##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

RhodeCode now has a option to explicitly set forking permissions. ref #508...
marcink -
r2709:d2d35cf2 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -37,7 +37,7 b' news'
37 that defines 'default' revision/branch for generating readme files
37 that defines 'default' revision/branch for generating readme files
38 - Implemented #509, RhodeCode enforces SSL for push/pulling if requested.
38 - Implemented #509, RhodeCode enforces SSL for push/pulling if requested.
39 - Import remote svn repositories to mercurial using hgsubversion
39 - Import remote svn repositories to mercurial using hgsubversion
40
40 - Fixed #508 RhodeCode now has a option to explicitly set forking permissions
41
41
42 fixes
42 fixes
43 +++++
43 +++++
Show file before | Show file after | Hide comments
@@ -71,6 +71,15 b' class PermissionsController(BaseControll'
71 self.create_choices = [('hg.create.none', _('Disabled')),
71 self.create_choices = [('hg.create.none', _('Disabled')),
72 ('hg.create.repository', _('Enabled'))]
72 ('hg.create.repository', _('Enabled'))]
73
73
74 self.fork_choices = [('hg.fork.none', _('Disabled')),
75 ('hg.fork.repository', _('Enabled'))]
76
77 # set the global template variables
78 c.perms_choices = self.perms_choices
79 c.register_choices = self.register_choices
80 c.create_choices = self.create_choices
81 c.fork_choices = self.fork_choices
82
74 def index(self, format='html'):
83 def index(self, format='html'):
75 """GET /permissions: All items in the collection"""
84 """GET /permissions: All items in the collection"""
76 # url('permissions')
85 # url('permissions')
@@ -96,7 +105,8 b' class PermissionsController(BaseControll'
96
105
97 _form = DefaultPermissionsForm([x[0] for x in self.perms_choices],
106 _form = DefaultPermissionsForm([x[0] for x in self.perms_choices],
98 [x[0] for x in self.register_choices],
107 [x[0] for x in self.register_choices],
99 [x[0] for x in self.create_choices])()
108 [x[0] for x in self.create_choices],
109 [x[0] for x in self.fork_choices])()
100
110
101 try:
111 try:
102 form_result = _form.to_python(dict(request.POST))
112 form_result = _form.to_python(dict(request.POST))
@@ -107,9 +117,6 b' class PermissionsController(BaseControll'
107 category='success')
117 category='success')
108
118
109 except formencode.Invalid, errors:
119 except formencode.Invalid, errors:
110 c.perms_choices = self.perms_choices
111 c.register_choices = self.register_choices
112 c.create_choices = self.create_choices
113 defaults = errors.value
120 defaults = errors.value
114
121
115 return htmlfill.render(
122 return htmlfill.render(
@@ -141,10 +148,8 b' class PermissionsController(BaseControll'
141 def edit(self, id, format='html'):
148 def edit(self, id, format='html'):
142 """GET /permissions/id/edit: Form to edit an existing item"""
149 """GET /permissions/id/edit: Form to edit an existing item"""
143 #url('edit_permission', id=ID)
150 #url('edit_permission', id=ID)
144 c.perms_choices = self.perms_choices
145 c.register_choices = self.register_choices
146 c.create_choices = self.create_choices
147
151
152 #this form can only edit default user permissions
148 if id == 'default':
153 if id == 'default':
149 default_user = User.get_by_username('default')
154 default_user = User.get_by_username('default')
150 defaults = {'_method': 'put',
155 defaults = {'_method': 'put',
@@ -160,10 +165,14 b' class PermissionsController(BaseControll'
160 if p.permission.permission_name.startswith('hg.create.'):
165 if p.permission.permission_name.startswith('hg.create.'):
161 defaults['default_create'] = p.permission.permission_name
166 defaults['default_create'] = p.permission.permission_name
162
167
168 if p.permission.permission_name.startswith('hg.fork.'):
169 defaults['default_fork'] = p.permission.permission_name
170
163 return htmlfill.render(
171 return htmlfill.render(
164 render('admin/permissions/permissions.html'),
172 render('admin/permissions/permissions.html'),
165 defaults=defaults,
173 defaults=defaults,
166 encoding="UTF-8",
174 encoding="UTF-8",
167 force_defaults=True,)
175 force_defaults=True,
176 )
168 else:
177 else:
169 return redirect(url('admin_home'))
178 return redirect(url('admin_home'))
Show file before | Show file after | Hide comments
@@ -33,6 +33,7 b' from pylons import request, session, tmp'
33 from pylons.controllers.util import redirect
33 from pylons.controllers.util import redirect
34 from pylons.i18n.translation import _
34 from pylons.i18n.translation import _
35
35
36 import rhodecode
36 from rhodecode.lib.exceptions import DefaultUserException, \
37 from rhodecode.lib.exceptions import DefaultUserException, \
37 UserOwnsReposException
38 UserOwnsReposException
38 from rhodecode.lib import helpers as h
39 from rhodecode.lib import helpers as h
@@ -40,14 +41,13 b' from rhodecode.lib.auth import LoginRequ'
40 AuthUser
41 AuthUser
41 from rhodecode.lib.base import BaseController, render
42 from rhodecode.lib.base import BaseController, render
42
43
43 import rhodecode
44 from rhodecode.model.db import User, UserEmailMap
44 from rhodecode.model.db import User, Permission, UserEmailMap
45 from rhodecode.model.forms import UserForm
45 from rhodecode.model.forms import UserForm
46 from rhodecode.model.user import UserModel
46 from rhodecode.model.user import UserModel
47 from rhodecode.model.meta import Session
47 from rhodecode.model.meta import Session
48 from rhodecode.lib.utils import action_logger
48 from rhodecode.lib.utils import action_logger
49 from rhodecode.lib.compat import json
49 from rhodecode.lib.compat import json
50 from rhodecode.lib.utils2 import datetime_to_time
50 from rhodecode.lib.utils2 import datetime_to_time, str2bool
51
51
52 log = logging.getLogger(__name__)
52 log = logging.getLogger(__name__)
53
53
@@ -175,9 +175,11 b' class UsersController(BaseController):'
175 .filter(UserEmailMap.user == c.user).all()
175 .filter(UserEmailMap.user == c.user).all()
176 defaults = errors.value
176 defaults = errors.value
177 e = errors.error_dict or {}
177 e = errors.error_dict or {}
178 perm = Permission.get_by_key('hg.create.repository')
178 defaults.update({
179 defaults.update({'create_repo_perm': user_model.has_perm(id, perm)})
179 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
180 defaults.update({'_method': 'put'})
180 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
181 '_method': 'put'
182 })
181 return htmlfill.render(
183 return htmlfill.render(
182 render('admin/users/user_edit.html'),
184 render('admin/users/user_edit.html'),
183 defaults=defaults,
185 defaults=defaults,
@@ -188,7 +190,7 b' class UsersController(BaseController):'
188 log.error(traceback.format_exc())
190 log.error(traceback.format_exc())
189 h.flash(_('error occurred during update of user %s') \
191 h.flash(_('error occurred during update of user %s') \
190 % form_result.get('username'), category='error')
192 % form_result.get('username'), category='error')
191 return redirect(url('users'))
193 return redirect(url('edit_user', id=id))
192
194
193 def delete(self, id):
195 def delete(self, id):
194 """DELETE /users/id: Delete an existing item"""
196 """DELETE /users/id: Delete an existing item"""
@@ -198,9 +200,9 b' class UsersController(BaseController):'
198 # h.form(url('delete_user', id=ID),
200 # h.form(url('delete_user', id=ID),
199 # method='delete')
201 # method='delete')
200 # url('user', id=ID)
202 # url('user', id=ID)
201 user_model = UserModel()
203 usr = User.get_or_404(id)
202 try:
204 try:
203 user_model.delete(id)
205 UserModel().delete(usr)
204 Session().commit()
206 Session().commit()
205 h.flash(_('successfully deleted user'), category='success')
207 h.flash(_('successfully deleted user'), category='success')
206 except (UserOwnsReposException, DefaultUserException), e:
208 except (UserOwnsReposException, DefaultUserException), e:
@@ -223,15 +225,19 b' class UsersController(BaseController):'
223 if c.user.username == 'default':
225 if c.user.username == 'default':
224 h.flash(_("You can't edit this user"), category='warning')
226 h.flash(_("You can't edit this user"), category='warning')
225 return redirect(url('users'))
227 return redirect(url('users'))
228
226 c.perm_user = AuthUser(user_id=id)
229 c.perm_user = AuthUser(user_id=id)
227 c.user.permissions = {}
230 c.user.permissions = {}
228 c.granted_permissions = UserModel().fill_perms(c.user)\
231 c.granted_permissions = UserModel().fill_perms(c.user)\
229 .permissions['global']
232 .permissions['global']
230 c.user_email_map = UserEmailMap.query()\
233 c.user_email_map = UserEmailMap.query()\
231 .filter(UserEmailMap.user == c.user).all()
234 .filter(UserEmailMap.user == c.user).all()
235 user_model = UserModel()
232 defaults = c.user.get_dict()
236 defaults = c.user.get_dict()
233 perm = Permission.get_by_key('hg.create.repository')
237 defaults.update({
234 defaults.update({'create_repo_perm': UserModel().has_perm(id, perm)})
238 'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
239 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
240 })
235
241
236 return htmlfill.render(
242 return htmlfill.render(
237 render('admin/users/user_edit.html'),
243 render('admin/users/user_edit.html'),
@@ -243,28 +249,44 b' class UsersController(BaseController):'
243 def update_perm(self, id):
249 def update_perm(self, id):
244 """PUT /users_perm/id: Update an existing item"""
250 """PUT /users_perm/id: Update an existing item"""
245 # url('user_perm', id=ID, method='put')
251 # url('user_perm', id=ID, method='put')
252 usr = User.get_or_404(id)
253 grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
254 grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
255 inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
246
256
247 grant_perm = request.POST.get('create_repo_perm', False)
248 user_model = UserModel()
257 user_model = UserModel()
249
258
250 if grant_perm:
259 try:
251 perm = Permission.get_by_key('hg.create.none')
260 usr.inherit_default_permissions = inherit_perms
252 user_model.revoke_perm(id, perm)
261 Session().add(usr)
253
262
254 perm = Permission.get_by_key('hg.create.repository')
263 if grant_create_perm:
255 user_model.grant_perm(id, perm)
264 user_model.revoke_perm(usr, 'hg.create.none')
256 h.flash(_("Granted 'repository create' permission to user"),
265 user_model.grant_perm(usr, 'hg.create.repository')
257 category='success')
266 h.flash(_("Granted 'repository create' permission to user"),
267 category='success')
268 else:
269 user_model.revoke_perm(usr, 'hg.create.repository')
270 user_model.grant_perm(usr, 'hg.create.none')
271 h.flash(_("Revoked 'repository create' permission to user"),
272 category='success')
273
274 if grant_fork_perm:
275 user_model.revoke_perm(usr, 'hg.fork.none')
276 user_model.grant_perm(usr, 'hg.fork.repository')
277 h.flash(_("Granted 'repository fork' permission to user"),
278 category='success')
279 else:
280 user_model.revoke_perm(usr, 'hg.fork.repository')
281 user_model.grant_perm(usr, 'hg.fork.none')
282 h.flash(_("Revoked 'repository fork' permission to user"),
283 category='success')
284
258 Session().commit()
285 Session().commit()
259 else:
286 except Exception:
260 perm = Permission.get_by_key('hg.create.repository')
287 log.error(traceback.format_exc())
261 user_model.revoke_perm(id, perm)
288 h.flash(_('An error occurred during permissions saving'),
262
289 category='error')
263 perm = Permission.get_by_key('hg.create.none')
264 user_model.grant_perm(id, perm)
265 h.flash(_("Revoked 'repository create' permission to user"),
266 category='success')
267 Session().commit()
268 return redirect(url('edit_user', id=id))
290 return redirect(url('edit_user', id=id))
269
291
270 def add_email(self, id):
292 def add_email(self, id):
Show file before | Show file after | Hide comments
@@ -34,13 +34,13 b' from pylons.i18n.translation import _'
34
34
35 from rhodecode.lib import helpers as h
35 from rhodecode.lib import helpers as h
36 from rhodecode.lib.exceptions import UsersGroupsAssignedException
36 from rhodecode.lib.exceptions import UsersGroupsAssignedException
37 from rhodecode.lib.utils2 import safe_unicode
37 from rhodecode.lib.utils2 import safe_unicode, str2bool
38 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
38 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator
39 from rhodecode.lib.base import BaseController, render
39 from rhodecode.lib.base import BaseController, render
40
40
41 from rhodecode.model.users_group import UsersGroupModel
41 from rhodecode.model.users_group import UsersGroupModel
42
42
43 from rhodecode.model.db import User, UsersGroup, Permission, UsersGroupToPerm
43 from rhodecode.model.db import User, UsersGroup
44 from rhodecode.model.forms import UsersGroupForm
44 from rhodecode.model.forms import UsersGroupForm
45 from rhodecode.model.meta import Session
45 from rhodecode.model.meta import Session
46 from rhodecode.lib.utils import action_logger
46 from rhodecode.lib.utils import action_logger
@@ -135,15 +135,20 b' class UsersGroupsController(BaseControll'
135 h.flash(_('updated users group %s') % gr, category='success')
135 h.flash(_('updated users group %s') % gr, category='success')
136 Session().commit()
136 Session().commit()
137 except formencode.Invalid, errors:
137 except formencode.Invalid, errors:
138 ug_model = UsersGroupModel()
139 defaults = errors.value
138 e = errors.error_dict or {}
140 e = errors.error_dict or {}
139
141 defaults.update({
140 perm = Permission.get_by_key('hg.create.repository')
142 'create_repo_perm': ug_model.has_perm(id,
141 e.update({'create_repo_perm':
143 'hg.create.repository'),
142 UsersGroupModel().has_perm(id, perm)})
144 'fork_repo_perm': ug_model.has_perm(id,
145 'hg.fork.repository'),
146 '_method': 'put'
147 })
143
148
144 return htmlfill.render(
149 return htmlfill.render(
145 render('admin/users_groups/users_group_edit.html'),
150 render('admin/users_groups/users_group_edit.html'),
146 defaults=errors.value,
151 defaults=defaults,
147 errors=e,
152 errors=e,
148 prefix_error=False,
153 prefix_error=False,
149 encoding="UTF-8")
154 encoding="UTF-8")
@@ -152,7 +157,7 b' class UsersGroupsController(BaseControll'
152 h.flash(_('error occurred during update of users group %s') \
157 h.flash(_('error occurred during update of users group %s') \
153 % request.POST.get('users_group_name'), category='error')
158 % request.POST.get('users_group_name'), category='error')
154
159
155 return redirect(url('users_groups'))
160 return redirect(url('edit_users_group', id=id))
156
161
157 def delete(self, id):
162 def delete(self, id):
158 """DELETE /users_groups/id: Delete an existing item"""
163 """DELETE /users_groups/id: Delete an existing item"""
@@ -162,9 +167,9 b' class UsersGroupsController(BaseControll'
162 # h.form(url('users_group', id=ID),
167 # h.form(url('users_group', id=ID),
163 # method='delete')
168 # method='delete')
164 # url('users_group', id=ID)
169 # url('users_group', id=ID)
165
170 usr_gr = UsersGroup.get_or_404(id)
166 try:
171 try:
167 UsersGroupModel().delete(id)
172 UsersGroupModel().delete(usr_gr)
168 Session().commit()
173 Session().commit()
169 h.flash(_('successfully deleted users group'), category='success')
174 h.flash(_('successfully deleted users group'), category='success')
170 except UsersGroupsAssignedException, e:
175 except UsersGroupsAssignedException, e:
@@ -183,9 +188,7 b' class UsersGroupsController(BaseControll'
183 """GET /users_groups/id/edit: Form to edit an existing item"""
188 """GET /users_groups/id/edit: Form to edit an existing item"""
184 # url('edit_users_group', id=ID)
189 # url('edit_users_group', id=ID)
185
190
186 c.users_group = UsersGroup.get(id)
191 c.users_group = UsersGroup.get_or_404(id)
187 if not c.users_group:
188 return redirect(url('users_groups'))
189
192
190 c.users_group.permissions = {}
193 c.users_group.permissions = {}
191 c.group_members_obj = [x.user for x in c.users_group.members]
194 c.group_members_obj = [x.user for x in c.users_group.members]
@@ -193,10 +196,15 b' class UsersGroupsController(BaseControll'
193 c.group_members_obj]
196 c.group_members_obj]
194 c.available_members = [(x.user_id, x.username) for x in
197 c.available_members = [(x.user_id, x.username) for x in
195 User.query().all()]
198 User.query().all()]
199 ug_model = UsersGroupModel()
196 defaults = c.users_group.get_dict()
200 defaults = c.users_group.get_dict()
197 perm = Permission.get_by_key('hg.create.repository')
201 defaults.update({
198 defaults.update({'create_repo_perm':
202 'create_repo_perm': ug_model.has_perm(c.users_group,
199 UsersGroupModel().has_perm(c.users_group, perm)})
203 'hg.create.repository'),
204 'fork_repo_perm': ug_model.has_perm(c.users_group,
205 'hg.fork.repository'),
206 })
207
200 return htmlfill.render(
208 return htmlfill.render(
201 render('admin/users_groups/users_group_edit.html'),
209 render('admin/users_groups/users_group_edit.html'),
202 defaults=defaults,
210 defaults=defaults,
@@ -208,25 +216,43 b' class UsersGroupsController(BaseControll'
208 """PUT /users_perm/id: Update an existing item"""
216 """PUT /users_perm/id: Update an existing item"""
209 # url('users_group_perm', id=ID, method='put')
217 # url('users_group_perm', id=ID, method='put')
210
218
211 grant_perm = request.POST.get('create_repo_perm', False)
219 users_group = UsersGroup.get_or_404(id)
220 grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
221 grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
222 inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
223
224 usersgroup_model = UsersGroupModel()
225
226 try:
227 users_group.inherit_default_permissions = inherit_perms
228 Session().add(users_group)
212
229
213 if grant_perm:
230 if grant_create_perm:
214 perm = Permission.get_by_key('hg.create.none')
231 usersgroup_model.revoke_perm(id, 'hg.create.none')
215 UsersGroupModel().revoke_perm(id, perm)
232 usersgroup_model.grant_perm(id, 'hg.create.repository')
233 h.flash(_("Granted 'repository create' permission to users group"),
234 category='success')
235 else:
236 usersgroup_model.revoke_perm(id, 'hg.create.repository')
237 usersgroup_model.grant_perm(id, 'hg.create.none')
238 h.flash(_("Revoked 'repository create' permission to users group"),
239 category='success')
216
240
217 perm = Permission.get_by_key('hg.create.repository')
241 if grant_fork_perm:
218 UsersGroupModel().grant_perm(id, perm)
242 usersgroup_model.revoke_perm(id, 'hg.fork.none')
219 h.flash(_("Granted 'repository create' permission to user"),
243 usersgroup_model.grant_perm(id, 'hg.fork.repository')
220 category='success')
244 h.flash(_("Granted 'repository fork' permission to users group"),
245 category='success')
246 else:
247 usersgroup_model.revoke_perm(id, 'hg.fork.repository')
248 usersgroup_model.grant_perm(id, 'hg.fork.none')
249 h.flash(_("Revoked 'repository fork' permission to users group"),
250 category='success')
221
251
222 Session().commit()
252 Session().commit()
223 else:
253 except Exception:
224 perm = Permission.get_by_key('hg.create.repository')
254 log.error(traceback.format_exc())
225 UsersGroupModel().revoke_perm(id, perm)
255 h.flash(_('An error occurred during permissions saving'),
256 category='error')
226
257
227 perm = Permission.get_by_key('hg.create.none')
228 UsersGroupModel().grant_perm(id, perm)
229 h.flash(_("Revoked 'repository create' permission to user"),
230 category='success')
231 Session().commit()
232 return redirect(url('edit_users_group', id=id))
258 return redirect(url('edit_users_group', id=id))
Show file before | Show file after | Hide comments
@@ -35,7 +35,8 b' import rhodecode.lib.helpers as h'
35
35
36 from rhodecode.lib.helpers import Page
36 from rhodecode.lib.helpers import Page
37 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
37 from rhodecode.lib.auth import LoginRequired, HasRepoPermissionAnyDecorator, \
38 NotAnonymous, HasRepoPermissionAny
38 NotAnonymous, HasRepoPermissionAny, HasPermissionAllDecorator,\
39 HasPermissionAnyDecorator
39 from rhodecode.lib.base import BaseRepoController, render
40 from rhodecode.lib.base import BaseRepoController, render
40 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
41 from rhodecode.model.db import Repository, RepoGroup, UserFollowing, User
41 from rhodecode.model.repo import RepoModel
42 from rhodecode.model.repo import RepoModel
@@ -123,6 +124,7 b' class ForksController(BaseRepoController'
123 return render('/forks/forks.html')
124 return render('/forks/forks.html')
124
125
125 @NotAnonymous()
126 @NotAnonymous()
127 @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
126 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
128 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
127 'repository.admin')
129 'repository.admin')
128 def fork(self, repo_name):
130 def fork(self, repo_name):
@@ -146,6 +148,7 b' class ForksController(BaseRepoController'
146 )
148 )
147
149
148 @NotAnonymous()
150 @NotAnonymous()
151 @HasPermissionAnyDecorator('hg.admin', 'hg.fork.repository')
149 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
152 @HasRepoPermissionAnyDecorator('repository.read', 'repository.write',
150 'repository.admin')
153 'repository.admin')
151 def fork_create(self, repo_name):
154 def fork_create(self, repo_name):
Show file before | Show file after | Hide comments
@@ -350,6 +350,7 b' class AuthUser(object):'
350 log.debug('Auth User lookup by USER NAME %s' % self.username)
350 log.debug('Auth User lookup by USER NAME %s' % self.username)
351 dbuser = login_container_auth(self.username)
351 dbuser = login_container_auth(self.username)
352 if dbuser is not None:
352 if dbuser is not None:
353 log.debug('filling all attributes to object')
353 for k, v in dbuser.get_dict().items():
354 for k, v in dbuser.get_dict().items():
354 setattr(self, k, v)
355 setattr(self, k, v)
355 self.set_authenticated()
356 self.set_authenticated()
Show file before | Show file after | Hide comments
@@ -513,27 +513,32 b' class DbManage(object):'
513 def populate_default_permissions(self):
513 def populate_default_permissions(self):
514 log.info('creating default user permissions')
514 log.info('creating default user permissions')
515
515
516 default_user = self.sa.query(User)\
516 default_user = User.get_by_username('default')
517 .filter(User.username == 'default').scalar()
518
517
519 reg_perm = UserToPerm()
518 reg_perm = UserToPerm()
520 reg_perm.user = default_user
519 reg_perm.user = default_user
521 reg_perm.permission = self.sa.query(Permission)\
520 reg_perm.permission = self.sa.query(Permission)\
522 .filter(Permission.permission_name == 'hg.register.manual_activate')\
521 .filter(Permission.permission_name == 'hg.register.manual_activate')\
523 .scalar()
522 .scalar()
523 self.sa.add(reg_perm)
524
524
525 create_repo_perm = UserToPerm()
525 create_repo_perm = UserToPerm()
526 create_repo_perm.user = default_user
526 create_repo_perm.user = default_user
527 create_repo_perm.permission = self.sa.query(Permission)\
527 create_repo_perm.permission = self.sa.query(Permission)\
528 .filter(Permission.permission_name == 'hg.create.repository')\
528 .filter(Permission.permission_name == 'hg.create.repository')\
529 .scalar()
529 .scalar()
530 self.sa.add(create_repo_perm)
531
532 default_fork_perm = UserToPerm()
533 default_fork_perm.user = default_user
534 default_fork_perm.permission = self.sa.query(Permission)\
535 .filter(Permission.permission_name == 'hg.fork.repository')\
536 .scalar()
537 self.sa.add(default_fork_perm)
530
538
531 default_repo_perm = UserToPerm()
539 default_repo_perm = UserToPerm()
532 default_repo_perm.user = default_user
540 default_repo_perm.user = default_user
533 default_repo_perm.permission = self.sa.query(Permission)\
541 default_repo_perm.permission = self.sa.query(Permission)\
534 .filter(Permission.permission_name == 'repository.read')\
542 .filter(Permission.permission_name == 'repository.read')\
535 .scalar()
543 .scalar()
536
537 self.sa.add(reg_perm)
538 self.sa.add(create_repo_perm)
539 self.sa.add(default_repo_perm)
544 self.sa.add(default_repo_perm)
Show file before | Show file after | Hide comments
@@ -294,6 +294,7 b' class User(Base, BaseModel):'
294 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
294 last_login = Column("last_login", DateTime(timezone=False), nullable=True, unique=None, default=None)
295 ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
295 ldap_dn = Column("ldap_dn", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
296 api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
296 api_key = Column("api_key", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
297 inherit_default_permissions = Column("inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
297
298
298 user_log = relationship('UserLog', cascade='all')
299 user_log = relationship('UserLog', cascade='all')
299 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
300 user_perms = relationship('UserToPerm', primaryjoin="User.user_id==UserToPerm.user_id", cascade='all')
@@ -504,6 +505,7 b' class UsersGroup(Base, BaseModel):'
504 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
505 users_group_id = Column("users_group_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
505 users_group_name = Column("users_group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
506 users_group_name = Column("users_group_name", String(255, convert_unicode=False, assert_unicode=None), nullable=False, unique=True, default=None)
506 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
507 users_group_active = Column("users_group_active", Boolean(), nullable=True, unique=None, default=None)
508 inherit_default_permissions = Column("users_group_inherit_default_permissions", Boolean(), nullable=False, unique=None, default=True)
507
509
508 members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
510 members = relationship('UsersGroupMember', cascade="all, delete, delete-orphan", lazy="joined")
509 users_group_to_perm = relationship('UsersGroupToPerm', cascade='all')
511 users_group_to_perm = relationship('UsersGroupToPerm', cascade='all')
@@ -1084,6 +1086,8 b' class Permission(Base, BaseModel):'
1084 ('hg.admin', _('RhodeCode Administrator')),
1086 ('hg.admin', _('RhodeCode Administrator')),
1085 ('hg.create.none', _('Repository creation disabled')),
1087 ('hg.create.none', _('Repository creation disabled')),
1086 ('hg.create.repository', _('Repository creation enabled')),
1088 ('hg.create.repository', _('Repository creation enabled')),
1089 ('hg.fork.none', _('Repository forking disabled')),
1090 ('hg.fork.repository', _('Repository forking enabled')),
1087 ('hg.register.none', _('Register disabled')),
1091 ('hg.register.none', _('Register disabled')),
1088 ('hg.register.manual_activate', _('Register new user with RhodeCode '
1092 ('hg.register.manual_activate', _('Register new user with RhodeCode '
1089 'with manual activation')),
1093 'with manual activation')),
@@ -1092,6 +1096,24 b' class Permission(Base, BaseModel):'
1092 'with auto activation')),
1096 'with auto activation')),
1093 ]
1097 ]
1094
1098
1099 # defines which permissions are more important higher the more important
1100 PERM_WEIGHTS = {
1101 'repository.none': 0,
1102 'repository.read': 1,
1103 'repository.write': 3,
1104 'repository.admin': 4,
1105
1106 'group.none': 0,
1107 'group.read': 1,
1108 'group.write': 3,
1109 'group.admin': 4,
1110
1111 'hg.fork.none': 0,
1112 'hg.fork.repository': 1,
1113 'hg.create.none': 0,
1114 'hg.create.repository':1
1115 }
1116
1095 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1117 permission_id = Column("permission_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1096 permission_name = Column("permission_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
1118 permission_name = Column("permission_name", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
1097 permission_longname = Column("permission_longname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
1119 permission_longname = Column("permission_longname", String(255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
Show file before | Show file after | Hide comments
@@ -274,7 +274,8 b' def ApplicationUiSettingsForm():'
274 return _ApplicationUiSettingsForm
274 return _ApplicationUiSettingsForm
275
275
276
276
277 def DefaultPermissionsForm(perms_choices, register_choices, create_choices):
277 def DefaultPermissionsForm(perms_choices, register_choices, create_choices,
278 fork_choices):
278 class _DefaultPermissionsForm(formencode.Schema):
279 class _DefaultPermissionsForm(formencode.Schema):
279 allow_extra_fields = True
280 allow_extra_fields = True
280 filter_extra_fields = True
281 filter_extra_fields = True
@@ -283,6 +284,7 b' def DefaultPermissionsForm(perms_choices'
283 default_perm = v.OneOf(perms_choices)
284 default_perm = v.OneOf(perms_choices)
284 default_register = v.OneOf(register_choices)
285 default_register = v.OneOf(register_choices)
285 default_create = v.OneOf(create_choices)
286 default_create = v.OneOf(create_choices)
287 default_fork = v.OneOf(fork_choices)
286
288
287 return _DefaultPermissionsForm
289 return _DefaultPermissionsForm
288
290
Show file before | Show file after | Hide comments
@@ -77,8 +77,8 b' class PermissionModel(BaseModel):'
77 form_result['perm_user_name']).scalar()
77 form_result['perm_user_name']).scalar()
78 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
78 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
79 perm_user).all()
79 perm_user).all()
80 if len(u2p) != 3:
80 if len(u2p) != 4:
81 raise Exception('Defined: %s should be 3 permissions for default'
81 raise Exception('Defined: %s should be 4 permissions for default'
82 ' user. This should not happen please verify'
82 ' user. This should not happen please verify'
83 ' your database' % len(u2p))
83 ' your database' % len(u2p))
84
84
@@ -100,6 +100,11 b' class PermissionModel(BaseModel):'
100 form_result['default_create'])
100 form_result['default_create'])
101 self.sa.add(p)
101 self.sa.add(p)
102
102
103 elif p.permission.permission_name.startswith('hg.fork.'):
104 p.permission = self.get_permission_by_name(
105 form_result['default_fork'])
106 self.sa.add(p)
107
103 _def_name = form_result['default_perm'].split('repository.')[-1]
108 _def_name = form_result['default_perm'].split('repository.')[-1]
104 #stage 2 update all default permissions for repos if checked
109 #stage 2 update all default permissions for repos if checked
105 if form_result['overwrite_default'] == True:
110 if form_result['overwrite_default'] == True:
Show file before | Show file after | Hide comments
@@ -25,7 +25,7 b''
25
25
26 import logging
26 import logging
27 import traceback
27 import traceback
28
28 import itertools
29 from pylons import url
29 from pylons import url
30 from pylons.i18n.translation import _
30 from pylons.i18n.translation import _
31
31
@@ -45,17 +45,7 b' from rhodecode.lib.exceptions import Def'
45
45
46 log = logging.getLogger(__name__)
46 log = logging.getLogger(__name__)
47
47
48
48 PERM_WEIGHTS = Permission.PERM_WEIGHTS
49 PERM_WEIGHTS = {
50 'repository.none': 0,
51 'repository.read': 1,
52 'repository.write': 3,
53 'repository.admin': 4,
54 'group.none': 0,
55 'group.read': 1,
56 'group.write': 3,
57 'group.admin': 4,
58 }
59
49
60
50
61 class UserModel(BaseModel):
51 class UserModel(BaseModel):
@@ -432,11 +422,11 b' class UserModel(BaseModel):'
432 return user
422 return user
433
423
434 #==================================================================
424 #==================================================================
435 # set default permissions first for repositories and groups
425 # SET DEFAULTS GLOBAL, REPOS, REPOS GROUPS
436 #==================================================================
426 #==================================================================
437 uid = user.user_id
427 uid = user.user_id
438
428
439 # default global permissions
429 # default global permissions taken fron the default user
440 default_global_perms = self.sa.query(UserToPerm)\
430 default_global_perms = self.sa.query(UserToPerm)\
441 .filter(UserToPerm.user_id == default_user_id)
431 .filter(UserToPerm.user_id == default_user_id)
442
432
@@ -464,25 +454,89 b' class UserModel(BaseModel):'
464 p = perm.Permission.permission_name
454 p = perm.Permission.permission_name
465 user.permissions[GK][rg_k] = p
455 user.permissions[GK][rg_k] = p
466
456
467 #==================================================================
457 #======================================================================
468 # overwrite defaults with user permissions if any found
458 # !! OVERRIDE GLOBALS !! with user permissions if any found
469 #==================================================================
459 #======================================================================
460 # those can be configured from groups or users explicitly
461 _configurable = set(['hg.fork.none', 'hg.fork.repository',
462 'hg.create.none', 'hg.create.repository'])
470
463
471 # user global permissions
464 # USER GROUPS comes first
465 # users group global permissions
466 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
467 .options(joinedload(UsersGroupToPerm.permission))\
468 .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
469 UsersGroupMember.users_group_id))\
470 .filter(UsersGroupMember.user_id == uid)\
471 .order_by(UsersGroupToPerm.users_group_id)\
472 .all()
473 #need to group here by groups since user can be in more than one group
474 _grouped = [[x, list(y)] for x, y in
475 itertools.groupby(user_perms_from_users_groups,
476 lambda x:x.users_group)]
477 for gr, perms in _grouped:
478 # since user can be in multiple groups iterate over them and
479 # select the lowest permissions first (more explicit)
480 ##TODO: do this^^
481 if not gr.inherit_default_permissions:
482 # NEED TO IGNORE all configurable permissions and
483 # replace them with explicitly set
484 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
485 .difference(_configurable)
486 for perm in perms:
487 user.permissions[GLOBAL].add(perm.permission.permission_name)
488
489 # user specific global permissions
472 user_perms = self.sa.query(UserToPerm)\
490 user_perms = self.sa.query(UserToPerm)\
473 .options(joinedload(UserToPerm.permission))\
491 .options(joinedload(UserToPerm.permission))\
474 .filter(UserToPerm.user_id == uid).all()
492 .filter(UserToPerm.user_id == uid).all()
475
493
476 for perm in user_perms:
494 if not user.inherit_default_permissions:
477 user.permissions[GLOBAL].add(perm.permission.permission_name)
495 # NEED TO IGNORE all configurable permissions and
496 # replace them with explicitly set
497 user.permissions[GLOBAL] = user.permissions[GLOBAL]\
498 .difference(_configurable)
499
500 for perm in user_perms:
501 user.permissions[GLOBAL].add(perm.permission.permission_name)
502
503 #======================================================================
504 # !! REPO PERMISSIONS !!
505 #======================================================================
506 #======================================================================
507 # check if user is part of user groups for this repository and
508 # fill in (or NOT replace with higher `or 1` permissions
509 #======================================================================
510 # users group for repositories permissions
511 user_repo_perms_from_users_groups = \
512 self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
513 .join((Repository, UsersGroupRepoToPerm.repository_id ==
514 Repository.repo_id))\
515 .join((Permission, UsersGroupRepoToPerm.permission_id ==
516 Permission.permission_id))\
517 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
518 UsersGroupMember.users_group_id))\
519 .filter(UsersGroupMember.user_id == uid)\
520 .all()
521
522 for perm in user_repo_perms_from_users_groups:
523 r_k = perm.UsersGroupRepoToPerm.repository.repo_name
524 p = perm.Permission.permission_name
525 cur_perm = user.permissions[RK][r_k]
526 # overwrite permission only if it's greater than permission
527 # given from other sources
528 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm] or 1: # disable check
529 user.permissions[RK][r_k] = p
478
530
479 # user explicit permissions for repositories
531 # user explicit permissions for repositories
480 user_repo_perms = \
532 user_repo_perms = \
481 self.sa.query(UserRepoToPerm, Permission, Repository)\
533 self.sa.query(UserRepoToPerm, Permission, Repository)\
482 .join((Repository, UserRepoToPerm.repository_id == Repository.repo_id))\
534 .join((Repository, UserRepoToPerm.repository_id ==
483 .join((Permission, UserRepoToPerm.permission_id == Permission.permission_id))\
535 Repository.repo_id))\
484 .filter(UserRepoToPerm.user_id == uid)\
536 .join((Permission, UserRepoToPerm.permission_id ==
485 .all()
537 Permission.permission_id))\
538 .filter(UserRepoToPerm.user_id == uid)\
539 .all()
486
540
487 for perm in user_repo_perms:
541 for perm in user_repo_perms:
488 # set admin if owner
542 # set admin if owner
@@ -493,40 +547,6 b' class UserModel(BaseModel):'
493 p = perm.Permission.permission_name
547 p = perm.Permission.permission_name
494 user.permissions[RK][r_k] = p
548 user.permissions[RK][r_k] = p
495
549
496 # USER GROUP
497 #==================================================================
498 # check if user is part of user groups for this repository and
499 # fill in (or replace with higher) permissions
500 #==================================================================
501
502 # users group global
503 user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
504 .options(joinedload(UsersGroupToPerm.permission))\
505 .join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
506 UsersGroupMember.users_group_id))\
507 .filter(UsersGroupMember.user_id == uid).all()
508
509 for perm in user_perms_from_users_groups:
510 user.permissions[GLOBAL].add(perm.permission.permission_name)
511
512 # users group for repositories permissions
513 user_repo_perms_from_users_groups = \
514 self.sa.query(UsersGroupRepoToPerm, Permission, Repository,)\
515 .join((Repository, UsersGroupRepoToPerm.repository_id == Repository.repo_id))\
516 .join((Permission, UsersGroupRepoToPerm.permission_id == Permission.permission_id))\
517 .join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id == UsersGroupMember.users_group_id))\
518 .filter(UsersGroupMember.user_id == uid)\
519 .all()
520
521 for perm in user_repo_perms_from_users_groups:
522 r_k = perm.UsersGroupRepoToPerm.repository.repo_name
523 p = perm.Permission.permission_name
524 cur_perm = user.permissions[RK][r_k]
525 # overwrite permission only if it's greater than permission
526 # given from other sources
527 if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
528 user.permissions[RK][r_k] = p
529
530 # REPO GROUP
550 # REPO GROUP
531 #==================================================================
551 #==================================================================
532 # get access for this user for repos group and override defaults
552 # get access for this user for repos group and override defaults
@@ -574,10 +594,7 b' class UserModel(BaseModel):'
574 return user
594 return user
575
595
576 def has_perm(self, user, perm):
596 def has_perm(self, user, perm):
577 if not isinstance(perm, Permission):
597 perm = self._get_perm(perm)
578 raise Exception('perm needs to be an instance of Permission class '
579 'got %s instead' % type(perm))
580
581 user = self._get_user(user)
598 user = self._get_user(user)
582
599
583 return UserToPerm.query().filter(UserToPerm.user == user)\
600 return UserToPerm.query().filter(UserToPerm.user == user)\
Show file before | Show file after | Hide comments
@@ -165,10 +165,8 b' class UsersGroupModel(BaseModel):'
165 .filter(UsersGroupToPerm.permission == perm).scalar() is not None
165 .filter(UsersGroupToPerm.permission == perm).scalar() is not None
166
166
167 def grant_perm(self, users_group, perm):
167 def grant_perm(self, users_group, perm):
168 if not isinstance(perm, Permission):
169 raise Exception('perm needs to be an instance of Permission class')
170
171 users_group = self.__get_users_group(users_group)
168 users_group = self.__get_users_group(users_group)
169 perm = self._get_perm(perm)
172
170
173 # if this permission is already granted skip it
171 # if this permission is already granted skip it
174 _perm = UsersGroupToPerm.query()\
172 _perm = UsersGroupToPerm.query()\
Show file before | Show file after | Hide comments
@@ -37,7 +37,7 b''
37 </div>
37 </div>
38 </div>
38 </div>
39 <div class="field">
39 <div class="field">
40 <div class="label label-select">
40 <div class="label">
41 <label for="default_perm">${_('Repository permission')}:</label>
41 <label for="default_perm">${_('Repository permission')}:</label>
42 </div>
42 </div>
43 <div class="select">
43 <div class="select">
@@ -66,7 +66,14 b''
66 ${h.select('default_create','',c.create_choices)}
66 ${h.select('default_create','',c.create_choices)}
67 </div>
67 </div>
68 </div>
68 </div>
69
69 <div class="field">
70 <div class="label">
71 <label for="default_fork">${_('Repository forking')}:</label>
72 </div>
73 <div class="select">
74 ${h.select('default_fork','',c.fork_choices)}
75 </div>
76 </div>
70 <div class="buttons">
77 <div class="buttons">
71 ${h.submit('set',_('set'),class_="ui-btn large")}
78 ${h.submit('set',_('set'),class_="ui-btn large")}
72 </div>
79 </div>
Show file before | Show file after | Hide comments
@@ -144,12 +144,32 b''
144 <div class="fields">
144 <div class="fields">
145 <div class="field">
145 <div class="field">
146 <div class="label label-checkbox">
146 <div class="label label-checkbox">
147 <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
148 </div>
149 <div class="checkboxes">
150 ${h.checkbox('inherit_default_permissions',value=True)}
151 </div>
152 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
153 'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
154 </div>
155 <div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" >
156 <div class="field">
157 <div class="label label-checkbox">
147 <label for="create_repo_perm">${_('Create repositories')}:</label>
158 <label for="create_repo_perm">${_('Create repositories')}:</label>
148 </div>
159 </div>
149 <div class="checkboxes">
160 <div class="checkboxes">
150 ${h.checkbox('create_repo_perm',value=True)}
161 ${h.checkbox('create_repo_perm',value=True)}
151 </div>
162 </div>
152 </div>
163 </div>
164 <div class="field">
165 <div class="label label-checkbox">
166 <label for="fork_repo_perm">${_('Fork repositories')}:</label>
167 </div>
168 <div class="checkboxes">
169 ${h.checkbox('fork_repo_perm',value=True)}
170 </div>
171 </div>
172 </div>
153 <div class="buttons">
173 <div class="buttons">
154 ${h.submit('save',_('Save'),class_="ui-btn large")}
174 ${h.submit('save',_('Save'),class_="ui-btn large")}
155 ${h.reset('reset',_('Reset'),class_="ui-btn large")}
175 ${h.reset('reset',_('Reset'),class_="ui-btn large")}
Show file before | Show file after | Hide comments
@@ -105,12 +105,32 b''
105 <div class="fields">
105 <div class="fields">
106 <div class="field">
106 <div class="field">
107 <div class="label label-checkbox">
107 <div class="label label-checkbox">
108 <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
109 </div>
110 <div class="checkboxes">
111 ${h.checkbox('inherit_default_permissions',value=True)}
112 </div>
113 <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
114 'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
115 </div>
116 <div id="inherit_overlay" style="${'opacity:0.3' if c.users_group.inherit_default_permissions else ''}" >
117 <div class="field">
118 <div class="label label-checkbox">
108 <label for="create_repo_perm">${_('Create repositories')}:</label>
119 <label for="create_repo_perm">${_('Create repositories')}:</label>
109 </div>
120 </div>
110 <div class="checkboxes">
121 <div class="checkboxes">
111 ${h.checkbox('create_repo_perm',value=True)}
122 ${h.checkbox('create_repo_perm',value=True)}
112 </div>
123 </div>
113 </div>
124 </div>
125 <div class="field">
126 <div class="label label-checkbox">
127 <label for="fork_repo_perm">${_('Fork repositories')}:</label>
128 </div>
129 <div class="checkboxes">
130 ${h.checkbox('fork_repo_perm',value=True)}
131 </div>
132 </div>
133 </div>
114 <div class="buttons">
134 <div class="buttons">
115 ${h.submit('save',_('Save'),class_="ui-btn large")}
135 ${h.submit('save',_('Save'),class_="ui-btn large")}
116 ${h.reset('reset',_('Reset'),class_="ui-btn large")}
136 ${h.reset('reset',_('Reset'),class_="ui-btn large")}
Show file before | Show file after | Hide comments
@@ -6,6 +6,7 b' from rhodecode.lib.auth import check_pas'
6 from rhodecode.model.user import UserModel
6 from rhodecode.model.user import UserModel
7 from rhodecode.model import validators
7 from rhodecode.model import validators
8 from rhodecode.lib import helpers as h
8 from rhodecode.lib import helpers as h
9 from rhodecode.model.meta import Session
9
10
10
11
11 class TestAdminUsersController(TestController):
12 class TestAdminUsersController(TestController):
@@ -172,45 +173,118 b' class TestAdminUsersController(TestContr'
172 perm_none = Permission.get_by_key('hg.create.none')
173 perm_none = Permission.get_by_key('hg.create.none')
173 perm_create = Permission.get_by_key('hg.create.repository')
174 perm_create = Permission.get_by_key('hg.create.repository')
174
175
175 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
176 user = UserModel().create_or_update(username='dummy', password='qwe',
177 email='dummy', firstname='a',
178 lastname='b')
179 Session().commit()
180 uid = user.user_id
176
181
177 #User should have None permission on creation repository
182 try:
178 self.assertEqual(UserModel().has_perm(user, perm_none), False)
183 #User should have None permission on creation repository
179 self.assertEqual(UserModel().has_perm(user, perm_create), False)
184 self.assertEqual(UserModel().has_perm(user, perm_none), False)
185 self.assertEqual(UserModel().has_perm(user, perm_create), False)
180
186
181 response = self.app.post(url('user_perm', id=user.user_id),
187 response = self.app.post(url('user_perm', id=uid),
182 params=dict(_method='put',
188 params=dict(_method='put',
183 create_repo_perm=True))
189 create_repo_perm=True))
190
191 perm_none = Permission.get_by_key('hg.create.none')
192 perm_create = Permission.get_by_key('hg.create.repository')
184
193
185 perm_none = Permission.get_by_key('hg.create.none')
194 #User should have None permission on creation repository
186 perm_create = Permission.get_by_key('hg.create.repository')
195 self.assertEqual(UserModel().has_perm(uid, perm_none), False)
187
196 self.assertEqual(UserModel().has_perm(uid, perm_create), True)
188 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
197 finally:
189 #User should have None permission on creation repository
198 UserModel().delete(uid)
190 self.assertEqual(UserModel().has_perm(user, perm_none), False)
199 Session().commit()
191 self.assertEqual(UserModel().has_perm(user, perm_create), True)
192
200
193 def test_revoke_perm_create_repo(self):
201 def test_revoke_perm_create_repo(self):
194 self.log_user()
202 self.log_user()
195 perm_none = Permission.get_by_key('hg.create.none')
203 perm_none = Permission.get_by_key('hg.create.none')
196 perm_create = Permission.get_by_key('hg.create.repository')
204 perm_create = Permission.get_by_key('hg.create.repository')
197
205
198 user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)
206 user = UserModel().create_or_update(username='dummy', password='qwe',
207 email='dummy', firstname='a',
208 lastname='b')
209 Session().commit()
210 uid = user.user_id
211
212 try:
213 #User should have None permission on creation repository
214 self.assertEqual(UserModel().has_perm(user, perm_none), False)
215 self.assertEqual(UserModel().has_perm(user, perm_create), False)
216
217 response = self.app.post(url('user_perm', id=uid),
218 params=dict(_method='put'))
219
220 perm_none = Permission.get_by_key('hg.create.none')
221 perm_create = Permission.get_by_key('hg.create.repository')
199
222
200 #User should have None permission on creation repository
223 #User should have None permission on creation repository
201 self.assertEqual(UserModel().has_perm(user, perm_none), False)
224 self.assertEqual(UserModel().has_perm(uid, perm_none), True)
202 self.assertEqual(UserModel().has_perm(user, perm_create), False)
225 self.assertEqual(UserModel().has_perm(uid, perm_create), False)
226 finally:
227 UserModel().delete(uid)
228 Session().commit()
229
230 def test_add_perm_fork_repo(self):
231 self.log_user()
232 perm_none = Permission.get_by_key('hg.fork.none')
233 perm_fork = Permission.get_by_key('hg.fork.repository')
234
235 user = UserModel().create_or_update(username='dummy', password='qwe',
236 email='dummy', firstname='a',
237 lastname='b')
238 Session().commit()
239 uid = user.user_id
240
241 try:
242 #User should have None permission on creation repository
243 self.assertEqual(UserModel().has_perm(user, perm_none), False)
244 self.assertEqual(UserModel().has_perm(user, perm_fork), False)
203
245
204 response = self.app.post(url('user_perm', id=user.user_id),
246 response = self.app.post(url('user_perm', id=uid),
205 params=dict(_method='put'))
247 params=dict(_method='put',
248 create_repo_perm=True))
249
250 perm_none = Permission.get_by_key('hg.create.none')
251 perm_create = Permission.get_by_key('hg.create.repository')
252
253 #User should have None permission on creation repository
254 self.assertEqual(UserModel().has_perm(uid, perm_none), False)
255 self.assertEqual(UserModel().has_perm(uid, perm_create), True)
256 finally:
257 UserModel().delete(uid)
258 Session().commit()
259
260 def test_revoke_perm_fork_repo(self):
261 self.log_user()
262 perm_none = Permission.get_by_key('hg.fork.none')
263 perm_fork = Permission.get_by_key('hg.fork.repository')
206
264
207 perm_none = Permission.get_by_key('hg.create.none')
265 user = UserModel().create_or_update(username='dummy', password='qwe',
208 perm_create = Permission.get_by_key('hg.create.repository')
266 email='dummy', firstname='a',
267 lastname='b')
268 Session().commit()
269 uid = user.user_id
270
271 try:
272 #User should have None permission on creation repository
273 self.assertEqual(UserModel().has_perm(user, perm_none), False)
274 self.assertEqual(UserModel().has_perm(user, perm_fork), False)
209
275
210 user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)
276 response = self.app.post(url('user_perm', id=uid),
211 #User should have None permission on creation repository
277 params=dict(_method='put'))
212 self.assertEqual(UserModel().has_perm(user, perm_none), True)
278
213 self.assertEqual(UserModel().has_perm(user, perm_create), False)
279 perm_none = Permission.get_by_key('hg.create.none')
280 perm_create = Permission.get_by_key('hg.create.repository')
281
282 #User should have None permission on creation repository
283 self.assertEqual(UserModel().has_perm(uid, perm_none), True)
284 self.assertEqual(UserModel().has_perm(uid, perm_create), False)
285 finally:
286 UserModel().delete(uid)
287 Session().commit()
214
288
215 def test_edit_as_xml(self):
289 def test_edit_as_xml(self):
216 response = self.app.get(url('formatted_edit_user', id=1, format='xml'))
290 response = self.app.get(url('formatted_edit_user', id=1, format='xml'))
Show file before | Show file after | Hide comments
@@ -65,27 +65,48 b' class TestAdminUsersGroupsController(Tes'
65 users_group_name = TEST_USERS_GROUP + 'another2'
65 users_group_name = TEST_USERS_GROUP + 'another2'
66 response = self.app.post(url('users_groups'),
66 response = self.app.post(url('users_groups'),
67 {'users_group_name': users_group_name,
67 {'users_group_name': users_group_name,
68 'active':True})
68 'active': True})
69 response.follow()
69 response.follow()
70
70
71 ug = UsersGroup.get_by_group_name(users_group_name)
71 ug = UsersGroup.get_by_group_name(users_group_name)
72 self.checkSessionFlash(response,
72 self.checkSessionFlash(response,
73 'created users group %s' % users_group_name)
73 'created users group %s' % users_group_name)
74
74 ## ENABLE REPO CREATE ON A GROUP
75 response = self.app.put(url('users_group_perm', id=ug.users_group_id),
75 response = self.app.put(url('users_group_perm', id=ug.users_group_id),
76 {'create_repo_perm': True})
76 {'create_repo_perm': True})
77
77
78 response.follow()
78 response.follow()
79 ug = UsersGroup.get_by_group_name(users_group_name)
79 ug = UsersGroup.get_by_group_name(users_group_name)
80 p = Permission.get_by_key('hg.create.repository')
80 p = Permission.get_by_key('hg.create.repository')
81 # check if user has this perm
81 p2 = Permission.get_by_key('hg.fork.none')
82 # check if user has this perms, they should be here since
83 # defaults are on
82 perms = UsersGroupToPerm.query()\
84 perms = UsersGroupToPerm.query()\
83 .filter(UsersGroupToPerm.users_group == ug).all()
85 .filter(UsersGroupToPerm.users_group == ug).all()
84 perms = [[x.__dict__['users_group_id'],
86
85 x.__dict__['permission_id'],] for x in perms]
86 self.assertEqual(
87 self.assertEqual(
87 perms,
88 [[x.users_group_id, x.permission_id, ] for x in perms],
88 [[ug.users_group_id, p.permission_id]]
89 [[ug.users_group_id, p.permission_id],
90 [ug.users_group_id, p2.permission_id]]
91 )
92
93 ## DISABLE REPO CREATE ON A GROUP
94 response = self.app.put(url('users_group_perm', id=ug.users_group_id),
95 {})
96
97 response.follow()
98 ug = UsersGroup.get_by_group_name(users_group_name)
99 p = Permission.get_by_key('hg.create.none')
100 p2 = Permission.get_by_key('hg.fork.none')
101 # check if user has this perms, they should be here since
102 # defaults are on
103 perms = UsersGroupToPerm.query()\
104 .filter(UsersGroupToPerm.users_group == ug).all()
105
106 self.assertEqual(
107 [[x.users_group_id, x.permission_id, ] for x in perms],
108 [[ug.users_group_id, p.permission_id],
109 [ug.users_group_id, p2.permission_id]]
89 )
110 )
90
111
91 # DELETE !
112 # DELETE !
@@ -101,8 +122,77 b' class TestAdminUsersGroupsController(Tes'
101 p = Permission.get_by_key('hg.create.repository')
122 p = Permission.get_by_key('hg.create.repository')
102 perms = UsersGroupToPerm.query()\
123 perms = UsersGroupToPerm.query()\
103 .filter(UsersGroupToPerm.users_group_id == ugid).all()
124 .filter(UsersGroupToPerm.users_group_id == ugid).all()
104 perms = [[x.__dict__['users_group_id'],
125 perms = [[x.users_group_id,
105 x.__dict__['permission_id'],] for x in perms]
126 x.permission_id, ] for x in perms]
127 self.assertEqual(
128 perms,
129 []
130 )
131
132 def test_enable_repository_fork_on_group(self):
133 self.log_user()
134 users_group_name = TEST_USERS_GROUP + 'another2'
135 response = self.app.post(url('users_groups'),
136 {'users_group_name': users_group_name,
137 'active': True})
138 response.follow()
139
140 ug = UsersGroup.get_by_group_name(users_group_name)
141 self.checkSessionFlash(response,
142 'created users group %s' % users_group_name)
143 ## ENABLE REPO CREATE ON A GROUP
144 response = self.app.put(url('users_group_perm', id=ug.users_group_id),
145 {'fork_repo_perm': True})
146
147 response.follow()
148 ug = UsersGroup.get_by_group_name(users_group_name)
149 p = Permission.get_by_key('hg.create.none')
150 p2 = Permission.get_by_key('hg.fork.repository')
151 # check if user has this perms, they should be here since
152 # defaults are on
153 perms = UsersGroupToPerm.query()\
154 .filter(UsersGroupToPerm.users_group == ug).all()
155
156 self.assertEqual(
157 [[x.users_group_id, x.permission_id, ] for x in perms],
158 [[ug.users_group_id, p.permission_id],
159 [ug.users_group_id, p2.permission_id]]
160 )
161
162 ## DISABLE REPO CREATE ON A GROUP
163 response = self.app.put(url('users_group_perm', id=ug.users_group_id),
164 {})
165
166 response.follow()
167 ug = UsersGroup.get_by_group_name(users_group_name)
168 p = Permission.get_by_key('hg.create.none')
169 p2 = Permission.get_by_key('hg.fork.none')
170 # check if user has this perms, they should be here since
171 # defaults are on
172 perms = UsersGroupToPerm.query()\
173 .filter(UsersGroupToPerm.users_group == ug).all()
174
175 self.assertEqual(
176 [[x.users_group_id, x.permission_id, ] for x in perms],
177 [[ug.users_group_id, p.permission_id],
178 [ug.users_group_id, p2.permission_id]]
179 )
180
181 # DELETE !
182 ug = UsersGroup.get_by_group_name(users_group_name)
183 ugid = ug.users_group_id
184 response = self.app.delete(url('users_group', id=ug.users_group_id))
185 response = response.follow()
186 gr = self.Session.query(UsersGroup)\
187 .filter(UsersGroup.users_group_name ==
188 users_group_name).scalar()
189
190 self.assertEqual(gr, None)
191 p = Permission.get_by_key('hg.fork.repository')
192 perms = UsersGroupToPerm.query()\
193 .filter(UsersGroupToPerm.users_group_id == ugid).all()
194 perms = [[x.users_group_id,
195 x.permission_id, ] for x in perms]
106 self.assertEqual(
196 self.assertEqual(
107 perms,
197 perms,
108 []
198 []
Show file before | Show file after | Hide comments
@@ -3,6 +3,7 b' from rhodecode.tests import *'
3 from rhodecode.model.db import Repository
3 from rhodecode.model.db import Repository
4 from rhodecode.model.repo import RepoModel
4 from rhodecode.model.repo import RepoModel
5 from rhodecode.model.user import UserModel
5 from rhodecode.model.user import UserModel
6 from rhodecode.model.meta import Session
6
7
7
8
8 class TestForksController(TestController):
9 class TestForksController(TestController):
@@ -14,11 +15,11 b' class TestForksController(TestController'
14 username=self.username, password=self.password,
15 username=self.username, password=self.password,
15 email=u'fork_king@rhodecode.org', firstname=u'u1', lastname=u'u1'
16 email=u'fork_king@rhodecode.org', firstname=u'u1', lastname=u'u1'
16 )
17 )
17 self.Session.commit()
18 Session().commit()
18
19
19 def tearDown(self):
20 def tearDown(self):
20 self.Session.delete(self.u1)
21 Session().delete(self.u1)
21 self.Session.commit()
22 Session().commit()
22
23
23 def test_index(self):
24 def test_index(self):
24 self.log_user()
25 self.log_user()
@@ -28,6 +29,20 b' class TestForksController(TestController'
28
29
29 self.assertTrue("""There are no forks yet""" in response.body)
30 self.assertTrue("""There are no forks yet""" in response.body)
30
31
32 def test_no_permissions_to_fork(self):
33 usr = self.log_user(TEST_USER_REGULAR_LOGIN,
34 TEST_USER_REGULAR_PASS)['user_id']
35 user_model = UserModel()
36 user_model.revoke_perm(usr, 'hg.fork.repository')
37 user_model.grant_perm(usr, 'hg.fork.none')
38 u = UserModel().get(usr)
39 u.inherit_default_permissions = False
40 Session().commit()
41 # try create a fork
42 repo_name = HG_REPO
43 self.app.post(url(controller='forks', action='fork_create',
44 repo_name=repo_name), {}, status=403)
45
31 def test_index_with_fork_hg(self):
46 def test_index_with_fork_hg(self):
32 self.log_user()
47 self.log_user()
33
48
@@ -107,7 +122,7 b' class TestForksController(TestController'
107 'forked %s repository as %s' % (repo_name, fork_name))
122 'forked %s repository as %s' % (repo_name, fork_name))
108
123
109 #test if the fork was created in the database
124 #test if the fork was created in the database
110 fork_repo = self.Session.query(Repository)\
125 fork_repo = Session().query(Repository)\
111 .filter(Repository.repo_name == fork_name).one()
126 .filter(Repository.repo_name == fork_name).one()
112
127
113 self.assertEqual(fork_repo.repo_name, fork_name)
128 self.assertEqual(fork_repo.repo_name, fork_name)
@@ -125,7 +140,7 b' class TestForksController(TestController'
125 usr = self.log_user(self.username, self.password)['user_id']
140 usr = self.log_user(self.username, self.password)['user_id']
126 repo_name = HG_REPO
141 repo_name = HG_REPO
127
142
128 forks = self.Session.query(Repository)\
143 forks = Session().query(Repository)\
129 .filter(Repository.fork_id != None)\
144 .filter(Repository.fork_id != None)\
130 .all()
145 .all()
131 self.assertEqual(1, len(forks))
146 self.assertEqual(1, len(forks))
@@ -134,7 +149,7 b' class TestForksController(TestController'
134 RepoModel().grant_user_permission(repo=forks[0],
149 RepoModel().grant_user_permission(repo=forks[0],
135 user=usr,
150 user=usr,
136 perm='repository.read')
151 perm='repository.read')
137 self.Session.commit()
152 Session().commit()
138
153
139 response = self.app.get(url(controller='forks', action='forks',
154 response = self.app.get(url(controller='forks', action='forks',
140 repo_name=repo_name))
155 repo_name=repo_name))
@@ -145,7 +160,7 b' class TestForksController(TestController'
145 usr = self.log_user(self.username, self.password)['user_id']
160 usr = self.log_user(self.username, self.password)['user_id']
146 repo_name = HG_REPO
161 repo_name = HG_REPO
147
162
148 forks = self.Session.query(Repository)\
163 forks = Session().query(Repository)\
149 .filter(Repository.fork_id != None)\
164 .filter(Repository.fork_id != None)\
150 .all()
165 .all()
151 self.assertEqual(1, len(forks))
166 self.assertEqual(1, len(forks))
@@ -153,7 +168,7 b' class TestForksController(TestController'
153 # set none
168 # set none
154 RepoModel().grant_user_permission(repo=forks[0],
169 RepoModel().grant_user_permission(repo=forks[0],
155 user=usr, perm='repository.none')
170 user=usr, perm='repository.none')
156 self.Session.commit()
171 Session().commit()
157 # fork shouldn't be there
172 # fork shouldn't be there
158 response = self.app.get(url(controller='forks', action='forks',
173 response = self.app.get(url(controller='forks', action='forks',
159 repo_name=repo_name))
174 repo_name=repo_name))
Show file before | Show file after | Hide comments
@@ -36,6 +36,10 b' class TestPermissions(unittest.TestCase)'
36 username=u'u2', password=u'qweqwe',
36 username=u'u2', password=u'qweqwe',
37 email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'
37 email=u'u2@rhodecode.org', firstname=u'u2', lastname=u'u2'
38 )
38 )
39 self.u3 = UserModel().create_or_update(
40 username=u'u3', password=u'qweqwe',
41 email=u'u3@rhodecode.org', firstname=u'u3', lastname=u'u3'
42 )
39 self.anon = User.get_by_username('default')
43 self.anon = User.get_by_username('default')
40 self.a1 = UserModel().create_or_update(
44 self.a1 = UserModel().create_or_update(
41 username=u'a1', password=u'qweqwe',
45 username=u'a1', password=u'qweqwe',
@@ -48,6 +52,7 b' class TestPermissions(unittest.TestCase)'
48 RepoModel().delete(repo=self.test_repo)
52 RepoModel().delete(repo=self.test_repo)
49 UserModel().delete(self.u1)
53 UserModel().delete(self.u1)
50 UserModel().delete(self.u2)
54 UserModel().delete(self.u2)
55 UserModel().delete(self.u3)
51 UserModel().delete(self.a1)
56 UserModel().delete(self.a1)
52 if hasattr(self, 'g1'):
57 if hasattr(self, 'g1'):
53 ReposGroupModel().delete(self.g1.group_id)
58 ReposGroupModel().delete(self.g1.group_id)
@@ -126,10 +131,11 b' class TestPermissions(unittest.TestCase)'
126 self.assertEqual(a1_auth.permissions['repositories_groups'],
131 self.assertEqual(a1_auth.permissions['repositories_groups'],
127 perms['repositories_groups'])
132 perms['repositories_groups'])
128
133
129 def test_propagated_permission_from_users_group(self):
134 def test_propagated_permission_from_users_group_by_explicit_perms_exist(self):
130 # make group
135 # make group
131 self.ug1 = UsersGroupModel().create('G1')
136 self.ug1 = UsersGroupModel().create('G1')
132 # add user to group
137 # add user to group
138
133 UsersGroupModel().add_user_to_group(self.ug1, self.u1)
139 UsersGroupModel().add_user_to_group(self.ug1, self.u1)
134
140
135 # set permission to lower
141 # set permission to lower
@@ -140,11 +146,12 b' class TestPermissions(unittest.TestCase)'
140 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
146 self.assertEqual(u1_auth.permissions['repositories'][HG_REPO],
141 new_perm)
147 new_perm)
142
148
143 # grant perm for group this should override permission from user
149 # grant perm for group this should not override permission from user
144 new_perm = 'repository.write'
150 # since it has explicitly set
151 new_perm_gr = 'repository.write'
145 RepoModel().grant_users_group_permission(repo=HG_REPO,
152 RepoModel().grant_users_group_permission(repo=HG_REPO,
146 group_name=self.ug1,
153 group_name=self.ug1,
147 perm=new_perm)
154 perm=new_perm_gr)
148 # check perms
155 # check perms
149 u1_auth = AuthUser(user_id=self.u1.user_id)
156 u1_auth = AuthUser(user_id=self.u1.user_id)
150 perms = {
157 perms = {
@@ -158,6 +165,31 b' class TestPermissions(unittest.TestCase)'
158 self.assertEqual(u1_auth.permissions['repositories_groups'],
165 self.assertEqual(u1_auth.permissions['repositories_groups'],
159 perms['repositories_groups'])
166 perms['repositories_groups'])
160
167
168 def test_propagated_permission_from_users_group(self):
169 # make group
170 self.ug1 = UsersGroupModel().create('G1')
171 # add user to group
172
173 UsersGroupModel().add_user_to_group(self.ug1, self.u3)
174
175 # grant perm for group this should override default permission from user
176 new_perm_gr = 'repository.write'
177 RepoModel().grant_users_group_permission(repo=HG_REPO,
178 group_name=self.ug1,
179 perm=new_perm_gr)
180 # check perms
181 u3_auth = AuthUser(user_id=self.u3.user_id)
182 perms = {
183 'repositories_groups': {},
184 'global': set([u'hg.create.repository', u'repository.read',
185 u'hg.register.manual_activate']),
186 'repositories': {u'vcs_test_hg': u'repository.read'}
187 }
188 self.assertEqual(u3_auth.permissions['repositories'][HG_REPO],
189 new_perm_gr)
190 self.assertEqual(u3_auth.permissions['repositories_groups'],
191 perms['repositories_groups'])
192
161 def test_propagated_permission_from_users_group_lower_weight(self):
193 def test_propagated_permission_from_users_group_lower_weight(self):
162 # make group
194 # make group
163 self.ug1 = UsersGroupModel().create('G1')
195 self.ug1 = UsersGroupModel().create('G1')
@@ -315,3 +347,92 b' class TestPermissions(unittest.TestCase)'
315 u1_auth = AuthUser(user_id=self.u1.user_id)
347 u1_auth = AuthUser(user_id=self.u1.user_id)
316 self.assertEqual(u1_auth.permissions['repositories_groups'],
348 self.assertEqual(u1_auth.permissions['repositories_groups'],
317 {u'group1': u'group.read'})
349 {u'group1': u'group.read'})
350
351 def test_inherited_permissions_from_default_on_user_enabled(self):
352 user_model = UserModel()
353 # enable fork and create on default user
354 usr = 'default'
355 user_model.revoke_perm(usr, 'hg.create.none')
356 user_model.grant_perm(usr, 'hg.create.repository')
357 user_model.revoke_perm(usr, 'hg.fork.none')
358 user_model.grant_perm(usr, 'hg.fork.repository')
359 # make sure inherit flag is turned on
360 self.u1.inherit_default_permissions = True
361 Session().commit()
362 u1_auth = AuthUser(user_id=self.u1.user_id)
363 # this user will have inherited permissions from default user
364 self.assertEqual(u1_auth.permissions['global'],
365 set(['hg.create.repository', 'hg.fork.repository',
366 'hg.register.manual_activate',
367 'repository.read']))
368
369 def test_inherited_permissions_from_default_on_user_disabled(self):
370 user_model = UserModel()
371 # disable fork and create on default user
372 usr = 'default'
373 user_model.revoke_perm(usr, 'hg.create.repository')
374 user_model.grant_perm(usr, 'hg.create.none')
375 user_model.revoke_perm(usr, 'hg.fork.repository')
376 user_model.grant_perm(usr, 'hg.fork.none')
377 # make sure inherit flag is turned on
378 self.u1.inherit_default_permissions = True
379 Session().commit()
380 u1_auth = AuthUser(user_id=self.u1.user_id)
381 # this user will have inherited permissions from default user
382 self.assertEqual(u1_auth.permissions['global'],
383 set(['hg.create.none', 'hg.fork.none',
384 'hg.register.manual_activate',
385 'repository.read']))
386
387 def test_non_inherited_permissions_from_default_on_user_enabled(self):
388 user_model = UserModel()
389 # enable fork and create on default user
390 usr = 'default'
391 user_model.revoke_perm(usr, 'hg.create.none')
392 user_model.grant_perm(usr, 'hg.create.repository')
393 user_model.revoke_perm(usr, 'hg.fork.none')
394 user_model.grant_perm(usr, 'hg.fork.repository')
395
396 #disable global perms on specific user
397 user_model.revoke_perm(self.u1, 'hg.create.repository')
398 user_model.grant_perm(self.u1, 'hg.create.none')
399 user_model.revoke_perm(self.u1, 'hg.fork.repository')
400 user_model.grant_perm(self.u1, 'hg.fork.none')
401
402 # make sure inherit flag is turned off
403 self.u1.inherit_default_permissions = False
404 Session().commit()
405 u1_auth = AuthUser(user_id=self.u1.user_id)
406 # this user will have non inherited permissions from he's
407 # explicitly set permissions
408 self.assertEqual(u1_auth.permissions['global'],
409 set(['hg.create.none', 'hg.fork.none',
410 'hg.register.manual_activate',
411 'repository.read']))
412
413 def test_non_inherited_permissions_from_default_on_user_disabled(self):
414 user_model = UserModel()
415 # disable fork and create on default user
416 usr = 'default'
417 user_model.revoke_perm(usr, 'hg.create.repository')
418 user_model.grant_perm(usr, 'hg.create.none')
419 user_model.revoke_perm(usr, 'hg.fork.repository')
420 user_model.grant_perm(usr, 'hg.fork.none')
421
422 #enable global perms on specific user
423 user_model.revoke_perm(self.u1, 'hg.create.none')
424 user_model.grant_perm(self.u1, 'hg.create.repository')
425 user_model.revoke_perm(self.u1, 'hg.fork.none')
426 user_model.grant_perm(self.u1, 'hg.fork.repository')
427
428 # make sure inherit flag is turned off
429 self.u1.inherit_default_permissions = False
430 Session().commit()
431 u1_auth = AuthUser(user_id=self.u1.user_id)
432 # this user will have non inherited permissions from he's
433 # explicitly set permissions
434 self.assertEqual(u1_auth.permissions['global'],
435 set(['hg.create.repository', 'hg.fork.repository',
436 'hg.register.manual_activate',
437 'repository.read']))
438
General Comments 0
You need to be logged in to leave comments. Login now