Show More
| @@ -57,7 +57,8 b' class PermissionsController(BaseControll' | |||
|
|
57 | 57 | ('repository.write', _('Write'),), |
|
|
58 | 58 | ('repository.admin', _('Admin'),)] |
|
|
59 | 59 | self.register_choices = [ |
|
|
60 |
('hg.register.none', |
|
|
|
60 | ('hg.register.none', | |
|
|
61 | _('disabled')), | |
|
|
61 | 62 | ('hg.register.manual_activate', |
|
|
62 | 63 |
|
|
|
63 | 64 | ('hg.register.auto_activate', |
| @@ -142,8 +143,10 b' class PermissionsController(BaseControll' | |||
|
|
142 | 143 | c.create_choices = self.create_choices |
|
|
143 | 144 | |
|
|
144 | 145 | if id == 'default': |
|
|
145 | defaults = {'_method':'put'} | |
|
|
146 | for p in UserModel().get_by_username('default').user_perms: | |
|
|
146 | default_user = UserModel().get_by_username('default') | |
|
|
147 | defaults = {'_method':'put', | |
|
|
148 | 'anonymous':default_user.active} | |
|
|
149 | for p in default_user.user_perms: | |
|
|
147 | 150 | if p.permission.permission_name.startswith('repository.'): |
|
|
148 | 151 | defaults['default_perm'] = p.permission.permission_name |
|
|
149 | 152 | |
| @@ -121,11 +121,15 b' class SettingsController(BaseController)' | |||
|
|
121 | 121 | |
|
|
122 | 122 | try: |
|
|
123 | 123 | hgsettings1 = self.sa.query(RhodeCodeSettings)\ |
|
|
124 |
.filter(RhodeCodeSettings.app_settings_name |
|
|
|
124 | .filter(RhodeCodeSettings.app_settings_name \ | |
|
|
125 | == 'title').one() | |
|
|
126 | ||
|
|
125 | 127 | hgsettings1.app_settings_value = form_result['rhodecode_title'] |
|
|
126 | 128 | |
|
|
127 | 129 | hgsettings2 = self.sa.query(RhodeCodeSettings)\ |
|
|
128 |
.filter(RhodeCodeSettings.app_settings_name |
|
|
|
130 | .filter(RhodeCodeSettings.app_settings_name \ | |
|
|
131 | == 'realm').one() | |
|
|
132 | ||
|
|
129 | 133 | hgsettings2.app_settings_value = form_result['rhodecode_realm'] |
|
|
130 | 134 | |
|
|
131 | 135 | |
| @@ -155,8 +155,7 b' class UsersController(BaseController):' | |||
|
|
155 | 155 | if not c.user: |
|
|
156 | 156 | return redirect(url('users')) |
|
|
157 | 157 | if c.user.username == 'default': |
|
|
158 |
h.flash(_("You can't edit this user |
|
|
|
159 | " crucial for entire application"), category='warning') | |
|
|
158 | h.flash(_("You can't edit this user"), category='warning') | |
|
|
160 | 159 | return redirect(url('users')) |
|
|
161 | 160 | |
|
|
162 | 161 | defaults = c.user.__dict__ |
| @@ -46,7 +46,9 b' class LoginController(BaseController):' | |||
|
|
46 | 46 | #redirect if already logged in |
|
|
47 | 47 | c.came_from = request.GET.get('came_from', None) |
|
|
48 | 48 | |
|
|
49 |
if c.rhodecode_user.is_authenticated |
|
|
|
49 | if c.rhodecode_user.is_authenticated \ | |
|
|
50 | and c.rhodecode_user.username != 'default': | |
|
|
51 | ||
|
|
50 | 52 | return redirect(url('home')) |
|
|
51 | 53 | |
|
|
52 | 54 | if request.POST: |
| @@ -26,6 +26,7 b' from pylons import config, session, url,' | |||
|
|
26 | 26 | from pylons.controllers.util import abort, redirect |
|
|
27 | 27 | from rhodecode.lib.utils import get_repo_slug |
|
|
28 | 28 | from rhodecode.model import meta |
|
|
29 | from rhodecode.model.user import UserModel | |
|
|
29 | 30 | from rhodecode.model.caching_query import FromCache |
|
|
30 | 31 | from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \ |
|
|
31 | 32 |
UserToPerm |
| @@ -72,7 +73,6 b' def check_password(password, hashed):' | |||
|
|
72 | 73 | return bcrypt.hashpw(password, hashed) == hashed |
|
|
73 | 74 | |
|
|
74 | 75 | def authfunc(environ, username, password): |
|
|
75 | from rhodecode.model.user import UserModel | |
|
|
76 | 76 | user = UserModel().get_by_username(username, cache=False) |
|
|
77 | 77 | |
|
|
78 | 78 | if user: |
| @@ -99,6 +99,8 b' class AuthUser(object):' | |||
|
|
99 | 99 | self.is_admin = False |
|
|
100 | 100 | self.permissions = {} |
|
|
101 | 101 | |
|
|
102 | def __repr__(self): | |
|
|
103 | return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username) | |
|
|
102 | 104 | |
|
|
103 | 105 | def set_available_permissions(config): |
|
|
104 | 106 | """ |
| @@ -122,33 +124,6 b' def set_available_permissions(config):' | |||
|
|
122 | 124 | def set_base_path(config): |
|
|
123 | 125 | config['base_path'] = config['pylons.app_globals'].base_path |
|
|
124 | 126 | |
|
|
125 | def fill_data(user): | |
|
|
126 | """ | |
|
|
127 | Fills user data with those from database and log out user if not present | |
|
|
128 | in database | |
|
|
129 | :param user: | |
|
|
130 | """ | |
|
|
131 | sa = meta.Session() | |
|
|
132 | try: | |
|
|
133 | dbuser = sa.query(User)\ | |
|
|
134 | .options(FromCache('sql_cache_short', 'getuser_%s' % user.user_id))\ | |
|
|
135 | .get(user.user_id) | |
|
|
136 | except: | |
|
|
137 | pass | |
|
|
138 | finally: | |
|
|
139 | meta.Session.remove() | |
|
|
140 | ||
|
|
141 | if dbuser: | |
|
|
142 | user.username = dbuser.username | |
|
|
143 | user.is_admin = dbuser.admin | |
|
|
144 | user.name = dbuser.name | |
|
|
145 | user.lastname = dbuser.lastname | |
|
|
146 | user.email = dbuser.email | |
|
|
147 | else: | |
|
|
148 | user.is_authenticated = False | |
|
|
149 | ||
|
|
150 | ||
|
|
151 | return user | |
|
|
152 | 127 | |
|
|
153 | 128 | def fill_perms(user): |
|
|
154 | 129 | """ |
| @@ -163,9 +138,7 b' def fill_perms(user):' | |||
|
|
163 | 138 | #=========================================================================== |
|
|
164 | 139 | # fetch default permissions |
|
|
165 | 140 | #=========================================================================== |
|
|
166 | default_user = sa.query(User)\ | |
|
|
167 | .options(FromCache('sql_cache_short', 'getuser_%s' % 'default'))\ | |
|
|
168 | .filter(User.username == 'default').scalar() | |
|
|
141 | default_user = UserModel(sa).get_by_username('default', cache=True) | |
|
|
169 | 142 | |
|
|
170 | 143 | default_perms = sa.query(RepoToPerm, Repository, Permission)\ |
|
|
171 | 144 | .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\ |
| @@ -231,8 +204,22 b' def get_user(session):' | |||
|
|
231 | 204 | :param session: |
|
|
232 | 205 | """ |
|
|
233 | 206 | user = session.get('rhodecode_user', AuthUser()) |
|
|
207 | ||
|
|
208 | ||
|
|
209 | #if the user is not logged in we check for anonymous access | |
|
|
210 | #if user is logged and it's a default user check if we still have anonymous | |
|
|
211 | #access enabled | |
|
|
212 | if user.user_id is None or user.username == 'default': | |
|
|
213 | anonymous_user = UserModel().get_by_username('default', cache=True) | |
|
|
214 | if anonymous_user.active is True: | |
|
|
215 | #then we set this user is logged in | |
|
|
216 | user.is_authenticated = True | |
|
|
217 | else: | |
|
|
218 | user.is_authenticated = False | |
|
|
219 | ||
|
|
234 | 220 | if user.is_authenticated: |
|
|
235 | user = fill_data(user) | |
|
|
221 | user = UserModel().fill_data(user) | |
|
|
222 | ||
|
|
236 | 223 | user = fill_perms(user) |
|
|
237 | 224 | session['rhodecode_user'] = user |
|
|
238 | 225 | session.save() |
| @@ -286,18 +273,19 b' class PermsDecorator(object):' | |||
|
|
286 | 273 | # _wrapper.__name__ = func.__name__ |
|
|
287 | 274 | # _wrapper.__dict__.update(func.__dict__) |
|
|
288 | 275 | # _wrapper.__doc__ = func.__doc__ |
|
|
289 | ||
|
|
290 |
self.user_perms = se |
|
|
|
291 | log.debug('checking %s permissions %s for %s', | |
|
|
292 |
self.__class__.__name__, self.required_perms, func.__name__ |
|
|
|
276 | self.user = session.get('rhodecode_user', AuthUser()) | |
|
|
277 | self.user_perms = self.user.permissions | |
|
|
278 | log.debug('checking %s permissions %s for %s %s', | |
|
|
279 | self.__class__.__name__, self.required_perms, func.__name__, | |
|
|
280 | self.user) | |
|
|
293 | 281 | |
|
|
294 | 282 | if self.check_permissions(): |
|
|
295 | log.debug('Permission granted for %s', func.__name__) | |
|
|
283 | log.debug('Permission granted for %s %s', func.__name__, self.user) | |
|
|
296 | 284 | |
|
|
297 | 285 | return func(*fargs, **fkwargs) |
|
|
298 | 286 | |
|
|
299 | 287 | else: |
|
|
300 | log.warning('Permission denied for %s', func.__name__) | |
|
|
288 | log.warning('Permission denied for %s %s', func.__name__, self.user) | |
|
|
301 | 289 | #redirect with forbidden ret code |
|
|
302 | 290 | return abort(403) |
|
|
303 | 291 | |
| @@ -383,16 +371,17 b' class PermsFunction(object):' | |||
|
|
383 | 371 | return False |
|
|
384 | 372 | self.user_perms = user.permissions |
|
|
385 | 373 |
self.granted_for = user.username |
|
|
386 |
log.debug('checking %s %s', self.__class__.__name__, |
|
|
|
374 | log.debug('checking %s %s %s', self.__class__.__name__, | |
|
|
375 | self.required_perms, user) | |
|
|
387 | 376 | |
|
|
388 | 377 | if self.check_permissions(): |
|
|
389 | log.debug('Permission granted for %s @%s', self.granted_for, | |
|
|
390 | check_Location) | |
|
|
378 | log.debug('Permission granted for %s @ %s %s', self.granted_for, | |
|
|
379 | check_Location, user) | |
|
|
391 | 380 | return True |
|
|
392 | 381 | |
|
|
393 | 382 | else: |
|
|
394 | log.warning('Permission denied for %s @%s', self.granted_for, | |
|
|
395 | check_Location) | |
|
|
383 | log.warning('Permission denied for %s @ %s %s', self.granted_for, | |
|
|
384 | check_Location, user) | |
|
|
396 | 385 |
return False |
|
|
397 | 386 | |
|
|
398 | 387 | def check_permissions(self): |
| @@ -227,9 +227,9 b' class DbManage(object):' | |||
|
|
227 | 227 | def_user = User() |
|
|
228 | 228 | def_user.username = 'default' |
|
|
229 | 229 | def_user.password = get_crypt_password(str(uuid.uuid1())[:8]) |
|
|
230 |
def_user.name = ' |
|
|
|
231 |
def_user.lastname = ' |
|
|
|
232 |
def_user.email = ' |
|
|
|
230 | def_user.name = 'Anonymous' | |
|
|
231 | def_user.lastname = 'User' | |
|
|
232 | def_user.email = 'anonymous@rhodecode.org' | |
|
|
233 | 233 | def_user.admin = False |
|
|
234 | 234 | def_user.active = False |
|
|
235 | 235 | try: |
| @@ -358,6 +358,7 b' def DefaultPermissionsForm(perms_choices' | |||
|
|
358 | 358 | allow_extra_fields = True |
|
|
359 | 359 | filter_extra_fields = True |
|
|
360 | 360 | overwrite_default = OneOf(['true', 'false'], if_missing='false') |
|
|
361 | anonymous = OneOf(['True', 'False'], if_missing=False) | |
|
|
361 | 362 | default_perm = OneOf(perms_choices) |
|
|
362 | 363 | default_register = OneOf(register_choices) |
|
|
363 | 364 | default_create = OneOf(create_choices) |
| @@ -59,30 +59,41 b' class PermissionModel(object):' | |||
|
|
59 | 59 | .filter(User.username == form_result['perm_user_name']).scalar() |
|
|
60 | 60 | u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all() |
|
|
61 | 61 | if len(u2p) != 3: |
|
|
62 | raise Exception('There is more than 3 defined' | |
|
|
63 |
' |
|
|
|
64 | ' your database') | |
|
|
62 | raise Exception('Defined: %s should be 3 permissions for default' | |
|
|
63 | ' user. This should not happen please verify' | |
|
|
64 | ' your database' % len(u2p)) | |
|
|
65 | 65 | |
|
|
66 | 66 | try: |
|
|
67 | 67 | #stage 1 change defaults |
|
|
68 | 68 | for p in u2p: |
|
|
69 | 69 | if p.permission.permission_name.startswith('repository.'): |
|
|
70 |
p.permission = self.get_permission_by_name( |
|
|
|
70 | p.permission = self.get_permission_by_name( | |
|
|
71 | form_result['default_perm']) | |
|
|
71 | 72 | self.sa.add(p) |
|
|
72 | 73 | |
|
|
73 | 74 | if p.permission.permission_name.startswith('hg.register.'): |
|
|
74 |
p.permission = self.get_permission_by_name( |
|
|
|
75 | p.permission = self.get_permission_by_name( | |
|
|
76 | form_result['default_register']) | |
|
|
75 | 77 | self.sa.add(p) |
|
|
76 | 78 | |
|
|
77 | 79 | if p.permission.permission_name.startswith('hg.create.'): |
|
|
78 |
p.permission = self.get_permission_by_name( |
|
|
|
80 | p.permission = self.get_permission_by_name( | |
|
|
81 | form_result['default_create']) | |
|
|
79 | 82 | self.sa.add(p) |
|
|
80 | 83 | #stage 2 update all default permissions for repos if checked |
|
|
81 | 84 | if form_result['overwrite_default'] == 'true': |
|
|
82 |
for r2p in self.sa.query(RepoToPerm) |
|
|
|
83 | r2p.permission = self.get_permission_by_name(form_result['default_perm']) | |
|
|
85 | for r2p in self.sa.query(RepoToPerm)\ | |
|
|
86 | .filter(RepoToPerm.user == perm_user).all(): | |
|
|
87 | r2p.permission = self.get_permission_by_name( | |
|
|
88 | form_result['default_perm']) | |
|
|
84 | 89 | self.sa.add(r2p) |
|
|
85 | 90 | |
|
|
91 | #stage 3 set anonymous access | |
|
|
92 | if perm_user.username == 'default': | |
|
|
93 | perm_user.active = bool(form_result['anonymous']) | |
|
|
94 | self.sa.add(perm_user) | |
|
|
95 | ||
|
|
96 | ||
|
|
86 | 97 | self.sa.commit() |
|
|
87 | 98 | except: |
|
|
88 | 99 | log.error(traceback.format_exc()) |
| @@ -143,3 +143,24 b' class UserModel(object):' | |||
|
|
143 | 143 | def reset_password(self, data): |
|
|
144 | 144 | from rhodecode.lib.celerylib import tasks, run_task |
|
|
145 | 145 | run_task(tasks.reset_user_password, data['email']) |
|
|
146 | ||
|
|
147 | ||
|
|
148 | def fill_data(self, user): | |
|
|
149 | """ | |
|
|
150 | Fills user data with those from database and log out user if not | |
|
|
151 | present in database | |
|
|
152 | :param user: | |
|
|
153 | """ | |
|
|
154 | log.debug('filling auth user data') | |
|
|
155 | try: | |
|
|
156 | dbuser = self.get(user.user_id) | |
|
|
157 | user.username = dbuser.username | |
|
|
158 | user.is_admin = dbuser.admin | |
|
|
159 | user.name = dbuser.name | |
|
|
160 | user.lastname = dbuser.lastname | |
|
|
161 | user.email = dbuser.email | |
|
|
162 | except: | |
|
|
163 | log.error(traceback.format_exc()) | |
|
|
164 | user.is_authenticated = False | |
|
|
165 | ||
|
|
166 | return user | |
| @@ -2096,7 +2096,7 b' border:1px solid #666;' | |||
|
|
2096 | 2096 | clear:both; |
|
|
2097 | 2097 | overflow:hidden; |
|
|
2098 | 2098 | margin:0; |
|
|
2099 |
padding:2px |
|
|
|
2099 | padding:2px 2px; | |
|
|
2100 | 2100 | } |
|
|
2101 | 2101 | |
|
|
2102 | 2102 | #content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input { |
| @@ -26,7 +26,16 b'' | |||
|
|
26 | 26 | <div class="form"> |
|
|
27 | 27 | <!-- fields --> |
|
|
28 | 28 | <div class="fields"> |
|
|
29 | ||
|
|
29 | <div class="field"> | |
|
|
30 | <div class="label label-checkbox"> | |
|
|
31 | <label for="anonymous">${_('Anonymous access')}:</label> | |
|
|
32 | </div> | |
|
|
33 | <div class="checkboxes"> | |
|
|
34 | <div class="checkbox"> | |
|
|
35 | ${h.checkbox('anonymous',True)} | |
|
|
36 | </div> | |
|
|
37 | </div> | |
|
|
38 | </div> | |
|
|
30 | 39 | <div class="field"> |
|
|
31 | 40 | <div class="label"> |
|
|
32 | 41 | <label for="default_perm">${_('Repository permission')}:</label> |
| @@ -20,12 +20,22 b'' | |||
|
|
20 | 20 | <div class="gravatar"> |
|
|
21 | 21 | <img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,24)}" /> |
|
|
22 | 22 | </div> |
|
|
23 | %if c.rhodecode_user.username == 'default': | |
|
|
24 | <div class="account"> | |
|
|
25 | ${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('#'))}<br/> | |
|
|
26 | ${h.link_to(c.rhodecode_user.username,h.url('#'))} | |
|
|
27 | </div> | |
|
|
28 | </li> | |
|
|
29 | <li class="last highlight">${h.link_to(u'Login',h.url('login_home'))}</li> | |
|
|
30 | %else: | |
|
|
31 | ||
|
|
23 | 32 | <div class="account"> |
|
|
24 | 33 | ${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('admin_settings_my_account'))}<br/> |
|
|
25 | 34 | ${h.link_to(c.rhodecode_user.username,h.url('admin_settings_my_account'))} |
|
|
26 | 35 | </div> |
|
|
27 | 36 | </li> |
|
|
28 | 37 | <li class="last highlight">${h.link_to(u'Logout',h.url('logout_home'))}</li> |
|
|
38 | %endif | |
|
|
29 | 39 | </ul> |
|
|
30 | 40 | <!-- end user --> |
|
|
31 | 41 | <div id="header-inner" class="title top-left-rounded-corner top-right-rounded-corner"> |
General Comments 0
You need to be logged in to leave comments.
Login now