423 Repository.repo_id))\
419 .join((Permission, UserRepoToPerm.permission_id ==
424 .join((Permission, UserRepoToPerm.permission_id ==
420 Permission.permission_id))\
425 Permission.permission_id))\
421 .filter(UserRepoToPerm.user_id == uid).all()
426 .filter(UserRepoToPerm.user_id == uid).all()
422
427
423 for perm in user_repo_perms:
428 for perm in user_repo_perms:
424 # set admin if owner
429 # set admin if owner
425 if perm.Repository.user_id == uid:
430 if perm.Repository.user_id == uid:
426 p = 'repository.admin'
431 p = 'repository.admin'
427 else:
432 else:
428 p = perm.Permission.permission_name
433 p = perm.Permission.permission_name
429 user.permissions['repositories'][perm.UserRepoToPerm.
434 user.permissions['repositories'][perm.UserRepoToPerm.
430 repository.repo_name] = p
435 repository.repo_name] = p
431
436
432 #==================================================================
437 #==================================================================
433 # check if user is part of groups for this repository and fill in
438 # check if user is part of groups for this repository and fill in
434 # (or replace with higher) permissions
439 # (or replace with higher) permissions
435 #==================================================================
440 #==================================================================
436
441
437 #users group global
442 #users group global
438 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
443 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
439 .options(joinedload(UsersGroupToPerm.permission))\
444 .options(joinedload(UsersGroupToPerm.permission))\
440 .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
445 .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
441 UsersGroupMember.users_group_id))\
446 UsersGroupMember.users_group_id))\
442 .filter(UsersGroupMember.user_id == uid).all()
447 .filter(UsersGroupMember.user_id == uid).all()
443
448
444 for perm in user_perms_from_users_groups:
449 for perm in user_perms_from_users_groups:
445 user.permissions['global'].add(perm.permission.permission_name)
450 user.permissions['global'].add(perm.permission.permission_name)
446
451
447 #users group repositories
452 #users group repositories
448 user_repo_perms_from_users_groups = self.sa.query(
453 user_repo_perms_from_users_groups = self.sa.query(
449 UsersGroupRepoToPerm,
454 UsersGroupRepoToPerm,
450 Permission, Repository,)\
455 Permission, Repository,)\
451 .join((Repository, UsersGroupRepoToPerm.repository_id ==
456 .join((Repository, UsersGroupRepoToPerm.repository_id ==
452 Repository.repo_id))\
457 Repository.repo_id))\
453 .join((Permission, UsersGroupRepoToPerm.permission_id ==
458 .join((Permission, UsersGroupRepoToPerm.permission_id ==
454 Permission.permission_id))\
459 Permission.permission_id))\
455 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
460 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
456 UsersGroupMember.users_group_id))\
461 UsersGroupMember.users_group_id))\
457 .filter(UsersGroupMember.user_id == uid).all()
462 .filter(UsersGroupMember.user_id == uid).all()
458
463
459 for perm in user_repo_perms_from_users_groups:
464 for perm in user_repo_perms_from_users_groups:
460 p = perm.Permission.permission_name
465 p = perm.Permission.permission_name
461 cur_perm = user.permissions['repositories'][perm.
466 cur_perm = user.permissions['repositories'][perm.
462 UsersGroupRepoToPerm.
467 UsersGroupRepoToPerm.
463 repository.repo_name]
468 repository.repo_name]
464 #overwrite permission only if it's greater than permission
469 #overwrite permission only if it's greater than permission
465 # given from other sources
470 # given from other sources
466 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
471 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
467 user.permissions['repositories'][perm.UsersGroupRepoToPerm.
472 user.permissions['repositories'][perm.UsersGroupRepoToPerm.
468 repository.repo_name] = p
473 repository.repo_name] = p
469
474
470 return user
475 return user
471
476
General Comments 0
You need to be logged in to leave comments. Login now