Show More
| @@ -1,166 +1,165 | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | """ |
|
2 | """ | |
| 3 | rhodecode.controllers.admin.permissions |
|
3 | rhodecode.controllers.admin.permissions | |
| 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 5 |
|
5 | |||
| 6 | permissions controller for Rhodecode |
|
6 | permissions controller for Rhodecode | |
| 7 |
|
7 | |||
| 8 | :created_on: Apr 27, 2010 |
|
8 | :created_on: Apr 27, 2010 | |
| 9 | :author: marcink |
|
9 | :author: marcink | |
| 10 | :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com> | |
| 11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
| 12 | """ |
|
12 | """ | |
| 13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
| 14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
| 15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
| 16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
| 17 | # |
|
17 | # | |
| 18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
| 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
| 22 | # |
|
22 | # | |
| 23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
| 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 25 |
|
25 | |||
| 26 | from formencode import htmlfill |
|
26 | from formencode import htmlfill | |
| 27 | from pylons import request, session, tmpl_context as c, url |
|
27 | from pylons import request, session, tmpl_context as c, url | |
| 28 | from pylons.controllers.util import abort, redirect |
|
28 | from pylons.controllers.util import abort, redirect | |
| 29 | from pylons.i18n.translation import _ |
|
29 | from pylons.i18n.translation import _ | |
| 30 | from rhodecode.lib import helpers as h |
|
30 | from rhodecode.lib import helpers as h | |
| 31 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator |
|
31 | from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator | |
| 32 | from rhodecode.lib.auth_ldap import LdapImportError |
|
|||
| 33 | from rhodecode.lib.base import BaseController, render |
|
32 | from rhodecode.lib.base import BaseController, render | |
| 34 | from rhodecode.model.forms import LdapSettingsForm, DefaultPermissionsForm |
|
33 | from rhodecode.model.forms import LdapSettingsForm, DefaultPermissionsForm | |
| 35 | from rhodecode.model.permission import PermissionModel |
|
34 | from rhodecode.model.permission import PermissionModel | |
| 36 | from rhodecode.model.user import UserModel |
|
35 | from rhodecode.model.user import UserModel | |
| 37 | import formencode |
|
36 | import formencode | |
| 38 | import logging |
|
37 | import logging | |
| 39 | import traceback |
|
38 | import traceback | |
| 40 |
|
39 | |||
| 41 | log = logging.getLogger(__name__) |
|
40 | log = logging.getLogger(__name__) | |
| 42 |
|
41 | |||
| 43 |
|
42 | |||
| 44 | class PermissionsController(BaseController): |
|
43 | class PermissionsController(BaseController): | |
| 45 | """REST Controller styled on the Atom Publishing Protocol""" |
|
44 | """REST Controller styled on the Atom Publishing Protocol""" | |
| 46 | # To properly map this controller, ensure your config/routing.py |
|
45 | # To properly map this controller, ensure your config/routing.py | |
| 47 | # file has a resource setup: |
|
46 | # file has a resource setup: | |
| 48 | # map.resource('permission', 'permissions') |
|
47 | # map.resource('permission', 'permissions') | |
| 49 |
|
48 | |||
| 50 | @LoginRequired() |
|
49 | @LoginRequired() | |
| 51 | @HasPermissionAllDecorator('hg.admin') |
|
50 | @HasPermissionAllDecorator('hg.admin') | |
| 52 | def __before__(self): |
|
51 | def __before__(self): | |
| 53 | c.admin_user = session.get('admin_user') |
|
52 | c.admin_user = session.get('admin_user') | |
| 54 | c.admin_username = session.get('admin_username') |
|
53 | c.admin_username = session.get('admin_username') | |
| 55 | super(PermissionsController, self).__before__() |
|
54 | super(PermissionsController, self).__before__() | |
| 56 |
|
55 | |||
| 57 | self.perms_choices = [('repository.none', _('None'),), |
|
56 | self.perms_choices = [('repository.none', _('None'),), | |
| 58 | ('repository.read', _('Read'),), |
|
57 | ('repository.read', _('Read'),), | |
| 59 | ('repository.write', _('Write'),), |
|
58 | ('repository.write', _('Write'),), | |
| 60 | ('repository.admin', _('Admin'),)] |
|
59 | ('repository.admin', _('Admin'),)] | |
| 61 | self.register_choices = [ |
|
60 | self.register_choices = [ | |
| 62 | ('hg.register.none', |
|
61 | ('hg.register.none', | |
| 63 | _('disabled')), |
|
62 | _('disabled')), | |
| 64 | ('hg.register.manual_activate', |
|
63 | ('hg.register.manual_activate', | |
| 65 | _('allowed with manual account activation')), |
|
64 | _('allowed with manual account activation')), | |
| 66 | ('hg.register.auto_activate', |
|
65 | ('hg.register.auto_activate', | |
| 67 | _('allowed with automatic account activation')), ] |
|
66 | _('allowed with automatic account activation')), ] | |
| 68 |
|
67 | |||
| 69 | self.create_choices = [('hg.create.none', _('Disabled')), |
|
68 | self.create_choices = [('hg.create.none', _('Disabled')), | |
| 70 | ('hg.create.repository', _('Enabled'))] |
|
69 | ('hg.create.repository', _('Enabled'))] | |
| 71 |
|
70 | |||
| 72 | def index(self, format='html'): |
|
71 | def index(self, format='html'): | |
| 73 | """GET /permissions: All items in the collection""" |
|
72 | """GET /permissions: All items in the collection""" | |
| 74 | # url('permissions') |
|
73 | # url('permissions') | |
| 75 |
|
74 | |||
| 76 | def create(self): |
|
75 | def create(self): | |
| 77 | """POST /permissions: Create a new item""" |
|
76 | """POST /permissions: Create a new item""" | |
| 78 | # url('permissions') |
|
77 | # url('permissions') | |
| 79 |
|
78 | |||
| 80 | def new(self, format='html'): |
|
79 | def new(self, format='html'): | |
| 81 | """GET /permissions/new: Form to create a new item""" |
|
80 | """GET /permissions/new: Form to create a new item""" | |
| 82 | # url('new_permission') |
|
81 | # url('new_permission') | |
| 83 |
|
82 | |||
| 84 | def update(self, id): |
|
83 | def update(self, id): | |
| 85 | """PUT /permissions/id: Update an existing item""" |
|
84 | """PUT /permissions/id: Update an existing item""" | |
| 86 | # Forms posted to this method should contain a hidden field: |
|
85 | # Forms posted to this method should contain a hidden field: | |
| 87 | # <input type="hidden" name="_method" value="PUT" /> |
|
86 | # <input type="hidden" name="_method" value="PUT" /> | |
| 88 | # Or using helpers: |
|
87 | # Or using helpers: | |
| 89 | # h.form(url('permission', id=ID), |
|
88 | # h.form(url('permission', id=ID), | |
| 90 | # method='put') |
|
89 | # method='put') | |
| 91 | # url('permission', id=ID) |
|
90 | # url('permission', id=ID) | |
| 92 |
|
91 | |||
| 93 | permission_model = PermissionModel() |
|
92 | permission_model = PermissionModel() | |
| 94 |
|
93 | |||
| 95 | _form = DefaultPermissionsForm([x[0] for x in self.perms_choices], |
|
94 | _form = DefaultPermissionsForm([x[0] for x in self.perms_choices], | |
| 96 | [x[0] for x in self.register_choices], |
|
95 | [x[0] for x in self.register_choices], | |
| 97 | [x[0] for x in self.create_choices])() |
|
96 | [x[0] for x in self.create_choices])() | |
| 98 |
|
97 | |||
| 99 | try: |
|
98 | try: | |
| 100 | form_result = _form.to_python(dict(request.POST)) |
|
99 | form_result = _form.to_python(dict(request.POST)) | |
| 101 | form_result.update({'perm_user_name': id}) |
|
100 | form_result.update({'perm_user_name': id}) | |
| 102 | permission_model.update(form_result) |
|
101 | permission_model.update(form_result) | |
| 103 | h.flash(_('Default permissions updated successfully'), |
|
102 | h.flash(_('Default permissions updated successfully'), | |
| 104 | category='success') |
|
103 | category='success') | |
| 105 |
|
104 | |||
| 106 | except formencode.Invalid, errors: |
|
105 | except formencode.Invalid, errors: | |
| 107 | c.perms_choices = self.perms_choices |
|
106 | c.perms_choices = self.perms_choices | |
| 108 | c.register_choices = self.register_choices |
|
107 | c.register_choices = self.register_choices | |
| 109 | c.create_choices = self.create_choices |
|
108 | c.create_choices = self.create_choices | |
| 110 | defaults = errors.value |
|
109 | defaults = errors.value | |
| 111 |
|
110 | |||
| 112 | return htmlfill.render( |
|
111 | return htmlfill.render( | |
| 113 | render('admin/permissions/permissions.html'), |
|
112 | render('admin/permissions/permissions.html'), | |
| 114 | defaults=defaults, |
|
113 | defaults=defaults, | |
| 115 | errors=errors.error_dict or {}, |
|
114 | errors=errors.error_dict or {}, | |
| 116 | prefix_error=False, |
|
115 | prefix_error=False, | |
| 117 | encoding="UTF-8") |
|
116 | encoding="UTF-8") | |
| 118 | except Exception: |
|
117 | except Exception: | |
| 119 | log.error(traceback.format_exc()) |
|
118 | log.error(traceback.format_exc()) | |
| 120 | h.flash(_('error occurred during update of permissions'), |
|
119 | h.flash(_('error occurred during update of permissions'), | |
| 121 | category='error') |
|
120 | category='error') | |
| 122 |
|
121 | |||
| 123 | return redirect(url('edit_permission', id=id)) |
|
122 | return redirect(url('edit_permission', id=id)) | |
| 124 |
|
123 | |||
| 125 | def delete(self, id): |
|
124 | def delete(self, id): | |
| 126 | """DELETE /permissions/id: Delete an existing item""" |
|
125 | """DELETE /permissions/id: Delete an existing item""" | |
| 127 | # Forms posted to this method should contain a hidden field: |
|
126 | # Forms posted to this method should contain a hidden field: | |
| 128 | # <input type="hidden" name="_method" value="DELETE" /> |
|
127 | # <input type="hidden" name="_method" value="DELETE" /> | |
| 129 | # Or using helpers: |
|
128 | # Or using helpers: | |
| 130 | # h.form(url('permission', id=ID), |
|
129 | # h.form(url('permission', id=ID), | |
| 131 | # method='delete') |
|
130 | # method='delete') | |
| 132 | # url('permission', id=ID) |
|
131 | # url('permission', id=ID) | |
| 133 |
|
132 | |||
| 134 | def show(self, id, format='html'): |
|
133 | def show(self, id, format='html'): | |
| 135 | """GET /permissions/id: Show a specific item""" |
|
134 | """GET /permissions/id: Show a specific item""" | |
| 136 | # url('permission', id=ID) |
|
135 | # url('permission', id=ID) | |
| 137 |
|
136 | |||
| 138 | def edit(self, id, format='html'): |
|
137 | def edit(self, id, format='html'): | |
| 139 | """GET /permissions/id/edit: Form to edit an existing item""" |
|
138 | """GET /permissions/id/edit: Form to edit an existing item""" | |
| 140 | #url('edit_permission', id=ID) |
|
139 | #url('edit_permission', id=ID) | |
| 141 | c.perms_choices = self.perms_choices |
|
140 | c.perms_choices = self.perms_choices | |
| 142 | c.register_choices = self.register_choices |
|
141 | c.register_choices = self.register_choices | |
| 143 | c.create_choices = self.create_choices |
|
142 | c.create_choices = self.create_choices | |
| 144 |
|
143 | |||
| 145 | if id == 'default': |
|
144 | if id == 'default': | |
| 146 | default_user = UserModel().get_by_username('default') |
|
145 | default_user = UserModel().get_by_username('default') | |
| 147 | defaults = {'_method': 'put', |
|
146 | defaults = {'_method': 'put', | |
| 148 | 'anonymous': default_user.active} |
|
147 | 'anonymous': default_user.active} | |
| 149 |
|
148 | |||
| 150 | for p in default_user.user_perms: |
|
149 | for p in default_user.user_perms: | |
| 151 | if p.permission.permission_name.startswith('repository.'): |
|
150 | if p.permission.permission_name.startswith('repository.'): | |
| 152 | defaults['default_perm'] = p.permission.permission_name |
|
151 | defaults['default_perm'] = p.permission.permission_name | |
| 153 |
|
152 | |||
| 154 | if p.permission.permission_name.startswith('hg.register.'): |
|
153 | if p.permission.permission_name.startswith('hg.register.'): | |
| 155 | defaults['default_register'] = p.permission.permission_name |
|
154 | defaults['default_register'] = p.permission.permission_name | |
| 156 |
|
155 | |||
| 157 | if p.permission.permission_name.startswith('hg.create.'): |
|
156 | if p.permission.permission_name.startswith('hg.create.'): | |
| 158 | defaults['default_create'] = p.permission.permission_name |
|
157 | defaults['default_create'] = p.permission.permission_name | |
| 159 |
|
158 | |||
| 160 | return htmlfill.render( |
|
159 | return htmlfill.render( | |
| 161 | render('admin/permissions/permissions.html'), |
|
160 | render('admin/permissions/permissions.html'), | |
| 162 | defaults=defaults, |
|
161 | defaults=defaults, | |
| 163 | encoding="UTF-8", |
|
162 | encoding="UTF-8", | |
| 164 | force_defaults=True,) |
|
163 | force_defaults=True,) | |
| 165 | else: |
|
164 | else: | |
| 166 | return redirect(url('admin_home')) |
|
165 | return redirect(url('admin_home')) | |
General Comments 0
You need to be logged in to leave comments.
Login now