##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

#49 Enabled anonymous access for web interface controllable from permissions pannel
marcink -
r673:dd532af2 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -57,11 +57,12 b' class PermissionsController(BaseControll'
57 57 ('repository.write', _('Write'),),
58 58 ('repository.admin', _('Admin'),)]
59 59 self.register_choices = [
60 ('hg.register.none', 'disabled'),
60 ('hg.register.none',
61 _('disabled')),
61 62 ('hg.register.manual_activate',
62 _('allowed with manual account activation')),
63 _('allowed with manual account activation')),
63 64 ('hg.register.auto_activate',
64 _('allowed with automatic account activation')), ]
65 _('allowed with automatic account activation')), ]
65 66
66 67 self.create_choices = [('hg.create.none', _('Disabled')),
67 68 ('hg.create.repository', _('Enabled'))]
@@ -142,8 +143,10 b' class PermissionsController(BaseControll'
142 143 c.create_choices = self.create_choices
143 144
144 145 if id == 'default':
145 defaults = {'_method':'put'}
146 for p in UserModel().get_by_username('default').user_perms:
146 default_user = UserModel().get_by_username('default')
147 defaults = {'_method':'put',
148 'anonymous':default_user.active}
149 for p in default_user.user_perms:
147 150 if p.permission.permission_name.startswith('repository.'):
148 151 defaults['default_perm'] = p.permission.permission_name
149 152
Show file before | Show file after | Hide comments
@@ -121,11 +121,15 b' class SettingsController(BaseController)'
121 121
122 122 try:
123 123 hgsettings1 = self.sa.query(RhodeCodeSettings)\
124 .filter(RhodeCodeSettings.app_settings_name == 'title').one()
124 .filter(RhodeCodeSettings.app_settings_name \
125 == 'title').one()
126
125 127 hgsettings1.app_settings_value = form_result['rhodecode_title']
126 128
127 129 hgsettings2 = self.sa.query(RhodeCodeSettings)\
128 .filter(RhodeCodeSettings.app_settings_name == 'realm').one()
130 .filter(RhodeCodeSettings.app_settings_name \
131 == 'realm').one()
132
129 133 hgsettings2.app_settings_value = form_result['rhodecode_realm']
130 134
131 135
Show file before | Show file after | Hide comments
@@ -45,26 +45,26 b' class UsersController(BaseController):'
45 45 # To properly map this controller, ensure your config/routing.py
46 46 # file has a resource setup:
47 47 # map.resource('user', 'users')
48
48
49 49 @LoginRequired()
50 50 @HasPermissionAllDecorator('hg.admin')
51 51 def __before__(self):
52 52 c.admin_user = session.get('admin_user')
53 53 c.admin_username = session.get('admin_username')
54 54 super(UsersController, self).__before__()
55
55
56 56
57 57 def index(self, format='html'):
58 58 """GET /users: All items in the collection"""
59 59 # url('users')
60
61 c.users_list = self.sa.query(User).all()
60
61 c.users_list = self.sa.query(User).all()
62 62 return render('admin/users/users.html')
63
63
64 64 def create(self):
65 65 """POST /users: Create a new item"""
66 66 # url('users')
67
67
68 68 user_model = UserModel()
69 69 login_form = UserForm()()
70 70 try:
@@ -79,13 +79,13 b' class UsersController(BaseController):'
79 79 defaults=errors.value,
80 80 errors=errors.error_dict or {},
81 81 prefix_error=False,
82 encoding="UTF-8")
82 encoding="UTF-8")
83 83 except Exception:
84 84 log.error(traceback.format_exc())
85 85 h.flash(_('error occured during creation of user %s') \
86 % request.POST.get('username'), category='error')
86 % request.POST.get('username'), category='error')
87 87 return redirect(url('users'))
88
88
89 89 def new(self, format='html'):
90 90 """GET /users/new: Form to create a new item"""
91 91 # url('new_user')
@@ -101,7 +101,7 b' class UsersController(BaseController):'
101 101 # url('user', id=ID)
102 102 user_model = UserModel()
103 103 c.user = user_model.get(id)
104
104
105 105 _form = UserForm(edit=True, old_data={'user_id':id,
106 106 'email':c.user.email})()
107 107 form_result = {}
@@ -109,21 +109,21 b' class UsersController(BaseController):'
109 109 form_result = _form.to_python(dict(request.POST))
110 110 user_model.update(id, form_result)
111 111 h.flash(_('User updated succesfully'), category='success')
112
112
113 113 except formencode.Invalid, errors:
114 114 return htmlfill.render(
115 115 render('admin/users/user_edit.html'),
116 116 defaults=errors.value,
117 117 errors=errors.error_dict or {},
118 118 prefix_error=False,
119 encoding="UTF-8")
119 encoding="UTF-8")
120 120 except Exception:
121 121 log.error(traceback.format_exc())
122 122 h.flash(_('error occured during update of user %s') \
123 123 % form_result.get('username'), category='error')
124
124
125 125 return redirect(url('users'))
126
126
127 127 def delete(self, id):
128 128 """DELETE /users/id: Delete an existing item"""
129 129 # Forms posted to this method should contain a hidden field:
@@ -140,14 +140,14 b' class UsersController(BaseController):'
140 140 h.flash(str(e), category='warning')
141 141 except Exception:
142 142 h.flash(_('An error occured during deletion of user'),
143 category='error')
143 category='error')
144 144 return redirect(url('users'))
145
145
146 146 def show(self, id, format='html'):
147 147 """GET /users/id: Show a specific item"""
148 148 # url('user', id=ID)
149
150
149
150
151 151 def edit(self, id, format='html'):
152 152 """GET /users/id/edit: Form to edit an existing item"""
153 153 # url('edit_user', id=ID)
@@ -155,14 +155,13 b' class UsersController(BaseController):'
155 155 if not c.user:
156 156 return redirect(url('users'))
157 157 if c.user.username == 'default':
158 h.flash(_("You can't edit this user since it's"
159 " crucial for entire application"), category='warning')
158 h.flash(_("You can't edit this user"), category='warning')
160 159 return redirect(url('users'))
161
160
162 161 defaults = c.user.__dict__
163 162 return htmlfill.render(
164 163 render('admin/users/user_edit.html'),
165 164 defaults=defaults,
166 165 encoding="UTF-8",
167 166 force_defaults=False
168 )
167 )
Show file before | Show file after | Hide comments
@@ -46,7 +46,9 b' class LoginController(BaseController):'
46 46 #redirect if already logged in
47 47 c.came_from = request.GET.get('came_from', None)
48 48
49 if c.rhodecode_user.is_authenticated:
49 if c.rhodecode_user.is_authenticated \
50 and c.rhodecode_user.username != 'default':
51
50 52 return redirect(url('home'))
51 53
52 54 if request.POST:
Show file before | Show file after | Hide comments
@@ -26,15 +26,16 b' from pylons import config, session, url,'
26 26 from pylons.controllers.util import abort, redirect
27 27 from rhodecode.lib.utils import get_repo_slug
28 28 from rhodecode.model import meta
29 from rhodecode.model.user import UserModel
29 30 from rhodecode.model.caching_query import FromCache
30 31 from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
31 UserToPerm
32 UserToPerm
32 33 import bcrypt
33 34 from decorator import decorator
34 35 import logging
35 36 import random
36 37
37 log = logging.getLogger(__name__)
38 log = logging.getLogger(__name__)
38 39
39 40 class PasswordGenerator(object):
40 41 """This is a simple class for generating password from
@@ -53,7 +54,7 b' class PasswordGenerator(object):'
53 54 ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL
54 55 ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM#[6]
55 56 ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM#[7]
56
57
57 58 def __init__(self, passwd=''):
58 59 self.passwd = passwd
59 60
@@ -61,20 +62,19 b' class PasswordGenerator(object):'
61 62 self.passwd = ''.join([random.choice(type) for _ in xrange(len)])
62 63 return self.passwd
63 64
64
65
65 66 def get_crypt_password(password):
66 67 """Cryptographic function used for password hashing based on sha1
67 68 :param password: password to hash
68 """
69 """
69 70 return bcrypt.hashpw(password, bcrypt.gensalt(10))
70 71
71 72 def check_password(password, hashed):
72 73 return bcrypt.hashpw(password, hashed) == hashed
73 74
74 75 def authfunc(environ, username, password):
75 from rhodecode.model.user import UserModel
76 76 user = UserModel().get_by_username(username, cache=False)
77
77
78 78 if user:
79 79 if user.active:
80 80 if user.username == username and check_password(password, user.password):
@@ -82,7 +82,7 b' def authfunc(environ, username, password'
82 82 return True
83 83 else:
84 84 log.error('user %s is disabled', username)
85
85
86 86 return False
87 87
88 88 class AuthUser(object):
@@ -99,6 +99,8 b' class AuthUser(object):'
99 99 self.is_admin = False
100 100 self.permissions = {}
101 101
102 def __repr__(self):
103 return "<AuthUser('id:%s:%s')>" % (self.user_id, self.username)
102 104
103 105 def set_available_permissions(config):
104 106 """
@@ -116,85 +118,56 b' def set_available_permissions(config):'
116 118 pass
117 119 finally:
118 120 meta.Session.remove()
119
121
120 122 config['available_permissions'] = [x.permission_name for x in all_perms]
121 123
122 124 def set_base_path(config):
123 125 config['base_path'] = config['pylons.app_globals'].base_path
124 126
125 def fill_data(user):
126 """
127 Fills user data with those from database and log out user if not present
128 in database
129 :param user:
130 """
131 sa = meta.Session()
132 try:
133 dbuser = sa.query(User)\
134 .options(FromCache('sql_cache_short', 'getuser_%s' % user.user_id))\
135 .get(user.user_id)
136 except:
137 pass
138 finally:
139 meta.Session.remove()
140
141 if dbuser:
142 user.username = dbuser.username
143 user.is_admin = dbuser.admin
144 user.name = dbuser.name
145 user.lastname = dbuser.lastname
146 user.email = dbuser.email
147 else:
148 user.is_authenticated = False
149
150
151 return user
152
127
153 128 def fill_perms(user):
154 129 """
155 130 Fills user permission attribute with permissions taken from database
156 131 :param user:
157 132 """
158
133
159 134 sa = meta.Session()
160 135 user.permissions['repositories'] = {}
161 136 user.permissions['global'] = set()
162
137
163 138 #===========================================================================
164 139 # fetch default permissions
165 140 #===========================================================================
166 default_user = sa.query(User)\
167 .options(FromCache('sql_cache_short', 'getuser_%s' % 'default'))\
168 .filter(User.username == 'default').scalar()
169
141 default_user = UserModel(sa).get_by_username('default', cache=True)
142
170 143 default_perms = sa.query(RepoToPerm, Repository, Permission)\
171 144 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
172 145 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
173 146 .filter(RepoToPerm.user == default_user).all()
174
147
175 148 if user.is_admin:
176 149 #=======================================================================
177 150 # #admin have all default rights set to admin
178 151 #=======================================================================
179 152 user.permissions['global'].add('hg.admin')
180
153
181 154 for perm in default_perms:
182 155 p = 'repository.admin'
183 156 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
184
157
185 158 else:
186 159 #=======================================================================
187 160 # set default permissions
188 161 #=======================================================================
189
162
190 163 #default global
191 164 default_global_perms = sa.query(UserToPerm)\
192 .filter(UserToPerm.user == sa.query(User).filter(User.username ==
165 .filter(UserToPerm.user == sa.query(User).filter(User.username ==
193 166 'default').one())
194
167
195 168 for perm in default_global_perms:
196 169 user.permissions['global'].add(perm.permission.permission_name)
197
170
198 171 #default repositories
199 172 for perm in default_perms:
200 173 if perm.Repository.private and not perm.Repository.user_id == user.user_id:
@@ -205,9 +178,9 b' def fill_perms(user):'
205 178 p = 'repository.admin'
206 179 else:
207 180 p = perm.Permission.permission_name
208
181
209 182 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
210
183
211 184 #=======================================================================
212 185 # #overwrite default with user permissions if any
213 186 #=======================================================================
@@ -215,38 +188,52 b' def fill_perms(user):'
215 188 .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\
216 189 .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\
217 190 .filter(RepoToPerm.user_id == user.user_id).all()
218
191
219 192 for perm in user_perms:
220 193 if perm.Repository.user_id == user.user_id:#set admin if owner
221 194 p = 'repository.admin'
222 195 else:
223 196 p = perm.Permission.permission_name
224 197 user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p
225 meta.Session.remove()
198 meta.Session.remove()
226 199 return user
227
200
228 201 def get_user(session):
229 202 """
230 203 Gets user from session, and wraps permissions into user
231 204 :param session:
232 205 """
233 206 user = session.get('rhodecode_user', AuthUser())
207
208
209 #if the user is not logged in we check for anonymous access
210 #if user is logged and it's a default user check if we still have anonymous
211 #access enabled
212 if user.user_id is None or user.username == 'default':
213 anonymous_user = UserModel().get_by_username('default', cache=True)
214 if anonymous_user.active is True:
215 #then we set this user is logged in
216 user.is_authenticated = True
217 else:
218 user.is_authenticated = False
219
234 220 if user.is_authenticated:
235 user = fill_data(user)
221 user = UserModel().fill_data(user)
222
236 223 user = fill_perms(user)
237 224 session['rhodecode_user'] = user
238 225 session.save()
239 226 return user
240
227
241 228 #===============================================================================
242 229 # CHECK DECORATORS
243 230 #===============================================================================
244 231 class LoginRequired(object):
245 232 """Must be logged in to execute this function else redirect to login page"""
246
233
247 234 def __call__(self, func):
248 235 return decorator(self.__wrapper, func)
249
236
250 237 def __wrapper(self, func, *fargs, **fkwargs):
251 238 user = session.get('rhodecode_user', AuthUser())
252 239 log.debug('Checking login required for user:%s', user.username)
@@ -255,21 +242,21 b' class LoginRequired(object):'
255 242 return func(*fargs, **fkwargs)
256 243 else:
257 244 log.warn('user %s not authenticated', user.username)
258
245
259 246 p = ''
260 247 if request.environ.get('SCRIPT_NAME') != '/':
261 248 p += request.environ.get('SCRIPT_NAME')
262
249
263 250 p += request.environ.get('PATH_INFO')
264 251 if request.environ.get('QUERY_STRING'):
265 252 p += '?' + request.environ.get('QUERY_STRING')
266
267 log.debug('redirecting to login page with %s', p)
253
254 log.debug('redirecting to login page with %s', p)
268 255 return redirect(url('login_home', came_from=p))
269 256
270 257 class PermsDecorator(object):
271 258 """Base class for decorators"""
272
259
273 260 def __init__(self, *required_perms):
274 261 available_perms = config['available_permissions']
275 262 for perm in required_perms:
@@ -277,32 +264,33 b' class PermsDecorator(object):'
277 264 raise Exception("'%s' permission is not defined" % perm)
278 265 self.required_perms = set(required_perms)
279 266 self.user_perms = None
280
267
281 268 def __call__(self, func):
282 269 return decorator(self.__wrapper, func)
283
284
270
271
285 272 def __wrapper(self, func, *fargs, **fkwargs):
286 273 # _wrapper.__name__ = func.__name__
287 274 # _wrapper.__dict__.update(func.__dict__)
288 275 # _wrapper.__doc__ = func.__doc__
276 self.user = session.get('rhodecode_user', AuthUser())
277 self.user_perms = self.user.permissions
278 log.debug('checking %s permissions %s for %s %s',
279 self.__class__.__name__, self.required_perms, func.__name__,
280 self.user)
289 281
290 self.user_perms = session.get('rhodecode_user', AuthUser()).permissions
291 log.debug('checking %s permissions %s for %s',
292 self.__class__.__name__, self.required_perms, func.__name__)
293
294 282 if self.check_permissions():
295 log.debug('Permission granted for %s', func.__name__)
296
283 log.debug('Permission granted for %s %s', func.__name__, self.user)
284
297 285 return func(*fargs, **fkwargs)
298
286
299 287 else:
300 log.warning('Permission denied for %s', func.__name__)
288 log.warning('Permission denied for %s %s', func.__name__, self.user)
301 289 #redirect with forbidden ret code
302 290 return abort(403)
303 291
304
305
292
293
306 294 def check_permissions(self):
307 295 """Dummy function for overriding"""
308 296 raise Exception('You have to write this function in child class')
@@ -311,18 +299,18 b' class HasPermissionAllDecorator(PermsDec'
311 299 """Checks for access permission for all given predicates. All of them
312 300 have to be meet in order to fulfill the request
313 301 """
314
302
315 303 def check_permissions(self):
316 304 if self.required_perms.issubset(self.user_perms.get('global')):
317 305 return True
318 306 return False
319
307
320 308
321 309 class HasPermissionAnyDecorator(PermsDecorator):
322 310 """Checks for access permission for any of given predicates. In order to
323 311 fulfill the request any of predicates must be meet
324 312 """
325
313
326 314 def check_permissions(self):
327 315 if self.required_perms.intersection(self.user_perms.get('global')):
328 316 return True
@@ -332,7 +320,7 b' class HasRepoPermissionAllDecorator(Perm'
332 320 """Checks for access permission for all given predicates for specific
333 321 repository. All of them have to be meet in order to fulfill the request
334 322 """
335
323
336 324 def check_permissions(self):
337 325 repo_name = get_repo_slug(request)
338 326 try:
@@ -342,16 +330,16 b' class HasRepoPermissionAllDecorator(Perm'
342 330 if self.required_perms.issubset(user_perms):
343 331 return True
344 332 return False
345
333
346 334
347 335 class HasRepoPermissionAnyDecorator(PermsDecorator):
348 336 """Checks for access permission for any of given predicates for specific
349 337 repository. In order to fulfill the request any of predicates must be meet
350 338 """
351
339
352 340 def check_permissions(self):
353 341 repo_name = get_repo_slug(request)
354
342
355 343 try:
356 344 user_perms = set([self.user_perms['repositories'][repo_name]])
357 345 except KeyError:
@@ -365,10 +353,10 b' class HasRepoPermissionAnyDecorator(Perm'
365 353
366 354 class PermsFunction(object):
367 355 """Base function for other check functions"""
368
356
369 357 def __init__(self, *perms):
370 358 available_perms = config['available_permissions']
371
359
372 360 for perm in perms:
373 361 if perm not in available_perms:
374 362 raise Exception("'%s' permission in not defined" % perm)
@@ -376,29 +364,30 b' class PermsFunction(object):'
376 364 self.user_perms = None
377 365 self.granted_for = ''
378 366 self.repo_name = None
379
367
380 368 def __call__(self, check_Location=''):
381 369 user = session.get('rhodecode_user', False)
382 370 if not user:
383 371 return False
384 372 self.user_perms = user.permissions
385 self.granted_for = user.username
386 log.debug('checking %s %s', self.__class__.__name__, self.required_perms)
387
373 self.granted_for = user.username
374 log.debug('checking %s %s %s', self.__class__.__name__,
375 self.required_perms, user)
376
388 377 if self.check_permissions():
389 log.debug('Permission granted for %s @%s', self.granted_for,
390 check_Location)
378 log.debug('Permission granted for %s @ %s %s', self.granted_for,
379 check_Location, user)
391 380 return True
392
381
393 382 else:
394 log.warning('Permission denied for %s @%s', self.granted_for,
395 check_Location)
396 return False
397
383 log.warning('Permission denied for %s @ %s %s', self.granted_for,
384 check_Location, user)
385 return False
386
398 387 def check_permissions(self):
399 388 """Dummy function for overriding"""
400 389 raise Exception('You have to write this function in child class')
401
390
402 391 class HasPermissionAll(PermsFunction):
403 392 def check_permissions(self):
404 393 if self.required_perms.issubset(self.user_perms.get('global')):
@@ -412,11 +401,11 b' class HasPermissionAny(PermsFunction):'
412 401 return False
413 402
414 403 class HasRepoPermissionAll(PermsFunction):
415
404
416 405 def __call__(self, repo_name=None, check_Location=''):
417 406 self.repo_name = repo_name
418 407 return super(HasRepoPermissionAll, self).__call__(check_Location)
419
408
420 409 def check_permissions(self):
421 410 if not self.repo_name:
422 411 self.repo_name = get_repo_slug(request)
@@ -426,17 +415,17 b' class HasRepoPermissionAll(PermsFunction'
426 415 [self.repo_name]])
427 416 except KeyError:
428 417 return False
429 self.granted_for = self.repo_name
418 self.granted_for = self.repo_name
430 419 if self.required_perms.issubset(self.user_perms):
431 420 return True
432 421 return False
433
422
434 423 class HasRepoPermissionAny(PermsFunction):
435
424
436 425 def __call__(self, repo_name=None, check_Location=''):
437 426 self.repo_name = repo_name
438 427 return super(HasRepoPermissionAny, self).__call__(check_Location)
439
428
440 429 def check_permissions(self):
441 430 if not self.repo_name:
442 431 self.repo_name = get_repo_slug(request)
@@ -458,13 +447,13 b' class HasRepoPermissionAny(PermsFunction'
458 447 class HasPermissionAnyMiddleware(object):
459 448 def __init__(self, *perms):
460 449 self.required_perms = set(perms)
461
450
462 451 def __call__(self, user, repo_name):
463 452 usr = AuthUser()
464 453 usr.user_id = user.user_id
465 454 usr.username = user.username
466 455 usr.is_admin = user.admin
467
456
468 457 try:
469 458 self.user_perms = set([fill_perms(usr)\
470 459 .permissions['repositories'][repo_name]])
@@ -472,9 +461,9 b' class HasPermissionAnyMiddleware(object)'
472 461 self.user_perms = set()
473 462 self.granted_for = ''
474 463 self.username = user.username
475 self.repo_name = repo_name
464 self.repo_name = repo_name
476 465 return self.check_permissions()
477
466
478 467 def check_permissions(self):
479 468 log.debug('checking mercurial protocol '
480 469 'permissions for user:%s repository:%s',
Show file before | Show file after | Hide comments
@@ -138,17 +138,17 b' class DbManage(object):'
138 138 hooks2.ui_section = 'hooks'
139 139 hooks2.ui_key = 'changegroup.repo_size'
140 140 hooks2.ui_value = 'python:rhodecode.lib.hooks.repo_size'
141
141
142 142 hooks3 = RhodeCodeUi()
143 143 hooks3.ui_section = 'hooks'
144 144 hooks3.ui_key = 'pretxnchangegroup.push_logger'
145 145 hooks3.ui_value = 'python:rhodecode.lib.hooks.log_push_action'
146
146
147 147 hooks4 = RhodeCodeUi()
148 148 hooks4.ui_section = 'hooks'
149 149 hooks4.ui_key = 'preoutgoing.pull_logger'
150 150 hooks4.ui_value = 'python:rhodecode.lib.hooks.log_pull_action'
151
151
152 152
153 153 web1 = RhodeCodeUi()
154 154 web1.ui_section = 'web'
@@ -227,9 +227,9 b' class DbManage(object):'
227 227 def_user = User()
228 228 def_user.username = 'default'
229 229 def_user.password = get_crypt_password(str(uuid.uuid1())[:8])
230 def_user.name = 'default'
231 def_user.lastname = 'default'
232 def_user.email = 'default@default.com'
230 def_user.name = 'Anonymous'
231 def_user.lastname = 'User'
232 def_user.email = 'anonymous@rhodecode.org'
233 233 def_user.admin = False
234 234 def_user.active = False
235 235 try:
Show file before | Show file after | Hide comments
@@ -358,6 +358,7 b' def DefaultPermissionsForm(perms_choices'
358 358 allow_extra_fields = True
359 359 filter_extra_fields = True
360 360 overwrite_default = OneOf(['true', 'false'], if_missing='false')
361 anonymous = OneOf(['True', 'False'], if_missing=False)
361 362 default_perm = OneOf(perms_choices)
362 363 default_register = OneOf(register_choices)
363 364 default_create = OneOf(create_choices)
Show file before | Show file after | Hide comments
@@ -59,30 +59,41 b' class PermissionModel(object):'
59 59 .filter(User.username == form_result['perm_user_name']).scalar()
60 60 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
61 61 if len(u2p) != 3:
62 raise Exception('There is more than 3 defined'
63 ' permissions for default user. This should not happen please verify'
64 ' your database')
62 raise Exception('Defined: %s should be 3 permissions for default'
63 ' user. This should not happen please verify'
64 ' your database' % len(u2p))
65 65
66 66 try:
67 67 #stage 1 change defaults
68 68 for p in u2p:
69 69 if p.permission.permission_name.startswith('repository.'):
70 p.permission = self.get_permission_by_name(form_result['default_perm'])
70 p.permission = self.get_permission_by_name(
71 form_result['default_perm'])
71 72 self.sa.add(p)
72 73
73 74 if p.permission.permission_name.startswith('hg.register.'):
74 p.permission = self.get_permission_by_name(form_result['default_register'])
75 p.permission = self.get_permission_by_name(
76 form_result['default_register'])
75 77 self.sa.add(p)
76 78
77 79 if p.permission.permission_name.startswith('hg.create.'):
78 p.permission = self.get_permission_by_name(form_result['default_create'])
80 p.permission = self.get_permission_by_name(
81 form_result['default_create'])
79 82 self.sa.add(p)
80 83 #stage 2 update all default permissions for repos if checked
81 84 if form_result['overwrite_default'] == 'true':
82 for r2p in self.sa.query(RepoToPerm).filter(RepoToPerm.user == perm_user).all():
83 r2p.permission = self.get_permission_by_name(form_result['default_perm'])
85 for r2p in self.sa.query(RepoToPerm)\
86 .filter(RepoToPerm.user == perm_user).all():
87 r2p.permission = self.get_permission_by_name(
88 form_result['default_perm'])
84 89 self.sa.add(r2p)
85 90
91 #stage 3 set anonymous access
92 if perm_user.username == 'default':
93 perm_user.active = bool(form_result['anonymous'])
94 self.sa.add(perm_user)
95
96
86 97 self.sa.commit()
87 98 except:
88 99 log.error(traceback.format_exc())
Show file before | Show file after | Hide comments
@@ -143,3 +143,24 b' class UserModel(object):'
143 143 def reset_password(self, data):
144 144 from rhodecode.lib.celerylib import tasks, run_task
145 145 run_task(tasks.reset_user_password, data['email'])
146
147
148 def fill_data(self, user):
149 """
150 Fills user data with those from database and log out user if not
151 present in database
152 :param user:
153 """
154 log.debug('filling auth user data')
155 try:
156 dbuser = self.get(user.user_id)
157 user.username = dbuser.username
158 user.is_admin = dbuser.admin
159 user.name = dbuser.name
160 user.lastname = dbuser.lastname
161 user.email = dbuser.email
162 except:
163 log.error(traceback.format_exc())
164 user.is_authenticated = False
165
166 return user
Show file before | Show file after | Hide comments
@@ -2096,7 +2096,7 b' border:1px solid #666;'
2096 2096 clear:both;
2097 2097 overflow:hidden;
2098 2098 margin:0;
2099 padding:2px 0;
2099 padding:2px 2px;
2100 2100 }
2101 2101
2102 2102 #content div.box div.form div.fields div.field div.checkboxes div.checkbox input,#content div.box div.form div.fields div.field div.radios div.radio input {
Show file before | Show file after | Hide comments
@@ -26,7 +26,16 b''
26 26 <div class="form">
27 27 <!-- fields -->
28 28 <div class="fields">
29
29 <div class="field">
30 <div class="label label-checkbox">
31 <label for="anonymous">${_('Anonymous access')}:</label>
32 </div>
33 <div class="checkboxes">
34 <div class="checkbox">
35 ${h.checkbox('anonymous',True)}
36 </div>
37 </div>
38 </div>
30 39 <div class="field">
31 40 <div class="label">
32 41 <label for="default_perm">${_('Repository permission')}:</label>
Show file before | Show file after | Hide comments
@@ -20,12 +20,22 b''
20 20 <div class="gravatar">
21 21 <img alt="gravatar" src="${h.gravatar_url(c.rhodecode_user.email,24)}" />
22 22 </div>
23 %if c.rhodecode_user.username == 'default':
24 <div class="account">
25 ${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('#'))}<br/>
26 ${h.link_to(c.rhodecode_user.username,h.url('#'))}
27 </div>
28 </li>
29 <li class="last highlight">${h.link_to(u'Login',h.url('login_home'))}</li>
30 %else:
31
23 32 <div class="account">
24 33 ${h.link_to('%s %s'%(c.rhodecode_user.name,c.rhodecode_user.lastname),h.url('admin_settings_my_account'))}<br/>
25 34 ${h.link_to(c.rhodecode_user.username,h.url('admin_settings_my_account'))}
26 35 </div>
27 36 </li>
28 37 <li class="last highlight">${h.link_to(u'Logout',h.url('logout_home'))}</li>
38 %endif
29 39 </ul>
30 40 <!-- end user -->
31 41 <div id="header-inner" class="title top-left-rounded-corner top-right-rounded-corner">
General Comments 0
You need to be logged in to leave comments. Login now