##// END OF EJS Templates
make the permission update function idempotent
marcink -
r3791:e3857cbb default
parent child Browse files
Show More
@@ -40,8 +40,8 b' from rhodecode.model.scm import ScmModel'
40 40 from rhodecode.model.repo import RepoModel
41 41 from rhodecode.model.user import UserModel
42 42 from rhodecode.model.users_group import UserGroupModel
43 from rhodecode.model.permission import PermissionModel
44 from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap
43 from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap,\
44 Permission
45 45 from rhodecode.lib.compat import json
46 46
47 47 log = logging.getLogger(__name__)
@@ -139,7 +139,7 b' def get_perm_or_error(permid):'
139 139
140 140 :param userid:
141 141 """
142 perm = PermissionModel().get_permission_by_name(permid)
142 perm = Permission.get_by_key(permid)
143 143 if perm is None:
144 144 raise JSONRPCError('permission `%s` does not exist' % (permid))
145 145 return perm
@@ -28,11 +28,10 b' import traceback'
28 28
29 29 from sqlalchemy.exc import DatabaseError
30 30
31 from rhodecode.lib.caching_query import FromCache
32
33 31 from rhodecode.model import BaseModel
34 32 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
35 33 UserRepoGroupToPerm
34 from rhodecode.lib.utils2 import str2bool
36 35
37 36 log = logging.getLogger(__name__)
38 37
@@ -44,76 +43,32 b' class PermissionModel(BaseModel):'
44 43
45 44 cls = Permission
46 45
47 def get_permission(self, permission_id, cache=False):
48 """
49 Get's permissions by id
50
51 :param permission_id: id of permission to get from database
52 :param cache: use Cache for this query
53 """
54 perm = self.sa.query(Permission)
55 if cache:
56 perm = perm.options(FromCache("sql_cache_short",
57 "get_permission_%s" % permission_id))
58 return perm.get(permission_id)
59
60 def get_permission_by_name(self, name, cache=False):
61 """
62 Get's permissions by given name
63
64 :param name: name to fetch
65 :param cache: Use cache for this query
66 """
67 perm = self.sa.query(Permission)\
68 .filter(Permission.permission_name == name)
69 if cache:
70 perm = perm.options(FromCache("sql_cache_short",
71 "get_permission_%s" % name))
72 return perm.scalar()
73
74 46 def update(self, form_result):
75 perm_user = self.sa.query(User)\
76 .filter(User.username ==
77 form_result['perm_user_name']).scalar()
78 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
79 perm_user).all()
80 if len(u2p) != len(User.DEFAULT_PERMISSIONS):
81 raise Exception('Defined: %s should be %s permissions for default'
82 ' user. This should not happen please verify'
83 ' your database' % (len(u2p), len(User.DEFAULT_PERMISSIONS)))
47 perm_user = User.get_by_username(username=form_result['perm_user_name'])
48 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
84 49
85 50 try:
86 # stage 1 change defaults
51 def _make_new(usr, perm_name):
52 new = UserToPerm()
53 new.user = usr
54 new.permission = Permission.get_by_key(perm_name)
55 return new
56 # clear current entries, to make this function idempotent
57 # it will fix even if we define more permissions or permissions
58 # are somehow missing
87 59 for p in u2p:
88 if p.permission.permission_name.startswith('repository.'):
89 p.permission = self.get_permission_by_name(
90 form_result['default_repo_perm'])
91 self.sa.add(p)
92
93 elif p.permission.permission_name.startswith('group.'):
94 p.permission = self.get_permission_by_name(
95 form_result['default_group_perm'])
96 self.sa.add(p)
97
98 elif p.permission.permission_name.startswith('hg.register.'):
99 p.permission = self.get_permission_by_name(
100 form_result['default_register'])
101 self.sa.add(p)
102
103 elif p.permission.permission_name.startswith('hg.create.'):
104 p.permission = self.get_permission_by_name(
105 form_result['default_create'])
106 self.sa.add(p)
107
108 elif p.permission.permission_name.startswith('hg.fork.'):
109 p.permission = self.get_permission_by_name(
110 form_result['default_fork'])
60 self.sa.delete(p)
61 #create fresh set of permissions
62 for def_perm_key in ['default_repo_perm', 'default_group_perm',
63 'default_register', 'default_create',
64 'default_fork']:
65 p = _make_new(perm_user, form_result[def_perm_key])
111 66 self.sa.add(p)
112 67
113 68 #stage 2 update all default permissions for repos if checked
114 69 if form_result['overwrite_default_repo'] == True:
115 70 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
116 _def = self.get_permission_by_name('repository.' + _def_name)
71 _def = Permission.get_by_key('repository.' + _def_name)
117 72 # repos
118 73 for r2p in self.sa.query(UserRepoToPerm)\
119 74 .filter(UserRepoToPerm.user == perm_user)\
@@ -127,7 +82,7 b' class PermissionModel(BaseModel):'
127 82 if form_result['overwrite_default_group'] == True:
128 83 _def_name = form_result['default_group_perm'].split('group.')[-1]
129 84 # groups
130 _def = self.get_permission_by_name('group.' + _def_name)
85 _def = Permission.get_by_key('group.' + _def_name)
131 86 for g2p in self.sa.query(UserRepoGroupToPerm)\
132 87 .filter(UserRepoGroupToPerm.user == perm_user)\
133 88 .all():
@@ -136,9 +91,11 b' class PermissionModel(BaseModel):'
136 91
137 92 # stage 3 set anonymous access
138 93 if perm_user.username == 'default':
139 perm_user.active = bool(form_result['anonymous'])
94 perm_user.active = str2bool(form_result['anonymous'])
140 95 self.sa.add(perm_user)
141 96
97 self.sa.commit()
142 98 except (DatabaseError,):
143 99 log.error(traceback.format_exc())
100 self.sa.rollback()
144 101 raise
General Comments 0
You need to be logged in to leave comments. Login now