##// END OF EJS Templates
make the permission update function idempotent
marcink -
r3791:e3857cbb default
parent child Browse files
Show More
@@ -40,8 +40,8 b' from rhodecode.model.scm import ScmModel'
40 from rhodecode.model.repo import RepoModel
40 from rhodecode.model.repo import RepoModel
41 from rhodecode.model.user import UserModel
41 from rhodecode.model.user import UserModel
42 from rhodecode.model.users_group import UserGroupModel
42 from rhodecode.model.users_group import UserGroupModel
43 from rhodecode.model.permission import PermissionModel
43 from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap,\
44 from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap
44 Permission
45 from rhodecode.lib.compat import json
45 from rhodecode.lib.compat import json
46
46
47 log = logging.getLogger(__name__)
47 log = logging.getLogger(__name__)
@@ -139,7 +139,7 b' def get_perm_or_error(permid):'
139
139
140 :param userid:
140 :param userid:
141 """
141 """
142 perm = PermissionModel().get_permission_by_name(permid)
142 perm = Permission.get_by_key(permid)
143 if perm is None:
143 if perm is None:
144 raise JSONRPCError('permission `%s` does not exist' % (permid))
144 raise JSONRPCError('permission `%s` does not exist' % (permid))
145 return perm
145 return perm
@@ -28,11 +28,10 b' import traceback'
28
28
29 from sqlalchemy.exc import DatabaseError
29 from sqlalchemy.exc import DatabaseError
30
30
31 from rhodecode.lib.caching_query import FromCache
32
33 from rhodecode.model import BaseModel
31 from rhodecode.model import BaseModel
34 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
32 from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
35 UserRepoGroupToPerm
33 UserRepoGroupToPerm
34 from rhodecode.lib.utils2 import str2bool
36
35
37 log = logging.getLogger(__name__)
36 log = logging.getLogger(__name__)
38
37
@@ -44,76 +43,32 b' class PermissionModel(BaseModel):'
44
43
45 cls = Permission
44 cls = Permission
46
45
47 def get_permission(self, permission_id, cache=False):
48 """
49 Get's permissions by id
50
51 :param permission_id: id of permission to get from database
52 :param cache: use Cache for this query
53 """
54 perm = self.sa.query(Permission)
55 if cache:
56 perm = perm.options(FromCache("sql_cache_short",
57 "get_permission_%s" % permission_id))
58 return perm.get(permission_id)
59
60 def get_permission_by_name(self, name, cache=False):
61 """
62 Get's permissions by given name
63
64 :param name: name to fetch
65 :param cache: Use cache for this query
66 """
67 perm = self.sa.query(Permission)\
68 .filter(Permission.permission_name == name)
69 if cache:
70 perm = perm.options(FromCache("sql_cache_short",
71 "get_permission_%s" % name))
72 return perm.scalar()
73
74 def update(self, form_result):
46 def update(self, form_result):
75 perm_user = self.sa.query(User)\
47 perm_user = User.get_by_username(username=form_result['perm_user_name'])
76 .filter(User.username ==
48 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
77 form_result['perm_user_name']).scalar()
78 u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
79 perm_user).all()
80 if len(u2p) != len(User.DEFAULT_PERMISSIONS):
81 raise Exception('Defined: %s should be %s permissions for default'
82 ' user. This should not happen please verify'
83 ' your database' % (len(u2p), len(User.DEFAULT_PERMISSIONS)))
84
49
85 try:
50 try:
86 # stage 1 change defaults
51 def _make_new(usr, perm_name):
52 new = UserToPerm()
53 new.user = usr
54 new.permission = Permission.get_by_key(perm_name)
55 return new
56 # clear current entries, to make this function idempotent
57 # it will fix even if we define more permissions or permissions
58 # are somehow missing
87 for p in u2p:
59 for p in u2p:
88 if p.permission.permission_name.startswith('repository.'):
60 self.sa.delete(p)
89 p.permission = self.get_permission_by_name(
61 #create fresh set of permissions
90 form_result['default_repo_perm'])
62 for def_perm_key in ['default_repo_perm', 'default_group_perm',
91 self.sa.add(p)
63 'default_register', 'default_create',
92
64 'default_fork']:
93 elif p.permission.permission_name.startswith('group.'):
65 p = _make_new(perm_user, form_result[def_perm_key])
94 p.permission = self.get_permission_by_name(
95 form_result['default_group_perm'])
96 self.sa.add(p)
97
98 elif p.permission.permission_name.startswith('hg.register.'):
99 p.permission = self.get_permission_by_name(
100 form_result['default_register'])
101 self.sa.add(p)
102
103 elif p.permission.permission_name.startswith('hg.create.'):
104 p.permission = self.get_permission_by_name(
105 form_result['default_create'])
106 self.sa.add(p)
107
108 elif p.permission.permission_name.startswith('hg.fork.'):
109 p.permission = self.get_permission_by_name(
110 form_result['default_fork'])
111 self.sa.add(p)
66 self.sa.add(p)
112
67
113 #stage 2 update all default permissions for repos if checked
68 #stage 2 update all default permissions for repos if checked
114 if form_result['overwrite_default_repo'] == True:
69 if form_result['overwrite_default_repo'] == True:
115 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
70 _def_name = form_result['default_repo_perm'].split('repository.')[-1]
116 _def = self.get_permission_by_name('repository.' + _def_name)
71 _def = Permission.get_by_key('repository.' + _def_name)
117 # repos
72 # repos
118 for r2p in self.sa.query(UserRepoToPerm)\
73 for r2p in self.sa.query(UserRepoToPerm)\
119 .filter(UserRepoToPerm.user == perm_user)\
74 .filter(UserRepoToPerm.user == perm_user)\
@@ -127,7 +82,7 b' class PermissionModel(BaseModel):'
127 if form_result['overwrite_default_group'] == True:
82 if form_result['overwrite_default_group'] == True:
128 _def_name = form_result['default_group_perm'].split('group.')[-1]
83 _def_name = form_result['default_group_perm'].split('group.')[-1]
129 # groups
84 # groups
130 _def = self.get_permission_by_name('group.' + _def_name)
85 _def = Permission.get_by_key('group.' + _def_name)
131 for g2p in self.sa.query(UserRepoGroupToPerm)\
86 for g2p in self.sa.query(UserRepoGroupToPerm)\
132 .filter(UserRepoGroupToPerm.user == perm_user)\
87 .filter(UserRepoGroupToPerm.user == perm_user)\
133 .all():
88 .all():
@@ -136,9 +91,11 b' class PermissionModel(BaseModel):'
136
91
137 # stage 3 set anonymous access
92 # stage 3 set anonymous access
138 if perm_user.username == 'default':
93 if perm_user.username == 'default':
139 perm_user.active = bool(form_result['anonymous'])
94 perm_user.active = str2bool(form_result['anonymous'])
140 self.sa.add(perm_user)
95 self.sa.add(perm_user)
141
96
97 self.sa.commit()
142 except (DatabaseError,):
98 except (DatabaseError,):
143 log.error(traceback.format_exc())
99 log.error(traceback.format_exc())
100 self.sa.rollback()
144 raise
101 raise
General Comments 0
You need to be logged in to leave comments. Login now