upstream/kallithea Commit - r3730:e42e1d4e

make the permission update function idempotent

marcink -

r3730:e42e1d4e beta

parent child

rhodecode/controllers/api/api.py

0 +3 -3

             from rhodecode.model.repo import RepoModel
             from rhodecode.model.user import UserModel
             from rhodecode.model.users_group import UserGroupModel
-            from rhodecode.model.permission import PermissionModel
+            from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap,\
-            from rhodecode.model.db import Repository, RhodeCodeSetting, UserIpMap
+                Permission
             from rhodecode.lib.compat import json
             log = logging.getLogger(__name__)
                 :param userid:
                 """
-                perm = PermissionModel().get_permission_by_name(permid)
+                perm = Permission.get_by_key(permid)
                 if perm is None:
                     raise JSONRPCError('permission `%s` does not exist' % (permid))
                 return perm

rhodecode/model/permission.py

0 +22 -65

@@ -28,11 +28,10 b' import traceback'
28		28
29	from sqlalchemy.exc import DatabaseError	29	from sqlalchemy.exc import DatabaseError
30		30
31	from rhodecode.lib.caching_query import FromCache
32
33	from rhodecode.model import BaseModel	31	from rhodecode.model import BaseModel
34	from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\	32	from rhodecode.model.db import User, Permission, UserToPerm, UserRepoToPerm,\
35	UserRepoGroupToPerm	33	UserRepoGroupToPerm
		34	from rhodecode.lib.utils2 import str2bool
36		35
37	log = logging.getLogger(__name__)	36	log = logging.getLogger(__name__)
38		37
@@ -44,76 +43,32 b' class PermissionModel(BaseModel):'
44		43
45	cls = Permission	44	cls = Permission
46		45
47	def get_permission(self, permission_id, cache=False):
48	"""
49	Get's permissions by id
50
51	:param permission_id: id of permission to get from database
52	:param cache: use Cache for this query
53	"""
54	perm = self.sa.query(Permission)
55	if cache:
56	perm = perm.options(FromCache("sql_cache_short",
57	"get_permission_%s" % permission_id))
58	return perm.get(permission_id)
59
60	def get_permission_by_name(self, name, cache=False):
61	"""
62	Get's permissions by given name
63
64	:param name: name to fetch
65	:param cache: Use cache for this query
66	"""
67	perm = self.sa.query(Permission)\
68	.filter(Permission.permission_name == name)
69	if cache:
70	perm = perm.options(FromCache("sql_cache_short",
71	"get_permission_%s" % name))
72	return perm.scalar()
73
74	def update(self, form_result):	46	def update(self, form_result):
75	perm_user = self.sa.query(User)\	47	perm_user = User.get_by_username(username=form_result['perm_user_name'])
76	.filter(User.username ==	48	u2p = self.sa.query(UserToPerm).filter(UserToPerm.user == perm_user).all()
77	form_result['perm_user_name']).scalar()
78	u2p = self.sa.query(UserToPerm).filter(UserToPerm.user ==
79	perm_user).all()
80	if len(u2p) != len(User.DEFAULT_PERMISSIONS):
81	raise Exception('Defined: %s should be %s permissions for default'
82	' user. This should not happen please verify'
83	' your database' % (len(u2p), len(User.DEFAULT_PERMISSIONS)))
84		49
85	try:	50	try:
86	# stage 1 change defaults	51	def _make_new(usr, perm_name):
		52	new = UserToPerm()
		53	new.user = usr
		54	new.permission = Permission.get_by_key(perm_name)
		55	return new
		56	# clear current entries, to make this function idempotent
		57	# it will fix even if we define more permissions or permissions
		58	# are somehow missing
87	for p in u2p:	59	for p in u2p:
88	if p.permission.permission_name.startswith('repository.'):	60	self.sa.delete(p)
89	p.permission = self.get_permission_by_name(	61	#create fresh set of permissions
90	form_result['default_repo_perm'])	62	for def_perm_key in ['default_repo_perm', 'default_group_perm',
91	self.sa.add(p)	63	'default_register', 'default_create',
92		64	'default_fork']:
93	elif p.permission.permission_name.startswith('group.'):	65	p = _make_new(perm_user, form_result[def_perm_key])
94	p.permission = self.get_permission_by_name(
95	form_result['default_group_perm'])
96	self.sa.add(p)
97
98	elif p.permission.permission_name.startswith('hg.register.'):
99	p.permission = self.get_permission_by_name(
100	form_result['default_register'])
101	self.sa.add(p)
102
103	elif p.permission.permission_name.startswith('hg.create.'):
104	p.permission = self.get_permission_by_name(
105	form_result['default_create'])
106	self.sa.add(p)
107
108	elif p.permission.permission_name.startswith('hg.fork.'):
109	p.permission = self.get_permission_by_name(
110	form_result['default_fork'])
111	self.sa.add(p)	66	self.sa.add(p)
112		67
113	#stage 2 update all default permissions for repos if checked	68	#stage 2 update all default permissions for repos if checked
114	if form_result['overwrite_default_repo'] == True:	69	if form_result['overwrite_default_repo'] == True:
115	_def_name = form_result['default_repo_perm'].split('repository.')[-1]	70	_def_name = form_result['default_repo_perm'].split('repository.')[-1]
116	_def = ~~self~~.get_~~permission_by_name~~('repository.' + _def_name)	71	_def = Permission.get_by_key('repository.' + _def_name)
117	# repos	72	# repos
118	for r2p in self.sa.query(UserRepoToPerm)\	73	for r2p in self.sa.query(UserRepoToPerm)\
119	.filter(UserRepoToPerm.user == perm_user)\	74	.filter(UserRepoToPerm.user == perm_user)\
@@ -127,7 +82,7 b' class PermissionModel(BaseModel):'
127	if form_result['overwrite_default_group'] == True:	82	if form_result['overwrite_default_group'] == True:
128	_def_name = form_result['default_group_perm'].split('group.')[-1]	83	_def_name = form_result['default_group_perm'].split('group.')[-1]
129	# groups	84	# groups
130	_def = ~~self~~.get_~~permission_by_name~~('group.' + _def_name)	85	_def = Permission.get_by_key('group.' + _def_name)
131	for g2p in self.sa.query(UserRepoGroupToPerm)\	86	for g2p in self.sa.query(UserRepoGroupToPerm)\
132	.filter(UserRepoGroupToPerm.user == perm_user)\	87	.filter(UserRepoGroupToPerm.user == perm_user)\
133	.all():	88	.all():
@@ -136,9 +91,11 b' class PermissionModel(BaseModel):'
136		91
137	# stage 3 set anonymous access	92	# stage 3 set anonymous access
138	if perm_user.username == 'default':	93	if perm_user.username == 'default':
139	perm_user.active = bool(form_result['anonymous'])	94	perm_user.active = str2bool(form_result['anonymous'])
140	self.sa.add(perm_user)	95	self.sa.add(perm_user)
141		96
		97	self.sa.commit()
142	except (DatabaseError,):	98	except (DatabaseError,):
143	log.error(traceback.format_exc())	99	log.error(traceback.format_exc())
		100	self.sa.rollback()
144	raise	101	raise

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages