##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

UserGroup on UserGroup permissions implementation....
marcink -
r3788:d9b89874 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -33,7 +33,8 b' from pylons.controllers.util import abor'
33 33 from pylons.i18n.translation import _
34 34
35 35 from rhodecode.lib import helpers as h
36 from rhodecode.lib.exceptions import UserGroupsAssignedException
36 from rhodecode.lib.exceptions import UserGroupsAssignedException,\
37 RepoGroupAssignmentError
37 38 from rhodecode.lib.utils2 import safe_unicode, str2bool, safe_int
38 39 from rhodecode.lib.auth import LoginRequired, HasPermissionAllDecorator,\
39 40 HasUserGroupPermissionAnyDecorator, HasPermissionAnyDecorator
@@ -94,10 +95,7 b' class UsersGroupsController(BaseControll'
94 95 key=lambda u: u[1].lower())
95 96 repo_model = RepoModel()
96 97 c.users_array = repo_model.get_users_js()
97
98 # commented out due to not now supporting assignment for user group
99 # on user group
100 c.users_groups_array = "[]" # repo_model.get_users_groups_js()
98 c.users_groups_array = repo_model.get_users_groups_js()
101 99 c.available_permissions = config['available_permissions']
102 100
103 101 def __load_defaults(self, user_group_id):
@@ -125,6 +123,10 b' class UsersGroupsController(BaseControll'
125 123 data.update({'u_perm_%s' % p.user.username:
126 124 p.permission.permission_name})
127 125
126 for p in user_group.user_group_user_group_to_perm:
127 data.update({'g_perm_%s' % p.user_group.users_group_name:
128 p.permission.permission_name})
129
128 130 return data
129 131
130 132 def index(self, format='html'):
@@ -261,8 +263,12 b' class UsersGroupsController(BaseControll'
261 263 form = UserGroupPermsForm()().to_python(request.POST)
262 264
263 265 # set the permissions !
264 UserGroupModel()._update_permissions(user_group, form['perms_new'],
265 form['perms_updates'])
266 try:
267 UserGroupModel()._update_permissions(user_group, form['perms_new'],
268 form['perms_updates'])
269 except RepoGroupAssignmentError:
270 h.flash(_('Target group cannot be the same'), category='error')
271 return redirect(url('edit_users_group', id=id))
266 272 #TODO: implement this
267 273 #action_logger(self.rhodecode_user, 'admin_changed_repo_permissions',
268 274 # repo_name, self.ip_addr, self.sa)
@@ -294,7 +300,8 b' class UsersGroupsController(BaseControll'
294 300 UserGroupModel().revoke_user_permission(user_group=id,
295 301 user=obj_id)
296 302 elif obj_type == 'user_group':
297 pass
303 UserGroupModel().revoke_users_group_permission(target_user_group=id,
304 user_group=obj_id)
298 305 Session().commit()
299 306 except Exception:
300 307 log.error(traceback.format_exc())
Show file before | Show file after | Hide comments
@@ -62,6 +62,10 b' class AttachedForksError(Exception):'
62 62 pass
63 63
64 64
65 class RepoGroupAssignmentError(Exception):
66 pass
67
68
65 69 class HTTPLockedRC(HTTPClientError):
66 70 """
67 71 Special Exception For locked Repos in RhodeCode, the return code can
Show file before | Show file after | Hide comments
@@ -89,5 +89,6 b' class NodeAlreadyRemovedError(CommitErro'
89 89 class ImproperArchiveTypeError(VCSError):
90 90 pass
91 91
92
92 93 class CommandError(VCSError):
93 94 pass
Show file before | Show file after | Hide comments
@@ -639,6 +639,8 b' class UserGroup(Base, BaseModel):'
639 639 users_group_repo_to_perm = relationship('UserGroupRepoToPerm', cascade='all')
640 640 users_group_repo_group_to_perm = relationship('UserGroupRepoGroupToPerm', cascade='all')
641 641 user_user_group_to_perm = relationship('UserUserGroupToPerm ', cascade='all')
642 user_group_user_group_to_perm = relationship('UserGroupUserGroupToPerm ', primaryjoin="UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id", cascade='all')
643
642 644 user = relationship('User')
643 645
644 646 def __unicode__(self):
@@ -1617,24 +1619,24 b' class UserGroupRepoToPerm(Base, BaseMode'
1617 1619 return n
1618 1620
1619 1621 def __unicode__(self):
1620 return u'<userGroup:%s => %s >' % (self.users_group, self.repository)
1622 return u'<UserGroupRepoToPerm:%s => %s >' % (self.users_group, self.repository)
1621 1623
1622 1624
1623 #TODO; not sure if this will be ever used
1624 1625 class UserGroupUserGroupToPerm(Base, BaseModel):
1625 1626 __tablename__ = 'user_group_user_group_to_perm'
1626 1627 __table_args__ = (
1627 UniqueConstraint('user_group_id', 'user_group_id', 'permission_id'),
1628 UniqueConstraint('target_user_group_id', 'user_group_id', 'permission_id'),
1629 CheckConstraint('target_user_group_id != user_group_id'),
1628 1630 {'extend_existing': True, 'mysql_engine': 'InnoDB',
1629 1631 'mysql_charset': 'utf8'}
1630 1632 )
1631 user_user_group_to_perm_id = Column("user_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1632 target_user_group_id = Column("target_users_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1633 user_group_user_group_to_perm_id = Column("user_group_user_group_to_perm_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)
1634 target_user_group_id = Column("target_user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1633 1635 permission_id = Column("permission_id", Integer(), ForeignKey('permissions.permission_id'), nullable=False, unique=None, default=None)
1634 1636 user_group_id = Column("user_group_id", Integer(), ForeignKey('users_groups.users_group_id'), nullable=False, unique=None, default=None)
1635 1637
1636 target_user_group = relationship('UserGroup', remote_side=target_user_group_id, primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
1637 user_group = relationship('UserGroup', remote_side=user_group_id, primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
1638 target_user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.target_user_group_id==UserGroup.users_group_id')
1639 user_group = relationship('UserGroup', primaryjoin='UserGroupUserGroupToPerm.user_group_id==UserGroup.users_group_id')
1638 1640 permission = relationship('Permission')
1639 1641
1640 1642 @classmethod
@@ -1647,7 +1649,7 b' class UserGroupUserGroupToPerm(Base, Bas'
1647 1649 return n
1648 1650
1649 1651 def __unicode__(self):
1650 return u'<UserGroup:%s => %s >' % (self.target_user_group, self.user_group)
1652 return u'<UserGroupUserGroup:%s => %s >' % (self.target_user_group, self.user_group)
1651 1653
1652 1654
1653 1655 class UserGroupToPerm(Base, BaseModel):
Show file before | Show file after | Hide comments
@@ -39,7 +39,7 b' from rhodecode.model import BaseModel'
39 39 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
40 40 UserToPerm, UserGroupRepoToPerm, UserGroupToPerm, UserGroupMember, \
41 41 Notification, RepoGroup, UserRepoGroupToPerm, UserGroupRepoGroupToPerm, \
42 UserEmailMap, UserIpMap
42 UserEmailMap, UserIpMap, UserGroupUserGroupToPerm, UserGroup
43 43 from rhodecode.lib.exceptions import DefaultUserException, \
44 44 UserOwnsReposException
45 45 from rhodecode.model.meta import Session
@@ -570,7 +570,6 b' class UserModel(BaseModel):'
570 570 user.permissions[GLOBAL].add(perm.permission.permission_name)
571 571 ## END GLOBAL PERMISSIONS
572 572
573
574 573 #======================================================================
575 574 # !! PERMISSIONS FOR REPOSITORIES !!
576 575 #======================================================================
@@ -664,6 +663,28 b' class UserModel(BaseModel):'
664 663 #======================================================================
665 664 # !! PERMISSIONS FOR USER GROUPS !!
666 665 #======================================================================
666 # user group for user group permissions
667 user_group_user_groups_perms = \
668 self.sa.query(UserGroupUserGroupToPerm, Permission, UserGroup)\
669 .join((UserGroup, UserGroupUserGroupToPerm.target_user_group_id
670 == UserGroup.users_group_id))\
671 .join((Permission, UserGroupUserGroupToPerm.permission_id
672 == Permission.permission_id))\
673 .join((UserGroupMember, UserGroupUserGroupToPerm.user_group_id
674 == UserGroupMember.users_group_id))\
675 .filter(UserGroupMember.user_id == uid)\
676 .all()
677
678 multiple_counter = collections.defaultdict(int)
679 for perm in user_group_user_groups_perms:
680 g_k = perm.UserGroupUserGroupToPerm.target_user_group.users_group_name
681 multiple_counter[g_k] += 1
682 p = perm.Permission.permission_name
683 cur_perm = user.permissions[UK][g_k]
684 if multiple_counter[g_k] > 1:
685 p = _choose_perm(p, cur_perm)
686 user.permissions[UK][g_k] = p
687
667 688 #user explicit permission for user groups
668 689 user_user_groups_perms = Permission.get_default_user_group_perms(uid)
669 690 for perm in user_user_groups_perms:
Show file before | Show file after | Hide comments
@@ -29,8 +29,10 b' import traceback'
29 29
30 30 from rhodecode.model import BaseModel
31 31 from rhodecode.model.db import UserGroupMember, UserGroup,\
32 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm
33 from rhodecode.lib.exceptions import UserGroupsAssignedException
32 UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\
33 UserGroupUserGroupToPerm
34 from rhodecode.lib.exceptions import UserGroupsAssignedException,\
35 RepoGroupAssignmentError
34 36
35 37 log = logging.getLogger(__name__)
36 38
@@ -75,7 +77,7 b' class UserGroupModel(BaseModel):'
75 77 )
76 78 else:
77 79 self.grant_users_group_permission(
78 user_group=user_group, group_name=member, perm=perm
80 target_user_group=user_group, user_group=member, perm=perm
79 81 )
80 82 # set new permissions
81 83 for member, perm, member_type in perms_new:
@@ -85,7 +87,7 b' class UserGroupModel(BaseModel):'
85 87 )
86 88 else:
87 89 self.grant_users_group_permission(
88 user_group=user_group, group_name=member, perm=perm
90 target_user_group=user_group, user_group=member, perm=perm
89 91 )
90 92
91 93 def get(self, users_group_id, cache=False):
@@ -292,8 +294,50 b' class UserGroupModel(BaseModel):'
292 294 self.sa.delete(obj)
293 295 log.debug('Revoked perm on %s on %s' % (user_group, user))
294 296
295 def grant_users_group_permission(self, user_group, group_name, perm):
296 raise NotImplementedError()
297 def grant_users_group_permission(self, target_user_group, user_group, perm):
298 """
299 Grant user group permission for given target_user_group
300
301 :param target_user_group:
302 :param user_group:
303 :param perm:
304 """
305 target_user_group = self._get_user_group(target_user_group)
306 user_group = self._get_user_group(user_group)
307 permission = self._get_perm(perm)
308 # forbid assigning same user group to itself
309 if target_user_group == user_group:
310 raise RepoGroupAssignmentError('target repo:%s cannot be '
311 'assigned to itself' % target_user_group)
297 312
298 def revoke_users_group_permission(self, user_group, group_name):
299 raise NotImplementedError()
313 # check if we have that permission already
314 obj = self.sa.query(UserGroupUserGroupToPerm)\
315 .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
316 .filter(UserGroupUserGroupToPerm.user_group == user_group)\
317 .scalar()
318 if obj is None:
319 # create new !
320 obj = UserGroupUserGroupToPerm()
321 obj.user_group = user_group
322 obj.target_user_group = target_user_group
323 obj.permission = permission
324 self.sa.add(obj)
325 log.debug('Granted perm %s to %s on %s' % (perm, target_user_group, user_group))
326
327 def revoke_users_group_permission(self, target_user_group, user_group):
328 """
329 Revoke user group permission for given target_user_group
330
331 :param target_user_group:
332 :param user_group:
333 """
334 target_user_group = self._get_user_group(target_user_group)
335 user_group = self._get_user_group(user_group)
336
337 obj = self.sa.query(UserGroupUserGroupToPerm)\
338 .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
339 .filter(UserGroupUserGroupToPerm.user_group == user_group)\
340 .scalar()
341 if obj:
342 self.sa.delete(obj)
343 log.debug('Revoked perm on %s on %s' % (target_user_group, user_group))
Show file before | Show file after | Hide comments
@@ -57,7 +57,8 b''
57 57 </td>
58 58 </tr>
59 59 %endfor
60 <%
60
61 <%
61 62 _tmpl = h.literal("""' \
62 63 <td><input type="radio" value="group.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
63 64 <td><input type="radio" value="group.read" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
Show file before | Show file after | Hide comments
@@ -40,6 +40,24 b''
40 40 </tr>
41 41 %endfor
42 42
43 ## USER GROUPS
44 %for g2p in c.users_group.user_group_user_group_to_perm:
45 <tr id="id${id(g2p.user_group.users_group_name)}">
46 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.none')}</td>
47 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.read')}</td>
48 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.write')}</td>
49 <td>${h.radio('g_perm_%s' % g2p.user_group.users_group_name,'usergroup.admin')}</td>
50 <td style="white-space: nowrap;">
51 <img class="perm-gravatar" src="${h.url('/images/icons/group.png')}"/>${g2p.user_group.users_group_name}
52 </td>
53 <td>
54 <span class="delete_icon action_button" onclick="ajaxActionRevoke(${g2p.user_group.users_group_id}, 'user_group', '${'id%s'%id(g2p.user_group.users_group_name)}')">
55 ${_('revoke')}
56 </span>
57 </td>
58 </tr>
59 %endfor
60
43 61 <%
44 62 _tmpl = h.literal("""' \
45 63 <td><input type="radio" value="usergroup.none" name="perm_new_member_{0}" id="perm_new_member_{0}"></td> \
General Comments 0
You need to be logged in to leave comments. Login now