##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

UserGroup on UserGroup permissions implementation....
marcink -
r3788:d9b89874 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -33,7 +33,8 b' from pylons.controllers.util import abor'
33 from pylons.i18n.translation import _
33 from pylons.i18n.translation import _
34
34
35 from rhodecode.lib import helpers as h
35 from rhodecode.lib import helpers as h
36 from rhodecode.lib.exceptions import UserGroupsAssignedException
36 from rhodecode.lib.exceptions import UserGroupsAssignedException,\
37 RepoGroupAssignmentError
37 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
38 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
38 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
39 HasUserGroupPermissionAnyDecorator, HasPermissionAnyDecorator
40 HasUserGroupPermissionAnyDecorator, HasPermissionAnyDecorator
@@ -94,10 +95,7 b' class UsersGroupsController(BaseControll'
94 key=lambda u: u[1].lower())
95 key=lambda u: u[1].lower())
95 repo_model = RepoModel()
96 repo_model = RepoModel()
96 c.users_array = repo_model.get_users_js()
97 c.users_array = repo_model.get_users_js()
97
98 c.users_groups_array = repo_model.get_users_groups_js()
98 # commented out due to not now supporting assignment for user group
99 # on user group
100 c.users_groups_array = "[]" # repo_model.get_users_groups_js()
101 c.available_permissions = config['available_permissions']
99 c.available_permissions = config['available_permissions']
102
100
103 def __load_defaults(self, user_group_id):
101 def __load_defaults(self, user_group_id):
@@ -125,6 +123,10 b' class UsersGroupsController(BaseControll'
125 data.update({'u_perm_%s' % p.user.username:
123 data.update({'u_perm_%s' % p.user.username:
126 p.permission.permission_name})
124 p.permission.permission_name})
127
125
126 for p in user_group.user_group_user_group_to_perm:
127 data.update({'g_perm_%s' % p.user_group.users_group_name:
128 p.permission.permission_name})
129
128 return data
130 return data
129
131
130 def index(self, format='html'):
132 def index(self, format='html'):
@@ -261,8 +263,12 b' class UsersGroupsController(BaseControll'
261 form = UserGroupPermsForm()().to_python(request.POST)
263 form = UserGroupPermsForm()().to_python(request.POST)
262
264
263 # set the permissions !
265 # set the permissions !
264 UserGroupModel()._update_permissions(user_group, form['perms_new'],
266 try:
265 form['perms_updates'])
267 UserGroupModel()._update_permissions(user_group, form['perms_new'],
268 form['perms_updates'])
269 except RepoGroupAssignmentError:
270 h.flash(_('Target group cannot be the same'), category='error')
271 return redirect(url('edit_users_group', id=id))
266 #TODO: implement this
272 #TODO: implement this
267 #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
273 #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
268 # repo_name, self.ip_addr, self.sa)
274 # repo_name, self.ip_addr, self.sa)
@@ -294,7 +300,8 b' class UsersGroupsController(BaseControll'
294 UserGroupModel().revoke_user_permission(user_group=id,
300 UserGroupModel().revoke_user_permission(user_group=id,
295 user=obj_id)
301 user=obj_id)
296 elif obj_type == 'user_group':
302 elif obj_type == 'user_group':
297 pass
303 UserGroupModel().revoke_users_group_permission(target_user_group=id,
304 user_group=obj_id)
298 Session().commit()
305 Session().commit()
299 except Exception:
306 except Exception:
300 log.error(traceback.format_exc())
307 log.error(traceback.format_exc())
Show file before | Show file after | Hide comments
@@ -62,6 +62,10 b' class AttachedForksError(Exception):'
62 pass
62 pass
63
63
64
64
65 class RepoGroupAssignmentError(Exception):
66 pass
67
68
65 class HTTPLockedRC(HTTPClientError):
69 class HTTPLockedRC(HTTPClientError):
66 """
70 """
67 Special Exception For locked Repos in RhodeCode, the return code can
71 Special Exception For locked Repos in RhodeCode, the return code can
Show file before | Show file after | Hide comments
@@ -89,5 +89,6 b' class NodeAlreadyRemovedError(CommitErro'
89 class ImproperArchiveTypeError(VCSError):
89 class ImproperArchiveTypeError(VCSError):
90 pass
90 pass
91
91
92
92 class CommandError(VCSError):
93 class CommandError(VCSError):
93 pass
94 pass
Show file before | Show file after | Hide comments
@@ -639,6 +639,8 b' class UserGroup(Base, BaseModel):'
639 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
639 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
640 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
640 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
641 user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')
641 user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')
642 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
643
642 user = relationship('User')
644 user = relationship('User')
643
645
644 def __unicode__(self):
646 def __unicode__(self):
@@ -1617,24 +1619,24 b' class UserGroupRepoToPerm(Base, BaseMode'
1617 return n
1619 return n
1618
1620
1619 def __unicode__(self):
1621 def __unicode__(self):
1620 return u'<userGroup:%s => %s >' % (self.users_group, self.repository)
1622 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
1621
1623
1622
1624
1623 #TODO; not sure if this will be ever used
1624 class UserGroupUserGroupToPerm(Base, BaseModel):
1625 class UserGroupUserGroupToPerm(Base, BaseModel):
1625 __tablename__ = 'user_group_user_group_to_perm'
1626 __tablename__ = 'user_group_user_group_to_perm'
1626 __table_args__ = (
1627 __table_args__ = (
1627 UniqueConstraint('user_group_id', 'user_group_id', 'permission_id'),
1628 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
1629 CheckConstraint('target_user_group_id != user_group_id'),
1628 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1630 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1629 'mysql_charset': 'utf8'}
1631 'mysql_charset': 'utf8'}
1630 )
1632 )
1631 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1633 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1632 target_user_group_id = Column("target_users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1634 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1633 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
1635 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
1634 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1636 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1635
1637
1636 target_user_group = relationship('UserGroup', remote_side=target_user_group_id, primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
1638 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
1637 user_group = relationship('UserGroup', remote_side=user_group_id, primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
1639 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
1638 permission = relationship('Permission')
1640 permission = relationship('Permission')
1639
1641
1640 @classmethod
1642 @classmethod
@@ -1647,7 +1649,7 b' class UserGroupUserGroupToPerm(Base, Bas'
1647 return n
1649 return n
1648
1650
1649 def __unicode__(self):
1651 def __unicode__(self):
1650 return u'<UserGroup:%s => %s >' % (self.target_user_group, self.user_group)
1652 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
1651
1653
1652
1654
1653 class UserGroupToPerm(Base, BaseModel):
1655 class UserGroupToPerm(Base, BaseModel):
Show file before | Show file after | Hide comments
@@ -39,7 +39,7 b' from rhodecode.model import BaseModel'
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
42 UserEmailMap, UserIpMap
42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
43 from rhodecode.lib.exceptions import DefaultUserException, \
43 from rhodecode.lib.exceptions import DefaultUserException, \
44 UserOwnsReposException
44 UserOwnsReposException
45 from rhodecode.model.meta import Session
45 from rhodecode.model.meta import Session
@@ -570,7 +570,6 b' class UserModel(BaseModel):'
570 user.permissions[GLOBAL].add(perm.permission.permission_name)
570 user.permissions[GLOBAL].add(perm.permission.permission_name)
571 ## END GLOBAL PERMISSIONS
571 ## END GLOBAL PERMISSIONS
572
572
573
574 #======================================================================
573 #======================================================================
575 # !! PERMISSIONS FOR REPOSITORIES !!
574 # !! PERMISSIONS FOR REPOSITORIES !!
576 #======================================================================
575 #======================================================================
@@ -664,6 +663,28 b' class UserModel(BaseModel):'
664 #======================================================================
663 #======================================================================
665 # !! PERMISSIONS FOR USER GROUPS !!
664 # !! PERMISSIONS FOR USER GROUPS !!
666 #======================================================================
665 #======================================================================
666 # user group for user group permissions
667 user_group_user_groups_perms = \
668 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\
669 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
670 == UserGroup.users_group_id))\
671 .join((Permission, UserGroupUserGroupToPerm.permission_id
672 == Permission.permission_id))\
673 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
674 == UserGroupMember.users_group_id))\
675 .filter(UserGroupMember.user_id == uid)\
676 .all()
677
678 multiple_counter = collections.defaultdict(int)
679 for perm in user_group_user_groups_perms:
680 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
681 multiple_counter[g_k] += 1
682 p = perm.Permission.permission_name
683 cur_perm = user.permissions[UK][g_k]
684 if multiple_counter[g_k] > 1:
685 p = _choose_perm(p, cur_perm)
686 user.permissions[UK][g_k] = p
687
667 #user explicit permission for user groups
688 #user explicit permission for user groups
668 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
689 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
669 for perm in user_user_groups_perms:
690 for perm in user_user_groups_perms:
Show file before | Show file after | Hide comments
@@ -29,8 +29,10 b' import traceback'
29
29
30 from rhodecode.model import BaseModel
30 from rhodecode.model import BaseModel
31 from rhodecode.model.db import UserGroupMember, UserGroup,\
31 from rhodecode.model.db import UserGroupMember, UserGroup,\
32 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm
32 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\
33 from rhodecode.lib.exceptions import UserGroupsAssignedException
33 UserGroupUserGroupToPerm
34 from rhodecode.lib.exceptions import UserGroupsAssignedException,\
35 RepoGroupAssignmentError
34
36
35 log = logging.getLogger(__name__)
37 log = logging.getLogger(__name__)
36
38
@@ -75,7 +77,7 b' class UserGroupModel(BaseModel):'
75 )
77 )
76 else:
78 else:
77 self.grant_users_group_permission(
79 self.grant_users_group_permission(
78 user_group=user_group, group_name=member, perm=perm
80 target_user_group=user_group, user_group=member, perm=perm
79 )
81 )
80 # set new permissions
82 # set new permissions
81 for member, perm, member_type in perms_new:
83 for member, perm, member_type in perms_new:
@@ -85,7 +87,7 b' class UserGroupModel(BaseModel):'
85 )
87 )
86 else:
88 else:
87 self.grant_users_group_permission(
89 self.grant_users_group_permission(
88 user_group=user_group, group_name=member, perm=perm
90 target_user_group=user_group, user_group=member, perm=perm
89 )
91 )
90
92
91 def get(self, users_group_id, cache=False):
93 def get(self, users_group_id, cache=False):
@@ -292,8 +294,50 b' class UserGroupModel(BaseModel):'
292 self.sa.delete(obj)
294 self.sa.delete(obj)
293 log.debug('Revoked perm on %s on %s' % (user_group, user))
295 log.debug('Revoked perm on %s on %s' % (user_group, user))
294
296
295 def grant_users_group_permission(self, user_group, group_name, perm):
297 def grant_users_group_permission(self, target_user_group, user_group, perm):
296 raise NotImplementedError()
298 """
299 Grant user group permission for given target_user_group
300
301 :param target_user_group:
302 :param user_group:
303 :param perm:
304 """
305 target_user_group = self._get_user_group(target_user_group)
306 user_group = self._get_user_group(user_group)
307 permission = self._get_perm(perm)
308 # forbid assigning same user group to itself
309 if target_user_group == user_group:
310 raise RepoGroupAssignmentError('target repo:%s cannot be '
311 'assigned to itself' % target_user_group)
297
312
298 def revoke_users_group_permission(self, user_group, group_name):
313 # check if we have that permission already
299 raise NotImplementedError()
314 obj = self.sa.query(UserGroupUserGroupToPerm)\
315 .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
316 .filter(UserGroupUserGroupToPerm.user_group == user_group)\
317 .scalar()
318 if obj is None:
319 # create new !
320 obj = UserGroupUserGroupToPerm()
321 obj.user_group = user_group
322 obj.target_user_group = target_user_group
323 obj.permission = permission
324 self.sa.add(obj)
325 log.debug('Granted perm %s to %s on %s' % (perm, target_user_group, user_group))
326
327 def revoke_users_group_permission(self, target_user_group, user_group):
328 """
329 Revoke user group permission for given target_user_group
330
331 :param target_user_group:
332 :param user_group:
333 """
334 target_user_group = self._get_user_group(target_user_group)
335 user_group = self._get_user_group(user_group)
336
337 obj = self.sa.query(UserGroupUserGroupToPerm)\
338 .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
339 .filter(UserGroupUserGroupToPerm.user_group == user_group)\
340 .scalar()
341 if obj:
342 self.sa.delete(obj)
343 log.debug('Revoked perm on %s on %s' % (target_user_group, user_group))
Show file before | Show file after | Hide comments
@@ -57,7 +57,8 b''
57 </td>
57 </td>
58 </tr>
58 </tr>
59 %endfor
59 %endfor
60 <%
60
61 <%
61 _tmpl = h.literal("""' \
62 _tmpl = h.literal("""' \
62 <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
63 <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
63 <td><input type="radio" value="group.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
64 <td><input type="radio" value="group.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
Show file before | Show file after | Hide comments
@@ -40,6 +40,24 b''
40 </tr>
40 </tr>
41 %endfor
41 %endfor
42
42
43 ## USER GROUPS
44 %for g2p in c.users_group.user_group_user_group_to_perm:
45 <tr id="id${id(g2p.user_group.users_group_name)}">
46 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.none')}</td>
47 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.read')}</td>
48 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.write')}</td>
49 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.admin')}</td>
50 <td style="white-space: nowrap;">
51 <img class="perm-gravatar" src="${h.url('/images/icons/group.png')}"/>${g2p.user_group.users_group_name}
52 </td>
53 <td>
54 <span class="delete_icon action_button" onclick="ajaxActionRevoke(${g2p.user_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.user_group.users_group_name)}')">
55 ${_('revoke')}
56 </span>
57 </td>
58 </tr>
59 %endfor
60
43 <%
61 <%
44 _tmpl = h.literal("""' \
62 _tmpl = h.literal("""' \
45 <td><input type="radio" value="usergroup.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
63 <td><input type="radio" value="usergroup.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
General Comments 0
You need to be logged in to leave comments. Login now