##// END OF EJS Templates
Fixed issue with dashboard displaying count on repositories that you don't have permission
Fixed issue with dashboard displaying count on repositories that you don't have permission

File last commit:

r1270:49872ed3 beta
r1395:eee3cb59 beta
Show More
user.py
383 lines | 14.9 KiB | text/x-python | PythonLexer
# -*- coding: utf-8 -*-
"""
rhodecode.model.user
~~~~~~~~~~~~~~~~~~~~
users model for RhodeCode
:created_on: Apr 9, 2010
:author: marcink
:copyright: (C) 2009-2011 Marcin Kuzminski <marcin@python-works.com>
:license: GPLv3, see COPYING for more details.
"""
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging
import traceback
from pylons.i18n.translation import _
from rhodecode.model import BaseModel
from rhodecode.model.caching_query import FromCache
from rhodecode.model.db import User, RepoToPerm, Repository, Permission, \
UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember
from rhodecode.lib.exceptions import DefaultUserException, \
UserOwnsReposException
from sqlalchemy.exc import DatabaseError
from rhodecode.lib import generate_api_key
from sqlalchemy.orm import joinedload
log = logging.getLogger(__name__)
PERM_WEIGHTS = {'repository.none': 0,
'repository.read': 1,
'repository.write': 3,
'repository.admin': 3}
class UserModel(BaseModel):
def get(self, user_id, cache=False):
user = self.sa.query(User)
if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % user_id))
return user.get(user_id)
def get_by_username(self, username, cache=False, case_insensitive=False):
if case_insensitive:
user = self.sa.query(User).filter(User.username.ilike(username))
else:
user = self.sa.query(User)\
.filter(User.username == username)
if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % username))
return user.scalar()
def get_by_api_key(self, api_key, cache=False):
user = self.sa.query(User)\
.filter(User.api_key == api_key)
if cache:
user = user.options(FromCache("sql_cache_short",
"get_user_%s" % api_key))
return user.scalar()
def create(self, form_data):
try:
new_user = User()
for k, v in form_data.items():
setattr(new_user, k, v)
new_user.api_key = generate_api_key(form_data['username'])
self.sa.add(new_user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def create_ldap(self, username, password, user_dn, attrs):
"""
Checks if user is in database, if not creates this user marked
as ldap user
:param username:
:param password:
:param user_dn:
:param attrs:
"""
from rhodecode.lib.auth import get_crypt_password
log.debug('Checking for such ldap account in RhodeCode database')
if self.get_by_username(username, case_insensitive=True) is None:
try:
new_user = User()
# add ldap account always lowercase
new_user.username = username.lower()
new_user.password = get_crypt_password(password)
new_user.api_key = generate_api_key(username)
new_user.email = attrs['email']
new_user.active = True
new_user.ldap_dn = user_dn
new_user.name = attrs['name']
new_user.lastname = attrs['lastname']
self.sa.add(new_user)
self.sa.commit()
return True
except (DatabaseError,):
log.error(traceback.format_exc())
self.sa.rollback()
raise
log.debug('this %s user exists skipping creation of ldap account',
username)
return False
def create_registration(self, form_data):
from rhodecode.lib.celerylib import tasks, run_task
try:
new_user = User()
for k, v in form_data.items():
if k != 'admin':
setattr(new_user, k, v)
self.sa.add(new_user)
self.sa.commit()
body = ('New user registration\n'
'username: %s\n'
'email: %s\n')
body = body % (form_data['username'], form_data['email'])
run_task(tasks.send_email, None,
_('[RhodeCode] New User registration'),
body)
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def update(self, user_id, form_data):
try:
user = self.get(user_id, cache=False)
if user.username == 'default':
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v != '':
user.password = v
user.api_key = generate_api_key(user.username)
else:
setattr(user, k, v)
self.sa.add(user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def update_my_account(self, user_id, form_data):
try:
user = self.get(user_id, cache=False)
if user.username == 'default':
raise DefaultUserException(
_("You can't Edit this user since it's"
" crucial for entire application"))
for k, v in form_data.items():
if k == 'new_password' and v != '':
user.password = v
user.api_key = generate_api_key(user.username)
else:
if k not in ['admin', 'active']:
setattr(user, k, v)
self.sa.add(user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def delete(self, user_id):
try:
user = self.get(user_id, cache=False)
if user.username == 'default':
raise DefaultUserException(
_("You can't remove this user since it's"
" crucial for entire application"))
if user.repositories:
raise UserOwnsReposException(_('This user still owns %s '
'repositories and cannot be '
'removed. Switch owners or '
'remove those repositories') \
% user.repositories)
self.sa.delete(user)
self.sa.commit()
except:
log.error(traceback.format_exc())
self.sa.rollback()
raise
def reset_password(self, data):
from rhodecode.lib.celerylib import tasks, run_task
run_task(tasks.reset_user_password, data['email'])
def fill_data(self, auth_user, user_id=None, api_key=None):
"""
Fetches auth_user by user_id,or api_key if present.
Fills auth_user attributes with those taken from database.
Additionally set's is_authenitated if lookup fails
present in database
:param auth_user: instance of user to set attributes
:param user_id: user id to fetch by
:param api_key: api key to fetch by
"""
if user_id is None and api_key is None:
raise Exception('You need to pass user_id or api_key')
try:
if api_key:
dbuser = self.get_by_api_key(api_key)
else:
dbuser = self.get(user_id)
if dbuser is not None:
log.debug('filling %s data', dbuser)
for k, v in dbuser.get_dict().items():
setattr(auth_user, k, v)
except:
log.error(traceback.format_exc())
auth_user.is_authenticated = False
return auth_user
def fill_perms(self, user):
"""
Fills user permission attribute with permissions taken from database
works for permissions given for repositories, and for permissions that
are granted to groups
:param user: user instance to fill his perms
"""
user.permissions['repositories'] = {}
user.permissions['global'] = set()
#======================================================================
# fetch default permissions
#======================================================================
default_user = self.get_by_username('default', cache=True)
default_perms = self.sa.query(RepoToPerm, Repository, Permission)\
.join((Repository, RepoToPerm.repository_id ==
Repository.repo_id))\
.join((Permission, RepoToPerm.permission_id ==
Permission.permission_id))\
.filter(RepoToPerm.user == default_user).all()
if user.is_admin:
#==================================================================
# #admin have all default rights set to admin
#==================================================================
user.permissions['global'].add('hg.admin')
for perm in default_perms:
p = 'repository.admin'
user.permissions['repositories'][perm.RepoToPerm.
repository.repo_name] = p
else:
#==================================================================
# set default permissions
#==================================================================
uid = user.user_id
#default global
default_global_perms = self.sa.query(UserToPerm)\
.filter(UserToPerm.user == default_user)
for perm in default_global_perms:
user.permissions['global'].add(perm.permission.permission_name)
#default for repositories
for perm in default_perms:
if perm.Repository.private and not (perm.Repository.user_id ==
uid):
#diself.sable defaults for private repos,
p = 'repository.none'
elif perm.Repository.user_id == uid:
#set admin if owner
p = 'repository.admin'
else:
p = perm.Permission.permission_name
user.permissions['repositories'][perm.RepoToPerm.
repository.repo_name] = p
#==================================================================
# overwrite default with user permissions if any
#==================================================================
#user global
user_perms = self.sa.query(UserToPerm)\
.options(joinedload(UserToPerm.permission))\
.filter(UserToPerm.user_id == uid).all()
for perm in user_perms:
user.permissions['global'].add(perm.permission.
permission_name)
#user repositories
user_repo_perms = self.sa.query(RepoToPerm, Permission,
Repository)\
.join((Repository, RepoToPerm.repository_id ==
Repository.repo_id))\
.join((Permission, RepoToPerm.permission_id ==
Permission.permission_id))\
.filter(RepoToPerm.user_id == uid).all()
for perm in user_repo_perms:
# set admin if owner
if perm.Repository.user_id == uid:
p = 'repository.admin'
else:
p = perm.Permission.permission_name
user.permissions['repositories'][perm.RepoToPerm.
repository.repo_name] = p
#==================================================================
# check if user is part of groups for this repository and fill in
# (or replace with higher) permissions
#==================================================================
#users group global
user_perms_from_users_groups = self.sa.query(UsersGroupToPerm)\
.options(joinedload(UsersGroupToPerm.permission))\
.join((UsersGroupMember, UsersGroupToPerm.users_group_id ==
UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid).all()
for perm in user_perms_from_users_groups:
user.permissions['global'].add(perm.permission.permission_name)
#users group repositories
user_repo_perms_from_users_groups = self.sa.query(
UsersGroupRepoToPerm,
Permission, Repository,)\
.join((Repository, UsersGroupRepoToPerm.repository_id ==
Repository.repo_id))\
.join((Permission, UsersGroupRepoToPerm.permission_id ==
Permission.permission_id))\
.join((UsersGroupMember, UsersGroupRepoToPerm.users_group_id ==
UsersGroupMember.users_group_id))\
.filter(UsersGroupMember.user_id == uid).all()
for perm in user_repo_perms_from_users_groups:
p = perm.Permission.permission_name
cur_perm = user.permissions['repositories'][perm.
UsersGroupRepoToPerm.
repository.repo_name]
#overwrite permission only if it's greater than permission
# given from other sources
if PERM_WEIGHTS[p] > PERM_WEIGHTS[cur_perm]:
user.permissions['repositories'][perm.UsersGroupRepoToPerm.
repository.repo_name] = p
return user